India arrests commando instructor who fell for Pakistani honey trap on Facebook

Garud Commando ForceIndian authorities have arrested an Indian Air Force officer for allegedly giving classified documents to two Pakistani spies on Facebook, who posed as women interested in him. The officer has been named as Arun Marwaha, a wing commander stationed at the Indian Air Force headquarters in Delhi. Marwaha, 51, is a para-jumping instructor who trains members of India’s Garud Commando Force —the Special Forces unit of the Indian Air Force. He was reportedly due to retire in 2019.

According to Indian government investigators, several months ago Marwaha was befriended by two Facebook users who claimed to be Indian women. He began chatting regularly with them on Facebook and eventually on the popular cell phone messenger service WhatsApp. Within weeks, Marwaha’s WhatsApp exchanges with the women had become intimate in nature. Before long, the Indian Air Force instructor was providing the women with classified documents in return for intimate photos of themselves. Media reports state that the classified documents related to special operations, some involving cyberwarfare, and space reconnaissance. Government investigators claim that Marwaha’s Facebook contacts were in fact male officers of Pakistan’s Inter-Services Intelligence (ISI), who targeted Marwaha in a carefully planned honey trap operation.

According to reports, the breach caused by Marwaha was discovered last month, at which time the internal security branch of the Indian Air Force launched an investigation. Marwaha was questioned for over a week before turning over his case to Delhi Police, who arrested him on Thursday. He has reportedly been charged under India’s Official Secrets Act and is facing a jail sentence of up to 14 years. Meanwhile, the Indian Air Force is investigating whether other officers have fallen victims to similar honey trap operations by Pakistan’s ISI on Facebook.

Author: Ian Allen | Date: 09 January 2018 | Permalink

German intelligence warns European officials of fake Chinese LinkedIn profiles

BfV GermanyIn an unusual step, German intelligence officials have issued a public warning about what they said are thousands of fake LinkedIn profiles created by Chinese spies to gather information about Western targets. On Sunday, Germany’s Federal Office for the Protection of the Constitution (BfV) held a press conference in which it said that it had discovered a wide-ranging effort by spy agencies in China to establish links with Westerners. The agency said that it undertook a 9-month investigation, during which it identified 10,000 German citizens who were contacted by Chinese spy-run fake profiles on LinkedIn. Across Europe, the number of targets could be in the hundreds of thousands, according to the BfV.

The main targets of the operation appear to be members of the German and European Union parliaments. Also targeted are members of the armed forces, lobbyists and researchers in private think tanks and foundations in Germany and across Europe. These individuals were all targeted as part of “a broad attempt to infiltrate Parliaments, ministries and administrations”, said BfV Director Hans-Georg Maassen. He added that the fake LinkedIn profiles are of people who claim to be scholars, consultants, recruiters for non-existent firms, or members of think tanks. Their profile photographs are usually visually appealing and are often taken from fashion catalogs or modeling websites. During the press conference BfV officials showed examples of what they said were fake LinkedIn accounts under the names “Rachel Li” and “Alex Li”. The two identified themselves as a headhunter for a company called RiseHR and a project manager at the Center for Sino-Europe Development Studies, respectively. The information on these accounts was purely fictitious, said the BfV officials.

Individuals who have been targeted by the Chinese include European politicians and senior diplomats, according to the Germans. Many were invited to all-expenses-paid conferences or fact-finding trips to China by their LinkedIn contacts, presumably in attempts to recruit them for Chinese intelligence. At the closing of the press conference, the BfV urged European officials to refrain from posting private information on social media, including LinkedIn, because foreign intelligence operatives are actively collecting data on users’ online and offline habits, political affiliations, personal hobbies and other interests. In a statement issued on Monday, the Chinese government dismissed the German allegations, saying that the BfV’s investigation was based on “complete hearsay” and was thus “groundless”. Beijing also urged German intelligence officials to “speak and act more responsibly”.

Author: Joseph Fitsanakis | Date: 11 December 2017 | Permalink

Mismanagement plagues US online program against ISIS, say sources

CENTCOM military computersWhistleblowers say mismanagement, amateurism and cronyism are plaguing a multimillion-dollar American psychological operation aimed at countering online propaganda by the Islamic State. The program, known as WebOps, was established by the United States Department of Defense during the administration of US President Barack Obama. Its stated goal is to counter efforts by the Islamic State (also known as the Islamic State of Iraq and Syria —ISIS) to spread propaganda and recruit followers using online social media. Since its creation, it has been administered by the US Central Command’s Information Operations Division. But its implementation has been contracted to Colsa Corporation, a private company based in the US state of Alabama. The company specializes in providing services for US government agencies, some of which include the use of specialized software that utilizes information found on social media.

According to the Associated Press news agency, WebOps staff consists of civilian analysts who speak Arabic. Every day, using fabricated online profiles, they browse social media platforms like Facebook and Twitter looking for pro-ISIS activity to counter. But the news agency said on Tuesday that it spoke to several people with knowledge of the program, who claim that it is plagued by incompetence, mismanagement and cronyism. They allege that analysts involved in WebOps have limited experience in counter-propaganda, incomplete understanding of Islam, and little more than a basic command of Arabic. Consequently, they have been known to make crucial errors when posting messages online. The latter end up amusing their readers instead of countering ISIS propaganda. In one case, a WebOps analyst confused the Arabic word for “authority” (as in Palestinian Authority) with the similarly sounding word “salad”, thus ending up with “Palestinian salad” instead of “Palestinian Authority”. Rather than managing to counter ISIS propaganda, the message was ridiculed on social media.

The report also cited “four current or former workers” who claimed that they personally witnessed “data being manipulated” to make the WebOps program seem more successful than it has been. They also claim that the program’s administrators have purposely resisted efforts by the Department of Defense to exercise independent oversight of the program’s performance. The Associated Press said it contacted US Central Command, the Pentagon outfit that is responsible for WebOps, on January 10. But it said that no response has been received from anyone there.

Author: Joseph Fitsanakis | Date: 01 February 2017 | Permalink

Israeli military says Hamas lured its soldiers using online profiles of women

Cellular telephoneThe Israel Defense Forces told a press conference on Wednesday that hackers belonging to the Palestinian militant group Hamas lured Israeli soldiers by posing as young women online. Wednesday’s press conference was led by an IDF spokesman who requested to remain anonymous, as is often the case with the Israeli military. He told reporters that the hackers used carefully crafted online profiles of real Israeli women, whose personal details and photographs were expropriated from their publicly available social media profiles. The hackers then made contact with members of the IDF and struck conversations with them that in many cases became intimate over time. At various times in the process, the hackers would send the Israeli soldiers photographs of the women, which were copied from the women’s online public profiles.

The anonymous IDF spokesman said that, if the soldiers continued to show interest, they were eventually asked by the hackers posing as women to download an application on their mobile telephones that would allow them to converse using video. Once the soldiers downloaded the application, the ‘women’ would find excuses to delay using the application, or the relationships would abruptly end. But the soldiers would leave the application on their telephones. It would then be used by the Hamas hackers to take control of the camera and microphones on the soldiers’ mobile devices. According to the IDF spokesman, dozens of Israeli soldiers were lured by the Hamas scam. No precise number was given.

Media reports suggest that the Hamas hackers were primarily interested in finding out information about IDF maneuvers around the Gaza Strip, the narrow plot of densely inhabited territory that is controlled by the Palestinian militant group. They were also interested in collecting information about the size and weaponry of the Israeli forces around Gaza. Media representatives were told on Wednesday that the operation “had potential for great damage”. But the IDF claims that the harm to its operations was “minimal”, because it primarily targeted low-ranking soldiers. Consequently, according to the Israeli military, the hackers were not able to acquire highly sensitive information.

In 2009, dozens of members of Sweden’s armed forces serving with NATO’s International Security Assistance Force in Afghanistan were found to have been approached via Facebook, and asked to provide details on NATO’s military presence in the country. The Afghan Taliban are believed to have carried out the operation.

Hamas has not commented on the allegations by the IDF.

Author: Joseph Fitsanakis | Date: 12 January 2017 | Permalink

South Korea’s ex-spy chief jailed for interfering in elections

Won Sei-hoonBy IAN ALLEN | intelNews.org
The former director of South Korea’s intelligence agency has been jailed for directing intelligence officers to post online criticisms of liberal politicians during a recent presidential election campaign. Won Sei-hoon headed South Korea’s National Intelligence Service (NIS) from 2008 to 2013, during the administration of conservative President Lee Myung-bak. Since his replacement in the leadership of NIS, Won has faced charges of having ordered a group of NIS officers to “flood the Internet” with messages accusing liberal political candidates of being “North Korean sympathizers”.

Prosecutors alleged that Won initiated the Internet-based psychological operation because he was convinced that “leftist adherents of North Korea” were on their way to “regaining power” in the South. The illegal operation took place during the 2012 presidential election campaign, which was principally fought by Moon Jae-in, of the liberal-left Democratic Party, and Park Geun-hye, of the conservative Saenuri party. Park eventually won the election and is currently serving South Korea’s eleventh President. The court heard that a secret team of NIS officers had posted nearly 1.5 million messages on social networking sites, such as Twitter and Facebook, in an effort to garner support for the Saenuri party candidate in the election.

Last September, a court in Seoul had sentenced Won to two and a half years in prison, which was much shorter than the maximum five-year penalty he was facing if found guilty. But the judge had suspended the sentence, arguing that there was no direct proof that Won directly sought to alter the outcome of the presidential election. On Monday, however, the Seoul High Court overruled the earlier decision, saying that Won had directly breached election laws and that the violation was sufficient for a prison sentence. In reading out its decision, the judge said that “direct interference [by the NIS] with the free expression of ideas by the people with the aim of creating a certain public opinion cannot be tolerated under any pretext”. Won was transferred directly from the court to prison, where he will serve his sentence.

South Korean court convicts ex-spy director of interfering in elections

Won Sei-hoonBy IAN ALLEN | intelNews.org
A former director of South Korea’s intelligence agency has been convicted in court of directing intelligence officers to post online criticisms of liberal politicians during a presidential election campaign. Won Sei-hoon headed South Korea’s National Intelligence Service (NIS) from 2008 to 2013, during the administration of conservative President Lee Myung-bak. Since his replacement in the leadership of NIS, Won has faced charges of having ordered a group of NIS officers to “flood the Internet” with messages accusing liberal political candidates of being “North Korean sympathizers”. Prosecutors alleged that Won initiated the Internet-based psychological operation because he was convinced that “leftist adherents of North Korea” were on their way to “regaining power” in the South. The illegal operation took place during the 2012 presidential election campaign, which was principally fought by Moon Jae-in, of the liberal-left Democratic Party, and Park Geun-hye, of the conservative Saenuri party. Park eventually won the election and is currently serving South Korea’s eleventh President. The court heard that a secret team of NIS officers had posted nearly 1.5 million messages on social networking sites, such as Twitter and Facebook, in an effort to garner support for the Saenuri party candidate in the election. On Thursday, a court in Seoul sentenced Won to two and a half years in prison, which was much shorter than the maximum five-year penalty he was facing if found guilty. In reading out its decision, the court said on Thursday that “direct interference [by the NIS] with the free expression of ideas by the people with the aim of creating a certain public opinion cannot be tolerated under any pretext”. The new jail conviction comes right after the defendant completed a 14-month sentence stemming from charges of accepting bribes in return for helping a private company acquire government contracts. Read more of this post

US created fake social network firm to foster dissent in Cuba

Cell phone user in CubaBy JOSEPH FITSANAKIS | intelNews.org
A United States government agency secretly created a bogus social networking platform in order to foment political unrest in Cuba, according to a report by the Associated Press. Over 40,000 subscribers regularly used the ZunZuneo social networking service that began operating in the communist Caribbean island in 2009. The service, dubbed “Cuba’s Twitter” was based on SMS messages sent via mobile telephone subscribers. Its rapid success was attributed to the strict controls over Internet usage that are in place in Cuba, as well as the population’s relative lack of access to networked computers. But The Associated Press revealed on Thursday that ZunZuneo was in fact a secret program devised by the US Agency for International Development (USAID), which is a federal body operating under the Department of State. The news agency reported that the US government was able to conceal its role in building and sustaining the network by operating through a complex system of front companies set up in the Cayman Islands and in Spain. The latter were used to register ZunZuneo’s parent company and to pay the company’s bills, as well as to route millions of subscribers’ text messages without the involvement of servers based on US soil. The report stated that ZunZuneo’s corporate website even carried “bogus advertisements” strategically placed to give the site a realistic corporate look. It is worth noting that the social networking service suddenly stopped working in 2012, without providing a warning or an explanation to its tens of thousands of subscribers. But the Associated Press said the reason the service was terminated was that the US taxpayer’s money used to sustain the program simply run out. The news agency argued in its report that the program was covert in nature and should have been subjected to Presidential authorization and Congressional scrutiny. Read more of this post

Announcement: Conference on social media and intelligence

Social networkingBy JOSEPH FITSANAKIS | intelNews.org
During the past four years, this blog has reported several incidents pointing to the increasing frequency with which spy agencies of various countries are utilizing social networking media as sources of tactical intelligence. But are we at a point where we can speak of a trend? In other words, is the rapid rise of social networking creating the conditions for the emergence of a new domain in tactical intelligence collection? Some experts now contend that the growth of social networking has given rise to a new form of intelligence-gathering: social media intelligence (SOCMINT). There are even some who believe SOCMINT should become a separate entity altogether in the intelligence process. On March 7, 2014, the Netherlands Intelligence Studies Association (NISA) will be holding a one-day conference in Amsterdam, to discuss this new phenomenon and consider some of the practical, ethical and political dilemmas involved in SOCMINT. The conference will open with a keynote speech by Sir David Omand, former director of Britain’s’ signals intelligence agency, the GCHQ, who currently teaches at the War Studies Department at King’s College, London. Other speakers come from intelligence and security services in Holland and Belgium, as well as from a variety of academic centers and non-governmental organizations in Europe and the United States. Longtime readers of this website will be familiar with NISA. The group was founded in 1991 with a mission to help focus and streamline academic work on intelligence, security and law enforcement. Read more of this post

Belgian intelligence employees ‘outed themselves’ on LinkedIn

LinkedIn logoBy JOSEPH FITSANAKIS | intelNews.org |
Several alleged employees of Belgian security and intelligence agencies have revealed their identities on social networking sites, it has been reported. Belgian newspaper De Standaard, which made the revelation in a leading article on Tuesday, said that many LinkedIn and Facebook users appear to list their employer as Belgium’s State Security Agency (Sûreté de l’État or SE/SV) or the Coordinating Body for Threat Analysis (OCAM/OCAD). The SE is Belgium’s foremost civilian intelligence agency, operating under the country’s Ministry of Justice. OCAM is one of Belgium’s several anti-terrorist intelligence collection and analysis agencies, which operates under the joint supervision of the Justice and Interior Ministries. De Standaard contacted the two agencies, which refused to comment on whether the social networking profiles are authentic. But the paper spoke with an unnamed Belgian senior intelligence official, who said that this was potentially a very serious issue for Belgian national security. “Russian and Chinese intelligence services employ thousands of people”, said the official, “and have the resources and time to manually search for such profiles and then exploit the information they provide. Our people could, by their very presence on such sites, become the target of hostilities”. De Standaard also spoke to Belgian Senator Dirk Claes, who is a member of the country’s Parliamentary Committee on Intelligence. He told the paper that his colleagues in the Committee would be up in arms if the profiles turned out to be authentic. “These individuals have security clearances and are obligated to stay in the background, as much as possible. I will be raising this issue in the [Intelligence] Committee”, Claes told De Standaard. Read more of this post

News you may have missed #791

Liang GuanglieBy IAN ALLEN | intelNews.org |
►►India sees espionage behind Chinese cash payments to Indian pilots. According to Indian government sources, Chinese Defense Minister General Liang Guanglie gave two envelopes to the two Indian pilots, both wing commanders, who had flown him in a special Indian Air Force aircraft to New Delhi from Mumbai. After seeing off Liang, the pilots opened the sealed envelopes and found cash gifts inside. They immediately reported this to their superiors, who, in turn, informed the Indian Defense Ministry. India is now planning to lodge a protest with China over the incident.
►►NSA says foreign cyberattacks increasingly reckless. Debora Plunkett, of the secretive National Security Agency, whose responsibilities include protecting US government computer networks, has said that other nations are increasingly employing cyberattacks without “any sense of restraint”, citing “reckless” behaviors that neither the United States nor the Soviet Union would have dared at the height of Cold War tensions. She also predicted that Congress would pass long-stalled cybersecurity legislation within the next year. One wonders whether the Stuxnet incident is included in such “reckless” cyberattacks?
►►Taliban ‘using Facebook to lure Australian soldiers’. According to a review of social media by the Australian federal government, Australian soldiers are being warned by their commanders that enemies are creating fake Facebook profiles to spy on them. The report says that Taliban insurgents in Afghanistan are posing as “attractive women” on Facebook to befriend coalition soldiers and gather intelligence about operations. It adds that family and friends of soldiers are inadvertently jeopardizing missions by sharing confidential information online. This is not the first such warning in recent years.

News you may have missed #786

Richard Masato AokiBy IAN ALLEN | intelNews.org |
►►US Pentagon wants to share intel with Egypt. The US Department of Defense is offering Egypt a package of classified intelligence-sharing capabilities designed to help it identify military threats along its border with Israel. According to an unnamed senior US official, the Pentagon leadership is concerned about “rising militancy” along the Egyptian-Israeli border. The purported intelligence package includes satellite imagery, data collected through unmanned drones, as well as intercepts of cell phone and other communications among militants suspected of planning attacks. The Egyptian intelligence chief was summarily fired earlier this month, after more than a dozen Egyptian soldiers were killed near Israel’s border when gunmen attacked a post and tried to enter Israel.
►►Researcher disputes Aoki was FBI informant. Last week author Seth Rosenfeld alleged that prominent 1960s Black Panther Party member Richard Masato Aoki, who gave the Black Panthers some of their first firearms and weapons training, was an undercover FBI informer. But the claim, which is detailed in Rosenfeld’s new book, Subversives, is disputed by another researcher, Diane C. Fujino. A professor and chair of Asian American studies at UC Santa Barbara, and author of the recently published Samurai Among Panthers, Fujino argues that Rosenfeld has not met the burden of proof on Aoki, and that he “made definitive conclusions based on inconclusive evidence”.
►►Russian intelligence to monitor blogosphere. Russia’s Foreign Intelligence Service, the FSB, says it plans to fund a program that monitors the Internet’s “blogosphere”, with an aim to “shape public views through social networking”. Citing unnamed sources from inside the FSB, Russian newspaper Kommersant said that the project’s research stage will cost around $1 million. The article implies that the online surveillance and opinion-shaping program will target both Russian- and foreign-language online users. This is not the first time that the FSB has displayed interest in online social networking in recent years.

News you may have missed #769 (analysis edition)

John McLaughlinBy IAN ALLEN | intelNews.org |
►►Is S. Korea’s spy agency losing its capabilities? The National Intelligence Service, South Korea’s primary external intelligence agency, is presumed to spend around US $1 billion a year, most of which it uses to spy on its northern neighbor. But when asked about the identity of the young woman who frequently accompanies new North Korean leader Kim Jong Un in his public appearances, the state intelligence agency offers no clear answer. Although it was seven months ago, at the time of Kim Jong-il’s funeral, that the woman was first spotted, the agency still does not know who she is. In the past 20 years, NIS has undergone a process of transformation to rid it of political functions. But the lingering question is: have the changes compromised the overall capabilities of the giant organization?
►►How 10 years of war has changed US spies. John McLaughlin, who was a CIA officer for 32 years and served as Deputy Director and Acting Director from 2000-2004, says he is often asked how American intelligence has changed in the 11 years since 9/11. His answer is that the changes are profound and have been transformative. Perhaps the most important thing to realize about American intelligence officers in 2012, he says, is that this is the first generation since Vietnam to have been “socialized” –that is hired, trained, and initiated– in wartime. And to a greater degree than even the Vietnam generation, their experience approximates that of their World War II forbears in the Office of Strategic Services (OSS) –the organization to which most American intelligence officers trace their professional roots.
►►Assessing the Social Media Battlefield in Syria. While the numerous insurgent factions and the Syrian security forces engage each other in combat in towns and cities to secure tangible battlefield gains, the warring parties are also waging a contentious information war in cyberspace, specifically within the virtual arena of online social media. The various strands of the opposition in Syria —political and violent— have taken to social media since the earliest stages of the uprising to advance their agendas. Analogous to their role in facilitating communication and information exchange during the wave of revolts that have been sweeping the Arab world since 2011, new media platforms such as the array of social media websites and related technologies that are available to the public at virtually little or no cost have become crucial to shaping how the crisis in Syria is portrayed and perceived.

News you may have missed #718 (GCHQ edition)

GCHQ center in Cheltenham, EnglandBy IAN ALLEN | intelNews.org |
►►GCHQ releases Alan Turing papers. Britain’s signals intelligence agency, GCHQ has released two mathematical papers written by cryptographer Alan Turing after keeping the works secret for over half a century. The intelligence agency believes the handwritten papers were produced by Turing during his time at Bletchley Park, the World War II code-breaking center. The year 2012 marks the centenary of Alan Turing’s birth. Turing, whose work heavily contributing to the Allied war effort, committed suicide in 1954 by taking cyanide. Turing had been convicted of homosexuality, which was then a crime, and was given the choice between prison or chemical castration. The UK government officially apologized over Turing’s treatment in 2009, over 50 years after his death.
►►Britain’s GCHQ sued for ‘racism’. Alfred Bacchus, 42, claims he was bullied by bosses while he was a senior press officer at the Government Communications Headquarters in Cheltenham. He says he wanted to publish an official report in 2010 into race bias inside GCHQ which warned that not enough ethnic minority staff were being recruited to help fight terrorism. It found that black and Asian intelligence officers at GCHQ complained of a racist culture in which they were insulted by white colleagues and challenged over their loyalty to Britain.
►►Ex-GCHQ chief wants more surveillance of Facebook and Twitter. Sir David Omand, an ex-Cabinet Office security chief and former director of Britain’s GCHQ electronic eavesdropping agency, said it was essential that monitoring of social media was put on a proper legal footing. A report by the think-tank Demos, which Sir David co-authored, said existing laws regulating the interception of communications by police and intelligence agencies needed to be overhauled to meet the complexities of social media. However, the ability of state security agencies and the police to intercept social network communications such as tweets must be placed on a clear legal footing, the report says.

Spies seen behind fake Facebook profile of senior NATO commander

James G. StavridisBy JOSEPH FITSANAKIS| intelNews.org |
A Facebook account bearing the name of a senior commander of the North Atlantic Treaty Organization was set up by Chinese spies to siphon information from unsuspecting Western military officials, according to a British newspaper. The London-based Daily Telegraph said in an article that the fake Facebook account was discovered a year ago by NATO counterintelligence officers. It bore the name of United States Admiral James Stavridis, who serves as Supreme Allied Commander in Europe and currently leads the Organization’s mission in Libya. The account was reportedly used to befriend Western military officials, primarily in Britain and other European countries, probably in an attempt to collect personal information found on their personal pages on the popular social networking site. This sort of practice is known as ‘spear phishing’, and consists of messages sent to carefully targeted individuals, seemingly sent from a trusted source. The operation involving Admiral Stavridis appears to have been purposely targeted at high-ranking Western officials, a technique sometimes known as ‘whaling’. The London-based daily says NATO officials have been “reluctant to say publicly who was behind the attack”. But the paper claims it has been told that declassified briefings from NATO point to a series of Internet protocol addresses belonging to Chinese government facilities. Organization officials insist —correctly— that the individuals or government agencies behind the operation to falsify Stavridis’ social networking identity are unlikely to have acquired any actual military secrets. However, the information collected from Western military officials befriended online by Admiral Stavridis’ fake Facebook account could aid the compilation of personal and psychological profiles of these officials produced by foreign intelligence agencies. Read more of this post