Malaysia releases second female assassin of Kim Jong-un’s half-brother from prison

Siti AisyahThe second of two female assassins who killed the half-brother of North Korean leader Kim Jong-un in 2017 in Kuala Lumpur has been released from prison by the Malaysian state, after a mostly secret trial. The two women, Doan Thi Huong of Vietnam and Siti Aisyah of Indonesia (pictured), approached Kim Jong-nam as he was waiting to board a plane at the Kuala Lumpur International Airport on February 13. The estranged half-brother of the North Korean leader was about to travel to Macau, where he had been living in self-exile since 2007. Soon after his encounter with the two women, Kim collapsed and eventually died from symptoms associated with VX nerve agent inhalation. Huong was arrested on February 15, when she returned to the same airport to catch an outbound flight to Vietnam. Siti’s arrest was announced a day later.

Both women told Malaysian police that they worked as escorts and that they were under the impression that they had been hired by a Japanese YouTube show to carry out a televised prank on an unsuspecting traveler. They claimed that they did not realize that the men who had hired them several months prior to the assassination operation were agents of the North Korean government —which international authorities blamed for Kim’s murder. In March of this year, Malaysian authorities announced that all charges against the Indonesian woman, Siti, had been dropped, and that she would be released from detention. No reasoning behind the decision was provided to the media. On Thursday, it was revealed that Huong would be freed, after she agreed to plead guilty to a much lesser charge of “causing bodily injury”, as requested by government prosecutors.

What is behind the decision of the Malaysian court? British newspaper The Guardian said last month that the government of Indonesia engaged in intense “behind-the-scenes diplomacy” in order to have its citizen released. These efforts “significantly influenced how events […] unfolded in the courtroom”, said the paper. Additionally, the Malaysian government had been uncomfortable with the international attention of this incident from the very beginning, and had expressed the desire “to be done with the trial because it was diplomatically inconvenient”, according to The Guardian. The paper added that, as the international status of Kim Jong-un rose unexpectedly through his meetings with United States President Donald Trump, Malaysia sought to be “part of this conversation”. Kuala Lumpur thus decided that “the recovery of [its] relationship with Pyongyang [was] more important than justice for the assassination of Kim Jong-nam”, former South Korean intelligence officer Dr. Nam Sung-wook told The Guardian.

Author: Joseph Fitsanakis | Date: 03 May 2019 | Permalink

Advertisements

Spain returns stolen material to North Korean embassy in Madrid, say sources

North Korea SpainAuthorities in Spain have returned material that was stolen from the embassy of North Korea in Madrid by a group of raiders in February, according to a source that spoke to the Reuters news agency. The unprecedented attack took place in the afternoon of February 22 in a quiet neighborhood of northern Madrid, where the North Korean embassy is located. Ten assailants, all Asian-looking men, entered the three-story building from the main gate, brandishing guns, which were later found to be fake. They tied up and gagged the embassy’s staff and some visitors to the embassy. After several hours spent inside the buildings, the assailants abandoned the building in two embassy vehicles that were later found abandoned.

A few weeks following the raid, a North Korean dissident group calling itself Cheollima Civil Defense —also known as Free Joseon— claimed responsibility for the attack. Cheollima Civil Defense is North Korea’s first known active resistance group. Its members call for the overthrow of the Kim dynasty. Subsequent reports said that some of those who took part in the embassy raided fled to the United States and approached the Federal Bureau of Investigation (FBI) with an offer to hand over computer hardware and telephones captured in the attack. On Tuesday, the Reuters news agency reported that the FBI “returned the material [to Spanish authorities] two weeks ago”, and that Spanish police handed it over to the North Koreans. Citing “a Spanish judicial source”, Reuters said that American authorities returned the material directly to the Spanish court that is investigating the raid.

According to the news agency, Spanish authorities returned the material to the North Korean embassy without reviewing its contents, thus complying with the norms of diplomatic protocol. Data and items belonging to foreign embassies are usually off-limits to the authorities of host nations. The report did not clarify whether the FBI returned all the material that was stolen by the raiders in February, nor did it state whether the FBI reviewed its contents prior to handing it over to the Spanish court.

Author: Joseph Fitsanakis | Date: 17 April 2019 | Permalink

Dissident group ‘approached the FBI’ after raid on North Korean embassy in Madrid

North Korea embassy SpainMembers of a self-styled dissident group that raided North Korea’s embassy in Madrid last month reportedly approached the authorities in the United States, offering to share material taken from the embassy. The attack took place in the afternoon of February 22 in a quiet neighborhood in northern Madrid, where the North Korean embassy is located. Ten assailants, all Southeast Asian-looking men, entered the three-story building from the main gate, brandishing guns, which were later found to be fake. They tied up and gagged the embassy’s staff, as well as three North Korean architects who were visiting the facility at the time. The assailants later abandoned the building in two embassy vehicles that were later found abandoned.

Initial reports alleging that Washington was involved in the raid were later found to be inaccurate, as an obscure North Korean dissident group, calling itself Cheollima Civil Defense —also known as Free Joseon— claimed responsibility for the attack. Cheollima Civil Defense is North Korea’s first known active resistance group in living memory, and has called for the overthrow of the Kim dynasty. But little is known about its members.

On Tuesday, however, Judge José de la Mata, of the Spanish High Court, told reporters that three members of the group had been identified by Spanish authorities. He named them as: Adrian Hong Chang, a Mexican national who is a resident of the United States; Sam Ryu, an American citizen; and Woo Ran Lee, a South Korean. Judge de la Mata said that all ten members of the group had managed to leave Spain in the hours following the attack on the North Korean embassy. Interestingly, however, Chang, who left Europe through Portugal, appeared in New York on February 27 and approached the local field office of the FBI. He allegedly met with FBI agents and described the raid on the North Korean embassy. He then offered to give the FBI some of the material that Cheollima Civil Defense stole from the embassy, including a mobile phone, USBs, laptops, as well as several hard drives.

It is not known whether the FBI accepted Chang’s offer. But, according to Judge de la Mata, Chang “handed over audiovisual material” to the FBI. When asked about Judge de la Mata’s statement, the FBI said it does not comment on investigations that are in progress. The US Department of State said that the American government “had nothing to do” with the attack on the North Korean embassy in February.

Author: Joseph Fitsanakis | Date: 27 March 2019 | Permalink

Analysis: Who was behind the raid on the North Korean embassy in Madrid?

North Korea SpainAn obscure North Korean dissident group was most likely behind a violent raid on North Korea’s embassy in Madrid on February 22, which some reports have pinned on Western spy agencies, including the Central Intelligence Agency. The group, known as the Cheollima Civil Defense, is believed to be the first North Korean resistance organization to declare war on the government of Supreme Leader Kim Jong-un.

THE ATTACK

The attack took place at 3:00 in the afternoon local time in Aravaca, a leafy residential district of northern Madrid, where the embassy of North Korea is located. Ten assailants, all Southeast Asian-looking men, entered the three-story building from the main gate, brandishing guns, which were later found to be fake. They tied up and gagged the embassy’s staff, as well as three North Korean architects who were visiting the facility at the time. But one staff member hid at the embassy. She eventually managed to escape from a second-floor window and reach an adjacent building that houses a nursing home. Nursing home staff called the police, who arrived at the scene but had no jurisdiction to enter the embassy grounds, since the premises are technically North Korean soil. When police officers rang the embassy’s doorbell, an Asian-looking man appeared at the door and Q Quote 1said in English that all was fine inside the embassy. But a few minutes later, two luxury cars belonging to the North Korean embassy sped away from the building with the ten assailants inside, including the man who had earlier appeared at the front door.

Once they entered the embassy, Spanish police found eight men and women tied up, with bags over their heads. Several had been severely beaten and at least two had to be hospitalized. The victims told police that the assailants were all Korean, spoke Korean fluently, and had kept them hostage for nearly four hours. But they refused to file formal police complaints. The two diplomatic cars were later found abandoned at a nearby street. No money was taken by the assailants, nor did they seem interested in valuables of any kind. But they reportedly took with them an unknown number of computer hard drives and cell phones belonging to the embassy staff. They also stole an unknown quantity of diplomatic documents, according to reports.

POSSIBLE FOREIGN CULPRITS

Within a few hours, Spanish police had reportedly ruled out the possibility that the assailants were common thieves, arguing that the attack had been meticulously planned and executed. Also, common thieves would have looked for valuables and would not have stayed inside the embassy for four hours. Within a week, several Spanish newspapers, including the highly respected Madrid daily El País and the Barcelona-based El Periodico, pinned the raid on Western intelligence services. They cited unnamed police sources who claimed that at least two of the assailants had been identified and found to have links with the CIA. The reports also cited claims by embassy employees that the attackers interrogated them extensively about Soh Yun-sok, North Korea’s former ambassador to Madrid. Soh became Pyongyang’s chief nuclear negotiator after he was expelled by the Spanish government in 2017 in protest against North Korea’s nuclear missile tests. Read more of this post

North Korea-linked hackers growing in reach and sophistication, McAfee warns

Computer hackingA computer hacking group with links to the North Korean government has a wider reach and is more sophisticated than was initially believed, according to the computer security firm McAfee. The group, dubbed Lazarus by cybersecurity experts, is believed to be connected with Guardians of Peace, the hacker team that orchestrated the 2014 attacks on Sony Pictures Entertainment. The company drew the ire of the North Korean government for producing The Interview, a black comedy based on a fictional attempt by two Americans to assassinate North Korean leader Kim Jong-un. Known collectively as ‘the Sony Pictures hack’, the attacks included the compromise of internal documents and unreleased copies of films produced by Sony, as well as personal attacks on Sony executives and members of their families. There were also attempts to damage Sony’s digital infrastructure, which cost the company an undisclosed amount in damages, believed to be in the millions of dollars.

In February of last year, the computer security software company McAfee said that Lazarus was behind an ongoing campaign targeting global banks and bitcoin users. On Sunday, the California-based firm said that Lazarus was responsible for what its experts call Operation SHARPSHOOTER, a widespread effort to compromise key industries across several continents. Speaking at the RSA IT security conference in San Francisco, McAfee experts said that SHARPSHOOTER began as early as September of 2017, and that it was first detected in December of 2018. By that time, said McAfee, around 80 firms and organizations had been targeted by Lazarus. But in recent months, it has become clear that SHARPSHOOTER is “more extensive in complexity, scope and duration” than previously thought, according to McAfee experts. They added that they drew this conclusion based on “command-and-control serve code” data that was made available to them by an unnamed “government entity”. This is the type of forensic data that is customarily seized by government agencies and is rarely made available to cybersecurity researchers in the private sector, said the McAfee representatives. This “non-typical access” afforded McAfee technical experts “a rare opportunity” to examine “the inner workings [of Lazarus’] cyberattack infrastructure”, they added.

As a result, the company’s “confidence levels are now much higher” that Lazarus is targeting key agencies and industries, including government organizations involved with national defense, energy and critical infrastructure. Most of Lazarus’ targets are in the United States, Germany and Turkey. But smaller attacks have been detected in Asia and Africa, in countries such as the Philippines and Namibia. Many attacks begin with so-called ‘spearphishing’ attempts, which target particular employees of agencies or firms. These attacks center on emails that are “masked as extremely convincing job recruitments”. The emails contain links to Microsoft Word or Adobe PDF files on popular file-sharing platforms like DropBox, which are infected with malware, said McAfee.

Author: Joseph Fitsanakis | Date: 05 March 2019 | Permalink

CIA has maintained secret communication with North Korea for 10 years

Mike Pompeo North KoreaWith presidential approval, the United States Central Intelligence Agency has maintained a secret channel of communication with North Korea since at least 2009, according to The Wall Street Journal. Many were surprised in 2018, when the then CIA director Mike Pompeo made a sudden visit to Pyongyang to speak with senior North Korean officials. But according to The Wall Street Journal, the CIA channel with the North Koreans had been there since at least 2009 and Pompeo simply “re-energized it” after being instructed to do so by the White House.

The United States and North Korea have never had official diplomatic relations, nor have they ever maintained embassies at each other’s capitals. In rare instances, the North Korean Permanent Mission to the United Nations in New York has been utilized to pass messages from the White House to the communist country’s Ministry of Foreign Affairs. No other systematic diplomatic activity between the two sides has ever been reported.

But an article published in The Wall Street Journal on Monday claims that an intelligence channel between the CIA and unspecified North Korean intelligence officials has been active —with some periods of dormancy— for at least a decade. The previously unreported channel has led to a number of public meetings, such as the 2014 visit to Pyongyang by James Clapper, the then US Director of National Intelligence, as well as an earlier visit to the North Korean capital by former US President Bill Clinton in 2009. But, says the paper citing “current and former US officials”, most of the contacts have been secret. They include several visits to North Korea by CIA official Joseph DeTrani before and after Clinton’s visit, as well as two trips to Pyongyang by CIA Deputy Director Michael Morell, in 2012 and 2013. His successor, Avril Haines, also visited North Korea, says The Journal, but notes that the channel went “dormant late in the Obama administration”.

Upon becoming CIA director following the election of Donald Trump to the presidency, Mike Pompeo was briefed about the secret channel’s existence and decided to resume it, with Trump’s agreement. That led to his eventual visit to North Korea along with Andrew Kim, who at the time headed the CIA’s Korea Mission Center. Eventually, this channel of communication facilitated the high-level summit between President Trump and Supreme leader Kim Jong-un in June 2018 in Singapore. The Wall Street Journal said it reached out to the CIA, the Department of State and the White House about this story, but received no responses. The North Korean mission in the United Nations in New York also declined to comment.

Author: Joseph Fitsanakis | Date: 22 January 2019 | Permalink

North Korean ambassador to Rome missing since November, says Seoul

Jo Song-gilThe acting ambassador of North Korea to Italy has been missing for two months and there are reports that he may be under the protection of a Western country. Jo Song-gil (pictured), 48, a career diplomat who is fluent in Italian, French and English, presented his diplomatic credentials to the Italian government in May of 2015. In October 2017, he became his country’s acting ambassador after Italian authorities expelled Ambassador Mun Jong-nam from the country. The expulsion came in response to North Korea’s nuclear test in September of that year, when Pyongyang announced the detonation of a hydrogen bomb that could be loaded onto an intercontinental ballistic missile.

Jo is believed to be from a high-ranking family of officials and diplomats with a long history in the ruling Workers Party of Korea. His father is a retired diplomat and his wife’s father, Lee Do-seop, spent many years as Pyongyang’s envoy in Hong Kong and Thailand. It is believed that Jo had been permitted to take his wife and children with him to Rome, a privilege that is bestowed only to the most loyal of North Korean government official. Sources in the Italian government were quoted by British media on Thursday saying that Pyongyang had notified Italy’s Ministry of Foreign Affairs in October that Jo would be replaced in December. On Thursday, however, Kim Min-ki, a South Korean member of parliament, told reporters in Seoul that Jo had been missing since November. Kim added that he and a group of other parliamentarians had been briefed on the mater by officials from the National Intelligence Service, South Korean’s primary external intelligence agency. He went on to say that Jo’s wife and children were believed to have vanished with him and that South Korean authorities had not made contact with them since their disappearance.

Meanwhile, South Korean press reports stated on Thursday that Jo and his family “were in a safe place” under the protection of the Italian government, while they negotiated their defection. But Italian officials told the BBC that the Ministry of Foreign Affairs had “no record of an asylum request made by Jo” or other members of his family. Citing an anonymous “diplomatic source”, the Seoul-based JoongAng Ilbo said that the former ambassador and his wife were in the process of negotiating their defection to a Western country, along with an offer of political asylum. The paper did not name the country, but said that the missing family did not intend to remain in Italy. IntelNews regulars will recall the last defection of a senior North Korean diplomat in August 2016, when Thae Yong-ho, second-in-command at the North Korean embassy in London, defected to South Korea with his family.

Author: Joseph Fitsanakis | Date: 04 January 2019 | Permalink