Analysis: Who was behind the raid on the North Korean embassy in Madrid?

North Korea SpainAn obscure North Korean dissident group was most likely behind a violent raid on North Korea’s embassy in Madrid on February 22, which some reports have pinned on Western spy agencies, including the Central Intelligence Agency. The group, known as the Cheollima Civil Defense, is believed to be the first North Korean resistance organization to declare war on the government of Supreme Leader Kim Jong-un.

THE ATTACK

The attack took place at 3:00 in the afternoon local time in Aravaca, a leafy residential district of northern Madrid, where the embassy of North Korea is located. Ten assailants, all Southeast Asian-looking men, entered the three-story building from the main gate, brandishing guns, which were later found to be fake. They tied up and gagged the embassy’s staff, as well as three North Korean architects who were visiting the facility at the time. But one staff member hid at the embassy. She eventually managed to escape from a second-floor window and reach an adjacent building that houses a nursing home. Nursing home staff called the police, who arrived at the scene but had no jurisdiction to enter the embassy grounds, since the premises are technically North Korean soil. When police officers rang the embassy’s doorbell, an Asian-looking man appeared at the door and Q Quote 1said in English that all was fine inside the embassy. But a few minutes later, two luxury cars belonging to the North Korean embassy sped away from the building with the ten assailants inside, including the man who had earlier appeared at the front door.

Once they entered the embassy, Spanish police found eight men and women tied up, with bags over their heads. Several had been severely beaten and at least two had to be hospitalized. The victims told police that the assailants were all Korean, spoke Korean fluently, and had kept them hostage for nearly four hours. But they refused to file formal police complaints. The two diplomatic cars were later found abandoned at a nearby street. No money was taken by the assailants, nor did they seem interested in valuables of any kind. But they reportedly took with them an unknown number of computer hard drives and cell phones belonging to the embassy staff. They also stole an unknown quantity of diplomatic documents, according to reports.

POSSIBLE FOREIGN CULPRITS

Within a few hours, Spanish police had reportedly ruled out the possibility that the assailants were common thieves, arguing that the attack had been meticulously planned and executed. Also, common thieves would have looked for valuables and would not have stayed inside the embassy for four hours. Within a week, several Spanish newspapers, including the highly respected Madrid daily El País and the Barcelona-based El Periodico, pinned the raid on Western intelligence services. They cited unnamed police sources who claimed that at least two of the assailants had been identified and found to have links with the CIA. The reports also cited claims by embassy employees that the attackers interrogated them extensively about Soh Yun-sok, North Korea’s former ambassador to Madrid. Soh became Pyongyang’s chief nuclear negotiator after he was expelled by the Spanish government in 2017 in protest against North Korea’s nuclear missile tests. Read more of this post

Advertisements

North Korea-linked hackers growing in reach and sophistication, McAfee warns

Computer hackingA computer hacking group with links to the North Korean government has a wider reach and is more sophisticated than was initially believed, according to the computer security firm McAfee. The group, dubbed Lazarus by cybersecurity experts, is believed to be connected with Guardians of Peace, the hacker team that orchestrated the 2014 attacks on Sony Pictures Entertainment. The company drew the ire of the North Korean government for producing The Interview, a black comedy based on a fictional attempt by two Americans to assassinate North Korean leader Kim Jong-un. Known collectively as ‘the Sony Pictures hack’, the attacks included the compromise of internal documents and unreleased copies of films produced by Sony, as well as personal attacks on Sony executives and members of their families. There were also attempts to damage Sony’s digital infrastructure, which cost the company an undisclosed amount in damages, believed to be in the millions of dollars.

In February of last year, the computer security software company McAfee said that Lazarus was behind an ongoing campaign targeting global banks and bitcoin users. On Sunday, the California-based firm said that Lazarus was responsible for what its experts call Operation SHARPSHOOTER, a widespread effort to compromise key industries across several continents. Speaking at the RSA IT security conference in San Francisco, McAfee experts said that SHARPSHOOTER began as early as September of 2017, and that it was first detected in December of 2018. By that time, said McAfee, around 80 firms and organizations had been targeted by Lazarus. But in recent months, it has become clear that SHARPSHOOTER is “more extensive in complexity, scope and duration” than previously thought, according to McAfee experts. They added that they drew this conclusion based on “command-and-control serve code” data that was made available to them by an unnamed “government entity”. This is the type of forensic data that is customarily seized by government agencies and is rarely made available to cybersecurity researchers in the private sector, said the McAfee representatives. This “non-typical access” afforded McAfee technical experts “a rare opportunity” to examine “the inner workings [of Lazarus’] cyberattack infrastructure”, they added.

As a result, the company’s “confidence levels are now much higher” that Lazarus is targeting key agencies and industries, including government organizations involved with national defense, energy and critical infrastructure. Most of Lazarus’ targets are in the United States, Germany and Turkey. But smaller attacks have been detected in Asia and Africa, in countries such as the Philippines and Namibia. Many attacks begin with so-called ‘spearphishing’ attempts, which target particular employees of agencies or firms. These attacks center on emails that are “masked as extremely convincing job recruitments”. The emails contain links to Microsoft Word or Adobe PDF files on popular file-sharing platforms like DropBox, which are infected with malware, said McAfee.

Author: Joseph Fitsanakis | Date: 05 March 2019 | Permalink

CIA has maintained secret communication with North Korea for 10 years

Mike Pompeo North KoreaWith presidential approval, the United States Central Intelligence Agency has maintained a secret channel of communication with North Korea since at least 2009, according to The Wall Street Journal. Many were surprised in 2018, when the then CIA director Mike Pompeo made a sudden visit to Pyongyang to speak with senior North Korean officials. But according to The Wall Street Journal, the CIA channel with the North Koreans had been there since at least 2009 and Pompeo simply “re-energized it” after being instructed to do so by the White House.

The United States and North Korea have never had official diplomatic relations, nor have they ever maintained embassies at each other’s capitals. In rare instances, the North Korean Permanent Mission to the United Nations in New York has been utilized to pass messages from the White House to the communist country’s Ministry of Foreign Affairs. No other systematic diplomatic activity between the two sides has ever been reported.

But an article published in The Wall Street Journal on Monday claims that an intelligence channel between the CIA and unspecified North Korean intelligence officials has been active —with some periods of dormancy— for at least a decade. The previously unreported channel has led to a number of public meetings, such as the 2014 visit to Pyongyang by James Clapper, the then US Director of National Intelligence, as well as an earlier visit to the North Korean capital by former US President Bill Clinton in 2009. But, says the paper citing “current and former US officials”, most of the contacts have been secret. They include several visits to North Korea by CIA official Joseph DeTrani before and after Clinton’s visit, as well as two trips to Pyongyang by CIA Deputy Director Michael Morell, in 2012 and 2013. His successor, Avril Haines, also visited North Korea, says The Journal, but notes that the channel went “dormant late in the Obama administration”.

Upon becoming CIA director following the election of Donald Trump to the presidency, Mike Pompeo was briefed about the secret channel’s existence and decided to resume it, with Trump’s agreement. That led to his eventual visit to North Korea along with Andrew Kim, who at the time headed the CIA’s Korea Mission Center. Eventually, this channel of communication facilitated the high-level summit between President Trump and Supreme leader Kim Jong-un in June 2018 in Singapore. The Wall Street Journal said it reached out to the CIA, the Department of State and the White House about this story, but received no responses. The North Korean mission in the United Nations in New York also declined to comment.

Author: Joseph Fitsanakis | Date: 22 January 2019 | Permalink

North Korean ambassador to Rome missing since November, says Seoul

Jo Song-gilThe acting ambassador of North Korea to Italy has been missing for two months and there are reports that he may be under the protection of a Western country. Jo Song-gil (pictured), 48, a career diplomat who is fluent in Italian, French and English, presented his diplomatic credentials to the Italian government in May of 2015. In October 2017, he became his country’s acting ambassador after Italian authorities expelled Ambassador Mun Jong-nam from the country. The expulsion came in response to North Korea’s nuclear test in September of that year, when Pyongyang announced the detonation of a hydrogen bomb that could be loaded onto an intercontinental ballistic missile.

Jo is believed to be from a high-ranking family of officials and diplomats with a long history in the ruling Workers Party of Korea. His father is a retired diplomat and his wife’s father, Lee Do-seop, spent many years as Pyongyang’s envoy in Hong Kong and Thailand. It is believed that Jo had been permitted to take his wife and children with him to Rome, a privilege that is bestowed only to the most loyal of North Korean government official. Sources in the Italian government were quoted by British media on Thursday saying that Pyongyang had notified Italy’s Ministry of Foreign Affairs in October that Jo would be replaced in December. On Thursday, however, Kim Min-ki, a South Korean member of parliament, told reporters in Seoul that Jo had been missing since November. Kim added that he and a group of other parliamentarians had been briefed on the mater by officials from the National Intelligence Service, South Korean’s primary external intelligence agency. He went on to say that Jo’s wife and children were believed to have vanished with him and that South Korean authorities had not made contact with them since their disappearance.

Meanwhile, South Korean press reports stated on Thursday that Jo and his family “were in a safe place” under the protection of the Italian government, while they negotiated their defection. But Italian officials told the BBC that the Ministry of Foreign Affairs had “no record of an asylum request made by Jo” or other members of his family. Citing an anonymous “diplomatic source”, the Seoul-based JoongAng Ilbo said that the former ambassador and his wife were in the process of negotiating their defection to a Western country, along with an offer of political asylum. The paper did not name the country, but said that the missing family did not intend to remain in Italy. IntelNews regulars will recall the last defection of a senior North Korean diplomat in August 2016, when Thae Yong-ho, second-in-command at the North Korean embassy in London, defected to South Korea with his family.

Author: Joseph Fitsanakis | Date: 04 January 2019 | Permalink

Head of CIA’s Korean mission center to resign, say sources

Andrew KimA senior North Korea expert in the United States Central Intelligence Agency, who has been instrumental in the ongoing negotiations between Washington and Pyongyang, has tendered his resignation, according to sources. The official was identified last may by US media as Andrew Kim, a former South Korean citizen who moved to the US with his parents when he was 13 years old. According to sources, Kim joined the CIA after graduating from college and rose through the Agency’s ranks to serve its stations in Moscow, Beijing and Bangkok. His most recent overseas post was reportedly in Seoul, where he served as the CIA’s station chief —the most senior American intelligence official in the country.

Following his return to the US from Seoul, Kim reportedly retired, but returned last year to head the CIA’s new Korea Mission Center (KMC). The purpose of the specialized unit is to analyze Pyongyang’s ballistic missile and nuclear weapons programs, which the administration of US President Donald Trump considers as matters of priority for the White House. It was as head of the KMC that Kim reportedly met Mike Pompeo once he became Director of the CIA in January 2017. The two men worked closely together and it is believed that Kim’s role was instrumental in organizing the negotiations between Washington and Pyongyang that led to last summer’s historic high-level meeting between President Trump and Supreme Leader Kim Jong-un. According to American and South Korean media, Kim accompanied the then-CIA director on his secret trip to North Korea. He also accompanied Pompeo on his trips to North Korea once the Kansas Republican became Secretary of State.

The Yonhap News Agency said on Tuesday that Kim initially intended to leave his CIA post in the summer, but was persuaded by Secretary Pompeo to continue. However, he has now tendered his resignation, which will take effect on December 20. Citing “multiple sources”, including “a senior official at South Korea’s National Intelligence Service”, the Seoul-based news agency said that Kim plans to take up an academic post at Stanford University, adding that he intends to continue serving as an adviser to the secretary of state. Prior media reports have stated that “Kim is widely viewed as a hawk on North Korea”, so there are suspicions that his departure from the CIA stems from his disagreement with the policy of negotiation signaled by President Trump. However, the CIA has not commented on the Yonhap report. The South Korean agency said that the CIA is already reviewing candidates to succeed Kim.

Author: Joseph Fitsanakis | Date: 28 November 2018 | Permalink

French senior civil servant arrested on suspicion of spying for North Korea

Benoît QuennedeyA senior civil servant in the upper house of the French parliament has been arrested on suspicion of spying for North Korea, according to prosecutors. The news of the suspected spy’s arrest was first reported on Monday by Quotidien, a daily politics and culture show on the Monaco-based television channel TMC. The show cited “a judicial source in Paris” and said that France’s domestic security and counterintelligence agency, the General Directorate for Internal Security (DGSI), was in charge of the espionage case.

The senior administrator has been identified as Benoit Quennedey, a civil servant who liaises between the French Senate and the Department of Architecture and Heritage, which operates under France’s Ministry of Culture. Quennedey was reportedly detained on Sunday morning and his office in the French Senate was raided by DGSI officers on the same day. Quotidien said that he was arrested on suspicion of “collecting and delivering to a foreign power information likely to subvert core national interests”. The report did not provide specific information about the type of information that Quennedey is believed to have passed to North Korea. It did state, however, that a counterintelligence investigation into his activities began in March of this year.

Quennedey is believed to be the president of the Franco-Korean Friendship Association, the French branch of a Spanish-based organization that lobbies in favor of international support for North Korea. Korea Friendship Association branches exist in over 30 countries and are believed to be officially sanctioned by Pyongyang. They operate as something akin to the pre-World War II Comintern (Communist International), a Moscow-sanctioned international pressure group that advocated in favor of Soviet-style communism around the world. French media reported on Monday that Quennedey traveled extensively to the Korean Peninsula in the past decade and has written a French-language book on North Korea. News reports said that the French President Emmanuel Macron had been made aware of Quennedey’s arrest. The senior civil servant faces up to 30 years in prison if found guilty of espionage.

Author: Joseph Fitsanakis | Date: 27 November 2018 | Permalink

Group of 13 North Korean defectors say they were ‘forcibly kidnapped’ by South

Pyongyang Restaurant in Jakarta, IndonesiaA group of 12 female North Korean restaurant workers and their male manager claim that their widely advertised defections in 2016 were fake, and that they were in fact abducted by South Korea’s spy services. The North Korean government maintains a chain of North Korea-themed restaurants throughout Asia, which operate as popular tourist attractions across Southeast Asia. The state-owned restaurants help provide the cash-strapped regime in Pyongyang with desperately needed foreign funds. The North Korean staff —almost all of them female— who work at these restaurants are carefully vetted and chosen to represent the reclusive regime abroad. Some observers claim that these restaurants serve “as a main front to conduct intelligence gathering and surveillance [against foreign] politicians, diplomats, top corporate figures and businessmen”.

In April of 2016, the entire staff of a North Korean restaurant in the Chinese city of Ningbo defected. They disappeared all of a sudden, and reappeared a few days later in South Korean capital Seoul, where South Korean authorities held a press conference. The South Koreans told reporters that the 13 North Koreans had decided to defect after watching South Korean television dramas, which allegedly caused them to lose faith in the North Korean system of rule. But Pyongyang dismissed the defections as propaganda and claimed that its citizens had been abducted by South Korean intelligence.

Now in a shocking interview published by South Korea’s Yonhap news agency, Ho Kang-il, the male manager of the North Korean restaurant in Ningbo said that he and his staff had been forcibly taken to South Korea. Ho told Yonhap that he had been approached by officers of South Korea’s National Intelligence Service (NIS) who tried to entice him to defect to South Korea. They told him that he could open a restaurant if he chose to lead a new life in the south. Initially Ho said he was interested in the offer. But when he appeared to change his mind, the NIS officers threatened to inform the North Korean embassy in China that he had been speaking with them. Ho also said that the NIS officers blackmailed his staff at the restaurant using similar methods. Consequently, all 13 of them decided to cooperate with the NIS, as they “had no choice but to do what they told [us] to do”, said Ho.

On Sunday, the United Nations’ Special Rapporteur on Human Rights in North Korea, Ojea Quintana, said during a press conference that the UN was concerned about the allegations made by Ho. He also said that some of the North Korean defectors had told UN personnel that they left China without knowledge of where they were being taken by South Korean intelligence. Quintana concluded his remarks by calling for a “thorough investigation” into the alleged abductions of the North Koreans.

Author: Joseph Fitsanakis | Date: 18 July 2018 | Permalink