SPY NEWS: 2022 — Week 19

Summary of the espionage-related news stories for the Week 19 (8–14 May) of 2022.

1. Putin Moves Ukraine Responsibility from the FSB to GRU

On May 9 the Centre for European Policy Analysis (CEPA) published an analysis highlighting that Russian President Vladimir Putin removed the Federal Security Service (FSB) as the one responsible for leading the espionage activities in Ukraine, and replaced it with the Russian military intelligence (GRU). Additionally, FSB General Sergei Beseda who was accused of being a double agent has returned to the FSB. CEPA highlights that “putting Beseda back in his office doesn’t mean Putin trusts the FSB, or Beseda’s service in particular, on Ukraine.”

2. Afghanistan’s Spy Agency Points to Pakistan’s ISI for the Kabul Serena Hotel Attack

According to the General Directorate of Intelligence (GDI) of Afghanistan, the terrorist attack of the Serena Hotel in Kabul, wasn’t orchestrated by the Taliban and the Haqqani network (who are now part of Afghanistan’s government). Instead, Afghanistan’s President Hamid Karzai and the GDI claim that it was orchestrated by Pakistan’s Inter-Services Intelligence (ISI), telling that under ISI’s oversight “Pakistani religious schools were preparing their students to disrupt Afghanistan’s presidential polls next month.”

3. Podcast: True Spies — I Was Never There

This week SpyScape’s True Spies series published a new 31.5-minute long video titled “I Was Never There: Some missions are closer to home than others. What happens when a Canadian officer’s mission is to take down a terrorist living in his own backyard?” The podcast is about a recently retired Special Operations officer with the Canadian Security Intelligence Service (CSIS), Andrew Kirsch. He is talking about some of his experiences and an “infiltration mission to unmask a home-grown terrorist.”

4. Chinese Chemist’s Economic Espionage on Coca-Cola

On May 9th, the US Department of Justice issued a press release for the sentence of Xiaorong You, aka Shannon You, 59, to 14 years in prison. According to it, in April 2021, while Xiaorong You was working at the Coca-Cola Company in Atlanta as a chemist, she “stole valuable trade secrets related to formulations for bisphenol-A-free (BPA-free) coatings for the inside of beverage cans.” Those secrets were then used to set up a “new BPA-free coating company in China. You and her Chinese corporate partner, Weihai Jinhong Group, received millions of dollars in Chinese government grants to support the new company (including a Thousand Talents Plan award). You’s Thousand Talents Program application and other evidence presented at trial showed that she intended to benefit not only Weihai Jinhong Group, but also the governments of China, the Chinese province of Shandong, the Chinese city of Weihai and the Chinese Communist Party.”

5. Summary of Recent SBU Counter-Intelligence Operations

On May 10th, Ukraine’s Security Service (SBU) published a summary of recently completed counter-intelligence operations. Those were: 1) SBU detained a person in the area of Nikolaev for covertly helping Russian troops adjust their artillery fire. 2) In the city of Kherson, SBU did an undercover operation which lured a Russian informant who was providing information about the military and law enforcement agencies. 3) In the area of Donetsk SBU discovered an Azovstal official who is suspected of providing Russian agencies with blueprints of the Mariupol underground tunnels. 4) In the city of Sumy, SBU detained a Deputy District Council member for treason. 5) In Luhansk, the two Russian militants captured in March near Severodonetsk were sentenced to 8 years in prison, and lastly, 6) In the city of Ivano-Frankivsk, SBU thwarted an FSB attempt to collect information on the city’s combat readiness.

6. Spain Dismisses CNI Chief Over Ongoing Espionage Scandal

Following the week 16’s story #9 scandal of the Spanish National Intelligence Centre (CNI) either performing illegal domestic surveillance operations or not knowing that a foreign agency was doing that, this week Defence Minister Margarita Robles (who was also under covert surveillance) announced the dismissal of Paz Esteban, 64, who ran the CNI since 2019 and had been with the CNI for nearly 40 years. P. Esteban was also the first woman to ever become the Head of CNI. Interim she’ll be replaced by the Defence Minister’s Deputy, Esperanza Casteleiro.

7. Russian Intelligence: A Case-based Study of Russian Services and Missions, Past and Present

Kevin P. Riehle, Associate Professor at the University of Mississippi, Centre for Intelligence and Security Studies and 30-year US intelligence community veteran, published a free 370-pages long book titled “Russian Intelligence: A Case-based Study of Russian Services and Missions Past and Present.” The book was published for the United States National Intelligence University (NIU), reviewed and approved by the US Office of the Director of National Intelligence (ODNI).

8. Israeli Covert Influence in Numerous African Countries

On May 8th, Al Jazeera published an article based on statements by South African MP Zwelivelile Mandela, grandson of Nelson Mandela. According to that, Israel has been using a variety of covert means to infiltrate African countries and influence their political positions. Those include providing military and surveillance technologies, trading agricultural technologies in return of natural resources, exporting and “testing” weapons in conflicts in Africa, and even directly interfering with elections, explicitly mentioning the elections of Botswana (2014), Ghana (2016), Malawi (2020), Nigeria (2015 and 2019), Zambia and others. Finally, Z. Mandela highlighted the extensive use of “checkbook diplomacy” with Israeli government officials bribing African officials and influential people to support Israel’s political positions in international communities such as in votings in the United Nations.

9. Australian ASIS Needs to Increase HUMINT for China

The Director-General of the Australian Secret Intelligence Service (ASIS), Paul Symon, gave a speech in celebration of the Agency’s 70th anniversary. During that he noted numerous times that ASIS has to increase their Human Intelligence (HUMINT) recruitment efforts relating to China “with more vigour and urgency.” He also assessed that ASIS will have more Chinese recruitment candidates since “officials, individuals unhappy with the trajectory of closed societies are willing to speak up, are willing to take risks.”

10. The Use of Covert Cyber Espionage Suites by Greece and Cyprus

The Greek Inside Story published an investigative article on the interest and use of covert cyber espionage suites by the Greek National Intelligence Service (NIS) and the Cypriot Central Intelligence Service (CIS) from 2011 and to this day. Those included the Italian Hacking Team’s RCS and Israeli NICE’s Lawful Interception (LI) in 2011, the Hacking Team’s RCS Galileo in 2014, a solution by the Israeli Elbit Systems in 2020, and lately (2021–2022) the use of the Israeli Cytrox’s Predator.

11. Podcast: Secrets & Spies — Impact of the Ukraine War on Russian Espionage activity in Europe

On May 11th, the Secrets & Spies series published a new 51-minute long episode titled “Impact of the Ukraine War on Russian Espionage activity in Europe” and featuring Sam Lichtenstein, Director of Analysis at the Risk Assistance Network and Exchange (RANE).

12. Turkish MİT Restarts Providing Counter-Intelligence Briefings to the Country’s Defence Industry

According to Hürriyet Daily News, the Turkish National Intelligence Organisation (MİT) has a new counter-intelligence facility named “İKK” and a new mission for it. That is, to provide counter-intelligence briefings to the country’s defence sector. Quoting the article, “between 2009 and 2020, MİT officials briefed nearly 22,000 employees of the 411 institutions about counter-espionage. However, the organisation had to halt these briefings with the start of the pandemic.”

13. GCHQ Director Talk on Cyber Operations

On May 10th, Sir Jeremy Fleming, Director of Britain’s GCHQ gave a speech at the CyberUK 2022 conference. His speech was focusing on how GCHQ and its National Cyber Security Centre (NCSC) are combining offensive and defensive cyber operations to target criminal entities. The full transcript of the speech is available on GCHQ’s website.

14. Spy Collection: Hacking Team Demo of the RCS Galileo Cyber Espionage Solution (2011)

We published a 13-minute long video for archiving purposes. It’s a 2011 promotional demonstration that the, no longer existing, Italian cyber intelligence firm Hacking Team was using to demo their Remote Control System (RCS) Galileo product to intelligence agencies interested in those capabilities. Note that RCS Galileo was used by numerous agencies including, but not limited to, the CIA, DEA and Department of Defence in the United States, Morocco’s CSDN, Saudi Arabia’s GIP, Luxembourg’s IR Authorities, Turkish National Police, Russia’s FSB, many agencies in Italy, Egypt, Mexico, UAE, Nigeria, Denmark, and others.

15. SVR Statement on US State Department Covert Influence

The Press Bureau of the Russian Foreign Intelligence Service (SVR), issued a press release on May 11th. According to it, SVR has intelligence that the United States State Department is funding NGOs to covertly discredit the Russian actions in Ukraine within the Russian society. The actions include sharing “slogans designed to sow panic” on specific social media groups, promoting large-scale civil protests. SVR states that NGOs are instructed to “actively use obscene language, offensive expressions and vulgar images when distributed propaganda.” The post concludes by comparing those covert information operations with what the Third Reich was doing.

16. Crypto Museum: WWII Kyynel M-5 Spy Radio Transmitter

The Crypto Museum published a new entry for the Kyynel M-5 spy radio transmitter. As per the description it was developed by “radio amateur Holger Jalander and manufactured by the Finnish Army Depot Company Munkkiniemi near Helsinki (Finland).”

17. Italian Intelligence Releases Gnosis 1/2022

On May 9th, the Italian Internal Information and Security Agency (AISI) published it’s first issue of their magazine, called Gnosis, for 2022. The contents of the Gnosis 1/2022 are also available online and cover a wide range of intelligence subjects, from espionage history to modern issues.

18. Director of Croatia’s SOA Spoke at CyberTech Europe 2022

On May 11th, the Director of the Security and Intelligence Agency (SOA) of Croatia, Daniel Markić, spoke at the CyberTech Europe 2022 in Rome, Italy. His speech was mainly focused on cyber crime but also highlighted the threat of state-sponsored cyber espionage operations.

19. Russian FSB Thwarts Ukrainian-backed Attack in Kursk

On May 12th, the Russian Federal Security Service (FSB) issued a public statement for the detainment of a resident from the Kursk region of Russia. According to the FSB, the suspect was collaborating with Ukraine’s special services and “intended to carry out bombings on the territory of one or more infrastructure facilities in the city of Kursk with a mass gathering of people in order to destabilise the activities of the authorities and influence in this way their decision” relating to the Russian military actions in Ukraine. FSB said that he confessed and was planning on moving to Ukraine after executing those attacks.

20. India Uncovers Honey-Trap Targeting Indian Air Force Officials

On Tuesday, the Delhi Police Crime Branch arrested Indian Air Force (IAF) jawan Devendra Sharma on espionage charges. During the investigation it was discovered that he was approached by a woman online (via Facebook) who, allegedly, recruited him to spy on her behalf. The article notes that “senior police officers said they suspect the involvement of Pakistan’s Inter-Services Intelligence (ISI) behind the incident.” Sharma was working at the IAF’s Records Office in Subroto Park, Delhi, India and it was discovered that his wife’s bank account received suspicious transactions after the completion of his espionage activities. The police said that the online female persona “was trying to get information about positions of IAF radars, posting of senior officials and their details.”

21. Documentary: Spies, Informants and New Enemies — Today’s Intelligence Agencies

On May 8th, the German public broadcast service DW published a 42.5-minute long documentary titled “Spies, informants and new enemies — Today’s intelligence agencies” and covering the work of intelligence of the last decade. The focus of the documentary is more around the United States and its intelligence adversaries rather than those of Germany and/or Europe.

22. Venezuela Detains 2 Persons on Espionage Accusations

On May 10th, the Venezuela’s General Directorate of Military Counterintelligence (Dgcim) detained two persons in the Venezuelan state of Lara. The suspects are Venezuelan citizen Joseph Ismet Kadrovic Machado, and Colombian citizen Hernán Darío Gómez Hernández. They were travelling in a beige Nissan Almera (license plate AA557ED) and were detained after at checkpoint at the Jacinto Lara Citizen Service Point at the entrance to Barquisimeto. In the car there were: 1) documents with “strategic information of the Venezuelan state”, 2) $761 in cash, 3) 392,000 Colombian Pesos (approx. $95), 4) mobile phones, 5) a laptop, 6) a Colombian passport (with number AT900214), 7) a Colombian ID card (number 71.796.309), 8) a Botero Soto company card Logistics Solutions, and 9) a Venezuelan identity card.

23. Iraqi Forces Capture ISIS Spy Network in Kirkuk

On May 10th, the Iraqi Forces captured 3 members of ISIS who where clandestinely operating in the province of Kirkuk, Iraq. Their mission was to provide ISIS with information on Iraqi forces activities in the region. Based on that, the Iraq intelligence also arrested 2 women and a man, members of the ISIS-affiliated “Nahawand Division” who were also deployed to collect intelligence on Iraqi forces activities. The arrests took place in the village of Shamit at the Hawija district of Kirkuk.

24. ICE Covert Surveillance Program: American Dragnet

On Tuesday, the Georgetown Law Centre on Privacy & Technology released their “American Dragnet: Data-driven Deportation in the 21st Century” research. The research covers a covert surveillance program owned by the United States Immigration and Customs Enforcement (ICE) agency. As per the executive summary: “Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contracting and procurement records, reveals that ICE now operates as a domestic surveillance agency. Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government’s larger push to amass as much information as possible about all of our lives. By reaching into the digital records of state and local governments and buying databases with billions of data points from private companies, ICE has created a surveillance infrastructure that enables it to pull detailed dossiers on nearly anyone, seemingly at any time.”

25. Podcast: America’s Most Damaging Russian Spy, FBI Agent Robert Hanssen

This week, the International Spy Museum’s SpyCast series published a new 55-minute long episode featuring Lis Wiehl, non-fiction writer and former Federal Prosecutor. As per the description, this is a discussion about former FBI Special Agent Robert Hanssen whose espionage for Russia was described as the “worst intelligence disaster in U.S. history.” The intelligence objectives of this podcast were: 1) The many contradictions of this fragmented personality, 2) The criminal sworn FBI Agent, 3) The sexual fetishist in Opus Dei, 4) The anti-communist Soviet spy, 5) Hanssen’s impact on the FBI and American Intelligence, and 6) How the Hanssen case effected the FBI-CIA relationship.

26. MGB LPR Sentences Ukrainian Spy to 5.5 Years in Prison

The Supreme Court of the, not recognised by most countries, Luhansk People’s Republic (LPR) convicted Yulia Dzengluk (born on Nov. 8, 1971) to 5.5 years in prison for treason after evidence provided by the LPR’s Ministry of State Security (MGB). She was sentenced for treason after having been recruited by Ukraine’s Security Service (SBU) in 2019. Her last assigned task was to facilitate the financial assistance of a foreign agent.

27. Indian SIGINT Millionaire Behind the UAE Stratign Firm

Intelligence Online published an article about a Dubai-based company providing Signals Intelligence (SIGINT) solutions, Stratign. According to it, the products originate from Turkish manufacturers and the person behind it is Anant Bidal. An Indian millionaire, best known for his previous company, Shoghi, that was supplying SIGINT solutions to India’s main foreign intelligence agency, the Research & Analysis Wing (R&AW) in the late 2000s. Shoghi was part of a scandal where Bidal made a multi-million deal with R&AW claiming he had reviewed the state-of-the-art interception technologies, but he hadn’t, and was rushing to find an appropriate solution after the deal was signed.

28. Spy Collection: AIVD Covert Surveillance Footage of SVR Officer Meeting with Agent in the Hague

We published a short video from a 2020 case of the Dutch AIVD counter-intelligence case involving Russian SVR officers under diplomatic cover recruiting employees of technology firms in the Netherlands to collect proprietary information. The shown SVR officer was subsequently expelled.

29. US Research Technician Sentenced for Stealing Trade Secrets

According to the US Department of Justice, research technician and scientist Muamer Reci, 58, of Haskell was sentenced to 21 months in prison for stealing “his employer’s proprietary toothpaste formulas for existing products and an unreleased toothpaste product, as well as proprietary laboratory procedures for the employer’s products.” His intention was to implement what he called “Project Eurodent”, a business plan for a company he covertly opened in North Macedonia, called Reci Enterprises, to start producing the stolen products under his own brand name, Eurodent.

30. British and Belarusian Citizens Arrested at the Yuzhny Space Centre in Kazakhstan

On May 7th, the Director-General of Roscosmos Corporation, Dmitry Rogozin, announced that two individuals were arrested at the Yuzhny Space Centre (Baikonur Cosmodrome), the largest operational space launch facility. The two arrested individuals were British citizen Rich Benjamin and Belarusian citizen Zelupa Alina. They were discovered in the area of Launch Pad 112 (Kazakhstan owned “Buran” complex). Now an investigation was opened to identify their intentions. According to news agencies, it was espionage or sabotage activities, but no official statement was made.

31. Turkey-Egypt Looking for Deal for Muslim Brotherhood Extradition Processes

According to Intelligence Online, the Turkish National Intelligence Organisation (MİT) and the Egyptian General Intelligence Directorate (GIS) are trying to come up with an agreement with their core disputed topic. The extradition of Muslim Brotherhood members who escape to Turkey for protection and evasion of prosecution by the Egyptian authorities. Intelligence Online defines this as “a non-negotiable condition for Egypt” but MİT and the Turkish government have close ties with the Muslim Brotherhood which makes this a challenging subject, even for covert operations. Intelligence Online assesses that Turkey “is hoping to finalise the normalisation of its relations with” Egypt which could bring some progress on this agreement between the two spy agencies.

32. Podcast: Three New Episodes from the “Spies Like Us”

This week the Spies Like Us podcast series released three new episodes. The first is 48.5-minutes long, titled “Inside the Terrorist Brain” and features psychologist Dr Bina Patel, a subject matter expert on terrorism and psychology according to the US Department of Defence. The second episode is 47-minutes long, titled “What is ISIS-K?” and features Andrew Mines, Georgetown University Research Fellow at the Program on Extremism, investigator with the National Counterterrorism Innovation, Technology, and Education Centre (NCITE), and a contributor to the Global Network on Extremism and Technology (GNET). The third was 51-minutes long, titled “I Was a White Supremacist”, and featured Christopher Buckley, a former white supremacist talking about how such groups operate, his story and experiences. The hosts of the podcast were former CIA Counter-Terrorism Officer Brandon Blackburn, and Mubin Shaikh, former undercover operative who had infiltrated terrorist organisations for his country.

33. Ukraine Exposed Law Enforcement Officer Acting as FSB Agent

Ukraine’s State Bureau of Investigation (DBR) issued a statement for the exposure of a National Police officer from the area of Kharkiv who had been recruited by Russia’s FSB before the invasion and was providing information to his FSB handler since then. Together with the SBU, DBR investigated the case and discovered that he was passing accurate geolocation information, information on military equipment, checkpoints, and law enforcement agencies’ operations using an internet messenger to his handler. He also had unregistered firearms and explosives in his possession, indicating potential plots for sabotage actions. He’s now facing up to life imprisonment.

34. Pakistani Cyber Espionage Infrastructure Uncovered

Cyber security researchers uncovered operational cyber espionage infrastructure associated with an actor dubbed as APT36 and TRANSPARENT TRIBE who has been previously associated with the government of Pakistan. The infrastructure discovered was a Command & Control (C2) server associated with numerous cyber espionage software implants recently observed. It is not known who was the intended target.

35. Latvian VDD Publishes 2021 Annual Report

The Latvian State Security Service (VDD) published its annual 2021 report for the activities of the Agency. It’s a 58-pages long report split into the following 8 sections: 1) Counter-intelligence, 2) Protection of State Secrets, 3) Protection of Constitutional Services, 4) Information Security, 5) Economic Security, 6) Counter-terrorism, 7) Pre-trial Investigations, and 8) Protection of Senior Officials.

36. US NGA Releases Series of Videos for Tearline GEOINT Project

This week, the US National Geospatial-intelligence Agency (NGA) released a series of videos about the Tearline Project, a project to provide open source GEOINT on “various strategic, economic, and humanitarian intelligence topics” in support of the US foreign policy. The videos were: 1) The NGA Tearline Project, 2) Tearline: China’s Military Training, 3) Tearline: Copper Mining in the Andes, 4) Tearline: Machine Learning and Terrorism in Europe, and 5) Tearline: Rohingya Refugees.

37. The Person Behind Turkey’s Anti-West MHP is Former Spy Chief

Investigative journalist Abdullah Bozkurt published an article presenting how the “mastermind behind Turkey’s far-right Nationalist Movement Party (MHP), which drives an anti-Western agenda in close cooperation with the government of President Recep Tayyip Erdoğan” is Şenkal Atasagun. This person, Ş. Atasagun, was the Head of Turkey’s National Intelligence Organisation (MİT) in the period of 1998–2005 and had been a MİT officer since 1967. After retiring from MİT he became the Chief Advisor of MHP Leader, Devlet Bahçeli. The article also notes that “rumors in Ankara circles suggesting that Bahçeli has in fact been an MİT employee for decades have gained more credence in the face of close collaboration between him and Atasagun.”

38. India’s IB Issues Warning Over Formation of Lashker-E-Khalsa by Pakistani ISI — Reactivation of ISI’s K2 Desk

India’s Intelligence Bureau (IB) issued an official warning for the formation of “Lashker-E-Khalsa” (LeK), a new jihadist group actively recruiting members via social media. IB assesses that LeK is an organisation backed by Pakistan’s ISI and established to destabilise India. The report says that “a Pakistani Intelligence Operative using pseudonym “Amar Khalistani” is actively making efforts to cultivate new recruits through a Facebook ID to plan terrorist activities in the country.” The post also highlights that Pakistan’s ISI “has re-activated its Kashmir-Khalistan (K2) desk to bring pro-Khalistan supporters and anti-India supports in Kashmir at a common platform. The idea behind K2 desk is to exploit sentiments in Punjab and Kashmir”

39. Project Dynamo Reportedly Recovered Americans Held by Russia on Espionage Charges in Ukraine

According to 10 Tampa Bay, members of non-profit organisation Project Dynamo discovered, and reportedly, recovered a 27-year old American citizen and his family, held in Ukraine by Russian forces on espionage charges. A short video of the event was also shared by 10 Tampa Bay.

40. National Security Archive: CIA’s Covert Role in Cold War Berlin

On May 11th, the US National Security Archive published a new article titled “The Secret War for Germany: CIA’s Covert Role in Cold War Berlin Explored through Recently Declassified Documents” and covering this subject based on 11 declassified documents, all of them linked in the article.

41. UK Performs Overhaul on its Espionage Laws

As reported this week, British Home Secretary Priti Pate announced the reforms in several parts of the existing espionage laws in the United Kingdom. Among the proposed changes is the creation of a new Foreign Influence Registration Scheme to combat foreign influence operations. Make it an offence being an undeclared foreign spy. Addition of a new foreign interference offence. Stricter measures for the use of commercial drones and cyber attacks. Longer sentences for foreign state-backed crimes, and more.

42. Iran’s MOIS Arrests Two French Nationals on Espionage Charges

The Human Rights Activists News Agency (HRANA) published that on May 11th, the Iranian Ministry of Intelligence (MOIS) announced that “two European individuals, who had entered the country with the purpose of taking advantage of the people’s will to cause unrest, chaos, and social disorder, were detected and apprehended by security forces.” MOIS stated that they were operating on behalf of a foreign intelligence agency but no further details were provided on their identities or activities. Later, the Ministry of Foreign Affairs of France identified the two detainees as “a French couple” that was on vacation in Iran. One of them is a member of a French educational institution and now France is demanding their release.

43. US ODNI 2022 ATA Opening Statement

On May 10th, the US Office of the Director of National Intelligence (ODNI) had its congressional testimony. The opening statement for the Annual Threat Assessment (ATA) was delivered by ODNI and DIA Director, Lieutenant General Scott D. Berrier, and its transcript was later published online.

44. Norway’s New Fleet of Spy Planes to Monitor the Arctic Circle

On Thursday, Thomas Nilsen of The Barents Observer published an article about Norway’s new fleet of five Boeing P-8 Poseidon surveillance aircrafts, deployed in the Evenes Air Station of the Royal Norwegian Air Force (RNoAF) in order to be the “eyes and ears” of NATO in the Arctic Circle. As per the article, the base is less than 60 km away from the borders with Russia and can be used to protect “sea-lanes between North America and Europe, key to enabling the reinforcement in case of war.”

45. Release of 4 New Korean War CIA Declassified Documents

As it was announced by Emma Best, through FOIA MuckRock declassified 4 CIA documents related to the Korean War which are now available online. The four newly declassified CIA documents are from the Agency’s Clandestine Service Historical Series (CSHP) and specifically, they are: 1) CSHP 52: The Secret War in Korea, June 1950 to June 1952. 2) CSHP 71: History of Maritime Activities Korea (1950–1956). 3) CSHP 339: Infiltration and Resupply of Agency in North Korea, 1952–1953. 4) CSHP 283: CIA in Korea, 1946–1965, Volume I.

46. Iranian Cyber Espionage Operation Targeting Jordan

The Threat Intelligence team of MalwareBytes Labs cyber security firm published a technical analysis of a new cyber espionage operation attributed to Iran, and targeting (at least) a government official from the Ministry of Foreign Affairs of Jordan.

47. Japan Shows Increased Interest for FIVE EYES-like Intelligence Sharing

Nikkei published a story on Japan’s pursuit to work closer with the FIVE EYES intelligence sharing community (US, UK, Canada, Australia and New Zealand). Quoting the article, “Japan already has information security agreements with the U.S., the U.K. and Australia, and a pact with New Zealand would expand its options for intelligence-sharing with Five Eyes. Japan is looking to bolster its space-based surveillance capabilities via satellites as well.”

48. Interview: AFIO — The US Intelligence Community and the Ukraine-Russia War

On May 8th, the Association of Former Intelligence Officers (AFIO) of the United States published a new 43-minute long video recording. In this, AFIO’s 17th President and 37-year US government intelligence professional, James R. Hughes is discussing the subject of “the US Intelligence Community and the Ukraine-Russia War” together with Shane Harris, staff writer with The Washington Post, covering intelligence and national security.

49. UK Warnings of Chinese CCTV Used for Covert Surveillance

According to Express, the British government is concerned over the use of Chinese-made CCTV solutions since they might have built-in vulnerabilities or covert means for the Chinese government to conduct surveillance using them. The British Biometrics and Surveillance Camera Commissioner, Fraser Sampson, sent a letter to the Cabinet Office highlighting that “early in my appointment last year, I became concerned about the clear ethical and human rights issues involved in public procurement of surveillance technology from companies associated with atrocities in China. I have also been increasingly concerned at the security risks presented by some state-controlled surveillance systems covering our public spaces.”

50. US Attempts to Influence African Countries to Not Use Chinese Equipment

On May 13th, it was revealed that the US government has been persuading Angola and other African countries to avoid buying telecommunications equipment from the Chinese Huawei in fear of that having dual purpose and used for espionage purposes by the Chinese government. Chinese spokesperson Zhao Lijian replied that those recommendations are “groundless and denigrating” serving “to expose the US’s malicious attempt to contain China and sow discord in China-Africa cooperation.” He continued saying that this “is up to African countries and people to decide with whom they choose to cooperate. The U.S. is in no position to lord it over them. A few questions to some U.S. officials: Did the U.S. respect the sovereignty of African countries and right to privacy, and consider the security of other countries as it conducted long-standing cyber theft, surveillance, and monitoring against foreign governments, companies, and individuals, including those in Africa, in a planned and organised manner?”

51. Denmark Seeks Prosecution of ex-Minister for Espionage Scandal

As it was discovered the last couple of years, the Danish intelligence services were secretly collaborating with the US National Security Agency (NSA) with an informal agreement allowing them to exchange classified information from interceptions, share technology and tradecraft, and even operate an NSA collection site within the country. Because of that several high-ranking intelligence officials have been dismissed or face criminal charges. Now the Ministry of Justice demands the removal of the former Minister of Defence’s immunity in order to get prosecuted as the head of those agencies. Claus Hjort Frederiksen served as as the Defence Minister, responsible for those agencies, in the period of 2016–2019 and he had “preliminarily charged with violating a section of the penal code that includes treason for leaking state secrets.” He could be facing up to 12 years in prison if charged for disclosing highly classified information.

52. 319th RW Combined ISR Exercise “NORTHERN SEARCH 22”

On Thursday, it was announced that the US Air Force 319th Reconnaissance Wing (319th RW) hosted the first combined airborne Intelligence, Surveillance, and Reconnaissance (ISR) exercise in the Wing’s history. The exercise, called “NORTHERN SEARCH 22”, took place around the Nevada desert and the objective was the “integration; the utilization of both airborne and ground assets (cross-cueing) to provide the most accurate and efficient intelligence. The emphasis is exceptionally important given the RQ-4 Block 40 has no inherent Positive Identification (PID) capability; therefore, it is most effective when cross-cued with other sensors and assets.”

53. Spy Way of Life: The Moosegg Hotel

This week, the Intelligence Online’s Spy Way of Life featured the Swiss “Moosegg Hotel” in an article titled “the Alpine retreat where private investigators meet up with their Gulf paymasters.” They refer to the mock trial that people involved in the Azima trial did in that hotel in December 2019. The mock trial they did in this remote hotel was to “help witnesses construct false cover story” as it was later discovered.

54. Ukrainian SBU Bans 13 Foreign Journalists Working for Russia

With an official announcement Ukraine’s Security Service (SBU) stated that they banned 13 foreign journalists working for media outlets that were promoting propaganda and disinformation material from the fronts. They are banned from entering Ukraine for 3 years. SBU said that they were receiving payments from Russian intelligence officers for their publications.

55. Spy Collection: Nuclear Scientist Caught Attempting to Sell Nuclear Weapons Technology to Venezuela

We published a short video originally released by the FBI in 2015. It’s a covert surveillance footage from Los Alamos National Laboratory (LANL) nuclear physicist, Dr Pedro Leonardo Mascheroni attempting to sell nuclear weapons technology to an FBI Counterintelligence Special Agent posing as Venezuelan intelligence officer in 2009. Mascheroni was sentenced to 60 months in federal prison followed by three years of supervised release.

56. Brigadier General Carcy Becomes Second in Command of DRM

As it was reported by Intelligence Online, after the recent issues (see week 13 story #60) on France’s Directorate of Military Intelligence (DRM), the Agency undergoes a complete overhaul. Among those changes is the appointment of Brigadier General Cyril Carcy as the second in command of DRM. As per his resume, he joined the French Air Force in 1989, has completed 11 overseas deployments including in Bosnia, Central African Republic, Chad, Afghanistan and Iraq. In 2012–2016 he was stationed at the Pentagon, Washington DC, to support joint operations for intelligence, national territory protection, strategic and tactical airlift, nuclear deterrence and arms control. His last position was as the J2 (Intelligence) Branch Chief to the French Strategic Planning and Control Command.

57. Declassified 1970s Documents Show UK Government Covertly Discrediting Amnesty International

On May 11th, the Declassified UK published an article based on newly declassified British government documents. That was a 1970s covert operation of the Foreign Office to discredit Amnesty International’s public reporting of using torture in Northern Ireland. The documents also validate Amnesty International’s reporting with a classified operation called Operation DEMETRIUS, signed by the then British home secretary, Reginald Maudling. The arrested suspects were subjected to the “five techniques”, that is: 1) hooding, 2) sleep deprivation, 3) food deprivation, 4) white noise, and 5) stress positions. It was carried out by Special Branch officers from the Northern Irish police, Royal Ulster Constabulary (RUC), and took place in a purpose-built unit at Ballykelly army barracks in County Derry. When Amnesty International started reporting on the torture cases, the Foreign Office launched a covert discrediting campaign led by “the Information Research Department (IRD), a secret British propaganda outfit.”

58. India: Mohali Police Station RPG Attack Linked to Pakistan’s ISI

On Friday the Punjab Police of India stated that their Mohali police station was hit by an RPG attack, which led to the arrest of 5 individuals. Director-General of Police V. K. Bhawra said that “the plot behind the incident has been traced and a nexus between militant outfit Babbar Khalsa International and gangsters at the behest of Pakistan’s ISI has come to the fore.” Out of the 5 arrested persons, 3 were the ones that executed the RPG attack and the rest provided “shelter, logistic support and the weapon.”

59. US Intelligence Community Standardises its OSINT Capabilities

Justin Doubleday of the Federal News Network published a short article on recent efforts of the US intelligence community to standardise Open Source Intelligence (OSINT). Those include the 2022 Intelligence Authorisation Act pushing agencies towards OSINT capabilities, that the Director of the CIA will be the “community functional manager for open source”, the National Open Source Committee, as well as the Defence Intelligence Agency’s (DIA) Open Source Intelligence Integration Centre, established in late 2019.

60. New North Korean Cyber Espionage Operation Discovered

The Shadow Chaser Group of the GcowSec team discovered and disclosed a new active cyber espionage operation attributed to North Korea. The operation relies on a lure Microsoft Word document written in Korean and pretending to be updates on the COVID-19 situation in North Korea. If opened, it covertly installs a custom cyber espionage software implant. The target was entities in South Korea.

61. Webinar: The DE59, A Cold War Era Greek Crypto Device

The National Museum of Computing (TNMOC) of the UK published a 40-minute long webinar and covering a Greek government cryptographic device which was classified until recently (2019), and used throughout the Cold War era by Greece. It’s the DE-59, an One-Time Tape (OTT) cipher machine.

62. Russia’s FSB Tightens Relationships with Armenia

Intelligence Online published a new article on Russia’s Federal Security Service (FSB) relationship changes with Armenia’s intelligence community. As per the article, “after its invasion of Ukraine, European governments are nervous about Moscow stirring separatist tensions in other countries, such as Moldova. But the Caucasus remains the sensitive spot, with Russia strengthening its ties with Armenia’s intelligence services.”

63. India Arrests AIA Engineering Manager for Industrial Espionage

On May 10th, it was announced that Indian police arrested Rajnikant Patel, Deputy Manager at the Heat Department of AIA Engineering for industrial espionage. The suspect was working in the a new Research & Development (R&D) chromium wear casting product, stole various confidential documents and sold them to a competitor based in Jamshedpur of Jharkhand. According to the report, he “had transferred several confidential and highly sensitive documents of AIA to his private mail” and “also transferred documents from other departments to which he had no authorisation for access.” Additionally, “from January 13 to January 16 this year, Patel stayed in Hotel Madhuban in Jharkhand which was provided by the rival company. The rival company could not have made Grinding and Crushing elements without the R&D documents given illegally by Patel.”

64. Spy Stories: The Family That Passed on American Nuclear Secrets to Stalin

On May 9th, the Bulgarian website Webcafe published a short article about the American couple of Julius and Ethel Rosenberg who became KGB agents and provided the Soviet Union highly classified information, including design documents for US nuclear weapons. Both of them were executed in 1953 at the Sing Sing Correctional Facility in Ossining, New York.

65. Chinese Spy Ship Spotted Near Australian Submarine Communications Base

On May 13th, Thomas Newdick of The Warzone published an article about a recent sighting of the Chinese PLA Navy Type 815 “Dongdiao” class intelligence gathering ship (AGI-792). The photo and details were released by the Australian Department of Defence who stated that they closely monitored its activities in the region. According to the Warzone, the Chinese spy ship was near the Australian Naval Communication Station Harold E. Hold which “provides very low frequency (VLF) radio communications that are vital for operations by Australian, U.S., and allied submarines operating in the western Pacific Ocean and eastern Indian Ocean.”

66. FSB Cyber Espionage Operation Targeting Ukrainian Officials

On May 12th, the national Computer Emergency Response Team of Ukraine (CERT-UA) published technical indicators of a new cyber espionage operation delivered via lure emails with subject “Щодо проведення акції помсти у Херсоні!” (On revenge in Kherson!). If the attached file is opened, it covertly installed a custom cyber espionage software implant. The operation was attributed to an actor dubbed as UAC-0010 or ARMAGEDDON who has been previously associated with the 4th Section of the Service for Counter-intelligence Operations (SCO) for the Department of the Russian Federation in the Republic of Crimea and the city of Sevastopol, a department of Russia’s Federal Security Service (FSB).

67. Inside DCI’s Secret Meeting with Saudi Crown Prince

Last week (story #27) it was revealed that CIA Director (DCI) William Burns had a secret meeting in Saudi Arabia with Crown Prince Mohammed bin Salman. This week, Ken Klippenstein of The Intercept published further details into what was discussed in this meeting.

68. Russia Sentences FSB Lieutenant Colonel to 13 Years in Prison

The Second Western Military District Court of Russia sentenced a Federal Security Service (FSB) official to 13 years in prison along with a fine of ₽300,000 (approx. $4,600) for treason. The convicted individual was dishonourably discharged and his military rank was removed. He is former Lieutenant General Dmitry Kazakov, but more details weren’t released as the case hearing was behind closed doors due to the sensitivity of the case.

69. Podcast: Clint Emerson — DEVGRU Black Squadron Operative

The Mike Ritland Podcast published a new 2-hour long episode featuring retired Navy SEAL and NSA operative, Clint Emerson. The podcast focuses more (although not explicitly named) on his time at the DEVGRU’s newly formed Black Squadron, the Command’s intelligence gathering component. He covers topics related to Advance Force Operations (AFO) with stronger focus on Covert Methods Of Entry (CMOE) which was C. Emerson’s expertise.

70. Crypto Museum: Yugoslavian KzU-44 Message Encryptor

The Crypto Museum published a new page for a handheld cryptographic device used by the Yugoslav National Army (JNA) during the Yugoslav Wars (1991–2001). It’s the KzU-44, manufactured by the Institut Mihaljo Pupin in Beograd (Belgrade, Serbia).

71. Saudi Arabia Executes 3 People, Including a Yemeni Spy

On Saturday, May 14th, it was announced that Saudi Arabia completed the execution of 3 individuals convicted of various crimes. One of them was a Yemeni national who, according to S. Arabia’s Ministry of Interior, joined the Houthis group, was trained, and then sent to Saudi Arabia to conduct close reconnaissance and help in planning a terrorist attack to a “vital site in the kingdom.” No further details were disclosed.

72. Exclusive Interview of the Head of Ukraine’s GUR

The Sky News published an exclusive interview with Major General Kyrylo Budanov, Head of Ukraine’s Main Directorate of Intelligence of the Ministry of Defence (GUR). Among others, he highlighted that “the breaking point will be in the second part of August” as well as that the Russian leadership will face a coup which will result in the overthrow of Russian President Vladimir Putin.

73. Podcast: Team House — Black Ops: The Life of a CIA Shadow Warrior

This week, the Team House released a new, nearly 2.5-hours long, podcast episode featuring Enrique “Ric” Prado, a CIA Special Activities Centre (SAC) Paramilitary Officer of the Ground Department, counter-terrorism and special/clandestine operations specialist, 24-year CIA veteran who also served as the Chief of Operations (COS) in the CIA’s Counterterrorist Centre (CTC) during the September 11th attacks.

74. Ukrainian Media Organisations and NGOs Covertly Funded by the CIA and Others to Conduct Influence Operations

The Covert Action Magazine published an article about US government-backed Ukrainian organisations that are used in pro-West influence and information operations since the beginning of the war. Some of them, like the National Endowment for Democracy (NED) are directly funded by the CIA while others from NATO and other organisations. According to the article, the modus operandi involves hiring junior journalists (most of them interns) to “ensure a constant stream of pro-NATO and pro-U.S. propaganda spread throughout the Ukrainian press.” Then they use what the author refers to as “media accelerators”, like NED, to propagate those stories.

75. CIA Appoints New CISO, Coming From the Private Sector

On Thursday, the CIA announced that their new Chief Information Security Officer (CISO) will be Joseph “Rich” Baich. According to CIA’s announcement, until recently was the global CISO of American Insurance Group (AIG), before that he worked as CISO of Wells Fargo and a Principal at Deloitte. CIA also highlights that “he is a retired US Navy Information Warfare Officer, and was once assigned as the Special Assistant to the Deputy Director for the National Infrastructure Protection Center at the Federal Bureau of Investigation.”

76. Documentary: Inside Britain’s Abandoned Cold War Mega Spy Base

On May 13th, the Absolute History released a new 45-minutes long episode titled “Inside Britain’s Abandoned Cold War Mega Spy Base” and covering the secret history and current state of Orford Ness, located on on the East Coast of Suffolk. For decades there have been British and American covert facilities there that were used during both of the World Wars, as well as the Cold War, and beyond. As per History Today, “even today, in a strange building still known as Cobra Mist, after short-lived Anglo-American defence project, the BBC World Service retains a token staff.”

77. First Photo of Australia’s New Spy Plane Released

The Warzone published an article about Australia’s new MC-55A Peregrine, assigned to the Royal Australian Air Force (RAAF), since its first ever photograph was publicly released. It’s a highly modified Gulfstream G550 jet described as Airborne Intelligence, Surveillance, Reconnaissance and Electronic Warfare (AISREW) mission system. Its registration number is N540GA, registered by the US Air Force at Wright Patterson Air Force Base in Ohio. According to the article, “it is likely to perform some combination of electronic warfare (EW), signals intelligence (SIGINT), and intelligence, surveillance, and reconnaissance (ISR) missions.”

78. Greek NIS Had Assassinated Investigative Journalist Under Surveillance

On May 14th, Greek media revealed that the Greek National Intelligence Organisation (NIS) had wiretapped the communications of investigative journalist Giorgos Karaivaz, who was assassinated in 2021 and his case is still unsolved. According to the news, NIS has been denying any knowledge of the case, but the journalists discovered that G. Karaivaz was under NIS covert surveillance at least from April 2016 due to “national security concerns.” The journalists even obtained a classified as top secret report from March 2017 sent by the then Head of NIS, Yannis Roubatis, to the Corruption Prosecutor Eleni Raikou, notifying her that Karaivaz’ communications were still being monitored. Now journalists demand those 10,533 surveillance recordings to be provided to the police investigators working on the case and explain why the assassinated investigative journalist was under surveillance.

79. Russia Expels Another Bulgarian Diplomat from Moscow

On May 13th, the Russian Ministry of Foreign Affairs summoned the Bulgarian Ambassador in Russia, Atanas Krastin, and was given a note declaring an employee of the Bulgarian Embassy in Moscow as Persona Non Grata (PNG). According to Russian media, the expelled diplomat was suspect of espionage and according to Bulgarian media it was a retaliation on the last month’s mutual diplomat expulsions.

80. Wanted ISIS Commander Received Treatment in Turkish Hospital and Secretly Met with MİT Officers

Levent Kenez of the Nordic Monitor published an investigative for the case of the Interpol-wanted ISIS commander, İlhami Balı, better known by his nom de guerre Abu Bakr or Ebu Bekir. The article reveals how the ISIS commander was treated at a health clinic in Adana. Additional, through a secret police report (shared in the article), it was revealed that Balı met secretly with officers of the Turkish National Intelligence Organisation (MİT) in 2016, a year after his most significant bombing attacks. Based on confidential sources, the journalist says that “Balı’s actions were directed by MİT, which coordinated clandestine operations within ISIS for political goals.”

81. Video: The Dark Side of Coco Chanel

On May 14th, the BuzzFeed Unsolved Network YouTube channel published a 7.5-minute long video about a lesser known history of the French fashion designer, Gabrielle Bonheur “Coco” Chanel (1883–1971). Based on the work published in the book “Sleeping With the Enemy: Coco Chanel’s Secret War” it was discovered that during WWII, Coco Chanel was likely operating coverly as a German Nazi spy in France. She was assigned agent number F7124 and the cryptonym WESTMINSTER.

82. US DEA Investigates Potential Data Breach at the Intelligence Sharing LEIA System

Krebs on Security published a story for an ongoing investigation that the US Drug Enforcement Administration (DEA) is conducting for a reported data breach in the DEA-managed Law Enforcement Inquiry and Alerts (LEIA) system. Cyber criminals claim to have infiltrated the system and shared screenshots as evidence of that. LEIA is a “portal that taps into 16 different federal law enforcement databases” for intelligence sharing.

83. Ukrainian SBU Summary of Recently Completed Operations

On May 14th, Ukraine’s Security Service (SBU) published a summary of recently completed counter-intelligence operations. Those were the following five: 1) In the areas of Volyn and Donetsk SBU discovered 4 underage Russian informants after reports by the Lutsk police that 3 of them were regularly observing checkpoints. The fourth was recruited via a Telegram group to provide information and photos of the positions of Ukrainian troops in return of a small payment. 2) In the city of Rivne SBU blocked all activities of a local Sharia Party. 3) In Kiev, SBU detained a Russian agent helping correct rocket fire coordinates as a covert forward observer. 4) In the city of Sumy SBU detained the Head of the Buryn Territorial Community for collaborating with Russia. And 5) in Odessa, SBU neutralised a group that “threatened the safety and tranquility of the city’s residents.”

84. NSA Says No Backdoor in the New US Encryption Scheme

The US National Security Agency’s (NSA) Director of the Cybersecurity Directorate, Rob Joyce, said that the NSA “has been involved in parts of the process but insists it has no way of bypassing the new standards.” The new encryption standards should be able to withstand quantum computing codebreaking attempts. Quantum computers are expected to become operational within the next 5–50 years.

85. Russian FSB will Require Data from Ride-Hailing Applications

A new law passed in Russia which will force ride-hailing mobile applications operating in Russia to provide data to the country’s domestic intelligence service, the FSB. The statement says that “the document prescribes the obligation of the taxi ordering service to provide the FSB with automated remote access to the information systems and databases used to receive, store, process and transmit taxi orders.”

86. US Intelligence Community’s Retrospective on the Ukraine and Afghanistan Intelligence Failures

According to CNN Politics, the US intelligence community “is carrying out a sweeping internal review of how it assesses the fighting power of foreign militaries amid mounting pressure from key lawmakers on Capitol Hill who say officials have failed twice in one year on the two major foreign policy crises faced by the Biden administration in Ukraine and Afghanistan.” The investigation focuses on why the assessments were wrong and how could this be avoided in the future. CNN highlights that “one smaller intelligence agency within the State Department did more accurately assess the Ukrainian military’s capability to resist Russia. But while that assessment was shared within the US government, it did not override the wider intelligence community’s predictions.”

87. Suspected Indian Cyber Operator Targets Bangladesh

On May 11th, the Cisco TALOS cyber threat intelligence group published a technical analysis for a cyber espionage operation that has been active at least since August 2021 and is attributed to an actor dubbed as BITTER who has been previously suspected to be associated with India’s intelligence services. The analysts note that this operation “targets an elite unit of the Bangladesh’s government with a themed lure document alleging to relate to the regular operational tasks in the victim’s organization. The lure document is a spear-phishing email sent to high-ranking officers of the Rapid Action Battalion Unit of the Bangladesh police (RAB).”

88. MI6: Moral Arguments Alone Are Not Enough to Justify Spying

The Guardian published an article quoting Britain’s MI6 Ethics Counsellor saying that “spies cannot justify their existence with moral arguments alone and must accept they exist to “promote the national interest” in a struggle as “potent now as it was during the cold war”.

89. History: The Covert Operation to Back Ukrainian Independence that Haunts the CIA

The History Department of the Politico Magazine published this article on May 11th, talking about the Operation RED SOX that started in late 1949. It was a CIA covert operation to infiltrate the Soviet Union state of Ukraine, connect with local anti-Soviet groups, train paramilitary forces, and create a trained network to feed back to the US intelligence and be able to support in any clandestine or covert operations. However, this ended up being a failure since the KGB penetrated the program without the CIA realising it. As per the article, KGB tricked the CIA via their penetration and “the CIA continued sending dozens and dozens of operatives into the region, even through the mid-1950s. Instead of sparking rebellion, some three-quarters of the trained agents simply disappeared into the Soviet maw.”

90. Chinese Cyber Espionage Operation Likely Targeting Vietnam

Trellix cyber threat intelligence researchers disclosed technical indicators of an active cyber espionage operation attributed to an actor dubbed as MUSTANG PANDA and how has been previously associated with Chinese intelligence services. The identified indicators were originating from Vietnam which could indicate that this is where the target(s) was/were located.