Alleged third suspect in Skripal poison attack identified by investigative website

Diplomatic Academy of RussiaAn investigative website has linked a graduate of an elite intelligence academy in Moscow with the attempted assassination of a Russian former double spy in Britain last year. Reports last year identified Dr. Alexander Yevgenyevich Mishkin (cover name ‘Alexander Petrov’) and Colonel Anatoliy Chepiga (cover name ‘Ruslan Boshirov’) as the two men that tried to kill Sergei Skripal in the English town of Salisbury in March 2018. Skripal, a former officer in Russia’s military intelligence service, the GRU, was resettled in Salisbury in 2010, after spending several years in a Russian prison for spying on behalf of Britain. But he and his daughter Yulia almost died last March, after they were poisoned with a powerful nerve agent that nearly killed them. The Kremlin denies that Mishkin and Chepiga —believed to be GRU officers— had any role in the attack.

Last week, the Russian investigative news site Bellingcat alleged that a third man may have been involved in the attempt to assassinate Skripal. The man used the name Sergey Fedotov, said Bellingcat, but added that the name was probably a cover that was concocted by Russia’s intelligence services. On Thursday, the website said it was able to identify the so-called third man as Denis Vyacheslavovich Sergeev, a graduate of the Diplomatic Academy of the Russian Ministry of Foreign Affairs. The Diplomatic Academy is one of the most prominent educational institutions in the country and its graduates enter the Foreign Service. However, many of its graduates are elite members of Russian intelligence, said Bellingcat. Earlier this month, the investigative website said that Sergeev traveled extensively in the Middle East, Asia and Europe between 2010 and 2015, using the operational name Sergey Fedotov. It also claimed that Sergeev/Fedotov was in Bulgaria in late April 2015, when Emilian Gebrev, a wealthy local defense industry entrepreneur, fell violently ill. Gebrev was hospitalized for signs of poisoning along with his son and one of his company’s executives for several days. All three made a full recovery.

Bellingcat added that it was able to name the alleged Russian intelligence operative following a four-month investigation that was aided by another Russian news website known as The Russia Insider, Czech newspaper Respekt, and Finland’s Helsingin Sanomat daily. But it also acknowledged that Fedotov’s alleged role in the Skripal assassination remained “unclear” and that authorities in the United Kingdom had not publicly identified a third suspect in the attempted murder. Meanwhile, British newspaper The Guardian said yesterday that it was told by Bulgaria’s Prime Minister Boyko Borisov that a team of British investigators were “on the ground” in Sofia to investigate possible links between the Skripal and Gebrev cases.

Author: Joseph Fitsanakis | Date: 15 February 2019 | Permalink

Advertisements

Reports allege third man was involved in poisoning of Sergei Skripal

Sergei SkripalNew reports from Russian investigative sites claim that a third man using a fake name was involved in the attempted assassination of former double spy Sergei Skripal in England last year. Skripal, a former military intelligence officer, was resettled in the English town of Salisbury in 2010, after spending several years in a Russian prison for spying on behalf of Britain. But he and his daughter Yulia almost died in March 2018, after they were poisoned with a powerful nerve agent that nearly killed them. The attack has been widely blamed on the Russian government, though the Kremlin denies it had any role in it. Two assailants have so far been identified by British intelligence. They have been named as Dr. Alexander Yevgenyevich Mishkin —cover name ‘Alexander Petrov’— and Colonel Anatoliy Chepiga —cover name ‘Ruslan Boshirov’. Both are said to be employees of the Russian military intelligence agency known as the Main Directorate of the General Staff of the Armed Forces, commonly referred to as the GRU. The two men spoke on Russian television last year, denying any involvement in the attack on the Skripals. Their whereabouts since their television interview remain unknown. Moscow denies that it had any role in the attack.

In October of last year, the Russian investigative news site Fontanka claimed that a third man under the name of Sergey Fedotov, may have been involved in the attack on Skripal. Last Thursday, another Russian investigative news site, Bellingcat, said that the name Sergey Fedotov appears to have been created out of thin air for operational purposes by Russia’s intelligence services. According to Bellingcat, Fedotov appears to have no past prior to 2010, when his identity was invented using the same techniques that the fake identities of ‘Petrov’ and ‘Boshirov’ were concocted by the GRU. Moreover, Fedotov’s records show that he traveled extensively in the Middle East, Asia and Europe between 2010 and 2015. The Russian news site claims that he was in Bulgaria in late April 2015, when Emilian Gebrev, a wealthy local defense industry entrepreneur, fell violently ill. Gebrev was hospitalized for signs of poisoning along with his son and one of his company’s executives for several days, eventually making a full recovery. As the Bulgarian businessman was being taken to hospital, Fedotov skipped his return flight out of Sofia and instead drove to Istanbul, Turkey, where he bought a one-way airline ticket to Moscow, says Bellingcat.

The BBC’s Gordon Corera said he contacted the Russian embassy in London and the Kremlin in Moscow. Both sources strongly refuted the Bellingcat report. A Kremlin spokesman cautioned the BBC to be skeptical about Bellingcat’s report, since “we don’t know what [its] authors based their work on [or] how competent they are”. British Police told Corera that they were “still investigating whether further suspects were involved” in the attack on Skripal and were “not prepared to discuss” details pertaining to “an ongoing investigation”.

Author: Joseph Fitsanakis | Date: 11 February 2019 | Permalink

American held on espionage charges in Russia has three other citizenships

Paul WhelanAn American former Marine, who faces espionage charges in Russia, is a citizen of at least three other countries, namely Canada, Britain and the Republic of Ireland, according to reports. Paul Whelan, 48, was arrested by Russia’s Federal Security Service (FSB) on December 28 at the Metropol, a five-star hotel in downtown Moscow. News of Whelan’s arrest first emerged on January 3 in a report from Rosbalt, a Moscow-based news agency that known to be close to the Russian security services. He was reportedly indicted on Thursday and is now facing between 10 to 20 years in prison for espionage. His trial is not expected to take place until March.

According to Rosbalt, the FSB arrested Whelan in his hotel room while he was meeting with a Russian citizen who allegedly handed him a USB drive containing a list that included “the names of all employees of a [Russian] security agency”. However, Whelan’s family claim that the former Marine arrived in Moscow on December 22 to attend the wedding of an American friend who married a Russian woman. Whelan served two tours in Iraq with the United States Marines and was reportedly discharged for bad conduct. At the time of his arrest last month, he was the director of global security for BorgWarner, a Michigan-based manufacturer of spare parts for cars. He is believed to have visited Russia regularly since 2006, and is thought to have a basic command of the Russian language. He is currently being held in solitary confinement in Moscow’s Lefortovo detention center.

At the time of his arrest, Whelan was identified as an American citizen. On Friday, however, the Associated Press reported that he also has United Kingdom citizenship because he was born to British parents. Additionally, he is now believed to hold Canadian citizenship as well, because he was born in Canada. He then acquired American citizenship after arriving in the US with his parents as a child. It is not known how he acquired Irish citizenship, but the Irish government confirmed it on Friday. Also on Friday, the Washington-based National Public Radio said that embassies of at least four Western countries —the US, Britain, Ireland and Canada— were working to gain consular access to Whelan. On Thursday, the former Marine was visited in prison by Jon Huntsman, America’s ambassador to Russia. Meanwhile, Britain’s Foreign Secretary, Jeremy Hunt, said London was “extremely worried” about Whelan’s fate and warned Moscow “not to try to use [him] as a diplomatic pawn”, possibly by exchanging him with Russians arrested for espionage in the West.

Author: Joseph Fitsanakis | Date: 05 January 2019 | Permalink

French security services investigate Russian role in yellow vests movement

yellow vests movementIntelligence and security services in France are investigating whether Russian involvement on social media and other platforms is playing a role in amplifying the so-called ‘yellow vests’ movement. Known in French as le mouvement des gilets jaunes, the campaign began online in May of this year as a popular protest against rising fuel prices and the high cost of living in France. In mid-November, the movement made its first public appearance with large demonstrations that have continued every weekend since then. Yellow vest protestors claim that tax increases are disproportionally affecting working- and middle-class people and that everyday life is becoming economically unsustainable in France. Some of the demonstrations have turned violent, and so far at least eight people have died as a result. The ensuing crisis has become the most significant threat to the government of Emmanuel Macron, as the protests are increasingly evolving into an anti-Macron rallies.

So far, the yellow vests campaign has been largely bipartisan, bringing together protestors from the entirety of the French political spectrum. Additionally, there are no identified leaders or coordinators of the movement. However, some suspect that Russian government operatives may be further-inflaming an already incensed protest movement. On Friday, The Wall Street Journal said that French security agencies were investigating potential involvement by the Kremlin in the yellow vests campaign. The paper quoted an unnamed French government cybersecurity official as saying that “there has been some suspect activity [and] we are in the process of looking at its impact”. The official was referring to the online activity of some leading social-media accounts involved with the yellow vests, which appear to also be “promoting Russian-backed coverage” of French politics. The Journal also cites Ryan Fox, a cybersecurity expert for the Texas-based firm New Knowledge, who claims that “several hundred accounts on Twitter and Facebook” that are involved in the yellow vests movement “are very likely controlled by Moscow”.

However, there is disagreement among cybersecurity experts about the extent of the Kremlin’s involvement in the yellow vests. Paris has previously accused Moscow of trying to influence the direction of French politics. In February of 2017, France’s Directorate-General for External Security warned that Russia had launched a secret operation to try to influence the outcome of that year’s French presidential election in favor of the far right. However, if such an effort existed, it failed to stop the rise to power of Emmanuel Macron. Since assuming the country’s presidency, Macron has been a leading international critic of Russia’s domestic and foreign policies. The Kremlin, therefore, has strong reasons to want to see a premature end to Macron’s presidency.

This does not necessarily mean that Moscow has been able to anticipate —let alone influence— the yellow vests movement, whose energy has surprised even the most experienced French political observers. The Journal notes that many leading Western cybersecurity bodies, including the Atlantic Council’s Digital Forensic Research Lab, have “not seen significant evidence of state-sponsored interference” in the yellow vests movement, whether by Russia or any other government. Facebook also said that its monitors have not uncovered any evidence of an organized campaign by Moscow to coax the yellow vests protests. The paper also cited Dimitri Peskov, a spokesman for the Kremlin, who categorically denied allegations that Russia was in any way involved in directing yellow vests activists.

Author: Joseph Fitsanakis | Date: 17 December 2018 | Permalink

Russian spies ‘launched major cyber attack on Ukraine’ prior to naval incident

Strait of KerchRussia “paved the way” for last November’s seizure of Ukrainian Navy ships by launching a major cyber attack and disinformation campaign aimed at Ukraine, according to a cyber security firm and the European Union. In what has become known as the Kerch Strait incident of November 25, border service coast guard vessels belonging to the Russian Federal Security Service (FSB) opened fire on three Ukrainian Navy ships that were attempting to enter the Sea of Azov through the Kerch Strait. All three Ukrainian vessels, along with crews totaling 24 sailors, were captured by the Russian force and remain in detention. Ukraine condemned Russia’s action as an act of war and declared martial law in its eastern and southern provinces. But Moscow said the incident had been caused by a provocation by the Ukrainian government, in a desperate effort to increase its popularity at home. Meanwhile, the three Ukrainian ships and their crews remain in Russia.

But now a private cyber security firm has said that Moscow launched a series of cyber attacks on Ukrainian government servers, which were aimed at gathering intelligence that could be used for the ships’ capture. In a separate development, the European Union’s security commissioner has alleged that the Kremlin launched an elaborate “disinformation campaign” aiming to “soften up public opinion” before seizing the Ukrainian ships.

The American-based cyber security firm Stealthcare said this week that the cyber attacks were carried out by Carbanak and the Gamaredon Group, two hacker entities that are believed to be sponsored by the Russian intelligence services. The first wave of attacks, which occurred in October of this year, centered on a phishing campaign that targeted government agencies in Ukraine and other Eastern European countries. Victims of these attacks had “important functions” of their computers taken over by remote actors who stole and exfiltrated data, according to Stealthcare. Another attack installed back doors on computer servers belonging to Ukrainian government agencies in November, just days prior to the Kerch Strait crisis. The two attacks, said the company, provided the hackers with “information that would have been very […] relevant in planning” the November 25 naval crisis, said Stealthcare. The company added that there was “no doubt that this was a Kremlin-led reconnaissance effort to prepare for the Kerch Strait crisis”.

Meanwhile on Monday Julian King, a British diplomat who is currently the European Commissioner for the Security Union, said that Russia “paved the way for the Kerch Strait crisis” through a systematic fake news campaign that “lasted for more than a year”. The campaign, said King, included the use of social media to spread false rumors, such as claims that the Ukrainian government had infected the Black Sea with bacteria that cause cholera. Another report by Russian media allegedly claimed that Kiev had tried to secretly transport a nuclear device to Russian-annexed Crimea through the Kerch Strait. The EU security commissioner added that social media platforms and online search engines like Google had a responsibility “to identify and close down fake accounts that were spreading disinformation”.

Author: Joseph Fitsanakis | Date: 12 December 2018 | Research credit: D.V. | Permalink

Jailed Russian who spied for CIA writes letter to Trump, asking to be freed

Russian Ministry of Internal AffairsA Russian former police officer, who is serving a prison sentence in Russia for having spied for the United States Central Intelligence Agency, has written an open letter to President Donald Trump, asking to be freed. Yevgeny A. Chistov was arrested by the Russian Federal Security Service (FSB) in 2014 on charges of spying for Washington. During his trial, he admitted having been recruited by the CIA when he worked as an officer in the police, Russia’s federal law-enforcement agency, which operates under the Ministry of Internal Affairs. Russian state prosecutors accused him of having established contact with the CIA in 2011. In 2015, he was sentenced to 13 years in prison, which he is currently serving at a labor camp in the Nizhny Novgorod town of Bor, located in central European Russia.

On Saturday, British newspaper The Guardian published a letter that was allegedly written by Chistov. In the letter, the jailed spy admits that he passed Russian state secrets to the CIA for three years, after deciding “to help the US as a friend”. He claims that he did it out of love for his country, and in order to help “overthrow […] the regime” of Russian President Vladimir Putin. Chistov goes on to accuse “Putin and his cronies” of having plundered Russia and of oppressing its people through “corruption and extortion”. He blames the Kremlin for Russia’s current economic state: “we have a resource-rich country yet our people are poor”, he says. The jailed spy adds that he told the CIA about the “secret plans” of the Ministry of Internal Affairs, that he provided “names of some people from the FSB”, and that he “revealed some objectives of Russia’s Ministry of Defense”. He does not provide details. He then claims that, even though he was paid by the CIA for his services, he did not act out of self-interest.

Chistov says that the conditions of his imprisonment are inhumane and that he and his family “are in great danger in Russia”. He also claims that his wife visited the US embassy in Ukraine in an attempt to secure a travel visa, but that her application was rejected and she was forced to return to Russia. The jailed spy adds that he “wrote two letters to the CIA asking them to help and received no response”. He then pleads with President Trump to help him, in two ways. First, by granting asylum in the US to his wife and mother. Second, by swapping him with someone “who worked for Russia” and is serving time in a US prison. “I want to appeal to the president to conduct the exchange”, he concludes.

The United States has participated in very few spy swaps in the post-Cold War era. In 2010, Washington and Moscow conducted one of history’s largest spy exchanges, as ten deep-cover Russian agents captured in the US earlier that year were swapped for four Russian citizens imprisoned by Moscow for spying for the US and Britain. Four years later, a Cuban intelligence officer who spied for the CIA was released as part of a wider exchange between Washington and Havana of persons held in each other’s prisons on espionage charges. The White House has not commented on Chistov’s letter.

Author: Joseph Fitsanakis | Date: 10 December 2018 | Permalink

Czechs accuse Moscow of ‘most serious wave of cyberespionage’ in years

Czech Security Information ServiceThe main domestic intelligence agency of the Czech Republic has accused Russia of “the most serious wave of cyberespionage” to target the country in recent years. The claim was made on Monday in Prague by the Security Information Service (BIS), the primary domestic national intelligence agency of the Czech Republic. Details of the alleged cyberespionage plot are included in the BIS’ annual report, a declassified version of which was released this week.

According to the document, the cyberespionage attacks were carried out by a hacker group known as APT28 or Fancy Bear, which is believed to operate under the command of Russian intelligence. The hacker group allegedly targeted the Czech Ministry of Defense, the Ministry of Foreign Affairs and the headquarters of the country’s Armed Forces. As a result, the electronic communication system of the Ministry of Foreign Affairs was compromised “at least since early 2016”, said the report (.pdf). More than 150 electronic mailboxes of ministry employees —including diplomats— were accessed, and a significant number of emails and attachments were copied by the hackers. The compromise was terminated a year later, when BIS security personnel detected the penetration. The BIS report goes on to say that a separate cyberespionage attack was carried out by a Russian-sponsored hacker group in December of 2016. An investigation into the attacks concluded that the hackers were not able to steal classified information, says the report. It adds, however, that they were able to access personal information about Czech government employees, which “may be used to launch subsequent attacks [or to] facilitate further illegitimate activities” by the hackers.

The BIS report concludes that the hacker campaign was part of “the most serious wave of cyberespionage” to target the Czech Republic in recent years. Its perpetrators appear to have targeted individuals in “virtually all the important institutions of the state” and will probably continue to do so in future attacks, it says. Moreover, other European countries probably faced similar cyberespionage breaches during the same period, though some of them may not be aware of it, according to the BIS. Czech Prime Minister Andrej Babis told parliament on Tuesday that his cabinet will discuss the BIS report findings and recommendations early in the new year.

Author: Joseph Fitsanakis | Date: 05 December 2018 | Permalink