Senior North Korean counterintelligence official believed to have defected

Chilbosan HotelOne of North Korea’s most senior intelligence officials, who played a major role in building Pyongyang’s nuclear weapons program, has disappeared and is believed to have defected to France or Britain, according to sources. South Korean media identified the missing official as “Mr. Kang”, and said he is a colonel in North Korea’s State Security Department (SSD), also known as Ministry of State Security. Mr. Kang, who is in his mid-50s, enjoyed a life of privilege in North Korea, because he is related to Kang Pan-sok (1892-1932), a leading North Korean communist activist and mother to the country’s late founder, Kim Il-sung.

According to South Korean reports, Kang was in charge of North Korea’s counter-espionage operations in Russia and Southeast Asia, including China. He is also believed to have facilitated secret visits to Pyongyang by foreign nuclear scientists, who helped build North Korea’s nuclear weapons program. In recent years, Kang was reportedly based in Shenyang, the largest Chinese city near the North Korean border, which is home to a sizeable ethnic Korean population. According to reports, Kang led Unit 121, an elite North Korean hacker group based in Shenyang, with the aim of carrying out cyber-attacks without implicating North Korea. The South Korean-based DailyNK website said on Wednesday that Kang had been based at the Zhongpu International Hotel in Shenyang (until recently named Chilbosan Hotel), which has historically been operated through a joint Chinese-North Korean business venture and is known to host numerous North Korean government officials.

But according to DailyNK, Kang disappeared from Shenyang in February and is now believed to have defected, possibly “to France or Great Britain”. The Seoul-based website said Kang took “a lot of foreign currency with him” as well as “a machine capable of printing American dollars”. Following Kang’s disappearance, the government in Pyongyang launched a worldwide manhunt for him, sending at least 10 agents to assassinate him before he is given political asylum in the West, said DailyNK. Pang’s family, including his wife and children, are believed to still be in Pyongyang.

Author: Joseph Fitsanakis | Date: 3 May 2018 | Permalink

Advertisements

CIA is running informal negotiation channels with North Korea, say sources

Mike PompeoThe Central Intelligence Agency has reportedly established back channels for negotiation between the United States and North Korea, which the Department of State is now using to communicate with Pyongyang. Rex Tillerson, who was summarily fired as US Secretary of State by President Donald Trump last week, was famously in favor of diplomatic negotiations between the US and North Korea. The White House had resisted and even publicly criticized Tillerson’s views. Ironically, Tillerson was fired just as his pro-diplomacy views on North Korea are being adopted by the White House.

It is now the task of the new US Secretary of State, Mike Pompeo to help facilitate President’ Trump’s desire to meet with North Korean Supreme Leader Kim Jong-un. On Sunday, US television network CBS reported that Pompeo had already established an informal negotiation channel with Pyongyang during his prior post as director of the Central Intelligence Agency. According to CBS, the CIA used the back channel to communicate directly with the North Korean regime, bypassing the Department of State, which is the traditional instrument of US foreign policy. The network quoted “two current and one former” US officials, which it did not name.

Now that Pompeo has been placed in charge of the Department of State, said CBS, he has already tapped into the CIA’s direct line of communication with Pyongyang, and has begun utilizing it as Secretary of State. The CIA remains in charge of the channel, according to the television network. Meanwhile, German news media said on Sunday that North Korea’s missiles could now reach Germany and other areas of Western Europe. The reports quoted Dr. Ole Diehl, deputy director of the BND, Germany’s foreign-intelligence agency, who allegedly made the statement at a closed-door meeting of the Bundestag, Germany’s parliament.

Author: Joseph Fitsanakis | Date: 19 March 2018 | Permalink

US spy agency to help human rights groups monitor North Korea

NGAThe National Geospatial-Intelligence Agency (NGA), one of America’s most secretive spy organizations, will work with a number of human-rights groups to monitor human rights in North Korea, according to a senior NGA official. Formed in 1996 as the National Imagery and Mapping Agency, the NGA operates under the supervision of the US Department of Defense. It is tasked with supporting US national security by collecting, analyzing and distributing geospatial intelligence. It also performs a combat-support mission for the Pentagon. The agency collects most of its data from satellites, surveillance aircraft and unmanned surveillance drones. Headquartered in a vast 2.3 million square foot building in Washington, the NGA is known for its secretive nature and rarely makes headlines.

Recently, however, NGA data expert Chris Rasmussen told Foreign Policy that the agency is finalizing an innovative agreement to work with human rights groups on North Korea. Rasmussen, a longtime military analyst, said that the NGA would provide the groups with access to raw imagery collected through airborne reconnaissance, and would share with them analyses by its experts. The groups would also be able to use a digital imagery application developed by NGA for use by its analysts. The human rights groups specialize on human rights in North Korea and have in the past used commercial satellite imagery data to help locate mass execution sites and mass graves in the secretive Asian country. They have also been able to locate concentration camps and have evaluated the impact of natural disasters in North Korea. Now the NGA will share its intelligence collection arsenal with these groups, in an attempt to shed further light on the state of human rights in North Korea.

Rasmussen said he could not yet reveal the names of the human rights groups that the NGA is preparing to work with, nor give details about the precise topics that the collaboration would focus on, because the official agreements are still being formalized. However, he said that no US intelligence agency had ever worked so closely with human rights organizations. “This kind of collaboration has never been done before with an intelligence agency”, said Rasmussen. He added that the NGA is hoping to use this collaboration as an incubator to “expand to other areas” with human rights groups and think tanks.

Author: Joseph Fitsanakis | Date: 05 March 2018 | Permalink

North Korean leaders used fraudulent Brazilian passports to travel abroad

Josef PwagThe late Supreme Leader of North Korea, Kim Jong-il, and his son and current Supreme Leader Kim Jong-un, used forged Brazilian passports to secure visas for overseas trips and to travel abroad undetected, according to reports. The Reuters news agency cited five anonymous “senior Western European security sources” in claiming that the two North Korean leaders’ images appear on Brazilian passports issued in the 1990s. The news agency posted images of the passports, which appear to display photographs of Kim Jong-il and Kim Jong-un. It said that the two leaders’ faces had been verified through the use of facial recognition software.

The passports were issued in the name of Josef Pwag and Ijong Tchoi. Both bear fake dates of birth and list Sao Paulo, Brazil, as the passport holders’ birthplace. Both passports bear the issuance stamp of the “Embassy of Brazil in Prague”, Czech Republic, and are dated February 26, 1996. Reuters cited an anonymous source from Brazil, who said that the fake passports were not forged from scratch. They were in fact genuine travel documents that had been sent out in blank form for use by the Brazilian embassy’s passport issuance office. The Reuters report quotes an unnamed Western security official who said that the forged passports were mostly likely used by their holders to secure travel visas from foreign embassies in Southeast Asia, mostly in Japan and Hong Kong. They could also have been used as back-ups, in case the two Kims needed to be evacuated from North Korea in an emergency —for instance an adversarial military coup or a foreign military invasion. At the very least, the passports indicate a desire to secure and safeguard the Kims’ ability to travel internationally.

North Korea’s intelligence services are known for making extensive use of fraudulent passports. Readers of this blog will recall that the two female North Korean agents who killed Kim Jong-nam, Kim Jong-un’s half-brother, in February of 2017, had been supplied with forged passports. The two women, who are now in prison in Malaysia, were using Indonesian and Vietnamese passports.

Reuters said it contacted the Ministry of Foreign Affairs of Brazil, which said it was still investigating the whether the two passports were indeed issued to members of North Korea’s ruling family, and how they came to be issued. The news agency also contacted the embassy of North Korea in Brazil, but officials there declined to comment.

Author: Joseph Fitsanakis | Date: 01 March 2018 | Permalink

Previously obscure N. Korean hacker group is now stronger than ever, say experts

APT37A little-known North Korean cyber espionage group has widened its scope and increased its sophistication in the past year, and now threatens targets worldwide, according to a new report by a leading cyber security firm. Since 2010, most cyber-attacks by North Korean hackers have been attributed to a group dubbed “Lazarus” by cyber security specialists. The Lazarus Group is thought to have perpetrated the infamous Sony Pictures attacks in 2014, and the worldwide wave or ransomware attacks dubbed WannaCry by experts in 2017. It is widely believed that the Lazarus Group operates on behalf of the government of North Korea. Most of its operations constitute destructive attacks —mostly cyber sabotage— and financial criminal activity.

For the past six years, a smaller hacker element within the Lazarus Group has engaged in intelligence collection and cyber espionage. Cyber security researchers have dubbed this sub-element “APT37”, “ScarCruft” or “Group123”. Historically, APT37 has focused on civilian and military targets with links to the South Korean government. The hacker group has also targeted human rights groups and individual North Korean defectors living in South Korea. However, a new report warns that APT37 has significantly expanded its activities in terms of both scope and sophistication in the past year. The report, published on Tuesday by the cyber security firm FireEye, suggests that APT37 has recently struck at targets in countries like Vietnam and Japan, and that its activities have disrupted telecommunications networks and commercial hubs in the Middle East.

According to the FireEye report, aerospace companies, financial institutions and telecom- munications service providers in at least three continents have been targeted by APT37 in recent months. What is even more worrying, says the report, is that the hacker group is now capable of exploiting so-called “zero-day” vulnerabilities. These are software bugs and glitches in commonly used software, which have not been detected by software providers and are therefore exploitable by malicious hackers. FireEye said in its report that the North Korean regime will be tempted to use APT37 increasingly often “in previously unfamiliar roles and regions”, as cyber security experts are catching up with some of Pyongyang’s more visible hacker groups, such as Lazarus.

Author: Joseph Fitsanakis | Date: 21 February 2018 | Permalink

North Korea used Berlin embassy to acquire nuclear tech, says German spy chief

North Korean embassy in BerlinNorth Korea used its embassy in Berlin to acquire technologies that were almost certainly used to advance its missile and nuclear weapons programs, according to the head of Germany’s counterintelligence agency. For many decades, Pyongyang has used a sophisticated international system of procurement to acquire technologies and material for its conventional and nuclear weapons programs. These secret methods have enabled the country to evade sanctions placed on it by the international community, which wants to foil North Korea’s nuclear aspirations.

But according to Hans-Georg Maassen, director of Germany’s Federal Office for the Protection of the Constitution (BfV), at least some of the technologies used by North Korea to advance its nuclear program were acquired through its embassy in Berlin. Maassen admitted this during an interview on ARD television, part of Germany’s national broadcasting service. The interview will be aired on Monday evening, but selected excerpts were published on Saturday on the website of NDR, Germany’s national radio broadcaster. Maassen was vague about the nature of the technology that the North Koreans acquired through their embassy in Berlin. But he said that North Korean diplomats and intelligence officers with diplomatic credentials engaged in acquiring so-called “dual use” technologies, which have both civilian and military uses. These, said Maassen, were acquired “with a view to [North Korea’s] missile program and sometimes also for the nuclear program”.

Maassen noted that the BfV had evidence of North Korean diplomats in Berlin attempting to procure dual use technologies as late as 2016 and 2017. “When we notice such actions, we prevent them”, said the BfV director, adding that in 2014 his agency prevented a North Korean diplomat from acquiring equipment that could have been used to develop chemical weapons. However, “we simply cannot guarantee that we are able to detect and block each and every attempt”, said Maassen.

Author: Ian Allen | Date: 05 February 2018 | Permalink

Nuclear scientist expelled from China kills himself in North Korean prison

Sinuiju North KoreaA North Korean nuclear scientist who defected to China but was involuntarily sent back to North Korea in November reportedly killed himself in his North Korean cell hours before he was due to be interrogated. Information about the scientist’s alleged suicide was issued on Thursday by Radio Free Asia (RFA), a multilingual news service based in Washington, DC, which is funded by the United States government. The service said its reporters spoke to an anonymous source in North Hamgyong province, North Korea’s northernmost region that borders China. The source identified the late scientist as Hyun Cheol Huh, but cautioned that this may not be his real name, because the North Korean security services are known to “use […] fake names when referring to important persons” in their custody.

Hyun was reportedly a senior nuclear researcher at North Korea’s Academy of Sciences in Pyongyang, an institution that plays a crucial role in North Korea’s biological and nuclear weapons programs. According to RFA, Hyun defected while on vacation from his work. He traveled to the Chinese border to visit relatives, but did not file an application for travel documents. These are required for travel within North Korea. He then disappeared. On November 4, China Immigration Inspection officers arrested a large group of undocumented North Korean nationals in the city of Dandong, reportedly after receiving a tip by North Korean intelligence. Among them was Hyun, who was involuntarily sent back to North Korea on November 17 by the Chinese authorities.

As is common practice with captured North Korean defectors, the scientist was placed in solitary confinement in Sinŭiju, a city on the Yalu River right across the Chinese border. But when guards entered Hyun’s cell to take him to his first interrogation, they found him dead. The source told RFA that Hyun “killed himself only a few hours after he was placed in solitary confinement at the State Security Department in Sinuiju city”. Hyun’s death was reportedly caused by poison, which he is believed to have taken with the intent of taking his own life. There was no explanation of where and how Hyun was able to secure the poison. “He must have been searched many times while being taken from China to Sinuiju, so it’s a mystery how he was able to conceal the poison he took”, the source told RFA. The source added that upon his arrest Hyun did not tell Chinese Immigration Inspection officers that he was a nuclear scientist. Doing so would probably have averted his expulsion back to North Korea.

Author: Ian Allen | Date: 29 December 2017 | Permalink