Researchers uncover secretive Russian spy unit by studying its commemorative badges

July 21, 2025 by 2 Comments

FSB RussiaA GROUP OF RESEARCHERS in Finland have managed to outline the structure and geographic footprint of a highly secretive Russian signals intelligence (SIGINT) unit by studying commemorative badges issued by the Russian government. The research group, known as CheckFirst, specializes in open-source (OSINT) investigative reporting and works to combat online disinformation.

Earlier this month, CheckFirst published its latest report titled “OSINT & Phaleristics: Unveiling FSB’s 16th  Center SIGINT Capabilities”. The 36-page report focuses on the study of Russian government-issued commemorative badges—also known as challenge coins—relating to Center 16 (16-й Центр). Also known as  Military Unit 71330, Center 16 is a secretive SIGINT unit that houses most of the cyber espionage capabilities of Russia’s Federal Security Service (FSB).

Challenge coins are custom-made medallions given by military, intelligence, and government agencies to recognize service, commemorate achievements, or build morale. Originating in the United States military during World War I, and popularized during the Vietnam War, challenge coins are routinely exchanged in ceremonies or offered to personnel as tokens of camaraderie and loyalty within a specific unit or mission.

Often regarded as collectors’ items, challenge coins from various agencies are often resold on websites such as eBay, or displayed online on websites maintained by private collectors. CheckFirst researchers tracked down several versions of Center 16 challenge coins found on a variety of publicly available websites, as well as on the websites of Russian challenge coin manufacturers, such as GosZnak, SpetsZnak, or Breget.

Based on this OSINT methodology, CheckFirst researchers were able to identify 10 distinct directorates within Center 16, which specialize on various aspects of defensive and offensive cyber espionage. Previously only a single Center 16 directorate had been identified in the unclassified domain. Moreover, by examining geographic indicators found on several of challenge coins, such as maps or coordinates, CheckFirst researchers were able to partly map out the geographic structure of Center 16, locating nearly a dozen interception facilities throughout Russia.

Author: Joseph Fitsanakis | Date: 21 July 2025 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , ,

The OSINT factor in Hamas’ operational success and Israel’s intelligence failure

December 5, 2023 by 1 Comment

Hamas GazaIT HAS BECOME CLEAR that Hamas had up-to-date intelligence on Israeli targets prior to the attack on October 7, 2023, the largest and most devastating terrorist attack in Israel’s history. Hamas did not have access to clandestine information sources but rather relied on open-source intelligence (OSINT) to understand the structure and weaknesses of Israel’s defense system along the border fence. In addition to publicly available maps, Hamas meticulously gathered online intelligence about specific sites within the Israeli communities near the Gaza Strip.

It is also possible that some of the intelligence came from human intelligence (HUMINT) sources, largely through Gazan workers who were employed in Israel. Moreover, Hamas had access to constant Israeli media broadcasts, which supplied them with invaluable intelligence on the border communities and adjacent military facilities, as well as on communities that were located further to the north and east. Although the Israeli state exercises censorship in the Q Quoteinterests of national security, the public’s ‘right to know’ purview is substantial. Thus, significant amounts of information are available online.

In assessing the behavior of Hamas in recent years, one can observe that it did not act as a terrorist group for quite some time. Rather, it operated as a government organization, while monitoring its enemy and waiting patiently for an opportune moment to attack. Simultaneously, Hamas utilized disinformation tools to conceal its attack plans. It trained its fighters within commando units that employed information effectively and relied on actionable intelligence, rather than chance. This can be observed from interrogations of Hamas members who were detained by Israeli authorities after October 7. In one example, Hamas used detailed maps of Israeli communities near the Gaza border, which are available on Google Earth, to plan its attacks of October 7. Printouts of these maps were found among the belongings of Hamas assailants that were killed during the attacks.

Some in Israel are now advocating for increased protection of OSINT, particularly for Israeli sites related to security, including civilian first-response units, defense systems guarding settlements, and civil technological assets. However, implementing such measures within the current framework of Israel’s open society seems challenging. Despite the known importance of OSINT to Hamas and its potential risk to Israel’s security, significant changes in this regard may not occur, as they could impact the country’s democratic values. However, it is still possible to improve the quality of security censorship regarding sensitive civilian information that can be used by adversaries. Such moves would include protecting databases, limiting information relating to the addresses of senior officials, or putting in place stricter policies on the movement of Gazan workers in Israel.

Contrary to Hamas’, Israel’s OSINT systems underperformed in the run-up to the October 7 attacks. That was so especially after the central OSINT unit of the Israeli Military Intelligence was dissolved, for reasons that remain to be investigated. CNN was among many news outlets that have revealed how Hamas advertised its military drills on social media, but somehow Israeli intelligence failed to pay attention to them.

When Hamas openly declared its intention to attack communities near the Gaza border, and trained its units for that purpose, the Israeli intelligence community, including the IMI and the Israel Security Agency (ISA), underestimated its real attack capabilities based on OSINT materials. This miscalculation stemmed from incorrectly assessing Hamas’s capabilities and overestimating the Israel Defense Forces’ ability to swiftly respond and prevent the attack on civil and military targets. Unfortunately, this assessment proved to be a significant mistake.

The effective use of OSINT lies at the heart of Hamas’ operational plan to attack simultaneously several Israeli targets and to cause extensive damage. It appears that Hamas was able to utilize the OSINT factor to its maximum extent, thus adding significant value to the success of the attack.

► Author: Dr. Avner Barnea | Date: 05 December 2023 | Permalink

Dr. Avner Barnea is research fellow at the National Security Studies Center of the University of Haifa in Israel. He served as a senior officer in the Israel Security Agency (ISA). He is the author of We Never Expected That: A Comparative Study of Failures in National and Business Intelligence (Lexington Books, 2021).

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , ,

News you may have missed #651

December 22, 2011 by Leave a comment

Chris VanekerBy IAN ALLEN | intelNews.org |
►►Israel defense minister forbids spy official’s lecture. Israel’s Defense Minister Ehud Barak has refused to allow the head of research for Military Intelligence, Brigadier General Itai Baron, to lecture at the annual conference of Israel’s ambassadors unless the lecture is deemed ‘unclassified’. The conference deals with diplomatic and security issues and public affairs, and the lectures are given by senior Israeli government and military officials.
►►CIA agrees to look into OSINT FOIA request. Open Source Works, which is the CIA’s in-house open source analysis component, is devoted to intelligence analysis of unclassified, open source information. Oddly enough, the directive that established Open Source Works is classified. But in an abrupt reversal, the CIA said that it will process a Freedom of Information Act request by intelligence historian Jeffrey Richelson for documents pertaining to Open Source Works.
►►Dutch former pilot convicted of espionage. A court in The Hague has sentenced former F-16 pilot Chris Vaneker to five years in jail after finding him guilty of selling state secrets to a Russian diplomat. Vaneker wanted half-a-million euros for the information he was trying to sell to the military attaché at the Russian embassy in The Hague. The pilot and the Russian diplomat were arrested in March.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , , , , , , , , , , , , ,

Analysis: CIA Open Source Center monitors Facebook, Twitter, blogs

November 8, 2011 by 1 Comment

CIA HQ

CIA HQ

By JOSEPH FITSANAKIS | intelNews.org |
The Associated Press has been given unprecedented access to the United States Central Intelligence Agency’s Open Source Center, which is tasked with, among other things, monitoring social networking media. The Center, which was set up in response to the events of 9/11, employs several hundred multilingual analysts. Some are dispatched to US diplomatic missions abroad, but most work out of “an anonymous industrial park” in the US state of Virginia, which the Associated Press agreed not to disclose. The analysts, who are jokingly known in CIA OSINT (open-source intelligence) parlance as “ninja librarians”, engage in constant mining of publicly available information. The latter ranges from articles found in scholarly journals, to civilian television and radio station programs, as well as information available on the Internet. According to the Associated Press report, the Center began paying particular attention to social networking websites in 2009, when Facebook and Twitter emerged as primary organizing instruments in Iran’s so-called “Green Revolution”. The term describes the actions that Iranians opposed to President Mahmoud Ahmadinejad took to protest the disputed election results that kept him in power. Since that time, the CIA’s Open Source Center has acquired the ability to monitor up to five million tweets a day, and produces daily snapshots of global opinion assembled from tweets, Facebook updates and blog posts. Its executive briefings reportedly find their way to President Barack Obama’s Daily Brief on a regular basis. The Associated Press was given access to the Center’s main facility, and interviewed several of its senior staff members, including its Director, Doug Naquin. He told the news agency that the CIA Open Source Center had “predicted that social media in places like Egypt could be a game-changer and a threat to the regime”, but had been unable to foresee the precise development of Internet-based social activism in the Arab world. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , , , ,

Israel used Facebook to stop European pro-Palestine activists

July 12, 2011 by Leave a comment

Facebook

Facebook

By JOSEPH FITSANAKIS | intelNews.org |
Israeli intelligence services managed to stop dozens of European pro-Palestine activists from flying to Israel, by gathering open-source intelligence about them on social media sites, such as Facebook. According to Israeli Foreign Ministry spokesman Yigal Palmor, intelligence gathered on Facebook formed the basis of a blacklist containing over 300 names of European activists, who had signed up on an open-access Facebook page of a group planning nonviolent actions in Israel this summer. Israeli intelligence agencies forwarded the names on the lists to European airline carriers, asking them not to allow the activists onboard their flights, as they were not going to be allowed into the country. This action prompted airline carriers to prevent over 200 activists from boarding scheduled flights to Israel. Israeli security officers detained over 310 other activists, who arrived in Israel on several European flights last week. Of those, almost 70 were denied entry to the country, while more detentions are expected to take place later this week, according to Israeli Interior Ministry spokeswoman Sabine Hadad. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , , , , , , , ,

News you may have missed #293

February 22, 2010 by Leave a comment

  • US DHS monitors websites. According to a document released by the US Department of Homeland Security, Cryptome, Wired‘s Danger Room blog, and WikiLeaks, are among websites the DHS systematically monitors “in order to provide situational awareness and establish a common operating picture”. IntelNews wants to take this opportunity to say ‘hi’ to members of the DHS lurking around.
  • Russian spy lived in Dayton, stole secrets. Iowa-born and -bred communist and US Army engineer, George Koval, was a master at blending in. And, as it turns out, he was also a master spy for the Soviet Union. He did just that while working on the Manhattan Project in Dayton for six months in 1945.
  • Niger army suspends constitution. No word yet in Niger about the elections promised by the military coup plotters who appear to have staged a successful coup. For those who may not know, in international politics, Niger means uranium –lots of it. It’s also worth asking what ten agents of Bulgaria’s counterterrorism unit were doing in Niger on the day of the coup.

Bookmark and Share

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , , , , , , , ,

US spy agencies invest in Internet-monitoring company

October 21, 2009 by Leave a comment

In-Q-Tel logo

In-Q-Tel logo

By JOSEPH FITSANAKIS | intelNews.org |
In-Q-Tel, the CIA’s venture-capital investment arm, is funding a private software company specializing in monitoring online social media, such as YouTube, Twitter and Flickr. The company, Visible Technologies, unleashes web crawlers that scan and sift through over half a million Internet sites a day, looking for open-source intelligence (OSINT) of interest to its customers. The latter receive real-time updates of Internet activity, based on specific sets of keywords they provide. Noah Shachtman, of Wired’s Danger Room blog, correctly notes that In-Q-Tel’s latest investment is indicative of a wider trend within US intelligence agencies to enhance their foreign OSINT collection and analysis. Incidentally, the US Pentagon has shown similar interests since 2006. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , , ,