Lithuania widens espionage probe, several now in custody for spying for Russia

Algirdas PaleckisA growing number of individuals are in custody in Lithuania, as the Baltic state continues a probe into an alleged Russian espionage ring whose members reportedly included a former diplomat and member of one of the country’s most revered political families. On Tuesday, government prosecutors asked for an eight-year prison sentence for Roman Sheshel, who stands accused for giving Moscow classified information on Lithuania’s naval forces. Sheshel, a Russian-born Lithuanian citizen, is also believed to have given his Russian handlers intelligence regarding warships belonging to the North Atlantic Treaty Organization, of which Lithuania is a member. He is accused of having worked for the Russians from early 2015 until his capture by Lithuanian authorities in December of 2017. His trial has been taking place behind closed doors in order to protect state secrets.

Government prosecutors allege that Sheshel was part of a sizeable spy network of Lithuanians who were recruited by Russia in the past five years and whose “activities threatened Lithuanian national security”. Among them is allegedly Alģirds Paleckis, a former parliamentarian and diplomat, Paleckis was born in 1971 in Switzerland, where his father, Justas Vincas, served as a Soviet diplomat. His grandfather, Justas Paleckis, was a towering figure in the Communist Party of Lithuania, which in 1940 spearheaded Lithuania’s amalgamation into the Soviet Union. But his son, Paleckis’ father, broke ranks with the family’s communist past and became a leading nationalist parliamentarian in 1990, when the country seceded from the USSR. Paleckis followed in his father’s footsteps and joined the diplomatic service before entering parliament. But in 2008, after a successful career as a pro-Western reformist politician, Paleckis began to veer to the left, eventually founding the Lithuanian Socialist People’s Front, a small leftist party that is often accused of being too close to Moscow. The party is a vocal opponent of Lithuania’s membership in the European Union and NATO. Paleckis’ critics also note that he is married to a Russian woman whose father is reportedly a Russian intelligence officer.

The German news agency Deutsche Welle reported last week that Paleckis attracted the attention of Lithuanian counterintelligence investigators after he “fully paid back the mortgage on a house too quickly”. He is now accused of giving his Russian handlers information about a Lithuanian government investigation into Soviet-era informant networks in the small Baltic country. He has been in custody since last October, along with an undisclosed number of other alleged members of a purported Russian spy ring. Earlier this week, Lithuanian authorities said that evidence collected from the unnamed detainees are helping them broaden their probe into alleged Russian espionage.

Author: Joseph Fitsanakis | Date: 20 February 2019 | Permalink

Advertisements

Senior Belgian counterintelligence officer arrested on suspicion of spying for Russia

NATO HQ BrusselsA senior counterintelligence official in Belgium’s external intelligence service is under house arrest on suspicion of sharing classified documents with Russian spies, according to a Belgian newspaper. Additionally, the chief of the agency’s counterintelligence directorate has been barred from his office while an internal investigation is underway on allegations that he illegally destroyed government documents. These allegations surfaced last Thursday in a leading article in De Morgen, a Flemish-language daily based in Brussels.

Citing anonymous sources from the General Information and Security Service —Belgium’s military intelligence agency— the paper said that the arrestee has the equivalent rank of major in the General Intelligence and Security Service. Known as GISS, the agency operates as the Belgian equivalent of the United States Central Intelligence Agency or Britain’s Secret Intelligence Service —better known as MI6. GISS officers collect information abroad and are not permitted to operate within Belgium’s borders. The man, a career counterintelligence official, is suspected of having passed secrets to Russia with the help of a woman who claims to be Serbian, but who is in fact believed to be an operative for Russian intelligence. It is not known whether the compromised information included secrets involving the North Atlantic Treaty Organization, of which Belgium is a founding member. In the same article, De Morgen also said that Clement Vandenborre, who serves as chief of GISS’s counterintelligence directorate, has been barred from his office while an investigation is taking place into allegations of mismanagement. He is also accused of having shredded classified government documents without permission. It is not believed that this case is connected with the alleged Russian penetration.

De Morgen quoted a spokesperson for Belgium’s Ministry of Defense, who confirmed that an investigation into alleged foreign espionage targeting a GISS employee was underway, but added that “no comment” would be made on the subject so as “not to hinder” the probe. Ironically, German newspaper Die Welt am Sonntag reported last week that the European Union’s diplomatic agency warned officials in Belgium to watch out for “hundreds of spies” from various foreign countries, including from Russia and China. The warning, issued by the European Union’s diplomatic agency, the European External Action Service (EEAS), said that “approximately 250 Chinese and 200 Russian spies” were operating in Brussels.

Author: Joseph Fitsanakis | Date: 18 February 2019 | Permalink

Alleged third suspect in Skripal poison attack identified by investigative website

Diplomatic Academy of RussiaAn investigative website has linked a graduate of an elite intelligence academy in Moscow with the attempted assassination of a Russian former double spy in Britain last year. Reports last year identified Dr. Alexander Yevgenyevich Mishkin (cover name ‘Alexander Petrov’) and Colonel Anatoliy Chepiga (cover name ‘Ruslan Boshirov’) as the two men that tried to kill Sergei Skripal in the English town of Salisbury in March 2018. Skripal, a former officer in Russia’s military intelligence service, the GRU, was resettled in Salisbury in 2010, after spending several years in a Russian prison for spying on behalf of Britain. But he and his daughter Yulia almost died last March, after they were poisoned with a powerful nerve agent that nearly killed them. The Kremlin denies that Mishkin and Chepiga —believed to be GRU officers— had any role in the attack.

Last week, the Russian investigative news site Bellingcat alleged that a third man may have been involved in the attempt to assassinate Skripal. The man used the name Sergey Fedotov, said Bellingcat, but added that the name was probably a cover that was concocted by Russia’s intelligence services. On Thursday, the website said it was able to identify the so-called third man as Denis Vyacheslavovich Sergeev, a graduate of the Diplomatic Academy of the Russian Ministry of Foreign Affairs. The Diplomatic Academy is one of the most prominent educational institutions in the country and its graduates enter the Foreign Service. However, many of its graduates are elite members of Russian intelligence, said Bellingcat. Earlier this month, the investigative website said that Sergeev traveled extensively in the Middle East, Asia and Europe between 2010 and 2015, using the operational name Sergey Fedotov. It also claimed that Sergeev/Fedotov was in Bulgaria in late April 2015, when Emilian Gebrev, a wealthy local defense industry entrepreneur, fell violently ill. Gebrev was hospitalized for signs of poisoning along with his son and one of his company’s executives for several days. All three made a full recovery.

Bellingcat added that it was able to name the alleged Russian intelligence operative following a four-month investigation that was aided by another Russian news website known as The Russia Insider, Czech newspaper Respekt, and Finland’s Helsingin Sanomat daily. But it also acknowledged that Fedotov’s alleged role in the Skripal assassination remained “unclear” and that authorities in the United Kingdom had not publicly identified a third suspect in the attempted murder. Meanwhile, British newspaper The Guardian said yesterday that it was told by Bulgaria’s Prime Minister Boyko Borisov that a team of British investigators were “on the ground” in Sofia to investigate possible links between the Skripal and Gebrev cases.

Author: Joseph Fitsanakis | Date: 15 February 2019 | Permalink

Reports allege third man was involved in poisoning of Sergei Skripal

Sergei SkripalNew reports from Russian investigative sites claim that a third man using a fake name was involved in the attempted assassination of former double spy Sergei Skripal in England last year. Skripal, a former military intelligence officer, was resettled in the English town of Salisbury in 2010, after spending several years in a Russian prison for spying on behalf of Britain. But he and his daughter Yulia almost died in March 2018, after they were poisoned with a powerful nerve agent that nearly killed them. The attack has been widely blamed on the Russian government, though the Kremlin denies it had any role in it. Two assailants have so far been identified by British intelligence. They have been named as Dr. Alexander Yevgenyevich Mishkin —cover name ‘Alexander Petrov’— and Colonel Anatoliy Chepiga —cover name ‘Ruslan Boshirov’. Both are said to be employees of the Russian military intelligence agency known as the Main Directorate of the General Staff of the Armed Forces, commonly referred to as the GRU. The two men spoke on Russian television last year, denying any involvement in the attack on the Skripals. Their whereabouts since their television interview remain unknown. Moscow denies that it had any role in the attack.

In October of last year, the Russian investigative news site Fontanka claimed that a third man under the name of Sergey Fedotov, may have been involved in the attack on Skripal. Last Thursday, another Russian investigative news site, Bellingcat, said that the name Sergey Fedotov appears to have been created out of thin air for operational purposes by Russia’s intelligence services. According to Bellingcat, Fedotov appears to have no past prior to 2010, when his identity was invented using the same techniques that the fake identities of ‘Petrov’ and ‘Boshirov’ were concocted by the GRU. Moreover, Fedotov’s records show that he traveled extensively in the Middle East, Asia and Europe between 2010 and 2015. The Russian news site claims that he was in Bulgaria in late April 2015, when Emilian Gebrev, a wealthy local defense industry entrepreneur, fell violently ill. Gebrev was hospitalized for signs of poisoning along with his son and one of his company’s executives for several days, eventually making a full recovery. As the Bulgarian businessman was being taken to hospital, Fedotov skipped his return flight out of Sofia and instead drove to Istanbul, Turkey, where he bought a one-way airline ticket to Moscow, says Bellingcat.

The BBC’s Gordon Corera said he contacted the Russian embassy in London and the Kremlin in Moscow. Both sources strongly refuted the Bellingcat report. A Kremlin spokesman cautioned the BBC to be skeptical about Bellingcat’s report, since “we don’t know what [its] authors based their work on [or] how competent they are”. British Police told Corera that they were “still investigating whether further suspects were involved” in the attack on Skripal and were “not prepared to discuss” details pertaining to “an ongoing investigation”.

Author: Joseph Fitsanakis | Date: 11 February 2019 | Permalink

American held on espionage charges in Russia has three other citizenships

Paul WhelanAn American former Marine, who faces espionage charges in Russia, is a citizen of at least three other countries, namely Canada, Britain and the Republic of Ireland, according to reports. Paul Whelan, 48, was arrested by Russia’s Federal Security Service (FSB) on December 28 at the Metropol, a five-star hotel in downtown Moscow. News of Whelan’s arrest first emerged on January 3 in a report from Rosbalt, a Moscow-based news agency that known to be close to the Russian security services. He was reportedly indicted on Thursday and is now facing between 10 to 20 years in prison for espionage. His trial is not expected to take place until March.

According to Rosbalt, the FSB arrested Whelan in his hotel room while he was meeting with a Russian citizen who allegedly handed him a USB drive containing a list that included “the names of all employees of a [Russian] security agency”. However, Whelan’s family claim that the former Marine arrived in Moscow on December 22 to attend the wedding of an American friend who married a Russian woman. Whelan served two tours in Iraq with the United States Marines and was reportedly discharged for bad conduct. At the time of his arrest last month, he was the director of global security for BorgWarner, a Michigan-based manufacturer of spare parts for cars. He is believed to have visited Russia regularly since 2006, and is thought to have a basic command of the Russian language. He is currently being held in solitary confinement in Moscow’s Lefortovo detention center.

At the time of his arrest, Whelan was identified as an American citizen. On Friday, however, the Associated Press reported that he also has United Kingdom citizenship because he was born to British parents. Additionally, he is now believed to hold Canadian citizenship as well, because he was born in Canada. He then acquired American citizenship after arriving in the US with his parents as a child. It is not known how he acquired Irish citizenship, but the Irish government confirmed it on Friday. Also on Friday, the Washington-based National Public Radio said that embassies of at least four Western countries —the US, Britain, Ireland and Canada— were working to gain consular access to Whelan. On Thursday, the former Marine was visited in prison by Jon Huntsman, America’s ambassador to Russia. Meanwhile, Britain’s Foreign Secretary, Jeremy Hunt, said London was “extremely worried” about Whelan’s fate and warned Moscow “not to try to use [him] as a diplomatic pawn”, possibly by exchanging him with Russians arrested for espionage in the West.

Author: Joseph Fitsanakis | Date: 05 January 2019 | Permalink

French security services investigate Russian role in yellow vests movement

yellow vests movementIntelligence and security services in France are investigating whether Russian involvement on social media and other platforms is playing a role in amplifying the so-called ‘yellow vests’ movement. Known in French as le mouvement des gilets jaunes, the campaign began online in May of this year as a popular protest against rising fuel prices and the high cost of living in France. In mid-November, the movement made its first public appearance with large demonstrations that have continued every weekend since then. Yellow vest protestors claim that tax increases are disproportionally affecting working- and middle-class people and that everyday life is becoming economically unsustainable in France. Some of the demonstrations have turned violent, and so far at least eight people have died as a result. The ensuing crisis has become the most significant threat to the government of Emmanuel Macron, as the protests are increasingly evolving into an anti-Macron rallies.

So far, the yellow vests campaign has been largely bipartisan, bringing together protestors from the entirety of the French political spectrum. Additionally, there are no identified leaders or coordinators of the movement. However, some suspect that Russian government operatives may be further-inflaming an already incensed protest movement. On Friday, The Wall Street Journal said that French security agencies were investigating potential involvement by the Kremlin in the yellow vests campaign. The paper quoted an unnamed French government cybersecurity official as saying that “there has been some suspect activity [and] we are in the process of looking at its impact”. The official was referring to the online activity of some leading social-media accounts involved with the yellow vests, which appear to also be “promoting Russian-backed coverage” of French politics. The Journal also cites Ryan Fox, a cybersecurity expert for the Texas-based firm New Knowledge, who claims that “several hundred accounts on Twitter and Facebook” that are involved in the yellow vests movement “are very likely controlled by Moscow”.

However, there is disagreement among cybersecurity experts about the extent of the Kremlin’s involvement in the yellow vests. Paris has previously accused Moscow of trying to influence the direction of French politics. In February of 2017, France’s Directorate-General for External Security warned that Russia had launched a secret operation to try to influence the outcome of that year’s French presidential election in favor of the far right. However, if such an effort existed, it failed to stop the rise to power of Emmanuel Macron. Since assuming the country’s presidency, Macron has been a leading international critic of Russia’s domestic and foreign policies. The Kremlin, therefore, has strong reasons to want to see a premature end to Macron’s presidency.

This does not necessarily mean that Moscow has been able to anticipate —let alone influence— the yellow vests movement, whose energy has surprised even the most experienced French political observers. The Journal notes that many leading Western cybersecurity bodies, including the Atlantic Council’s Digital Forensic Research Lab, have “not seen significant evidence of state-sponsored interference” in the yellow vests movement, whether by Russia or any other government. Facebook also said that its monitors have not uncovered any evidence of an organized campaign by Moscow to coax the yellow vests protests. The paper also cited Dimitri Peskov, a spokesman for the Kremlin, who categorically denied allegations that Russia was in any way involved in directing yellow vests activists.

Author: Joseph Fitsanakis | Date: 17 December 2018 | Permalink

Russian spies ‘launched major cyber attack on Ukraine’ prior to naval incident

Strait of KerchRussia “paved the way” for last November’s seizure of Ukrainian Navy ships by launching a major cyber attack and disinformation campaign aimed at Ukraine, according to a cyber security firm and the European Union. In what has become known as the Kerch Strait incident of November 25, border service coast guard vessels belonging to the Russian Federal Security Service (FSB) opened fire on three Ukrainian Navy ships that were attempting to enter the Sea of Azov through the Kerch Strait. All three Ukrainian vessels, along with crews totaling 24 sailors, were captured by the Russian force and remain in detention. Ukraine condemned Russia’s action as an act of war and declared martial law in its eastern and southern provinces. But Moscow said the incident had been caused by a provocation by the Ukrainian government, in a desperate effort to increase its popularity at home. Meanwhile, the three Ukrainian ships and their crews remain in Russia.

But now a private cyber security firm has said that Moscow launched a series of cyber attacks on Ukrainian government servers, which were aimed at gathering intelligence that could be used for the ships’ capture. In a separate development, the European Union’s security commissioner has alleged that the Kremlin launched an elaborate “disinformation campaign” aiming to “soften up public opinion” before seizing the Ukrainian ships.

The American-based cyber security firm Stealthcare said this week that the cyber attacks were carried out by Carbanak and the Gamaredon Group, two hacker entities that are believed to be sponsored by the Russian intelligence services. The first wave of attacks, which occurred in October of this year, centered on a phishing campaign that targeted government agencies in Ukraine and other Eastern European countries. Victims of these attacks had “important functions” of their computers taken over by remote actors who stole and exfiltrated data, according to Stealthcare. Another attack installed back doors on computer servers belonging to Ukrainian government agencies in November, just days prior to the Kerch Strait crisis. The two attacks, said the company, provided the hackers with “information that would have been very […] relevant in planning” the November 25 naval crisis, said Stealthcare. The company added that there was “no doubt that this was a Kremlin-led reconnaissance effort to prepare for the Kerch Strait crisis”.

Meanwhile on Monday Julian King, a British diplomat who is currently the European Commissioner for the Security Union, said that Russia “paved the way for the Kerch Strait crisis” through a systematic fake news campaign that “lasted for more than a year”. The campaign, said King, included the use of social media to spread false rumors, such as claims that the Ukrainian government had infected the Black Sea with bacteria that cause cholera. Another report by Russian media allegedly claimed that Kiev had tried to secretly transport a nuclear device to Russian-annexed Crimea through the Kerch Strait. The EU security commissioner added that social media platforms and online search engines like Google had a responsibility “to identify and close down fake accounts that were spreading disinformation”.

Author: Joseph Fitsanakis | Date: 12 December 2018 | Research credit: D.V. | Permalink