Russia arrests space agency employee for giving secrets to NATO country

Ivan SafronovRussia’s security service has arrested the media advisor to the director of the country’s space agency, accusing him of supplying military secrets to a spy agency of an unnamed Western country. The Russian Federal Security Service (FSB) announced on Tuesday the arrest of Ivan Safronov, a former journalist specializing in military affairs.

Safronov was the military correspondent for the Russian newspaper Kommersant, which is described by some as the Russian equivalent of Britain’s Financial Times. He then worked as a military affairs reporter for Vedomosti, a Moscow-based financial daily, which has a reputation for independence from the Kremlin. He briefly represented the paper in the Kremlin pool of journalists, who accompany the Russian President Vladimir Putin on official trips.

Safronov resigned from Vedomosti last spring, along with several of his colleagues, following a dispute with the newspaper’s management over editorial freedom. In May he was hired by the Russian space agency, the Roscosmos State Corporation for Space Activities, where he now works as a media advisor for Dmitry Rogozin, the agency’s director-general.

On Tuesday, the FSB issued a statement to the press saying it had arrested Safronov for carrying out espionage for a foreign country. The statement said Safronov had “collected and surrendered to [the foreign nation’s] representative state secrets and information about military-technical cooperation and about the defense and security of the Russian Federation”. According to the FSB, the person that Safronov is alleged to have shared state secrets with is an intelligence officer of a North Atlantic Treaty Organization member state. However, the Russian security agency did not name the country in its statement to the media.

Also on Tuesday, the FSB published video footage showing Safronov being arrested by a group of plainclothes FSB agents outside his Moscow apartment. The agents are seen approaching Safronov and searching him before putting him inside an unmarked van and driving away. He has not been seen in public since, and some have suggested that Russian authorities have not permitted lawyers to contact him.

Following the statement by the FSB, reports in the Russian media claimed that Safronov had been approached repeatedly by security officers in the past and questioned about his work as a journalist. Some of Safronov’s colleagues have said on social media that he was arrested due to his political views, rather than alleged espionage activities. Meanwhile, Roscosmos director Rogozin told Russian media that Safronov did not have access to classified information, so it was unlikely that his arrest was related to his work at the space agency.

Safronov’s trial is expected to take place behind closed doors, due to the nature of the charges he is facing. If found guilty, he could face up to 20 years in prison.

Author: Joseph Fitsanakis | Date: 08 July 2020 | Permalink

Speculation grows that Israel may be behind spate of mystery blasts in Iran

Iran's Natanz nuclear enrichment facilityThere is growing speculation that Israel’s intelligence services may be behind a spate of blasts that have damaged military and civilian industrial sites in Iran in recent days. Citing a “Middle Eastern intelligence official”, The New York Times reported on Sunday that Israel was behind at least one of the blasts, which struck an Iranian nuclear complex.

The earliest known attack took place on May 9, when one of Iran’s busiest shipping hubs, the Shahid Rajaee Port, experienced a major cyber-attack that brought the port terminal “to an abrupt and inexplicable halt” and caused “massive backups on waterways and roads leading to the facility”. On June 26, a massive  blast destroyed a liquid fuel production facility for ballistic missiles in Khojir, a military complex located 20 miles southeast of Tehran. Four days later, on June 30, there was another explosion at a medical clinic in the Iranian capital, which killed 19 people.

On July 2, a major blast and subsequent fire were reported at the site of the Natanz nuclear facility, which is situated 150 miles south of Tehran. The attack is believed to have targeted a laboratory facility housing advanced centrifuge systems for enriching uranium. The BBC reported on Monday that a previously unknown group calling itself “The Homeland Cheetahs” claimed responsibility for the attack. The group sent BBC reporters information about the Natanz blast, including a video of the incident, before it was reported by Iranian media. In its statement, the group claimed to represent dissidents in the Iranian military, but some speculated that it could be a front for a foreign intelligence agency. On Sunday, The New York Times said the Natanz blast was orchestrated by the Israeli Mossad.

On July 3, a large fire broke out in Shiraz, Iran’s fifth largest city, while on the next day a fire engulfed the Zargan power plant in Ahwaz, following a large blast that was reportedly audible several miles away. Also on July 4, a large leak of chlorine gas occurred at the Karoun petrochemical plant in Bandar-e Mahshahr, in Iran’s Khuzestan Province. The leak caused 70 workers at the plant to be hospitalized.

In recent days, Iranian officials have claimed that the above incidents have been part of a sabotage campaign orchestrated by the Mossad, and have warned Israel of an impending retaliation. At a press conference in Jerusalem last Thursday, reporters asked the Israeli Prime Minister Benjamin Netanyahu whether the country’s spy agencies were behind the attacks in Iran. Mr. Netanyahu responded by saying: “I don’t address such topics”.

Author: Joseph Fitsanakis | Date: 07 July 2020 | Permalink

France charges two former intelligence officers with spying for China

dgse franceThe trial of two French former intelligence officers begins today in Paris, with the two men accused by French authorities of having spied for China in the 1990s and 2000s. French officials have remained largely silent on the two cases, but media reports have suggested that the two former intelligence officers were found to have carried out espionage tasks for the Chinese government.

The two men have been identified in media reports only as “Henri M.” and “Pierre-Marie H.”. They are both reportedly former employees of France’s Directorate-General for External Security, known as DGSE. The service operates as France’s equivalent of the United States Central Intelligence Agency. A third suspect, “Laurence H.” is reportedly the wife of Pierre-Marie H., and stands accused of “concealing property derived from espionage on behalf of a foreign power, which is likely to harm the fundamental interests of the nation”.

According to reports in the French media, Pierre-Marie H. was arrested in late 2017 while transiting between flights at Zurich airport. He was found to be carrying on him a large amount of undeclared cash, which was reportedly given to him by his Chinese handler, following a meeting on “an island in the Indian Ocean”. He is currently free on bail.

The DGSE appointed Henri M. in the Chinese capital Beijing as its station chief. He was allegedly listed as the second secretary at the French embassy there. However, he was recalled to Paris less than a year following the start of his foreign assignment, after he was found to have an affair with the female interpreter of the ambassador. The interpreter was reportedly a Chinese citizen. In 2003, following his retirement, Henri M. reportedly relocated to China, where he married the interpreter and settled in the southern Chinese island of Hainan.

Like Pierre-Marie H., Henri M. was arrested in late 2017, reportedly after a lengthy surveillance operation by French counterintelligence, which lasted several months. Both men are accused of “delivering information to a foreign power” and by doing so “damaging the fundamental interests of the French nation”. French officials have described the cases of the two men as “extremely grave”. The trial will take place in a special court that will convene behind closed doors. The verdict is due to be announced on July 10. If convicted of all charges against them, the two men face 15 years behind bars.

Author: Joseph Fitsanakis | Date: 06 July 2020 | Permalink

As debate centers on Afghanistan, Russian forces challenge US troops in Syria

Deir al-Zour SyriaAs an intense debate rages in the United States about Moscow’s alleged subversion of American military goals in Afghanistan, sources warn that Russia is increasingly challenging Washington’s troops in Syria. Recent reports have alleged that the Kremlin has been offering financial rewards to Taliban fighters encouraging them to kill US troops in Afghanistan. The Russian government has denied these allegations, while the White House claims it was never briefed about this by the Intelligence Community.

Some experts suggest, however, that Russia’s growing involvement in Afghanistan may be part of a wider effort by Moscow to test the limits of American military presence in Asia. This can be seen as a predictable response by the Russians, given that US President Donald Trump has repeatedly indicated he is not a fan of substantial American military involvement abroad. According to a new report by Politico, Russia’s challenge can be observed, not only in Afghanistan, but also in Syria, where American and Russian troops have been present in the same battlespace for over five years now.

In the past, the two militaries have kept open lines of communication to ensure that they stay clear from each other, thus avoiding a major escalation between the two nuclear-armed nations. Consequently, despite supporting opposing sides in the war, Russian and American troops have not directly challenged each other, with very few exceptions. Presently Russian forces continue to support of the Syrian President, Bashar al-Assad, while several hundred US forces are working closely with Kurdish fighters, who control territory in eastern Syria.

Despite the pullout of most American troops from the region in the past two years, the US maintains a force of nearly 1,000 soldiers in the Deir al-Zour region of eastern Syria. These are closely coordinating with Kurdish peshmerga, whose primary tasks include guarding the region’s lucrative oil fields, thus starving the government of President al-Assad of a major source of revenue. In the past, Russian troops have rarely ventured in the Kurdish-controlled region, in full knowledge of the US military presence there. Lately, however, brushes between American and Russian troops in Deir al-Zour have been “increasingly frequent”, according to Politico, which cited “two current US officials and one former US official” in its report. Read more of this post

Italian police seize largest amphetamines shipment ever found, bearing ISIS markings

Guardia di Finanza Italian policePolice in Italy have announced the seizure of the largest shipment of amphetamines in counter-narcotics history, containing drugs believed to have been manufactured by the Islamic State in Syria. The drugs shipment  was intercepted at the port of Salerno, located south of Naples in southwestern Italy.

Italian police announced on Wednesday that it had made “the largest seizure of amphetamines in the world”, both in terms of quantity and street value. The latter is estimated at approximately $1 billion. Drug traffickers are rarely known to transport such large volumes of drugs in a single shipment, due to the risk of capture by the authorities. However, the lack of supply in Europe due to the coronavirus pandemic has prompted suppliers to take unusual risks, according to experts.

The amphetamines —approximately 84 million tablets— were found hidden inside three containers filled with paper cylinders. More pills had been placed inside the hollow parts of agricultural machinery products, according to police. The confiscated tablets are marked with the logo for the drug Captagon, which is better known by its generic name, Fenethylline. Captagon was a popular drug in the Middle East in the 1990s, and today amphetamines produced by the Islamic State bear its logo, according to the United States Drug Enforcement Administration.

The drug is regularly given to Islamic State volunteers prior to battles and terrorist attacks, in order to help reduce their inhibitions, including susceptibility to fear, and to prevent them from feeling physical pain. Security agencies in the Middle East refer to the substance as “the jihad drug”. It is particularly prevalent in Syria, which has become the global leader in the production of illicit amphetamines in the past decade.

Italian police said the shipment was most likely intended for distribution by “a consortium of criminal groups”, who would then traffic the substance to illicit markets across Europe. It would be unthinkable for a single distributor to be able to afford a $1 billion single purchase, according to officials. The largest buyer among these distributors was probably the Camorra —the organized crime syndicate based in the region of Naples. The Camorra has international links through which it can channel the illicit drugs in much larger volumes than other crime syndicates, according to experts.

Asked about the clues that led to the seizure of the amphetamines, a spokesman for the Italian police said the force knew when the shipment was coming in, due to “ongoing investigations we have with the Camorra”. He added, “we intercepted phone calls and members, so we knew what to expect”.

Author: Joseph Fitsanakis | Date: 02 July 2020 | Permalink

Chinese state-linked operatives funded Trump campaign to gain access, says report

Trump and Xi JinpingA report in The Wall Street Journal claims that individuals and groups with ties to the Chinese Communist Party and the Chinese People’s Liberation Army donated substantial funds to the re-election campaign of United States President Donald Trump, in return for access to the White House.

The paper claims that nearly half a million dollars were donated to Mr. Trump’s re-election campaign on behalf of Chinese-linked interests soon after he was sworn in as president in January of 2017. Some of these donations were allegedly among the biggest made to the campaign. The list of donors is headed by four men, according to The Journal, some of whom are naturalized Americans of Chinese background, and at least one is a Chinese citizen and American permanent resident, which means he does not get to vote in the United States. He is believed to have donated $150,000 to the Trump re-election campaign.

Many of these donations are gathered through an organization that was created in the United States in 2017 to help the president get re-elected in 2020, says the paper. Funds raised by the group are funneled to Mr. Trump’s re-election campaign and the Republican National Committee. However, according to The Journal, the people behind the organization have ties to Chinese diplomats in the United States, as well as to the Chinese state.

The paper claims that the money given to the Trump re-election campaign earned some of these donors physical access to the White House and the president in at least one occasion, in May of 2017. Among those who were invited to visit the White House was a personal adviser to Xi Jinping, general secretary of the Chinese Communist Party. Others have ties to the Chinese Communist Party and the Chinese People’s Liberation Army, said the paper. It added that some of these donors have also attended Trump re-election campaign strategy meetings and meetings of the Republican National Committee.

The Wall Street Journal allegations came just days after Mr. Trump’s former National Security Advisor, John Bolton, claimed in a new book that the president solicited his Chinese counterpart for help in securing his re-election. In his new book, The Room Where it Happened, Mr. Bolton claims that the American president asked Mr. Xi to have China purchase billions of dollars of American soybeans, so that farming communities in the Midwest would continue to support the Trump ticket come 2020.

Author: Ian Allen | Date: 30 June 2020 | Permalink

Tension in Iraq as government arrests members of powerful Shi’a militias

Popular Mobilization ForcesThere was growing tension in Iraq over the weekend, as the government in Baghdad announced it had arrested over a dozen members of a powerful Shi’a militia backed by Iran. The arrests marked the first time that the Shi’a dominated Iraqi government moved to curtail the growing power of these heavily armed groups, which some say are threatening the cohesion of the country’s fragile state institutions.

Most of Iraq’s paramilitary groups are members of the Popular Mobilization Forces (PMF), a collection of around 40 different Shiite militias consisting of over 150,000 armed fighters, who helped the Iraqi government defeat the Islamic State in 2017. The militias began to form in the summer of 2014, after Sayyid Ali al-Husseini al-Sistani, the spiritual leader of the Iraqi Shiite community, issued a fatwa (religious degree) that called or the destruction of the Islamic State. The Iranian-supported PMF proved instrumental in the territorial defeat of ISIS. However, the group’s leadership is ideologically aligned with Iran, and many of its members have called for the end of American military and diplomatic presence in Iraq.

In January of this year, many of these groups declared war on the United States, after Washington launched a drone strike that killed the Iranian general Qassem Soleimani and Abu Mahdi al-Muhandis, the leader of the Kita’ib Hezbollah (KH). KH is one of the most powerful Shia militias in Iraq, and controls much territory around the country. In a surprise move on Thursday, Iraqi counterterrorism forces announced they had arrested 14 members of KH, after receiving an intelligence tip. According to the government, the KH members were planning to launch large-scale attacks on Baghdad’s Green Zone, a heavily fortified area of the Iraqi capital that houses the headquarters of most ministries, as well as several embassies.

The arrests were reportedly ordered by Iraq’s new Prime Minister, Mustafa al-Kadhimi, former director of Iraq’s National Intelligence Service, who assumed his new duties on May 7. His appointment ended a prolonged political impasse, as the country had struggled to replace the government of his predecessor, Adil Abdul-Mahdi, who resigned in 2019 following a wave of popular protests. Al-Kadhimi is known to have good relations with Washington, while also being in good standing with Tehran. However, he vouched last month that he would “crush” the paramilitaries, who he views as enemies of Iraqi democracy.

In response to al-Kadhimi’s pronouncements, Shi’a militias have been launching constant small-rocket attacks targeting the Green Zone in recent weeks. Observers warned on Saturday that arrests of KH members have never been known to take place before, so this may be the opening shots of an open war between al-Kadhimi and Iraq’s Shi’a paramilitaries.

Author: Joseph Fitsanakis | Date: 29 June 2020 | Permalink

News you may have missed #909 – Insurgency edition

Al-Hawl refugee campSouth African intelligence concerned about spread of insurgency in Mozambique. This is the first public expression of concern from the South African government that the violence in neighboring Mozambique could spread. Previously, the South African Parliament was informed the matter was only to be discussed behind closed doors. Earlier in June, the South African military reportedly participated in Operation COPPER, in support of the Mozambican Defense Force.

US intelligence says Russia offered Afghans Bounties to kill US troops. American intelligence officials have concluded that a Russian military intelligence unit secretly offered bounties to Taliban-linked militants for killing coalition forces in Afghanistan — including targeting American troops — amid the peace talks to end the long-running war there, according to officials briefed on the matter. The intelligence finding was briefed to President Trump, and the White House’s National Security Council discussed the problem at an interagency meeting in late March, the officials said.

Analysis: The security risk posed by ISIS women smuggling their way out of camp Hol. While a debate rages in Europe over whether or not ISIS women and their children can be repatriated to their European home countries, some women have been taking things into their own hands and returning via illegal smuggling networks, creating new and serious security issues with which European officials must now grapple.

US soldier arrested for helping plan a neo-Nazi attack on his own unit

BoogalooAuthorities in the United States have formally charged an American soldier for helping a secretive neo-Nazi organization plan a terrorist attack on his own unit. Meanwhile, a government fusion center has warned law enforcement agencies that extremists may be planning violent acts in the Washington DC area.

On Monday the US Department of Justice charged Ethan Melzer of Louisville, Kentucky, with crimes including providing material support to terrorist groups. Melzer, 22, was reportedly arrested on June 10. He enlisted in the US Army in December 2018, and began his active service the following year. A few months later, he was assigned to a US military base in Europe.

It was there, according to the indictment, that Melzer was recruited by the Order of Nine Angels. This secretive group, known as O9A, ONA, or simply as The Order, is based mostly in the United Kingdom and is believed to have been around since the 1960s. Its ideology combines two themes, namely the occult and Nazism. US authorities describe The Order as “an occult-based neo-Nazi and racially motivated violent extremist group”, whose members espouse “neo-Nazi, anti-Semitic and Satanic beliefs”. It is widely known in neo-Nazi circles.

Members of The Order call for the overthrow of the Western way of life, which they dismiss as failed because it is associated with the Judeo-Christian tradition. They view the Third Reich as a solution to the ills of Western society and are tactical supporters of Sunni Salafi Jihadist groups, such as al-Qaeda and the Islamic State. The Order calls on its members to keep a small circle of friends and family, and support violent groups whose actions that can help spark a global race war.

In 2019 and the first half of 2020, Melzer allegedly gave secret US Army information to The Order, which included deployment information about his unit and technical data about its weaponry and personnel strength. According to the US government, he gave the information to The Order with the expectation that it would be used by Salafi Jihadists to carry out attacks against US Army personnel. The US government says Melzer confessed to Federal Bureau of Investigation agents that he helped plot a terrorist attack with the aim of killing American military personnel. He has been charged with providing support to terrorist groups and conspiring to murder American military service members, among other crimes.

Meanwhile, a federal fusion center in Washington DC has warned that the national capital could become a target for homegrown violent extremists, whose goal is to provoke racial tension in the country. In an assessment published on Monday, the National Capital Region Threat Intelligence Consortium warned that Washington is “likely an active target for violent adherents of the boogaloo ideology due to the significant presence of US law enforcement entities, and the wide range of First Amendment-Protected events hosted here”. Boogaloo is a term used to describe loosely affiliated groups of subscribers to the view that the US is heading toward inevitable collapse, which should be accelerated through acts of violence aimed at government targets.

Author: Ian Allen | Date: 26 June 2020 | Permalink

Close American ally UAE is secretly training Syrian intelligence units, report claims

KBZACThe United Arab Emirates, one of the United States’ closest Arab allies, is training Syrian intelligence and military officers and is giving financial aid to government-owned civilian facilities in Damascus, a report claims. The UAE broke off diplomatic relations with Damascus at the beginning of the Syrian civil war in 2011. But relations between the two countries were restored in 2018, when the oil kingdom reopened its embassy in the Syrian capital.

According to an investigation by the French-language Arab-affairs publication Orient XXI, which was reported on by the Middle East Monitor, Abu Dhabi began providing logistical, technical and financial assistance to the Syrian government soon after the embassy of the Emirates was reopened in Damascus. Orient XXI said that Emirati instructors are currently training around 40 Syrian military intelligence officers. Of these, 31 are non-commissioned officers, while at least 8 more are information technology and communication systems engineers.

Another group of Emirati instructors are allegedly training members of the Syrian Arab Army’s general staff, including at least five Syrian fighter pilots. The pilots are currently attending an all-expenses paid course at the UAE Air Force’s Khalifa bin Zayed Air College (KBZAC) in Al Ain. Orient XXI reports that the duration of the courses range from 60 days to a year, and are supervised by the intelligence services of the Syrian government. The Syrian supervisory mission at the Khalifa bin Zayed Air College is reportedly headed by Syrian President Bashar al-Assad’s cousin, Lieutenant Colonel Jihad Barakat, who previously commanded Syrian paramilitary units. Washington has tried several times to kill Barakat.

The report by Orient XXI also alleges that the Emiratis have been providing substantial financial aid, medical provisions and food supplies to Syrian government-owned hospitals and welfare centers in Damascus and other regions of the country, which are controlled by al-Assad’s forces. The UAE has already helped rebuilt several public buildings, electric power stations and water plants in Damascus, which were damaged during the war, says Orient XXI. Read more of this post

Turkey arrests four members of alleged French spy ring in Istanbul

French consulate in Istanbul TurkeyFour men have been arrested by Turkish authorities in Istanbul, allegedly for being members of a spy ring operated by an agent who collected information on extremist groups for France’s external spy agency. The arrests were reported on Tuesday by a newspaper with close links to the Turkish government. It is worth noting, however, that the reports have not been confirmed by Turkish officials. If true, the incident points to further deterioration in the relations between the two nations, which are members of the North Atlantic Treaty Organization.

The Turkish daily newspaper Sabah said on Tuesday that the leader of the French-handled spy ring is named Metin Özdemir. He is reportedly a Turkish citizen who worked in the security department of the French consulate in Istanbul. According to the paper, Özdemir admitted to Turkish police that he was sent to France where he took an eight-month-long surveillance and counter-surveillance training course. He was then sent to Georgia by France’s General Directorate for External Security (DGSE), where he gathered intelligence for his French handlers. In exchange for his services, the DGSE allegedly gave Özdemir regular cash payments and offered him a job in the French Foreign Legion.

Özdemir eventually returned to Turkey and was allegedly handled by two DGSE officials that he named as “Virginia” and “Sebastian”. He recruited three more Turkish citizens, including two utility workers, who formed a spy ring. The spy ring members were supplied by the DGSE with forged credentials, identifying them as employees of Turkey’s National Intelligence Organization (MİT). According to Sabah, the spy ring supplied the DGSE with information on 120 individuals, most of whom were members of ultra-conservative religious organizations with alleged links to the Islamic State. The spy ring also allegedly spied on the Directorate of Religious Affairs, Turkey’s state-funded religious authority. Recently, however, Özdemir reportedly fell out with his French handlers and approached Turkish authorities, who promptly arrested him and the rest of the members of his spy ring.

The Sabah report comes just days after France filed a formal complaint with NATO, alleging that one of its warships was threatened in the open seas by a Turkish Navy vessel on June 10. According to French officials, the warship Courbet attempted to approach a Turkish Navy ship named Cirkin, which was believed to be smuggling weapons to Libya. The Turkish vessel refused to identify itself to the Courbet, which was inquiring on behalf of the NATO alliance. It also flashed its radar lights at the French ship, which is usually seen as a sign of impending confrontation, while its crew members were seen wearing bullet-proof vests and standing behind the ship’s mounted weapons. Turkey has denied the French allegations, but NATO said it will launch an investigation into the incident.

Author: Joseph Fitsanakis | Date: 24 June 2020 | Permalink

Analysis: A look at the CIA’s half-century-old ‘disease intelligence’ program

CIAThe general discussion about how and when the White House was alerted by its spy agencies about COVID-19, points to the existence of ‘disease intelligence’ programs in the United States Intelligence Community. Relatively little is known about the history and current state of these programs. Last weekend, however, ABC News’ investigative correspondent Lee Ferran brought to light an article from 48 years ago in a declassified intelligence publication that sheds light on the roots of the Central Intelligence Agency’s disease intelligence effort.

The article was published in the declassified edition of Studies in Intelligence, the CIA’s in-house research publication. Written by Warren F. Carey and Myles Maxfield, the article appeared [.pdf] in the spring 1972 issue of the journal, and is titled “Intelligence Implications of Disease”. It discusses the 1966 outbreak of meningitis in China’s Guangdong Province, which prompted the CIA to begin tracking diseases in a systematic way. The outbreak first appeared in the city that is today known as Guangzhou, and within weeks it had resulted in a military takeover of the Chinese healthcare system. The latter collapsed in places, and prompted the CIA’s Office of Scientific Intelligence (known today as the Directorate of Science and Technology) to begin collecting data in order to assess the political fallout of the disease.

The article states that the CIA cryptonym for the disease was Project IMPACT. Its scope was limited, but it expanded 1968, when the world health community began to issue alerts about the so-called Hong Kong flu. Known officially as Hong Kong/A2/68, the virus spread around the world in a few months, and is believed to have killed between 1 and 4 million people, including around 100,000 Americans. At that time, according to the article in Studies in Intelligence, the CIA’s Project IMPACT “went global”, and was combined with BLACKFLAG, an ongoing effort by the Agency to “computerize disease information and derive trends, cycles and predictions” on a global scale.

Project BLACKFLAG tracked the spread of the disease in the Soviet Union and in North Vietnam, and issued regular analyses of the political ramification of the epidemic. That was not easy, say the authors, given the fact that most nations of the communist bloc tried to conceal information about it. The CIA was also able to issue warnings to its teams of operatives abroad, instructing them to shield themselves from the flu as it spread around East Asia and, eventually, the world.

According the authors, the CIA’s early disease intelligence projects were able to demonstrate that data aggregation was critical in helping monitor and forecast outbreaks. It also showed that these such forecasts could have “an initiating and vital role” in political, military and economic intelligence. Today, says Ferran, the CIA’s disease intelligence program has the same twofold mission it had when it was first conceived: first, to collect intelligence about the actual extent of the spread of diseases abroad —which may differ from the official information provided by foreign governments; and second, to try to forecast the consequences of these trends for American interests in the regions impacted by an ongoing epidemic or pandemic.

► Author: Joseph Fitsanakis | Date: 22 June 2020 | Permalink

NSA director claims Bolton’s book would cause ‘irreparable damage’ to US secrets

Paul NakasoneThe director of America’s largest spy agency claims in a signed affidavit that a forthcoming book by John Bolton, President Donald Trump’s former national security adviser, would critically compromise intelligence secrets if published. Bolton served in that capacity from April 2018 until September 2019. His memoir of his time as President Trump’s national security advisor, titled The Room Where It Happened, is scheduled for publication on Tuesday.

But the White House has sued Bolton, claiming that he did not follow the requirements of his pre-publication screening process by government officials. President Trump’s legal team also claims that, if published, the book would damage critical areas of United States national security.

On Wednesday, the White House’s stance on the book was affirmed by the director of the National Security Agency, General Paul M. Nakasone. In a signed affidavit filed in US District Court in Washington, Gen. Nakasone said he had been asked by the legal adviser of the National Security Council to review “a limited portion” of the draft manuscript of Bolton’s book. He added that he had identified “classified information” in that portion of the manuscript, some of which was classified at the Top Secret/Sensitive and Compartmented Information (TS/SCI) level.

According to Gen. Nakasone’s affidavit, “compromise of this information could result in the permanent loss of a valuable SIGINT source and cause irreparable damage to the US SIGINT system”. SIGINT refers to the gathering of intelligence by intercepting communications signals in the form of information exchanged orally between people or mediated via electronic means.

Gen. Nakasone goes on to state that the unauthorized disclosure of the information contained in Bolton’s book could “reasonably […] be expected to result in exceptionally grave damage” to US national security. This includes causing “considerable difficulties in US and allied relations with specific nations”. The NSA director does not detail the precise damage that Bolton’s revelations could cause to US national security, stating only that the information would compromise an intelligence-collection “capability” that “significant manpower and monetary investments have been and continue to be made to enable and maintain”.

Alongside Gen. Nakasone’s affidavit, the Department of Justice submitted an emergency filing on Wednesday, seeking to block the publication of Bolton’s book on national security grounds. Another affidavit was filed on Wednesday by John Ratcliffe, President Trump’s newly appointed Director of National Intelligence.

Author: Joseph Fitsanakis | Date: 19 June 2020 | Permalink

Cybersecurity researchers uncover first-ever use of LinkedIn to spread malware

LinkedInCybersecurity researchers have uncovered what is believed to be the first-ever case of hackers using LinkedIn to infect the computers of targeted users with viruses, according to a new report. The hackers appear to have been sponsored by government and to have targeted employees of carefully selected military contractors in central Europe, according to sources.

The existence of the alleged cyberespionage operation was revealed on Wednesday by researchers at ESET, a cybersecurity firm based in Bratislava, Slovakia, which is known for its firewall and anti-virus products. The researchers said that the operation was carried out in 2019 by hackers who impersonated employees of General Dynamics and Collins Aerospace, two leading global suppliers of aerospace and defense hardware.

ESET researchers said that the hackers made use of the private messaging feature embedded in LinkedIn to reach out to their targets. After making initial contact with their intended victims, the hackers allegedly offered their targets lucrative job offers and used the LinkedIn private messenger service to send them documents that were infected with malware. In many cases, the targets opened the documents and infected their computers in the process.

The use of the LinkedIn social media platform by hackers to make contact with their unsuspecting victims is hardly new. In 2017, German intelligence officials issued a public warning about what they said were thousands of fake LinkedIn profiles created by Chinese spies to gather information about Western targets. Germany’s Federal Office for the Protection of the Constitution (BfV) said it had identified 10,000 German citizens who had been contacted by Chinese spy-run fake profiles on LinkedIn in a period of just nine months. And in 2018, a report by France’s two main intelligence agencies, the General Directorate for Internal Security (DGSI) and the General Directorate for External Security (DGSE), warned of an “unprecedented threat” to security after nearly 4,000 leading French civil servants, scientists and senior executives who were found to have been accosted by Chinese spies on LinkedIn.

Tricking a target into accessing a virus-infected document file is not a new method either. However, according to the researchers at ESET, this was the first case where LinkedIn was used to actually deliver the malware to the victims. As for the identity of the hackers, there appears to be no concluding information. However, ESET said the attacks appeared to have some connections to Lazarus, a group of hackers with North Korean links. Lazarus has been linked to the 2014 Sony Pictures hack and the 2016 Central Bank of Bangladesh cyber heist, which was an attempt to defraud the bank of $1 billion.

LinkedIn told the Reuters news agency that it had identified and terminated the user accounts behind the alleged cyberespionage campaign. Citing client confidentiality, ESET said it could not reveal information about the victims of the attacks. Meanwhile, General Dynamics and Raytheon Technologies, which owns Collins Aerospace, have not commented on this report.

Author: Joseph Fitsanakis | Date: 18 June 2020 | Permalink

Lax security behind greatest data loss in CIA’s history, internal report concludes

WikiLeaksComplacency and substandard security by the United States Central Intelligence Agency were behind the Vault 7 leak of 2017, which ranks as the greatest data loss in the agency’s history, according to an internal report. The Vault 7 data loss was particularly shocking, given that the CIA should have taken precautions following numerous leaks of classified government information in years prior to 2017, according to the report.

The Vault 7 data leak occurred in the first half of 2017, when the anti-secrecy website WikiLeaks began publishing a series of technical documents belonging to the CIA. Once all documents had been uploaded to the WikiLeaks website, they amounted to 34 terabytes of information, which is equivalent to 2.2 billion pages of text. The information contained in the Vault 7 leak is believed to constitute the biggest leak of classified data in the history of the CIA.

The Vault 7 documents reveal the capabilities and operational details of some of the CIA’s cyber espionage arsenal. They detail nearly 100 different software tools that the agency developed and used between 2013 and 2016, in order to compromise targeted computers, computer servers, smartphones, cars, televisions, internet browsers, operating systems, etc. In 2017 the US government accused Joshua Adam Schulte, a former CIA software engineer, of giving the Vault 7 data to WikiLeaks. Schulte’s trial by jury was inconclusive, and a re-trial is believed to be in the works.

Now an internal report into the Vault 7 disclosure has been made public. The report was compiled by the CIA WikiLeaks Task Force, which the agency set up with the two-fold mission of assessing the damage from the leak and recommending security procedures designed to prevent similar leaks from occurring in the future. A heavily redacted copy of the report has been made available [.pdf] by Senator Ron Wyden (D-OR) who is a member of the US Senate Select Committee on Intelligence. An analysis of the report was published on Tuesday by The Washington Post.

The report recognizes that insider threats —a data leak perpetrated on purpose by a conscious and determined employee, or a group of employees— are especially difficult to stop. It adds, however, that the Vault 7 leak was made easier by “a culture of shadow IT” in which the CIA’s various units developed distinct IT security practices and their own widely different systems of safeguarding data. Many cyber units prioritized creative, out-of-the-box thinking, in order to develop cutting-edge cyber-tools. But they spent hardly any time thinking of ways to safeguard the secrecy of their projects, and failed to develop even basic counterintelligence standards —for instance keeping a log of which of their members had access to specific parts of the data— according to the report.

Such standards should have been prioritized, the report adds, given the numerous high-profile leaks that rocked the Intelligence Community in the years prior to the Vault 7 disclosure. It mentions the examples of Edward Snowden, a former contractor for the National Security Agency, who defected to Russia, as well as Chelsea Manning, an intelligence analyst for the US Army, who gave government secrets to WikiLeaks. Manning spent time in prison before being pardoned by President Barack Obama. Snowden remains in hiding in Russia.

The CIA has not commented on the release of the internal Vault 7 report. An agency spokesman, Timothy Barrett, told The New York Times that the CIA was committed to incorporating “best-in-class technologies to keep ahead of and defend against ever-evolving threats”. In a letter accompanying the release of the report, Senator Wyden warned that “the lax cybersecurity practices documented in the CIA’s WikiLeaks task force report do not appear limited to just one part of the intelligence community”.

Author: Joseph Fitsanakis | Date: 17 June 2020 | Permalink