SPY NEWS: 2022 — Week 25
Summary of the espionage-related news stories for the Week 25 (19–25 June) of 2022.
1. Greek Media Reports About Former NIS Officer V. Yiannopoulos
On June 18th and 19th several Greek media referenced Greek Army officer Vasilis Yiannopoulos (1946–2020) who, among others, served as Director of Intelligence Analysis at the National Intelligence Service (NIS). The article notes how, among others, Yiannopoulos led a military intelligence gathering operation targeting Turkey, stating that “a milestone in Vassilis Yiannopoulos’ career was the operation that made him a legend in the National Intelligence Service, when he managed to infiltrate the headquarters of the “Aegean Army”, as the Fourth Army was known back then, during an exercise in which they intended to test the implementation of real offensive plans against Greece. Their main goal in a war with our country was the large Aegean islands, such as Lesvos and Chios.”
2. Spy Collection: The Arrest of MI6 Spy (Russian GRU officer) Sergei Skripal in Moscow (2004)
On June 19th, we published the surveillance footage released by Russia’s Federal Security Service (FSB) in December 2004 when they arrested former GRU covert officer Sergei Skripal for being an MI6 spy in the period of 1995–2004, revealing the identities of 300 Russian spies operating abroad.
3. GCHQ’s Operation POPPY — UK Armed Forces Charity
As per the PR Week, GCHQ handed a fixed-term contract to a company called Pegasus to help propel the annual Royal British Legion (RBL) Poppy Appeal charity, and also boost the agency’s public image. This was called Operation POPPY and it involved public statements, puzzles developed by GCHQ codebreakers, and other contributions. As per the article, “it is a little-known fact that more than 300 GCHQ workers have received campaign medals for their service during deployments to Iraq and Afghanistan.” According to Pegasus Director, Chris Web, “we designed a campaign that would not only highlight the incredible work The Royal British Legion does all year round, but also bring to life the collaboration with GCHQ.”
4. North Korean Cyber Espionage Operation Targeting Russia
On June 21st, cyber threat intelligence researcher Jazi disclosed technical indicators of a previously unknown cyber espionage operation attributed to an actor dubbed as KONNI, who has been previously associated with the intelligence services of North Korea. The operation involved a lure Word document written in Russian pretending to be a briefing on Chinese-American relationships. If the target opened the lure document, a custom cyber espionage software implant was covertly installed.
5. Video: Pro-Tip by Former CIA Operative on Surveillance Radio Kits
A former United States CIA Global Response Staff (GRS) operative published a 9-minute long video sharing some best practices on covert radio sets, specifically around the concealment and technologies used.
6. Paraguay Spy Agency Behind the Tip-Off in Argentina’s IRGC Operation
On week 24 (story #55) it was revealed that Argentinian counter-intelligence disrupted an Iranian-Venezuelan covert transportation operation. This week, it was disclosed that it was the Head of the National Intelligence Service of Paraguay, Minister Stephen Aquino, who notified his Argentinian counterparts that the airplane’s pilot, Gholamreza Ghasemi, was a covert operative of Iranian IRGC’s Quds Force and helped coordinate the counter-intelligence operation.
7. Iran Arrests 3 Mossad Agents Trying to Recruit Employees of the Fordow Nuclear Fuel Enrichment Plant
According to Fars News, after 8 months of covert surveillance, Iranian authorities arrested 3 Iranians acting as recruited Israeli Mossad agents in the Balouchestan province. According to the Iranian Prosecutor-General, Mehdi Shamsabadi, the Mossad agents “attempted to get close to one of staff members of the IR6 unit of the Fordow facility. To that aim, the officers first attracted the trust of one of the neighbours of that person by providing the neighbour with money and devices like a laptop and a cell phone. To collect information, Mossad officers then got close to the IR6 staffer who was paid in cash and cryptocurrency in order to hide any evidence. A Mossad agent communicated with the Fordow staffer under the guise of a Hong Kong company and with the help of the middle man, and ordered software and gradually got closer to the staffer.”
8. US Space Force Establishes New Intelligence Unit at WP AFB
Space News reported that the United States Space Force plans to establish a formal intelligence unit, called the National Space Intelligence Centre (NSIC) and operated by the new Space Force intelligence unit, Space Delta 18. The NSIC will be based at the Wright-Patterson Air Force Base (WP AFB) in Ohio, colocated with the National Air and Space Intelligence Centre (NASIC). Its mission will be to analyse foreign space threats, and it will also take over NASIC’s Space Analysis Squadron and Counter-Space Analysis Squadron. Note that Space Force has another intelligence unit, Space Delta 7, located at the Peterson Space Force Base, Colorado, responsible for “intelligence, surveillance and reconnaissance that support military operations.”
9. HUMINT Insights from the Muller/Cherkasov Case
On June 20th, IntelNews published an article discussing some of the Human Intelligence (HUMINT) lessons that can be learned from the recently disrupted Russian GRU infiltration operation in the Hague, Netherlands (see week 24 story #2).
10. Croatian Intelligence Sets Up OSINT Centre of Excellence
Through an official announcement, the Security and Intelligence Agency (SOA) of Croatia announced the decision to establish a Centre of Excellence (CoE) dedicated to the collection, processing and analysis of data from open sources, e.g. Open Source Intelligence (OSINT). The Prime Minister of Croatia assigned SOA to implement the CoE. As per the announcement, it will include “interested European civilian and military, security and intelligence agencies in its work. Thus, within the European intelligence community, the Centre will become a centre of expertise and a place of collective efforts of future participants in improving OSINT discipline, but also the ability, resilience and readiness of security intelligence agencies to face large amounts of publicly available information.”
11. Webinar: Gay Espionage in Cold War Germany
On June 21st, the International Spy Museum published an 1-hour long webinar episode featuring Samuel Clowes Huneke, author of “States of Liberation: Gay Men between Dictatorship and Democracy in Cold War Germany.” As per the description, “in the late 1960s, the East German secret police (the Stasi) started to see Germany’s gay subculture as both a threat and an opportunity for intelligence work. Western espionage services had long sought to exploit this subculture, recruiting agents and informants from Berlin’s gay bars and cruising locales. After 20 years of run-ins with gay Western agents, Stasi officials began to recruit their own gay spies, men who they hoped could use their sexuality as a means to meet new contacts, penetrate Western society, and gather intelligence.”
12. Ukrainian SBU Announces Recently Completed Counter-Intelligence Operations
On June 25th, Ukraine’s Security Service (SBU) announced 3 recently completed counter-intelligence operations. Those were: 1) In the city of Mukachevo, SBU detained a Russian citizen who was a recruited agent of Russian intelligence services, tasked with collecting intelligence on the socio-political situation. 2) In Kiev, SBU detained a Ukrainian national who had set up a channel for illegal sales of weapons and ammunition, and 3) In the region of Rivne, SBU identified and reported the commander of Russian unit who ordered the rocket attacks on critical infrastructure in the city of Dubno.
13. Australian State Bans Nazi Swastikas After ASIO Warning
Following the Australian Security Intelligence Organisation’s (ASIO) warning of growing concerns over “the rate at which young people were being radicalised”, this week it was announced that “the Parliament of Victoria, Australia’s second-most populous state, passed laws late on Tuesday that set penalties of 22,000 Australian dollars (£12,388) and 12 months in prison for displaying the Nazi swastika, or Hakenkreuz.”
14. New Cyber Espionage from India Targets Sri Lanka’s Military
Cyber security researcher Jack discovered and disclosed an active cyber espionage operation attributed to an actor dubbed as SIDEWINDER, who has been previously associated with the intelligence services of India. The operation involved a fake document titled “APPOINTMENT OF THE DEFENCE ATTACHE” targeting different entities within the Ministry of Defence of Sri Lanka. If the target(s) opened the document, a custom cyber espionage software implant was installed.
15. Video: U-2 Dragon Lady: America’s Legendary Spy Plane
On June 20th, the US Military News YouTube channel published a new video, including new footage, briefly covering the Lockheed U-2S Dragon Lady high-altitude surveillance plane used by the US Air Force and, previously, the CIA.
16. US DoJ Sentences Mexican Citizen Acting as Russian SVR Spy to 4 Years in Federal Prison
On week 7 (story #18) it was revealed that Héctor Alejandro Cabrera Fuentes, a Mexican scientist residing in Singapore was arrested in Miami, Florida with charges of conducting espionage on behalf of Russia’s Foreign Intelligence Service (SVR). Now on June 22nd, the US Department of Justice (DoJ) announced that he was “sentenced yesterday in the Southern District of Florida to four years and one day in prison for acting within the United States on behalf of a foreign government without notifying the Attorney General.”
17. FIVE EYES “Fabricating Evidence” and “Rumours” of China Infiltration
According to an exclusive report of the Global Times, the FIVE EYES alliance has been “collecting and fabricating evidence that intends to show China is “infiltrating politically into Western countries,” with the aim of tarnishing China’s image in the world.” The article quotes an anonymous source “close to the matter” who provides an overview of recent FIVE EYES-led anti-China activities.
18. New Director for France’s DRSD
The Intelligence Online published an article stating that France’s Directorate of Intelligence and Defense Security (DRSD) is about to hand over its leadership to a new Director this summer. As per the article, the current Head of DRSD, General Éric Bucquet will be succeeded by General Stéphane Dupont, currently the Commander of the French Forces in Djibouti.
19. Microsoft: Countering Foreign Information Operations
Microsoft published the 23-minute long recording of a speech given by Microsoft President and Vice Chair Brad Smith at the Reagan Institute. His speech was titled “Countering Foreign Information Operations: Developing a whole society approach to build resilience” and as per the description, it was about “Russia’s unprecedented hybrid war in Ukraine that has challenged the United States and democracies around the world to think anew about how to combat cyber attacks and foreign information operations alongside physical violence. What is the role of the government, private sector, and civil society in protecting against this complex threat?”
20. Gambia’s SIS Training Academy for Security Studies will be a Centre of Excellence in Security Studies in Africa
According to Ousman Sowe, Director-General of Gambia’s State Intelligence Services (SIS), he will ensure that “the SIS Training Academy for Security Studies is a center of excellence in Africa in the next five years.” This, and other objectives, were announced by Ousman Sowe who “was speaking recently at the service training school at Banjulinding during a visit by the National Institute for Security Studies (NISS) of Nigeria.”
21. SUAVEEYEFUL: A Cyber Espionage Tool Used in the 2000s by the US Intelligence Community to Spy on China and Japan
A new technical analysis was published based on the 2017 leaked US government cyber espionage capabilities shows that a cyber espionage tool codenamed SUAVEEYEFUL was used in the early 2000s to infiltrate and intercept email traffic from the Ministry of Foreign Affairs of China, as well as the Waseda Research University of Japan.
22. Russian FSB and Belarusian KGB Stop Private Investigations Firm Collecting Personal Information on Protected Individuals
On June 20th it was announced that Russia’s Federal Security Service (FSB) and Belarus’ KGB completed a joint operation against a private investigations firm established in 2019. According to the FSB, they provided their customers, including foreign nationals, protected information “in relation to more than 30 citizens, including military personnel, law enforcement and law enforcement officials, as a result of which state security was harmed.”
23. French DGSE Announces 2 New Public Events
In an effort to boost its public image, France’s Directorate-General for External Security (DGSE) announced two public events. The first was that DGSE was present at the VivaTech 2022 conference, inviting the visitors “to discover our history in 40 years of espionage and imagine with us espionage in 40 years.” The second announcement it’s an exhibition for the celebration of DGSE’s 80th anniversary. It’s titled “Les agents secrets du Général” (The General’s Secret Agents) and will take place from June 23rd to October 16th at the Museum of the Order of the Liberation in Paris, France. The museum also launched a dedicated page, and DGSE release a digital version too.
24. Podcast: True Spies: Sexpionage, Part 3: The Lover, the Ax, and Leon Trotsky
Following the last couple of weeks, this week’s episode for SpyScape’s True Spies series was titled “Sexpionage, Part 3: The Lover, the Ax, and Leon Trotsky” and as per the description, “Michael and Henry tell the real spy story behind one of history’s most famous murders. When Ramón Mercader attacked Marxist revolutionary Leon Trotsky at his home in Mexico, the evidence suggested a crime of passion. In reality, it was the culmination of a long and intricate honeypot operation by Stalin’s secret service.”
25. Google TAG Uncovers New Cyber Espionage Operations in Italy and Kazakhstan
Google’s Threat Analysis Group (TAG) published a report summarising recently disrupted cyber espionage operations in Italy and Kazakhstan. According to the report, the state actors involved used the cyber espionage products offered to government agencies by the Italian RCS Labs private company.
26. Haspel Personally Observed CIA Waterboarding, Witness Testifies
On June 23rd, the National Security Archive published an article titled “Haspel Personally Observed CIA Waterboarding, Witness Testifies” stating that “Gina Haspel, 15 years before President Trump nominated her and the US Senate confirmed her as CIA director, personally oversaw the waterboarding of alleged USS Cole bomber Abd al-Rahim al-Nashiri at a black site prison in Thailand in 2002, according to recent testimony at a military tribunal at Guantanamo Bay, Cuba.”
27. Canada’s CSIS Warns of Increase in State-Sponsored Disinformation Operations
Via a social media announcement, the Canadian Security Intelligence Service (CSIS) stated that since March 2020 they have “observed more state-sponsored disinformation campaigns via social media and online platforms in Canada. Hostile states engage in these disinformation campaigns in hopes of discrediting our democratic institutions, negatively impacting social cohesion, and sowing discord among Canadians.”
28. New Cyber Espionage Operation Targeting the Military of Kyrgyzstan
Cyber threat intelligence researcher Jazi discovered and disclosed technical indicators of a previously unknown cyber espionage operation. The operation had a lure document titled “Тайвань.doc” (Taiwan.doc) and impersonating the Ministry of Defence of Kyrgyzstan, briefing its senior officials of an upcoming special operation of Chinese forces against Taiwan. If the target(s) opened the lure document, a custom cyber espionage software implant was installed. No attribution was made for this operation.
29. Podcast: SpyCast: From Navy Analyst to State Dept. Intelligence Chief
The International Spy Museum’s SpyCast published the second part of the “From Navy Analyst to State Dept. Intelligence Chief” episode, featuring Ellen McCarthy who among other positions, in the period of 2019–2021 served as the Head of the US State Bureau of Intelligence and Research (INR). In this first part, the topics covered are: 1) Her start as a Soviet submarine analyst in the Office of Naval Intelligence, 2) Bringing the U.S. Coast Guard intel. program into the Intelligence Community (IC), 3) Working for DoD and Geospatial-Intelligence, and 4) Why she admires the Bureau of Intelligence and Research (INR).
30. China’s SIGINT Facilities in Cocos Islands, a Threat to India
India Blooms published this story stating that “the maritime reconnaissance and electronic intelligence station on Great Coco Island, some 300 km south of the Myanmar’s mainland, is the most important People’s Liberation Army Navy (PLAN) signal intelligence installation.”
31. Spy Way of Life: Convitto Nazionale “Vittorio Emanuele II”
This week’s selected site for the Spy Way of Life of the Intelligence Online, was the Convitto Nazionale “Vittorio Emanuele II”, located in Rome, Italy. This is a National Boarding School that Intelligence Online described as “the Italian security establishment’s favourite school.” As it’s highlighted, it is “a multi-year school that allows parents, many of whom are politicians or intelligence operatives, to make a connection or two.”
32. Unidentified Actors Used Strava to Spy and Track Movements of Israeli Military Personnel
Based on an exclusive story of The Guardian, “unidentified operatives have been using the fitness tracking app Strava to spy on members of the Israeli military, tracking their movements across secret bases around the country and potentially observing them as they travel the world on official business.” The article continues that “by placing fake running “segments” inside military bases, the operation — the affiliation of which has not been uncovered — was able to keep tabs on individuals who were exercising on the bases, even those who have applied the strongest possible account privacy settings. In one example seen by the Guardian, a user running on a top-secret base thought to have links to the Israeli nuclear programme could be tracked across other military bases and to a foreign country. The surveillance campaign was discovered by the Israeli open-source intelligence outfit FakeReporter.”
33. Video: The Spy Who Came in From the Cold War — Infiltration at the PMML
The International Spy Museum published an over 1-hour long video recording in collaboration with the Pritzker Military Museum & Library. As per the description, International Spy Museum’s historian and curator, Dr. Andrew Hammond hosted this conversation between International Spy Museum Executive Director Chris Costa, and retired senior FBI agent John Quattrocki talking about Cold War intelligence, espionage, and their experiences in the field.
34. US Army Helicopter Pilot Pleaded Guilty for Being a Chinese Spy
On June 23rd, the US Department of Justice issued a press release for the case of Shapour Moinian who “served in the Army in the United States, Germany, and South Korea from approximately 1977 through 2000. After his service, Moinian worked for various cleared defense contractors in the United States — including in San Diego — as well as the Department of Defense.” As per the press release, “he was contacted by an individual in China who claimed to be working for a technical recruiting company. This person offered Moinian the opportunity to consult for the aviation industry in China. In March of 2017, Moinian travelled to Hong Kong where he met with this purported recruiter and agreed to provide information and materials related to multiple types of aircraft designed and/or manufactured in the United States in exchange for money. Moinian accepted approximately $7,000-$10,000 in United States currency during that meeting. According to his plea agreement, at this meeting and at all subsequent meetings, Moinian knew that these individuals were employed or directed by the government of the People’s Republic of China.” He continued the espionage activity until he was uncovered by the FBI’s Counterintelligence Division (CD). This week he pleaded guilty of being a Chinese spy and his sentencing is scheduled for August 29, 2022.
35. Dutch MIVD Celebrates 20th Anniversary and Holds Public Symposium
The Dutch Military Intelligence and Security Service (MIVD) celebrated its 20th anniversary and held a public symposium titled “Fog of War 2.0” on June 23rd. Transcripts of the talks were also shared online. Those were from: 1) Director-General of MIVD, Jan Swillens, 2) Minister of Defence, Kajsa Ollongren, and 3) Commander of the Armed Forces, Onno Eichelsheim.
36. Turkish MİT Assassinates Female PKK Official in Iraq
According to TRT Haber, the Turkish National Intelligence Organisation (MİT) successfully completed an operation to assassinate PKK official Delal Azizoğlu, codenamed “Raperin”, this week. According to the article, MİT located the target and did an operation in the city of Sulaymaniyah, in the Kurdistan region of Iraq, and assassinated her. Note that PKK is classified as a terrorist organisation in Turkey.
37. Indian Cyber Espionage Operation Targeting Pakistan
Cyber threat intelligence researcher Jazi discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as DONOT who has been previously associated with a cyber espionage solutions firm from India. The operation involved two documents which, if opened, were covertly installing a custom cyber espionage software implant. The documents were named after the Pakistani cities of Lahore and Kohat.
38. Ukrainian SBU Exposes Russian GRU Network Including Ukrainian Politicians
With an official announcement, Ukraine’s Security Service (SBU) revealed the disruption of Russian military intelligence (GRU) espionage network in Ukraine. Among others, the network involved Ukrainian politician and businessman Andrii Derkach who “oversaw the creation of a number of private security companies in various regions to use these structures to quickly capture Ukraine.” The network also included former assistant to People’s Deputy Igor Kolesnikov who was known in GRU as the “Veteran” and was providing liaison and financial courier services. Derkach was recruited in 2016 and was in touch with high-ranking officials including GRU’s Director Igor Kostyukov, and GRU’s First Deputy, Vladimir Alekseev. SBU stated that “GRU allocated 3–4 million US dollars every few months to implement its plans” and also that “Kolesnikov said the GRU planned to use two brigades of special forces and special operations forces to capture the capital, which were to enter from the territory of Belarus. From there, move quickly to Kiev, seize the Government Quarter, and convene a chamber in the Verkhovna Rada to vote for a new government.”
39. Video: Chinese Spy Who Stole United States Military Secrets
The SponzTV YouTube channel published a 6-minute long video briefly presenting the 2014 case of espionage by Canadian/Chinese national Su Bin (a.k.a. Stephen Su) who later pleaded guilty of, among others, stealing F-35, F-22, and C-17 aircrafts classified material on behalf of the Chinese intelligence services.
40. NIST: Alan Turing’s Everlasting Contributions to Computing, AI and Cryptography
On June 23rd, the US National Institute of Standards and Technology (NIST) published an article dedicated to English mathematician and one of the first British codebreakers, Alan Turing.
41. Former Somali Spymaster Points Finger at ex-Djibouti Police Chief
The Africa Intelligence published an article stating that “Fahad Yasin Haji Dahir, the head of the Somali intelligence services until 2021, has accused Djibouti, and in particular its former police chief, of plotting his disappearance.”
42. Albanian SHISH Releases 2021 Public Report
On June 24th, the Albanian State Intelligence Services (SHISH) issued an announcement for the release of its 4th Public Report. This is the report covering 2021 and it’s a 34-pages long document split in the following sections: 1) Regional security situation, 2) Foreign intelligence activities in Albania and the region, 3) Terrorism, 4) Organised crime, 5) Illegal immigration, 6) Corruption and economic crimes, 7) Energy security, 8) Environmental safety, 9) Cyber security, 10) Verification process of images, 11) IT&T developments, 12) Concepts to know, 13) Resident: An example from counter-intelligence, 14) Law enforcement in SHISH, 15) From SHISH’s archives, 16) Building and improving human and technical capabilities, 17) Human resources management, 18) Training in SHISH, 19) The ceremony of new SHISH trainees, 20) My experience at SHISH, 21) Financials of SHISH, 22) Ranking of institutions based on performance indicators for 2021, and 22) SHISH in social and humanitarian activities.
43. Chinese Spy Met UK Justice Officials to Discuss Irish Visas
The Sunday Times published an article for some of the covert work that Chinese intelligence agent Christine Lee was involved with in the United Kingdom. As per the article, she “met Department of Justice officials to discuss how her business associates could acquire residency visas through the state’s Immigrant Investor Programme (IIP).” The article continues that “more than 1,300 Chinese nationals subsequently acquired Irish residency through the IIP, which is the subject of a criminal investigation because funds earmarked for certain projects were diverted elsewhere.”
44. Interview with former SVR Deep-Cover Spy Elena Vavilova
The Russian Express Gazetta published an interview with retired Colonel Elena Vavilova, who became known when she was uncovered and arrested by the FBI in 2010 being a deep-cover Russian Foreign Intelligence Service (SVR) agent operating in the US, and was later exchanged in a US-Russia spy exchange agreement. She was working with her husband — also an intelligence officer, Andrei Bezrukov (who posed as Donald Howard Heathfield). According to her interview, they had worked undercover for the SVR for 23 years. She’s now an author and public speaker, living in Moscow, Russia.
45. NSO Group’s Pegasus Used by at Least 5 EU Countries
On Tuesday, the Israeli cyber espionage solutions firm NSO Group said to European Union lawmakers that “at least five EU countries have used” Pegasus, the company’s main cyber espionage product. NSO Group’s General Counsel, Chaim Gelfand said that “we’re trying to do the right thing and that’s more than other companies working in the industry. Every customer we sell to, we do due diligence on in advance in order to assess the rule of law in that country. But working on publicly available information is never going to be enough.” This came after the case of the Spanish National Intelligence Centre (CNI) allegedly using Pegasus to spy on Catalonian politicians.
46. German BfV Releases “Methods of Espionage: HUMINT”
On June 20th, Germany’s domestic intelligence service (BfV) published a 3-page document discussing how foreign intelligence services conduct espionage activities inside Germany, specifically focusing in Human Intelligence (HUMINT) methods. The document was organised in three areas: 1) What is HUMINT? 2) Methods and approaches, and 3) How to protect yourself.
47. Chinese Cyber Operators Use Ransomware as Decoy in Cyber Espionage Operations
As it was revealed this week, at least two cyber actors associated with the intelligence services of China have been “conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their” operations. As per the article, the Chinese cyber operators “might be creating short-lived ransomware strains only to mask its cyber-espionage operations as ransomware attacks, reducing the chances of dealing with the ramifications of accurate attribution.”
48. United States NRO Launch Mission 111 Highlights
On June 15th, the US National Reconnaissance Office (NRO) launched three new spy satellites (USA-316, USA-317, and USA-318) as part of its NRO Launch mission 111 (NROL-111). On June 24th, NRO released a 2-minute long video titled “NROL-111 Highlights.”
49. Australian ONI to Assess Climate Change Security Risks
According to Bloomberg, Andrew Shearer, the Director-General of Australia’s Office of National Intelligence (ONI) was tasked by the Prime Minister to “investigate national security threats arising as a result of climate change.”
50. Turkish MİT Thwarts Iranian Kidnaping of Former Israeli Ambassador
The Jewish Press published an article on June 23rd about Turkish National Intelligence Organisation (MİT) thwarting an Iranian covert operation to kidnap a former Israeli ambassador and his wife while in Turkey. As per the article, “MİT and police received information that kidnappings and killings were planned against Israelis living or visiting as tourists in Istanbul and against a former Israeli ambassador and his wife who were staying at a hotel in the Beyoğlu (pronounced Beyolu) district. Close to 10 suspects, including local collaborators, have been detained in the joint operation conducted by MİT and police in the Soul Hotel and three separate rental houses in the Beyoğlu district on June 17.” The same article also notes that “Hurriyet reported that Mossad had taken the targeted Israeli citizens from their addresses and sent them to Tel Aviv on a private plane.”
51. Lithuania Reports Steep Increase of Cyber Denial of Service Attacks Against Government Entities
The National Cyber Security Centre (NKSC) of Lithuania issued a public warning for the sudden increase of Distributed Denial of Service (DDoS) cyber attacks targeting “public authorities in the country” including “transportation agencies, financial institutions, and other large entities.” There are suspicions of those being executed by Russian actors, but currently there are no supportive evidence.
52. MI5, MI6 and GCHQ Will Need Permission to Access Communications Data
Following the recent espionage legislation changes in the United Kingdom (see week 22 story #54, week 23 story #2 and week 24 story #53), the British High Court ruled on June 24th that all “security services will need independent authorisation to obtain citizens’ personal communications data from telecoms providers.”
53. Former South African Spy Chief Failed Due Process
On week 22 (story #23) the former Head of South Africa’s intelligence service, Arthur Fraser, filed a legal complaint against South African President Cyril Ramaphosa over a staged robbery and kidnapping. This week, Bloomberg published that Fraser “abused his position as head of the State Security Agency and failed to follow due process, a judicial inquiry into state graft has found.”
54. European Court Ruling on Air Travel Surveillance
On June 21st, “the highest court of the European Union ruled today that an EU mandate for dragnet surveillance of travelers through government access to airline reservations might be permissible under EU law — but only under conditions that governments of EU member countries, and the US government, may be unable or unwilling to meet.” The 4-page long press release of the Court of Justice of the European Union is available here.
55. Podcast: Former CIA Covert Operative A. Bustamante
On June 20th, The After Word published a new 37-minute long podcast episode featuring former CIA covert operative, Andrew Bustamanate. The theme of the episode is cyber security.
56. Swiss CSS Report on the IT Army of Ukraine: Structure, Tasking and Ecosystem
This week, the Switzerland-based Centre for Security Studies (CSS) released a Cyber Defence Report titled “The IT Army of Ukraine: Structure, Tasking, and Ecosystem” covering the topics of the title in 32-pages.
57. SFJ Accuses India’s RAW for Backing Terrorist Attacks
According to the Sikhs for Justice (SFJ), a US-based NGO supporting the Punjab independence, and allegedly linked with Pakistan’s ISI, the recent terrorist attacks in Kabul, Afghanistan targeting Sikh Gurdwaras was backed by groups controlled by India’s main foreign intelligence agency, the Research & Analysis Wing (R&AW). The article concludes that “these reports further said the main objective of the RAW was to create an environment of terror among the Sikhs, so that they could shun their Khalistan movement.”
58. Russian GRU Cyber Operators Use Fear of Nuclear War as Theme to Target Entities in Ukraine
The cyber threat intelligence team of the Malware Bytes cyber security firm published an analysis showing a recent cyber espionage operation attributed to an actor dubbed as APT28, who has been previously associated with Russia’s military intelligence (GRU). As per the analysis, the lure document’s filename “Nuclear Terrorism A Very Real Threat.rtf, attempts to get victims to open it by preying on their fears that the invasion of Ukraine will escalate into a nuclear conflict.”
59. Iranian Engineer’s Death at Military Site Attributed to Sabotage
The Asharq Al-Awsat published an article stating that “the death of an Iranian Defense Ministry engineer in May 2021 was the result of “industrial sabotage” at a military site in Parchin near the capital Tehran, an Iranian Revolutionary Guards commander was quoted on Monday as saying.” The article concludes that the “Parchin is a sensitive military site housing several industrial and research units, where Western security services believe Iran carried out tests related to nuclear bomb detonations more than a decade ago.”
60. Turkish Article Talks About MİT Successes and Other Intelligence Agencies’ (Greece, US and UK) Operations Related to Turkey
The Dik Gazete published an article talking about successes of the Turkish National Intelligence Organisation (MİT). Among others, it says that the Greek National Intelligence Service (NIS) is “in contact with terrorist organisations such as Asala/ PKK/ DHKP-C/ FETO , which are within the scope of national security for Turkey” and that NIS “collaborates with the Iranian secret service VEVAK, which manages Iranian paramilitary forces fighting the Turkish Army in Iraq, Lebanon and Syria.” The author continues that “the US and UK secret services hold the rope of this evil alliance” and that NATO is preparing for land warfare in Russia.
61. Podcast: Team House: From Delta Operator to Professional Mercenary
The Team House published a nearly 3 hours long podcast episode featuring Dale Comstock, who among others have conducted paramilitary operations for the CIA, both as part of JSOC and also as a contractor. As per the description, “Dale Comstock was the youngest operator in Delta Force when he joined from the 82nd Airborne and was the master breacher on the military’s first successful hostage rescue mission, Operation Acid Gambit which rescued Kurt Muse from the clutches of Panamanian dictator Manuel Noriega. Comstock’s adventures didn’t end when he retired from the Army just before 9/11. He went on the serve as a paramilitary contractor in Afghanistan and then went on to become a mercenary in places like Yemen. On this episode we’re going to focus on Dale’s post Army life as a security contractor, mercenary, and bodyguard.”
62. IRGC Spy Chief Replaced Over Recent Failures
The last few weeks Iran’s Islamic Revolutionary Guard Corps (IRGC) Intelligence Agency has suffered lots of issues. From exposure of covert transportation operations in Latin America (see week 24 story #55), from exposures of past operations (see week 22 story #44 and week 21 story #20), suspicious deaths of two of its senior members (see week 21 story #11 and week 22 story #48), and many others. As such, this week it was announced that IRGC Intelligence Agency’s Head, Hossein Taeb was dismissed. According to IRGC spokesman Ramezan Sharif, Taeb “was replaced by Mohammad Kazemi, who previously headed the Intelligence Protection Organisation, the counterintelligence arm of the IRGC.”
63. Ukrainian GUR Says that Russia is Conducting Covert Mobilisation Campaign
Reuters published an article on June 25th where Major General Kyrylo Budanov, the Chief of the Ukrainian Military Intelligence (GUR) stated that “Russia is using its reserve forces in a covert mobilisation to replenish its ranks in eastern Ukraine and there is no point in simply waiting for its offensive potential to fizzle out.”
64. Turkish MİT Captures Greek Citizen Accused of Being NIS Agent
On June 25th, Turkish media reported that Greek citizen Mohamed Amar Ampara was arrested by the counter-intelligence department of the Turkish National Intelligence Organisation (MİT) for acting as an agent of the Greek National Intelligence Service (NIS). As per the announcement, “Ampara was operating disguised as a businessman during his trips to Turkey” and “he is believed to have been compiling information about the Turkish military on the border and transferring it to Greek intelligence.”
65. Iraqi INIS Targeted by Shiite Militia Groups Targeting PM Kadhimi
According to Al-Monitor, recently a coordinated campaign, reportedly organised by the Shiite militias of Iraq, has been going after the Iraqi National Intelligence Service (INIS) in order to target the country’s Prime Minister, Mustafa al-Kadhimi. That campaign includes Information Operations (IOs) via media outlets controlled by the militia groups affiliated with Iran, “trying in the past few days to accuse the Iraqi National Intelligence Service of participating in the assassination of the Iranian Quds Force commander Maj. Gen. Qasem Soleimani, and the Popular Mobilization Units (PMU) deputy head Abu Mahdi al-Muhandis.”
66. India’s R&AW Chief Gets One Year Extension; IB Gets New Chief
The Director of the foreign intelligence service of India, R&AW, Samant Goel received an extension for another year (until June 30, 2023). Note that “last year, he had been given a year’s extension after he completed a two-year fixed tenure.” On the other hand, the domestic intelligence service of India, the Intelligence Bureau (IB) has a new Director, Tapan Kumar Deka. He will assume office on July 1st, 2022. As per the announcement, “both Goel and Deka are strong “operations” men whose field work and operational capabilities have got them the top jobs in the spy agencies. While Goel’s extension of tenure has not come as a surprise for the intelligence community as his capabilities have been tried and tested when he successfully steered the intelligence operations during the 2019 Balakot airstrike and 2016 surgical strikes in Pakistan, Deka’s appointment has corroborated the assessment in security circles that Prime Minister Narendra Modi and Home Minister Amit Shah have given weightage to building the operational strengths of the agencies over analysis experts.”
67. Twitter Hires ‘Alarming Number’ Of US Government’s Ex-FBI Agents, Feds and Spies
The Republic World published an article on June 25th stating that “Twitter has been hiring a significant number of ex-FBI agents and other former feds and spies.” The article continues with some examples, like that of “FBI veteran Karen Walsh, who served as a special agent for 21 years, was made the director of corporate resilience at the Silicon Valley-based company. Other roles were held by former employees of the Central Intelligence Agency and NATO think-tank Atlantic Council.” The article then highlights the threats of that and the potential influence US intelligence services can have in social media platforms, like Twitter. The article also notes that “Meta has employed the former NATO Press Secretary Ben Nimmo as its head of intelligence.”
68. Ukrainian President Wants to Replace Head of SBU Due to Intelligence Failures
According to Politico, Ukrainian President Volodymyr Zelenskyy appointed his close friend, even before his political career, Ivan Bakanov as the Head of the Security Service (SBU) in August 2019. However, there have been numerous intelligence failures lately and President Zelenskyy “is looking to replace Bakanov” as Politico reports “according to four officials close to the president and a Western diplomat who has advised Kyiv on reforms needed to revamp the SBU.” Politico quotes a top Ukrainian official close to the President saying that “we are highly unsatisfied with his job and are working to get rid of him. We are not satisfied with his managerial, you know, [skills] because now you need … anti-crisis management skills like we don’t think that he has.”
69. CNN on the Suspected Deep-Cover GRU Officer AIVD Exposed
The CNN talked with people that had interacted with the Russian military intelligence (GRU) officer exposed by the Dutch AIVD last week (see week 24 story #2). Quoting CNN, “Cherkasov appears to have carried out that mission quite successfully. One of Cherkasov’s professors — who taught a class on genocide — wrote his reference letter for the internship at The Hague. In another SAIS class, “he was the teacher’s favorite,” said another classmate, who like other former classmates spoke to CNN on the condition of anonymity out of fear of retaliation from the Russian security services. “He was a very nice guy, very open-minded, very active in class.” “This guy I would have never suspected [of being a spy],” the former classmate told CNN.”