French security services investigate Russian role in yellow vests movement

yellow vests movementIntelligence and security services in France are investigating whether Russian involvement on social media and other platforms is playing a role in amplifying the so-called ‘yellow vests’ movement. Known in French as le mouvement des gilets jaunes, the campaign began online in May of this year as a popular protest against rising fuel prices and the high cost of living in France. In mid-November, the movement made its first public appearance with large demonstrations that have continued every weekend since then. Yellow vest protestors claim that tax increases are disproportionally affecting working- and middle-class people and that everyday life is becoming economically unsustainable in France. Some of the demonstrations have turned violent, and so far at least eight people have died as a result. The ensuing crisis has become the most significant threat to the government of Emmanuel Macron, as the protests are increasingly evolving into an anti-Macron rallies.

So far, the yellow vests campaign has been largely bipartisan, bringing together protestors from the entirety of the French political spectrum. Additionally, there are no identified leaders or coordinators of the movement. However, some suspect that Russian government operatives may be further-enflaming an already incensed protest movement. On Friday, The Wall Street Journal said that French security agencies were investigating potential involvement by the Kremlin in the yellow vests campaign. The paper quoted an unnamed French government cybersecurity official as saying that “there has been some suspect activity [and] we are in the process of looking at its impact”. The official was referring to the online activity of some leading social-media accounts involved with the yellow vests, which appear to also be “promoting Russian-backed coverage” of French politics. The Journal also cites Ryan Fox, a cybersecurity expert for the Texas-based firm New Knowledge, who claims that “several hundred accounts on Twitter and Facebook” that are involved in the yellow vests movement “are very likely controlled by Moscow”.

However, there is disagreement among cybersecurity experts about the extent of the Kremlin’s involvement in the yellow vests. Paris has previously accused Moscow of trying to influence the direction of French politics. In February of 2017, France’s Directorate-General for External Security warned that Russia had launched a secret operation to try to influence the outcome of that year’s French presidential election in favor of the far right. However, if such an effort existed, it failed to stop the rise to power of Emmanuel Macron. Since assuming the country’s presidency, Macron has been a leading international critic of Russia’s domestic and foreign policies. The Kremlin, therefore, has strong reasons to want to see a premature end to Macron’s presidency.

However, this does not necessarily mean that Moscow has been able to anticipate —let alone influence— the yellow vests movement, whose energy has surprised even the most experienced French political observers. The Journal notes that many leading Western cybersecurity bodies, including the Atlantic Council’s Digital Forensic Research Lab, have “not seen significant evidence of state-sponsored interference” in the yellow vests movement, whether by Russia or any other government. Facebook also said that its monitors have not uncovered any evidence of an organized campaign by Moscow to coax the yellow vests protests. The paper also cited Dimitri Peskov, a spokesman for the Kremlin, who categorically denied allegations that Russia was in any way involved in directing yellow vests activists.

Author: Joseph Fitsanakis | Date: 17 December 2018 | Permalink

Advertisements

Russian spies ‘launched major cyber attack on Ukraine’ prior to naval incident

Strait of KerchRussia “paved the way” for last November’s seizure of Ukrainian Navy ships by launching a major cyber attack and disinformation campaign aimed at Ukraine, according to a cyber security firm and the European Union. In what has become known as the Kerch Strait incident of November 25, border service coast guard vessels belonging to the Russian Federal Security Service (FSB) opened fire on three Ukrainian Navy ships that were attempting to enter the Sea of Azov through the Kerch Strait. All three Ukrainian vessels, along with crews totaling 24 sailors, were captured by the Russian force and remain in detention. Ukraine condemned Russia’s action as an act of war and declared martial law in its eastern and southern provinces. But Moscow said the incident had been caused by a provocation by the Ukrainian government, in a desperate effort to increase its popularity at home. Meanwhile, the three Ukrainian ships and their crews remain in Russia.

But now a private cyber security firm has said that Moscow launched a series of cyber attacks on Ukrainian government servers, which were aimed at gathering intelligence that could be used for the ships’ capture. In a separate development, the European Union’s security commissioner has alleged that the Kremlin launched an elaborate “disinformation campaign” aiming to “soften up public opinion” before seizing the Ukrainian ships.

The American-based cyber security firm Stealthcare said this week that the cyber attacks were carried out by Carbanak and the Gamaredon Group, two hacker entities that are believed to be sponsored by the Russian intelligence services. The first wave of attacks, which occurred in October of this year, centered on a phishing campaign that targeted government agencies in Ukraine and other Eastern European countries. Victims of these attacks had “important functions” of their computers taken over by remote actors who stole and exfiltrated data, according to Stealthcare. Another attack installed back doors on computer servers belonging to Ukrainian government agencies in November, just days prior to the Kerch Strait crisis. The two attacks, said the company, provided the hackers with “information that would have been very […] relevant in planning” the November 25 naval crisis, said Stealthcare. The company added that there was “no doubt that this was a Kremlin-led reconnaissance effort to prepare for the Kerch Strait crisis”.

Meanwhile on Monday Julian King, a British diplomat who is currently the European Commissioner for the Security Union, said that Russia “paved the way for the Kerch Strait crisis” through a systematic fake news campaign that “lasted for more than a year”. The campaign, said King, included the use of social media to spread false rumors, such as claims that the Ukrainian government had infected the Black Sea with bacteria that cause cholera. Another report by Russian media allegedly claimed that Kiev had tried to secretly transport a nuclear device to Russian-annexed Crimea through the Kerch Strait. The EU security commissioner added that social media platforms and online search engines like Google had a responsibility “to identify and close down fake accounts that were spreading disinformation”.

Author: Joseph Fitsanakis | Date: 12 December 2018 | Research credit: D.V. | Permalink

Jailed Russian who spied for CIA writes letter to Trump, asking to be freed

Russian Ministry of Internal AffairsA Russian former police officer, who is serving a prison sentence in Russia for having spied for the United States Central Intelligence Agency, has written an open letter to President Donald Trump, asking to be freed. Yevgeny A. Chistov was arrested by the Russian Federal Security Service (FSB) in 2014 on charges of spying for Washington. During his trial, he admitted having been recruited by the CIA when he worked as an officer in the police, Russia’s federal law-enforcement agency, which operates under the Ministry of Internal Affairs. Russian state prosecutors accused him of having established contact with the CIA in 2011. In 2015, he was sentenced to 13 years in prison, which he is currently serving at a labor camp in the Nizhny Novgorod town of Bor, located in central European Russia.

On Saturday, British newspaper The Guardian published a letter that was allegedly written by Chistov. In the letter, the jailed spy admits that he passed Russian state secrets to the CIA for three years, after deciding “to help the US as a friend”. He claims that he did it out of love for his country, and in order to help “overthrow […] the regime” of Russian President Vladimir Putin. Chistov goes on to accuse “Putin and his cronies” of having plundered Russia and of oppressing its people through “corruption and extortion”. He blames the Kremlin for Russia’s current economic state: “we have a resource-rich country yet our people are poor”, he says. The jailed spy adds that he told the CIA about the “secret plans” of the Ministry of Internal Affairs, that he provided “names of some people from the FSB”, and that he “revealed some objectives of Russia’s Ministry of Defense”. He does not provide details. He then claims that, even though he was paid by the CIA for his services, he did not act out of self-interest.

Chistov says that the conditions of his imprisonment are inhumane and that he and his family “are in great danger in Russia”. He also claims that his wife visited the US embassy in Ukraine in an attempt to secure a travel visa, but that her application was rejected and she was forced to return to Russia. The jailed spy adds that he “wrote two letters to the CIA asking them to help and received no response”. He then pleads with President Trump to help him, in two ways. First, by granting asylum in the US to his wife and mother. Second, by swapping him with someone “who worked for Russia” and is serving time in a US prison. “I want to appeal to the president to conduct the exchange”, he concludes.

The United States has participated in very few spy swaps in the post-Cold War era. In 2010, Washington and Moscow conducted one of history’s largest spy exchanges, as ten deep-cover Russian agents captured in the US earlier that year were swapped for four Russian citizens imprisoned by Moscow for spying for the US and Britain. Four years later, a Cuban intelligence officer who spied for the CIA was released as part of a wider exchange between Washington and Havana of persons held in each other’s prisons on espionage charges. The White House has not commented on Chistov’s letter.

Author: Joseph Fitsanakis | Date: 10 December 2018 | Permalink

Czechs accuse Moscow of ‘most serious wave of cyberespionage’ in years

Czech Security Information ServiceThe main domestic intelligence agency of the Czech Republic has accused Russia of “the most serious wave of cyberespionage” to target the country in recent years. The claim was made on Monday in Prague by the Security Information Service (BIS), the primary domestic national intelligence agency of the Czech Republic. Details of the alleged cyberespionage plot are included in the BIS’ annual report, a declassified version of which was released this week.

According to the document, the cyberespionage attacks were carried out by a hacker group known as APT28 or Fancy Bear, which is believed to operate under the command of Russian intelligence. The hacker group allegedly targeted the Czech Ministry of Defense, the Ministry of Foreign Affairs and the headquarters of the country’s Armed Forces. As a result, the electronic communication system of the Ministry of Foreign Affairs was compromised “at least since early 2016”, said the report (.pdf). More than 150 electronic mailboxes of ministry employees —including diplomats— were accessed, and a significant number of emails and attachments were copied by the hackers. The compromise was terminated a year later, when BIS security personnel detected the penetration. The BIS report goes on to say that a separate cyberespionage attack was carried out by a Russian-sponsored hacker group in December of 2016. An investigation into the attacks concluded that the hackers were not able to steal classified information, says the report. It adds, however, that they were able to access personal information about Czech government employees, which “may be used to launch subsequent attacks [or to] facilitate further illegitimate activities” by the hackers.

The BIS report concludes that the hacker campaign was part of “the most serious wave of cyberespionage” to target the Czech Republic in recent years. Its perpetrators appear to have targeted individuals in “virtually all the important institutions of the state” and will probably continue to do so in future attacks, it says. Moreover, other European countries probably faced similar cyberespionage breaches during the same period, though some of them may not be aware of it, according to the BIS. Czech Prime Minister Andrej Babis told parliament on Tuesday that his cabinet will discuss the BIS report findings and recommendations early in the new year.

Author: Joseph Fitsanakis | Date: 05 December 2018 | Permalink

Nerve agent used in Skripal attack ‘could have killed thousands’ say experts

GRUThe amount of poison smuggled into Britain for a near-fatal attack on Russian former spy Sergei Skripal was powerful enough to kill “thousands of people”, according those leading the investigation into the incident. Skripal, a former military intelligence officer, was resettled in the English town of Salisbury in 2010, after spending several years in a Russian prison for spying for Britain. But he and his daughter Yulia almost died in March of this year, after being poisoned by a powerful nerve agent that nearly killed them. The attack has been widely blamed on the Russian government, though the Kremlin denies that it had a role in it.

Investigators from Britain and other Western countries have identified the poison used in the attack on the Skripals as novichok. The term (meaning ‘newbie’ in Russian) was given by Western scientists to a series of rarely used nerve agents that were developed the Soviet Union and Russia between 1971 and the early 1990s. It is believed that the poison was smuggled into the United Kingdom hidden inside an imitation perfume bottle, which had been fitted with a custom-made pump used to apply the poison. British authorities have determined that the assailants sprayed the poison on the doorway —including the handle— of the Skripals’ house in Salisbury. They then discarded the perfume bottle, containing the leftover novichok, in a garbage can before leaving the country in a hurry. The bottle was eventually recovered by Salisbury resident Charlie Rowley. His partner, Dawn Sturgess, died of poisoning after she applied some of the contents of the bottle on her wrists. British government scientists have since been examining the contents of the perfume bottle found inside Sturgess’ home.

On Thursday, BBC Television’s Panorama investigative program aired an episode entitled “Salisbury Nerve Agent Attack: The Inside Story”. Among those interviewed was Dean Haydon, a British Deputy Assistant Commissioner who is leading the ongoing investigation into the Salisbury attack. He told Panorama that “a significant amount” of novichuk was left behind by the assailants inside the discarded perfume bottle. The amount of poison in the discarded bottle could have been used to kill “thousands”, he said, adding that the way it was applied to the Skripals’ home was “completely reckless”. The BBC program’s producers also spoke to a British government chemical weapons scientist, identified only as “Tim”, who is credited with having identified the substance used on the Skripals. He told the program that less than 100g of novichuk was used against the Skripals, leaving the vast majority of the nerve agent inside the bottle. Given that novichuk is “one of the deadliest substances known”, which has a “unique ability to poison individuals at very low concentrations”, the scientist said he was shocked by the amount of poison that was smuggled into Britain by the assailants.

The assailants have been identified by British intelligence as Dr. Alexander Yevgenyevich Mishkin (cover name “Alexander Petrov”) and Colonel Anatoliy Chepiga (cover name “Ruslan Boshirov”). Both men are said to be employees of the Russian military intelligence agency known as the Main Directorate of the General Staff of the Armed Forces, commonly referred to as the GRU. Moscow denies that it had any role in the attack on the Skripals.

Author: Joseph Fitsanakis | Date: 22 November 2018 | Permalink

Austria arrests second spy for Russia in a week: media reports

BVT AustriaAuthorities in Austria have arrested a second alleged spy for Russia in a week, according to media reports. Several Austrian news outlets reported on Monday that police had arrested an Austrian counterintelligence officer on suspicion of passing classified information to Russian intelligence. The news follows reports late last week of the arrest of an unnamed retired colonel in the Austrian Army, who is believed to have spied for Russia since 1988. As intelNews reported on Monday, the unnamed man worked at the Austrian Armed Forces’ headquarters in Salzburg. He is believed to have been in regular contact with his Russian handler, known to him only as “Yuri”, who trained him in the use of “sophisticated equipment” for passing secret information to Moscow. He is thought to have given Russia information on a range of weapons systems used by the Austrian Army and Air Force, as well as the personal details of high-ranking officers in the Austrian Armed Forces.

On Monday, the Vienna-based newspaper Kronen Zeitung, said that a second Austrian man had been arrested on suspicion of carrying out espionage for Moscow. The man was identified in Austrian news reports only as “O.”, due to strict restrictions imposed on media in the country. But the Kronen Zeitung said that the Vienna Public Prosecutor’s Office and the Austrian Ministry of Foreign Affairs had confirmed the reports of the arrest of the second alleged spy. According to the Vienna Public Prosecutor’s Office, the second individual was an employee of the Austrian Office for Protection of the Constitution and Counterterrorism, known as BVT. He had been investigated on suspicion of espionage for more than a year prior to his arrest this week. The man’s arrest took place alongside simultaneous raids at two residential addresses associated with him, according to reports. No further details about this latest case have been made available.

No information is available about the kind of information that the suspect is believed to have shared with Moscow. Furthermore, statements from Austrian officials do not mention any connection between the arrest of “O.” and the arrest of the retired Army colonel that took place last week. The Kronen Zeitung notes that, if found guilty of espionage, “O.” will face a sentence of up to 10 years behind bars. The embassy of Russia in Vienna refused to respond to questions about the arrest of “O.” on Monday night.

Author: Joseph Fitsanakis | Date: 13 November 2018 | Permalink

Austria summons Russian ambassador over arrest of alleged army spy

Sebastian Kurz Mario KunasekThe Austrian Ministry of Foreign Affairs summoned the Russian ambassador to Vienna on Friday, following the arrest of a retired Austrian Army colonel who allegedly spied for Moscow for more than two decades. The news was announced on Friday by Austrian Chancellor Sebastian Kurz at an emergency news conference in Vienna. He did not reveal the alleged spy’s identity, but said that he had been taken into custody as Austrian counterintelligence were investigating the extent of the security breach he caused.

However, according to the Kronen Zeitung, Austria’s highest-circulation newspaper, the suspect is a 70-year-old Army colonel who recently retired after a long military career. He reportedly worked at one of the Austrian Armed Forces’ two headquarters, located in the western city of Salzburg. The unnamed man is believed to have spied for Russia from the early 1990s until his arrest last week. The Kronen Zeitung said that the retired Army colonel was in regular contact with his Russian handler, known to him only as “Yuri”. The Russian handler reportedly trained him in the use of “sophisticated equipment”, which he used to communicate information to Moscow. He is thought to have given Russia information on a range of weapons systems used by the Austrian Army and Air Force, as well as the personal details of high-ranking officers in the Austrian Armed Forces. Austrian media reported that the alleged spy was paid nearly $350,000 for his services to Moscow. According to Austria’s Minister of Defense Mario Kunasek, the arrest came after a tip given to the Austrian government “a few weeks ago” by an unnamed European intelligence agency. He also said that Austrian security services were looking into the possibility that the suspect may have been part of a larger spy ring working for Moscow.

The incident has strained relations between Austria and Russia. In the past decade, Austria —which is not a member of the North Atlantic Treaty Organization— has been seen by observers as a rare ally of Moscow inside the European Union. Unlike the vast majority of European Union countries, Austria chose not to expel Russian diplomats following the poisoning of former Russian double spy Sergei Skripal in March of this year. In August, Russian President Vladimir Putin attended the wedding of his personal friend, Austria’s Foreign Minister Karin Kneissl. But Mrs. Kneissl has now canceled a planned visit to Moscow in December in response to last week’s spy scandal. Speaking in Moscow on Saturday, Russian Foreign Minister Sergei Lavrov dismissed Austria’s accusations as “unfounded” and “unacceptable”.

Author: Joseph Fitsanakis | Date: 12 November 2018 | Permalink