US spy agencies pore over intelligence acquired in raid that killed al-Baghdadi

Abu Bakr al-BaghdadiAmerican intelligence agencies are studying up to seven terabytes of data that were captured by Special Operations Forces during last week’s nighttime raid that killed Abu Bakr al-Baghdadi in Syria. Officials in Washington told The New York Times on Monday that Delta Force commandos confiscated “a large amount of material” from the raid that killed the Islamic State leader. The material allegedly includes several laptops and cellphones, which contain an estimated “four to seven terabytes of data”, according to one United States official who spoke anonymously to the paper.

It is believed that al-Baghdadi changed hideouts across northern Syria every few days, so it is unlikely that he and his entourage carried with them a large printed archive of Islamic State files. However, even a few hard drives or memory sticks could contain extensive information, said The Times. The commandos that carried out the nighttime raid reportedly spent two hours on the ground collecting intelligence from the site. All of it has now been delivered to experts in the Defense Intelligence Agency, the Central Intelligence Agency and other elements of the US Intelligence Community, who are currently “conducting a preliminary review of the confiscated documents and electronic records”, said the paper.

The information may shed light on questions such as if and how al-Baghdadi ran the Islamic State, how he communicated with the group’s military commanders across Iraq and Syria, and how he exchanged information with other senior Islamic State officials in the Middle East and beyond. There are also questions about al-Baghdadi’s links with the leaders of Islamic State affiliates around the world. Essentially, to what extent did the core leadership of the Islamic State under al-Baghdadi direct the operations of the group’s affiliates abroad? There may also be documents among the confiscated information material that discuss the Islamic State’s changing strategy following the collapse of its territorial base in the Middle East.

In addition to the confiscated information, American troops captured two of al-Baghdadi’s lieutenants who were guarding his compound during last weekend’s raid. The two men are currently being questioned by American interrogators and are eventually going to be handed over to the Iraqi government to face justice, according to The Times.

Author: Joseph Fitsanakis | Date: 29 October 2019 | Permalink

ISIS quickly replaces dead leader with former Saddam loyalist, say sources

Abdullah QardashBarely a day after the United States announced the killing of Islamic State leader Abu Bakr al-Baghdadi, the militant Sunni group has replaced him with an Iraqi former military officer, according to sources. US President Donald Trump said on Sunday that al-Baghdadi, the self-styled Caliph of the Islamic State of Iraq and Syria (ISIS), died by detonating an explosive vest. He reportedly did so after being cornered by American Special Operations Forces troops at his hideout in the northwestern village of Barisha, which is located in the Syrian province of Idlib near the border with Turkey.

Since Sunday’s announcement by the White House, ISIS has remained silent. But an intelligence source reportedly told Newsweek that the Sunni militant group had appointed a new leader just hours after al-Baghdadi’s killing. The American newsmagazine cited a “regional intelligence official” who asked “not to be identified by name or nation”. The official said that al-Baghdadi had been replaced with Abdullah Qardash (pictured), a former high-ranking officer in the Iraqi army, who served under the country’s late leader Saddam Hussein. Qardash’s name is often spelled Karshesh in English, and he is also referred to in some documents as Hajji Abdullah al-Afari —presumably his ISIS moniker.

In August of this year, al-Baghdadi reportedly nominated Qardash to lead ISIS’ religious affairs engagement office, known as “Muslim Affairs”. The nomination is believed to have been accepted, and was even announced in Amaq, the militant group’s semi-official news agency. But Qardash’s name has not been mentioned again in subsequent ISIS communiques. According to Newsweek, the former Iraqi Army officer had already “taken over a number of duties from al-Baghdadi” prior to the latter’s demise. The anonymous regional intelligence officer told the newsmagazine that al-Baghdadi’s role within ISIS was “largely symbolic” in recent months. He was “a figurehead [and] was not involved in operations day-to-day. All he did was say yes or no —no planning”, added the intelligence official.

Author: Joseph Fitsanakis | Date: 28 October 2019 | Permalink

Iranians may have used female spy to ‘honey-trap’ dissident living in France

Ruhollah ZamThe Iranian government may have used a female intelligence officer to lure a leading Iranian dissident from his home in France to Iraq, where he was abducted by Iranian security forces and secretly transported to Iran. Iranian authorities announced the arrest of Ruhollah Zam on October 15. On that day, Iranian state television aired a video showing a blindfolded Zam surrounded by officers of the Islamic Revolutionary Guard Corps (IRGC).

Zam, 46, was a prominent online voice of dissent during the 2009 Green Movement, an Iranian youth-based reform campaign whose leaders called for the toppling of the government in Tehran. He joined other young Iranians in launching AmadNews, a website whose stated purpose was “spreading awareness and seeking justice” in Iran. Soon after its emergence, AmadNews became the online voice of the Green Movement. Following a brief period of detention in 2009, Zam fled Iran and settled in France, from where he continued his online work through AmadNews and its successor, a website and Telegram channel called Seda-ye Mardom (Voice of the People).

Earlier this month, the Iranian government announced that Zam had been captured in a “complicated intelligence operation” that used “modern intelligence methods and innovative tactics” to lure Zam out of France and into the hands of the IRGC. But it did not provide further information about the method that was used to convince Zam to travel to Iraq, whose government is closely aligned with Iran’s. A few days ago, however, the London-based newspaper The Times claimed that the IRGC used a woman to gain Zam’s trust and lure him to Iraq.

Citing exiled Iranian activists that work closely with Zam, the British newspaper said that the woman entered his life nearly two years ago, thus pointing to a lengthy intelligence operation by the IRGC. Over time, she won his trust and eventually convinced him to travel to Jordan on October 11, and from there to Baghdad, Iraq, on October 12. The reason for his trip was that, allegedly, the woman convinced him that Ali al-Sistani, one of the most prominent Shiite clerics in Iraq, had agreed to fund Zam’s online activities. However, the cleric needed to confer with the exiled dissident in person before agreeing to fund his work, according to the woman. It is not known whether Zam and the unnamed woman were romantically involved.

The Times also alleged that Zam’s abduction and arrest was met with “at least tacit approval” by the French intelligence services. The latter now expect that two French academics, who have remained imprisoned in Iran for alleged espionage activities for over a year, will be released as part of a swap with Zam.

Author: Joseph Fitsanakis | Date: 23 October 2019 | Permalink

Russian government cyber spies ‘hid behind Iranian hacker group’

Computer hackingRussian hackers hijacked an Iranian cyber espionage group and used its infrastructure to launch attacks, hoping that their victims would blame Iran, according to British and American intelligence officials. The information, released on Monday, concerns a Russian cyber espionage group termed “Turla” by European cyber security experts.

Turla is believed to operate under the command of Russia’s Federal Security Service (FSB), and has been linked to at least 30 attacks on industry and government facilities since 2017. Since February of 2018, Turla is believed to have successfully carried out cyber espionage operations in 20 different countries. Most of the group’s targets are located in the Middle East, but it has also been connected to cyber espionage operations in the United States and the United Kingdom.

On Monday, officials from Britain’s Government Communications Headquarters (GCHQ) and America’s National Security Agency (NSA) said Turla had hijacked the attack infrastructure of an Iranian cyber espionage group. The group has been named by cyber security researchers as Advanced Persistent Threat (APT) 34, and is thought to carry out operations under the direction of the Iranian government.

The officials said there was no evidence that APT34 was aware that some of its operations had been taken over by Turla. Instead, Russian hackers stealthily hijacked APT34’s command-and-control systems and used its resources —including computers, servers and malicious codes— to attack targets without APT34’s knowledge. They also accessed the computer systems of APT34’s prior targets. In doing so, Turla hackers masqueraded as APT34 operatives, thus resorting to a practice that is commonly referred to as ‘fourth party collection’, according to British and American officials.

The purpose of Monday’s announcement was to raise awareness about state-sponsored computer hacking among industry and government leaders, said the officials. They also wanted to demonstrate the complexity of cyber attack attribution in today’s computer security landscape. However, “we want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them”, said Paul Chichester, a senior GCHQ official.

Author: Joseph Fitsanakis | Date: 22 October 2019 | Permalink

Iran abducts France-based dissident in ‘complex intelligence operation’

Ruhollah ZamIranian authorities have announced the capture of a Paris-based Iranian dissident, who was reportedly lured out of France and then abducted by Iranian agents in a third country. The kidnapped dissident is Ruhollah Zam, 46, son of  Mohammad-Ali Zam, a well-known reformist cleric who served in top Iranian government posts after the 1979 Islamic Revolution. But in 2009 the younger Zam distanced himself from this father and sided with the so-called Green Movement, whose leaders called for the toppling of the government in Tehran. Around that time, Zam was part of a group of Internet-savvy Iranians who launched AmadNews. The website’s stated purpose was “spreading awareness and seeking justice” in Iran, and it soon became the online voice of the Green Movement.

Zam was promptly arrested and jailed for urging Iranian protesters to topple the government. He was eventually released thanks to his father’s status and reputation. He quickly fled Iran and settled in France, from where he continued his online work through AmadNews and its successor, a website and Telegram channel called Seda-ye Mardom (Voice of the People). The Iranian government accuses Zam of inciting violence against the state and claim that his online agitation is funded by the intelligence services of countries like France, Israel and the United States.

On October 15, Iran’s state-owned media network aired a video showing a bound and blindfolded Zam surrounded by armed officers of the Islamic Revolutionary Guard Corps (IRGC). The Iranian government announced that Zam had been captured following a “complicated intelligence operation” using “modern intelligence methods and innovative tactics” to lure Zam out of France and into the hands of the IRGC. It eventually emerged that Zam had flown from France to Jordan on October 11, and from there to Baghdad, Iraq, on October 12. He appeared to be under the impression that he would travel to the Iraqi city of Najaf in order to meet Ali al-Sistani, arguably the most senior Shiite cleric in Iraq.

In the same video, Zam is shown sitting in an armchair next to an Iranian flag, making a statement. He calmly looks at the camera and says that he “fully regrets” his actions directed against Iran. He then says that he made the mistake of entrusting his security to the intelligence services of France. Finally, he warns other dissidents who are involved in agitation against the Iranian state to not trust foreign governments. He names the latter as “the United States, Israel, Saudi Arabia and Turkey”. Iranian officials have not responded to questions about Zam’s current status and fate.

Author: Joseph Fitsanakis | Date: 21 October 2019 | Permalink

Russia preparing to swap imprisoned spies with NATO members, sources claim

LithuaniaThe Russian government is preparing to swap a number of imprisoned spies with at least two member states of the North Atlantic Treaty Organization (NATO), according to reports. The Estonia-based news agency BNS, which is the largest news agency in the Baltics, said on Wednesday that negotiations between Russian and Lithuanian, as well as probably Norwegian, officials were nearing completion.

The alleged spies at the center of the reputed spy swap are said to include Nikolai Filipchenko, who is reportedly an intelligence officer with the Russian Federal Security Service (FSB). Filipchenko was arrested by Lithuanian counterintelligence agents in 2015, allegedly while trying to recruit double agents inside Lithuania. He was charged with using forged identity documents to travel to Lithuania on several occasions between 2011 and 2014. His mission was allegedly to recruit officers in Lithuania’s Department of State Security in order to install listening bugs inside the office of the then-Lithuanian President Dalia Grybauskaite. In 2017, a district court in the Lithuanian capital Vilnius sentenced Filipchenko to 10 years in prison. The alleged Russian spy refused to testify during his trial and reportedly did not reveal any information about himself or his employer. He is believed to be the first FSB intelligence officer to have been convicted of espionage in Lithuania.

BNS reported that the Russians have agreed to exchange Filipchenko for two Lithuanian nationals, Yevgeny Mataitis and Aristidas Tamosaitis. Tamosaitis is serving a 12-year prison sentence in Russia, allegedly for carrying out espionage for the Lithuanian Defense Ministry in 2015. In the following year, a Russian court sentenced Mataitis, a dual Lithuanian-Russian citizen, to 13 years in prison, allegedly for supplying Lithuanian intelligence with classified documents belonging to the Russian government. Lithuanian authorities have refused to comment publicly about Filipchenko and Mataitis, saying that details on the two men are classified. According to BNS, the spy swap may involve two more people, an unnamed Russian national and a Norwegian citizen, who is believed to be Frode Berg, a Norwegian retiree who is serving a 16-year jail sentence in Russia, allegedly for acting as a courier for the Norwegian Intelligence Service.

BNS said on Wednesday that the Lithuanian State Defense Council, which is chaired by the country’s president, had approved the spy exchange, and that Moscow had also agreed to it. On Thursday, however, a spokeswoman for Russia’s Foreign Affairs Ministry said she had “no information on this issue” that she could share with reporters.

Author: Joseph Fitsanakis | Date: 18 October 2019 | Research credit: E.G. | Permalink

Russia detains American diplomats for traveling to top-secret military site

SeverodvinskRussian authorities detained three American diplomats because they allegedly tried to enter a highly secret weapons testing site in northern Russia, according to reports. The site in question is located near the northern Russian city of Severodvinsk. The city is home to a number of military shipyards and is thus restricted for non-Russians. The latter require a special permit to enter it.

In August of this year, Western media reported on a mysterious explosion that took place in a weapons research site located near Severodvinsk. The explosion allegedly happened during testing of a top-secret prototype rocket engine. Russian authorities revealed that five workers died as a result of the explosion, but denied media reports that the explosion had caused a radiation leak that had affected Severodvinsk. The Russian Ministry of Defense also denied allegations that a large-scale nuclear clean-up operation had been conducted in and around Severodvinsk. At the same time, Russian authorities restricted maritime traffic in the White Sea, on the shores of which Severodvinsk is situated.

On Wednesday, the Russian news agency Interfax reported that three American diplomats had been detained by authorities near Severodvinsk, allegedly because they tried to enter the city without the necessary permits. The diplomats were not named but are believed to be military attachés that serve in the United States embassy in Moscow. Interfax said the three were detained on Monday while onboard a passenger train. They were removed from the train, questioned and eventually released. However, they might still face charges of trying to enter a restricted area without permission.

The United States Department of State issued a statement claiming that the three diplomats “were on official travel and had properly notified Russian authorities of their travel”. A State Department spokesman said on Wednesday that the three diplomats’ travel plans had been authorized by the Russian Ministry of Defense. But authorities in Russia said that the three military attachés had been authorized to travel to the city of Arkhangelsk, which is located approximately 30 miles east of Severodvinsk. “We are quite willing to provide the United States embassy with a map of the Russian Federation”, the Russian statement concluded.

Author: Joseph Fitsanakis | Date: 17 October 2019 | Permalink