SPY NEWS: 2022 — Week 26

Summary of the espionage-related news stories for the Week 26 (June 26-July 2) of 2022.

1. Tradecraft Sunday: OWVL and IOWL Covert Communications

Last Sunday we published a video covering the One-Way Voice Link (OWVL) and Interim One-Way Link (IOWL) covert communications methods used extensively by intelligence services for several decades. The video briefly covers other OWVL/IOWL components like the Number Stations and the One-Time Pads (OTPs).

2. Ankara University Uses MİT Profile Files to Purge Academics

According to the Stockholm Centre for Freedom, the Ankara University of Turkey has been closely collaborating with the country’s National Intelligence Organisation (MİT) to purge any academics that are deemed as anti-government. As per the article, “Ankara University, where more than 100 academics were fired by government decrees in the aftermath of an abortive putsch on July 15, 2016, has been using profiling documents received from Turkey’s National Intelligence Organization (MİT) to justify the academic purges in court.” The article then gives some specific examples such as that “Ankara University’s rector and vice rector at the time, respectively, wrote to MİT in 2016 requesting information about the academic and other staff, the intelligence organization sent them profiling files marked “classified” on 59 individuals, which included personal information regarding their union activities, panel discussions and other events they attended and their spouses or children’s membership in unions and political parties.”

3. Recently Completed Ukrainian SBU Counter-Intelligence Operations

On Monday, Ukraine’s Security Service (SBU) announced 3 recently completed counter-intelligence operations. Those were: 1) In Kiev, SBU detained a Russian intelligence agent correcting missile strikes on the capital. 2) In the region of Donetsk, SBU detained a Russian agent gathering intelligence on the position of Ukrainian forces in the city of Bakhmut, and 3) In the city of Zaporizhzhia, SBU announced that a local militant was sentenced to 15 years in prison for fighting Ukrainian forces.

4. Swiss FIS Releases 2022 Annual Report

On June 27th, Switzerland’s Federal Intelligence Service (FIS) published its “Switzerland Security 2022” situation report. It’s a 71-pages long report split in the following sections: 1) Rethinking Security Policy, 2) The situation report in brief, 3) Strategic environment, 4) Jihadist and ethno-nationalist terrorism, 5) Violent extremism, 6) Proliferation, 7) Illegal intelligence, 8) Threat to critical infrastructure, and 9) Key figures.

5. Webinar: Code Name Madeleine (the case of Noor Inayat Khan)

On Tuesday, June 28th, the International Spy Museum published a 56-minute long recording of a webinar titled “Code Name Madeleine”, featuring Arthur J. Magida, author of “Code Name Madeleine: A Sufi Spy in Nazi-Occupied Paris”. As per the description, “Seventy-nine years ago — June 16, 1943 — Noor Inayat Khan was flown to France on a small Lysander plane to take on the dangerous job as a wireless operator for Britain’s Special Operations Executive (SOE) in Nazi-controlled France. The daughter of a Sufi mystic from India and an American mother, Khan became an unlikely World War II heroine. Raised in a lush suburb of 1920s Paris, Khan was an introspective musician and writer, dedicated to her family and to her father’s spiritual values of harmony, beauty, and tolerance. She did not seem destined for wartime heroism. Yet, faced with the evils of Nazi violence and the German occupation of France, Khan joined the SOE and trained in espionage, sabotage, and reconnaissance. For crucial months of the war, Khan was the only wireless operator sending critical information to London from Paris, significantly aiding the success of the Allies on D-Day.”

6. Article: CIA Ops, Commandos in Ukraine: Can we Just Admit we are Fighting This War?

Kelley Beaucar Vlahos of the Responsible Statecraft published this article which summarises the leaked/publicly known active involvement of the United States Central Intelligence Agency (CIA) and US special operations forces in the war in Ukraine, raising the question of whether the US covertly or overtly fighting this war. The article concludes stating that this “brings us to the million dollar question — what do we expect to come from this particular (proxy war) for which the U.S. is engaged well beyond just sending assistance? My Quincy Institute colleague George Beebe, who spent years engaged in Russia analysis for the CIA, wonders if Washington even knows how far it is going here. “This is reminiscent of the ‘sunk cost’ phenomenon that caused Washington to increase its involvement in Vietnam from a handful of advisors to half a million troops in direct combat,” he tells me. “In the face of growing Russian success in taking the Donbass, we are doubling down on even more economic sanctions on Russia and deeper U.S. and NATO support for Ukraine. How this is supposed to produce anything beyond an ongoing and very volatile stalemate is very unclear. We seem to have no viable exit plan.” If history is any guide, we won’t have one, until it’s too late.”

7. Russian SVR Has New Monument for Deep-Cover Spies

Via an official announcement, the Russian Foreign Intelligence Service (SVR) stated that in their headquarters they added a new monument for deep-cover operatives (known as “illegals” in the Russian doctrine or “non-official cover” in the US doctrine), which was celebrated with a ceremony on June 28th. The Director of SVR, Sergey Naryshkin, presented it saying that “despite the almost complete portrait resemblance to a real and well-known person, People’s Artist of the Soviet Union Vyacheslav Tikhonov, the monument is dedicated to so many people whose names, deeds and exploits most often remained hidden by a veil of secrecy, this monument embodies an artistic image that everyone in Russia knows, young and old, he added. An illegal intelligence officer for several generations of our compatriots. And his fate is a symbol of perseverance, feat and sometimes tragedy of people who completely, to the end, devoted their lives to serving the Fatherland and fighting for the highest goals and ideals.” The statue depicts Maxim Isaev-Stierlitz and it has an inscription from the Soviet songwriter Robert Rozhdestvensky, from a 1973 song used in the television series Seventeen Moments of Spring saying “надо просто помнить долг от первого мгновенья до последнего” (You just need to remember the duty from the first moment to the last). SVR Director’s speech concluded with: “Directorate “C” (illegal intelligence) has always been the most secret division of foreign intelligence. Nevertheless, over the years, the names of genuine illegal officers became widely known, people who made an invaluable contribution to ensuring the interests and security of the homeland — including Yakov Serebryansky, Dmitry Bystroletov, Vasily Zarubin, Alexander Korotkov, Iskhak Akhmerov, Iosif Grigulevich, William Fisher ( Rudolf Abel), Konon the Young, Gevork and Gohar Vartanyans, Alexei Kozlov, Yuri Drozdov.”

8. FSB Cyber Espionage Operation Targeting Ukrainian Government

The InQuest cyber security firm published a technical analysis of a new cyber espionage operation targeting government organisations of Ukraine with lure documents impersonating military payroll, which, if opened, covertly install a cyber espionage software implant. The operation was attributed to an actor dubbed as GLOWSAND who has been previously associated with the Russian Federal Security Service (FSB).

9. French DGSE Joins the “Welcome to the Jungle” Jobs Platform

On Tuesday, the French DGSE announced that their entity is officially in the French job recruitment and professional network online platform “Welcome to the Jungle”. As per the announcement, “DGSE reveals itself (a little) on Welcome to the Jungle” continuing that “Welcome to the Jungle is a media that allows young people (20–35 years old) to discover a company or an administration before applying for a job. Would you like to know more about the DGSE? Discover our work environment, our professions, our recruitment processes? The DGSE discreetly recruits new talent all year round.” This is in continuation of this year’s efforts of DGSE to get more public exposure to boost its image and improve its recruitment efforts.

10. Russia Expels 8 Greek Diplomats, Rumours of Espionage Concerns

The Russian Ministry of Foreign Affairs (MFA) declared 8 Greek diplomats as Persona Non Grata (PNG), forcing them to immediately leave Russia. The Russian MFA did not provide any public justification but some sources state it was related to espionage concerns. According to the Reuters, the Greek Ambassador was summoned and was informed that reasoning was “the confrontational course of the Greek authorities towards Russia, including the supply of weapons and military equipment to the Kyiv regime.”

11. Podcast: SpyCast: Intelligence & the World’s Largest Democracy” — Former Indian Intelligence Director Vikram Sood

This week, the International Spy Museum’s SpyCast published an 1-hour long episode featuring Vikram Sood, former Director of India’s foreign intelligence agency, the Research & Analysis Wing (RA&W). As per the description, the intelligence subjects covered are: 1) The intelligence landscape in India, 2) China, Pakistan, and the intelligence challenges in the region, 3) The founding and evolution of the Research and Analysis Wing, and 4) The pressure involved in the top job and being responsible to the Prime Minister.

12. French DGSI Arrested Bulgarian Journalist Over Espionage Concerns

On June 22nd, the domestic intelligence service of France, DGSI, arrested (and later released) the Bulgarian national Alex Jordanov over espionage concerns. According to Bulgarian media, the reasons were a book he recently published in France, titled “Les Guerres de L’ombre de la DGSI: Plongée Au Coeur Des Services Secrets Français” (The Shadow Wars of the DGSI: Diving into the Heart of the French Secret Services), as well as a documentary he did in French for the Algerian-French jihadist Mohammed Merah. Eventually, he was released 2 days later without any further details about the justification or what happened during his detainment by the DGSI.

13. Russian Group Behind Cyber Attacks Targeting Lithuania

On week 25 (story #51) Lithuania’s National Cyber Security Centre (NKSC) warned over an increase in cyber attacks. This week, NKSC released a statement describing that some of the impacted targets of the cyber attacks were Lithuania’s “State Tax Inspectorate, Migration Department and a secure national data network among a host of other state entities.” As it was discovered, a previously unknown cyber operations group using the moniker “KillNet” said “it was going to target the network infrastructure of Lithuania.” The Russian group allegedly took down “systems at Vilnius Airport, Kaunas Airport and Palanga Airport” and issued a statement that “we continue to hint unequivocally to the Lithuanian authorities that they should immediately withdraw their decision to ban the transit of Russian cargo from the Kaliningrad region to Russia.” Currently, it is not clear if this is a nation-state, state-backed, state-sponsored, or other actor.

14. Bulgaria Expels 70 Russian Diplomats Over Espionage Concerns

On June 28th, the Bulgarian Ministry of Foreign Affairs announced that 70 staff members of the Russian diplomatic mission in Bulgaria were declared Persona Non Grata (PNG), and had to immediately leave the country. Bulgarian Prime Minister Kiril Petkov said: “today we have expelled 70 Russian diplomats. Many of them have worked directly for intelligence services and their diplomatic role has been more like a cover.”

15. Former ISI Chief Declares Support for Former PM Imran Khan

India Narrative reported that retired Lieutenant General Zaheerul Islam, who served as the Director-General of the Pakistani Inter-Services Intelligence (ISI) between 2012–2014 openly stated his support for the former Prime Minister Imran Khan. As per the article, “the split in an apparently cohesive Pakistani army is getting wider by the day as Lt. General (retired) Zaheerul Islam the, the former chief of Pakistan’s notorious spy agency, the Inter-State Services (ISI) has come out openly in support of the ousted Prime Minister Imran Khan. There are strong “rumours” that Imran Khan has selected the ex- ISI boss as a PTI candidate for the next general elections.”

16. Kazakhstan’s KNB Investigates the Former President’s Circles

According to Intelligence Online, the National Security Committee (KNB) of Kazakhstan continues to “investigate a group of officers close to ex-Kazakhstan President Nursultan Nazarbayev, including one of his nephews, Samat Abish. The businessmen in the former president’s family have been given little trouble.”

17. Iran Points at Israeli Psychological Operation to Ruin Iran-Turkey Relations

The Iran International reported that Saeed Khatibzadeh, Iranian Ministry of Foreign Affairs spokesman, stated that “about a week ago they launched a psychological operation using false and orchestrated information to engage the media in fictitious scenarios to prepare the ground for the Israeli Foreign Minister’s smear campaign. Iran’s response to the Israeli regime’s assassination and sabotage will always be definite, authoritative and without threatening the security of ordinary citizens and the security of other countries.”

18. Podcast: SpyScape: Team Alpha, Part I: The Tip of the Spear

On June 28th, SpyScape’s True Spies series had a new 40-minute long episode published. The description of the podcast says, “October 17, 2001. The dust of 9/11 has barely settled. America and the world are reeling. In Afghanistan, 8 CIA officers — a crack team of linguists, tribal experts and paramilitaries — are the first Americans to infiltrate Taliban territory after the attacks. Their mission is to ensure that Al Qaeda does not strike again. They are Team Alpha. In Part 1, Vanessa Kirby joins CIA linguist David Tyson and author Toby Harnden to tell the true story of Team Alpha’s first foray in to a dangerous and unpredictable new theatre of war.”

19. The Secret Cyber Espionage Capabilities Developer of the German Government, the ZITiS

Florian Flade published an investigative article about a German government agency that very few know about. The Central Office for Information Technology in the Security Sector (ZITiS) which is based in Munich. For the last 3 years, its mission is to develop cyber espionage solutions for the German intelligence services. Specifically, the foreign intelligence agency (BND), the domestic one (BfV), as well as the Federal Police and the Criminal Police Office (BKA). According to the article, ZITiS offers 3 cyber espionage suites. Two developed in-house, and a third, called FinSpy, acquired from FinFisher.

20. Polish Spy Agency Celebrates 20th Anniversary

On June 29th, the Polish Foreign Intelligence Agency (AW) announced its 20th anniversary. This includes an Anniversary Competition where Polish people can submit any form of art describing AW’s intelligence activities until September 2022 (the winners will be announced on Sep. 6, 2022). An exhibition at the Enigma Cipher Centre of Poland. As well as a comic book titled “Rygor” covering the WWII efforts of French and Polish spies to create an espionage network from Morocco to Libya. Based on “Rygor”, AW also released a series of posters for its 20th Anniversary Campaign, asking people to print them and place them all around Poland.

21. Chinese Influence Operation Targeting Australia, Canada, and US

On Tuesday, Mandiant cyber security and intelligence firm published a report for an online influence operation dubbed as DRAGONBRIDGE which, since June 2019, has “targeted the Australian rare earths mining company, Lynas Rare Earths Ltd, with content criticizing its alleged environmental record and calling for protests of its planned construction of a rare earths processing facility in Texas.” The last few weeks, Mandiant observed the same campaign beginning to “target the Canadian rare earths mining company Appia Rare Earths & Uranium Corp and the American rare earths manufacturing company USA Rare Earth with negative messaging in response to potential or planned rare earths production activities involving those companies.” The analysis concludes that “given Chinese President Xi Jinping’s continued emphasis on a broad, holistic understanding of PRC national security that encompasses areas including information and resource security, we may see other global competitors to PRC firms in other industries targeted by such information operations.”

22. Court Hearing of Iranian Spy Captured in Albania Postponed

Regnum reported that the Special Court of Albania postponed the hearing for the case of a 45 year old Iranian asylum seeker arrested earlier this year on espionage charges while renting a house in Tirana. In 2018, the suspect started having clandestine meetings with 2 Iranian intelligence officers who tasked him with collecting and providing intelligence related to “information, photographs and the exact location of the Iranian refugee camp in Manza.” The suspect used the phone of an unwitting female for this covert communications with his handlers, and the gathered intelligence was transferred using the Telegram instant messaging application. The hearing is now scheduled for the July 7th.

23. Video: Explore the German Spy Museum in Berlin

The DW Travel published a short video promoting the Spy Museum in Berlin, and showcasing some of its exhibitions. Its description said that “during the Cold War, Berlin was the capital of spies. At the Berlin Spy Museum in the Mitte district, you can delve into what Berlin was like in those times. You’ll learn more about the history of espionage, listening and interception equipment, intelligence services and conspiracy theories. And DW’s Lukas Stege shows you a real Enigma encryption machine from World War II.”

24. Voicemail Indicates US President Joe Biden Knew of His Son’s Deals with the “Spy Chief of China”

According to the New York Post, US President “Joe Biden called his son Hunter in late 2018 to discuss a New York Times article detailing the younger Biden’s dealings with a Chinese oil tycoon accused of economic crimes — telling him, I think you’re clear.” The report continues stating that “Ho later contacted Hunter Biden and paid him a $1 million retainer to rep him as his attorney, according to the report. Federal agents at the time were monitoring Ho as a potential spy for China and Hunter accidentally recorded himself referring to Ho as the spy chief of China.” The article concludes that “Hunter Biden remains under federal investigation for possible tax fraud stemming from his overseas business dealings. House Republicans have said they want his longtime partner Eric Schwerin to turn over documents they believe link the president to those relationships.”

25. Spy Chiefs Warn Botswana’s ex-President of Poisoning Plots

On June 29th, Jane Dalton exclusively reported on the Independent that “South African security chiefs have warned the former president of Botswana of state-sponsored attempts to kill him in the country he once led.” Specifically, former President Ian Khama is heavily criticising his successor, and classified intelligence reports discovered evidence of plots to poison him.

26. Pro-Tip by Former CIA GRS Operative on Signalling Methods

On June 28th, a former Global Response Staff (GRS) operative of the CIA published a 10-minute long video discussing some tips and tricks when using visible and infrared light beacons for signalling.

27. Australian Spy Chief Discussed Geopolitical Threats in First-Ever TV Interview

The Director-General of Australia’s Secret Intelligence Service (ASIS), Paul Symon, gave an interview for the first time on ABC. He highlighted the 70th anniversary of ASIS and stated that “China has, with its growing power, we think a range of economic, military, political aspirations and I think it’s impossible right now to say exactly what that end state is, or end point is for them. I think it’s our job in the Secret Intelligence Service to obtain, through agent access, through people who are willing to share the secrets of countries around the region, what they are thinking and what they are doing and then share that with our government, but also help the region understand what is going on as well.” You can watch the full interview here.

28. Emir of Katsina Appoints Head of NIA as Sardaunan Katsina

On June 27th, Abdulmumini Kabir Usman who is the he Emir of Katsina, Nigeria appointed the Director-General of Nigeria’s National Intelligence Agency (NIA), Ahmed Rufai, as Sardaunan Katsina. As per the article, “Kingibe explained that Ahmad Rufai Abubakar is well known for his love for prophet Muhammad, peace be upon him, and for being learned, philanthropic and one who has contributed to societal development particularly through youth empowerment.women and less privilege. He said it is for this reason that Ahmed Rufa’i is well-suited for the title of Sardaunan Katsina, while assuring the emir of katsina that the appointee will not disappoint in the Katsina emirate.”

29. Chinese Cyber Espionage Operation Impersonating Suriname

The Malware Hunter Team (MHT) discovered and disclosed technical indicators of a previously unknown cyber espionage operation attributed to an actor dubbed as MUSTANG PANDA who has been previously associated with the intelligence services of China. The operation used a lure file titled “Embassy of the Republic of Suriname 2022-N-033.rar”, impersonating the Embassy of Suriname. If it was opened, it was covertly installing a cyber espionage software implant used by Chinese intelligence agencies and dubbed by cyber threat intelligence analysts as “PlugX”.

30. CSIS Reported on Russia’s Methods to Evade Economic Sanctions

A report on the Financial Post stated that the Canadian Security Intelligence Service (CSIS) had identified, since last November, how Russia could evade the economic sanctions imposed by the West. Among others the CSIS report says that “Blockchain technology enables processing of international financial transactions without going through the conventional financial system”, concluding that “blockchain poses a tangible threat.”

31. Lawyer of Belarusian Spy Says He Went Himself to the SBU

In March, Ukraine’s Security Service (SBU) detained a Belarusian national on accusations of being a Belarusian KGB agent (see week 12 story #11). This week, his lawyer stated that “my client turned to the SBU to report that the special services of Belarus wanted to recruit him, but he was detained and accused of espionage. The SBU, instead of using him as a potential agent in the interests of Ukraine, put a tick on itself and opened a criminal case.”

32. China Lured Graduate Jobseekers Into Digital Espionage

The Financial Times published an investigative article presenting how “Chinese university students have been lured to work at a secretive technology company that masked the true nature of their jobs: researching western targets for spying and translating hacked documents as part of Beijing’s industrial-scale intelligence regime.” This was enabled by the Hainan University in support of China’s foreign intelligence agency, the Ministry of State Security (MSS). The article quotes former FBI Special Agent Adam Kozy, stating that “the MSS do everything very informally and they like the grey areas. It’s interesting to see that they’re relying on a young student workforce to do a lot of the dirty work that may have those knock-on consequences later in life and most likely are not fully explaining those potential risks.” Both the MSS and the Hainan University did not respond on requests to comment. The Financial Times then published a second article, titled “Chinese Hackers Kept Up Hiring Drive Despite FBI Indictment” demonstrating how this intelligence operation continued despite US government’s public disclosure.

33. Former MI6 Chief Unveils Memorial at Cambridgeshire Spy Centre

On Tuesday Sir Richard Dearlove, former Chief of MI6, unveiled “a towering memorial to the men and women who worked as spies during the Second World War.” Among others, he said that “there is one more memorial that commemorates the agents who gave their lives during World War Two working for the various operations of British intelligence.” The memorial is located at Hall Farm, Cambridgeshire.

34. Ukrainian SBU Prevented Russian Intelligence Compromise of Ukrainian TV Channels During National Telethon

With an official announcement Ukraine’s SBU stated that they successfully thwarted Russian intelligence services from conducting offensive cyber operations to compromise “electronic systems of Ukrainian TV channels” with the intention to “use the resources involved in the national telethon for their own destructive information operations.” SBU said that Russian operatives attempted to infiltrate the: 1) Live video streams, 2) Live news feed, and 3) Individual computers of employees of TV channels working on the content creation for the telethon.

35. Spy Satellites in Frontex Operation

Matthias Monroy of the Site36 published an article on how spy satellites enable Electronic Intelligence (ELINT) and Signals Intelligence (SIGINT), and how the European security doctrine is utilising them for maritime surveillance, including in operations of the European Border and Coast Guard Agency, better known as Frontex.

36. Article on Algerian Allegations of Moroccan Military Espionage

On June 27th, the Moroccan news website Parliament (Barlamane) published an article summarising the recent espionage accusations of Algerian officials against Moroccan journalists and military without any evidence supporting the claims. According to the article, the Algerian military “sees a spy in every Moroccan journalist.”

37. SVR’s 100th Anniversary of Deep-Cover Intelligence Service

This week the Russian Foreign Intelligence Service (SVR) celebrated the 100th Anniversary of their deep-cover (known as “illegals” in the Russian doctrine) intelligence operatives. As part of that, SVR released a dedicated website describing its activities which included: 1) a monument (see this week’s story #7), 2) An exhibition of espionage artefacts in Moscow titled “Profession — A Foreigner”, 3) A dedicated session at the 8th Book Festival of the Red Square along with the release of the book “Легально о нелегальном” (Legal about Illegals), 4) A new monument of Soviet intelligence officer Colonel Gevork Vartanian in Moscow, 5) The premier of a documentary titled “Без права на славу” (Without Right to Fame), 6) Russian President Vladimir Putin congratulated the SVR veteran illegal operatives, and many other activities.

38. Previously Unknown Cyber Operator Conducting Espionage in Europe and Asia

Giampaolo Dedola of the Global Research & Analysis Team (GReAT) of Kaspersky cyber security and intelligence firm published a detailed technical analysis of a new cyber operator, dubbed as TODDYCAT, who has been active at least since December 2020 targeting entities in Europe and Asia for espionage purposes. As per the analysis, the targets were high-profile entities from the government, defence, and military sectors in Taiwan, Vietnam, Afghanistan, India, Iran, Malaysia, Pakistan, Russia, Slovakia, Thailand, UK, Kyrgyzstan, Uzbekistan and Indonesia. GReAT was not able to attribute it to a specific nation-state actor but TODDYCAT uses some similar tradecraft as some known Chinese nation-state actors.

39. CIA Debrief: Behind the Artefact — Helms Letter

On June 30th, the United States Central Intelligence Agency (CIA) published a short video presenting an artefact from the CIA Museum. As per the video’s description: “in May 1945, an Office of Strategic Services (OSS) — the predecessor to today’s CIA — officer Richard Helms wrote a touching and eloquent letter to his young son on a captured sheet of Adolf Hitler’s stationery. This letter aligned with Richard’s commitment to making the world a little safer. After writing this letter, Helms’ career took him from desk officer to executive leadership. Fifty-six years ago today, on June 30, 1966, Richard Helms was appointed as the Director of CIA.”

40. New Series of Analysis on British Intelligence Failures Related to the 2017 Manchester Arena Terrorist Attacks

Following week 7 story #16 that revealed that MI5 knew about the terrorist since at least 2010, this week the Declassified UK published a series of new articles with more details on intelligence failures in the British intelligence community. The articles released were: 1) “Manchester Bomber Was a UK Ally” demonstrating how he was trained by NATO during the 2011 Libyan war, including by British special forces. 2) “Counter-Terrorism Officials Allowed Manchester Bomber to Operate in Libya Warzone” giving more details on MI5’s knowledge of his activities in both Libya and the UK. And lastly, 3) “How the UK Security Services Obstructed the Manchester Bombing Inquiry” showing how the MI5 was refusing to cooperate, and MI6 and GCHQ managed to avoid any questioning during the process.

41. South Sudan General Accuses Spy Chief of Derailing Peace Process

on June 28th, General Simon Gatwech Dual publicly accused the security advisor of President Salva Kiir Mayardit as well as the Head of South Sudan’s National Security Service (NSS), General Akol Koor Kuc for “derailing the implementation of the agreement he signed with the government in January.”

42. Poland Reveals Mid-2021 Belarusian Covert Operation to Destabilise the Country

According to the Internal Security Agency (ABW) of Poland, in mind-2021 the Belarusian KGB, in coordination with its Russian counterparts, covertly executed “a hybrid operation aimed at destabilising our country and permanently weakening internal and external security.” The operation involved the creation of a “permanent artificial route of illegal migration” and as a response Poland increased its border defences and this week announced the completion of “a permanent dam on the border between Poland and Belarus” as well as a wall, to eliminate this threat.

43. The Italian Cyber Espionage Revealed Last Week Also Targeted Syria

Last week (story #25) it was revealed that an unidentified intelligence service was using the cyber espionage suite developed and sold by the Italian RCS Labs vendor to spy on Italy and Kazakhstan. This week, it was revealed that it was also deployed in northern Syria, targeting the Syrian Democratic Forces (SDF). Additionally, one of the Command & Control (C2) servers used was based in an SDF-controlled area, and used for telecommunications and internet services across the Kurdistan region.

44. Spy Way of Life: Place de Luxembourg in Belgium

For this week’s site of Spy Way of Life, Intelligence Online selected the Place de Luxembourg in Brussels, Belgium which is also known as Le Plux. The article describes it as “Brussels’ NATO information goldmine for spies” and notes that it’s “where EU and NATO officials quaff Belgian beer and chat as Russian spies listen in.”

45. Russian FSB Cyber Espionage Targeting Ukrainian Military

Cyber threat intelligence researcher Jazi discovered and disclosed technical indicators of a previously unknown cyber espionage operation by the Russian FSB targeting the Ukrainian military. The operation involves a lure Word document impersonating a payroll report of the Ukrainian Armed Forces’ 10th Separate Mountain Assault Brigade (10 OGSH Brigade, military unit A4267, brigade B3950), a unit based in the region of Kolomyia. If the target opens the document a custom cyber espionage software implant is covertly installed.

46. Lecture: The Israeli Perspective on Strategic Intelligence

On June 29th, the John Hopkins Krieger School published an 1-hour recorded lecture titled “The Israeli Perspective on Strategic Intelligence”. As per the description about the presenter: “Colonel (res.) Itai Shapira has more than 25 years of experience in the Israeli Defense Intelligence (IDI), where he has served in various intelligence analysis and management roles on the strategic, operational, and tactical levels. His last assignments included the deputy for analysis in the IDI’s Research and Analysis Division (RAD), the head of the Syrian department in the RAD, and the head of the IDI’s “Devil’s Advocate” department.”

47. Canadian CSE Publishes Annual Report 2021–2022

On Tuesday the Canadian SIGINT agency, the Communications Security Establishment (CSE), published its Annual Report. It is a 60-pages long report structured in the following sections: 1) About this report, 2) Foreword from the Minister of National Defence, 3) Message from the Chief and Associate Chief, 4) Russia’s invasion of Ukraine, 5) Attributions, 6) Foreign signals intelligence, 7) Foreign cyber operations, 8) Communications security (COMSEC), 9) Cyber security: federal institutions, 10) Cyber security: critical infrastructure, 11) Building Canada’s digital resilience, 12) Innovation, 13) Accountability, 14) Inspired workforce, 15) CSE’s 75th anniversary, and 16) CSE at a glance.

48. US Citizen Pleaded Guilty to Conspiring to Provide Technology to the Government of Iran

According to the US Department of Justice, Kambiz Attar Kashani, a dual American-Iranian citizen, “pleaded guilty to conspiring to illegally export U.S. goods, technology, and services to end users in Iran, including the Government of Iran.” Together with another individual, they used two United Arab Emirates (UAE) based companies to illegally export technology to Iran under the direction of “an arm of the Central Bank of Iran, which has been designated by the United States government as acting for or on behalf of terrorist organizations.”

49. New DGSE Recruitment Effort for Cyber Intelligence

The French DGSE published a new page, including a short video, in their recruitment efforts for cyber intelligence experts to “identify, anticipate and respond to these threats.”

50. Singapore Ramps Up Recruitment for the DIS Spy Agency

According to the CNA, the Singapore Armed Forces (SAF) is “ is ramping up recruitment for its new Digital and Intelligence Service (DIS). It wants to attract and develop both military and non-uniformed personnel digital experts. The DIS, which was announced in March this year, will bolster the SAF’s capability in defending Singapore in the digital battlefield.”

51. CIA: Ask Molly: What really went on at Area 51?

On July 1st, the United States CIA published a short article for the Area 51, mainly focusing around the development of the U-2 and A-12 spy planes.

52. AFCEA Releases July Issue of SIGNAL

The Armed Forces Communications and Electronics Association (AFCEA) published the July issue of SIGNAL magazine with articles such as: “Adversarial Machine Learning Poses a New Threat to National Security”, “CIA Aims for Speed of Modernisation for Infrastructure”, and more.

53. Ukrainian SBU Neutralised a Russian GRU Network in Kiev

With an official announcement on July 1st, Ukraine’s Security Service (SBU) stated that they successfully neutralised a group of 4 Russian military intelligence (GRU) agents gathering intelligence on the defences of Kiev. The group was created by GRU Case Officer Colonel Vladyslav Donets and after the invasion it was activated to provide intelligence on “geolocation of strategic objects” and influence Ukrainians to support Russia. As per the announcement, GRU passed the leadership of the group to the head of the Ministry of State Security (MDB) of the, not recognised by most countries, Luhansk People’s Republic (LNR), Valentyn Tililim.

54. The First Flight of the New Nuke-Sniffing Spy Plane of the USAF

On June 30th the Warzone published an article for the United States Air Force (USAF) new spy plane, dedicated to intelligence gathering for nuclear explosions and codenamed CONSTANT PHOENIX. As per the article, “the first of what will become the U.S. Air Force’s fleet of three “nuke-sniffing” planes completed its pioneering flight test in Greenville, Texas this week. The KC-135R, with the serial number 64–14836, now converted into the WC-135R Constant Phoenix configuration, is scheduled to be delivered next month and will carry out operations that consist of collecting air samples to screen for the presence of notable nuclear materials.”

55. Danish TET Releases Annual Reports and Updates Standards

The Danish Tilsynet med Efterretningstjenesterne (Intelligence Oversight Board) released the 2021 annual reports and updated the Standards for Danish Intelligence Oversights Activities. The reports release are for the: 1) Centre for Cyber Security (CFCS), 2) Danish Defence Intelligence Service (DDIS), and 3) Danish Security and Intelligence Service (DSIS).

56. Russian SVR Says Poland is Covertly Plotting to Attach Ukrainian Land

Through an official statement, the Director of Russia’s SVR stated that Poland “began to work out scenarios for the de facto dismemberment of Ukraine.” The statement continues that Poland is “inclined to the need to go beyond the previously planned deployment of a Polish “peacekeeping contingent” in western Ukraine. The option of creating a proxy state controlled by Poland, which will be “under the protection” of the Polish armed forces, is being worked out. At the same time, a project is being considered to form a “buffer zone” from the central regions of Ukraine, which, according to the Poles, will allow them to avoid an extremely undesirable direct clash with Russia. The Polish authorities are convinced that the US and UK will be forced to support this plan. According to Warsaw, as Russian troops advance deep into Ukrainian territory, Washington and London will have no choice but to show “unconditional solidarity” with an ally ready to “resolutely defend the interests of the West in Ukraine.”.”

57. Iran Arrests Senior IRGC General as Israeli Spy

This week it was reported that Iranian Islamic Revolutionary Guard Corp (IRGC) Brigadier General Ali Nasiri, “who served as a senior commander in the IRGC Protection of Information Unit, was arrested earlier this month. According to the paper, General Nasiri’s arrest came about two months after a few dozen security officials involved in Iran’s missile programme were arrested for allegedly leaking classified information to Israel.” Iran officials stated that Nasiri was not arrested and as a proof he held a press conference himself.

58. Espionage Concerns Over Chinese project Near USAF Base

According to the CNBC, “there are growing concerns in America’s heartland over a 300-acre plot of farmland bought by a company with ties to China.” The company that acquired it says it’s planning to make it a corn milling plant. Specifically, this is near the Grand Forks Air Force Base (AFB) in North Dakota which, among others, is the base of the 319th Reconnaissance Wing (319 RW) operating the E/RQ-4B Global Hawk remotely piloted aircraft (RPA) for intelligence, surveillance and reconnaissance (ISR) missions. Quoting CNBC, “some in the intelligence community warn that the deal should be blocked because it could offer Chinese spies unprecedented access to the American base.” Later during the week, the New York Post also published an article around this case.

59. Hytera Intelligence Equipment Dealer Arrested in Tunisia, While on His Way to Libya

As reported by Africa Intelligence and Intelligence Online, this week it was revealed that French intelligence technology reseller of the Chinese Hytera, Jean Ruiz, was arrested “at Tunis-Carthage airport on 15 May.” As per Intelligence Online, “Ruiz had been prospecting in Tunisia and Libya. In his luggage, the Tunisian police found several pieces of electronic equipment from the Chinese manufacturer, which they believe to be communication jammers. The company, which supplies communication tools to the Chinese Ministry of Public Security, or Goganbu, has been looking to establish a foothold in Africa for a number of years . The company is also represented by Moroccan consultant Aziz Erroussafi,who has also prospected in Libya. Identified since 2021 as a security risk to US national security, Hytera is under investigation for allegedly stealing trade secrets from Motorola.”

60. The Shadowy Ukrainian Unit That Sabotages Targets Inside Russia

Howard Altman of the Warzone published an article for the “Shaman Battalion”, a Ukrainian special services group under the Defence Intelligence Directorate (GUR), responsible with covert and clandestine subversive (sabotage) operations inside Russia. As per the article, “over the course of Russia’s all-out war on Ukraine, images of attacks inside Russia have appeared on social media. They’ve been carried out on a wide array of targets, including an ammunition storage facility, an airbase, and what appeared to be a daring raid by Ukrainian Mi-24 Hind attack helicopters in April that crossed low over the border into Russia and struck an oil storage facility in Belgorod. While declining to offer details about specific locations of these clandestine missions, Shaman smiles when asked about that raid.”

61. Polish AW Releases Intercepted Communications of Russian Forces

On June 29th, the Polish Foreign Intelligence Agency (AW) published an article (including intercepted audio) stating that “on one of the intercepted communications, a Russian official tries to find out in the law enforcement authorities what procedures apply to soldiers who want to avoid further fighting at the front. It acts on behalf of people who do not know what formalities they should complete and whom to report to so as not to return to their branches. Soldiers more and more often use leave or treatment as an excuse to go to Russia, where they look for ways to avoid returning to the front. The recording shows the chaos and the search for a way around the decision to return to the war.”

62. More Details on the Greek Spy Arrested by MİT in Turkey

Last week (story #64) it was reported the the Turkish National Intelligence Organisation (MİT) arrested an agent of the Greek National Intelligence Service (NIS). This week more details were revealed. As per the article, the NIS agent is the 67-year old Syrian-Greek citizen Mohammad Amar Ampara, who was travelling to Turkey under the cover story of being a businessman in the field of trading, using a mobile phone supplied by NIS officers and a designated email. Since 2014 he has been operating as a NIS agent and in the period of 2014–2017 he travelled 10 times to the ISIS-controlled Raqqa in Syria to visit his wife. Between 2014–2022, Ampara was travelling to Turkey, staying in hotels in the city of Gaziantep. According to MİT, his NIS handlers tasked him to observe Turkey’s security forces, make inquiries about Syrian people in Mersin, and report back to his handler when he returned. During his arrest, he had €10,000 on his possession.

63. Ukrainian SBU Detains Russian Agents in Chernihiv

On June 30th, Ukraine’s SBU announced the detainment of a Ukrainian national in the region of Chernihiv who was acting as a Russian agent. As per the announcement, he “was collecting data for missile attacks and sabotage on the border” and during a multi-stage counter-intelligence operation, SBU discovered and detained another agent who was “collecting intelligence on the positions of the Armed Forces and geolocations of critical infrastructure” and was passing this information to “his accomplice” in Chernivtsi who “arrived to prepare a series of explosions at the Ukrainian Railways facilities.” SBU identified that both men were part of a Russian intelligence services network dedicated to subversive actions.

64. Armenian NSS Arrests Soldier on Espionage Charges

The Armenian National Security Service (NSS) announced the arrest of an Armenian national named D. Gh., who is an active duty army member, on espionage charges. He was approached by a foreign intelligence service in January 2022 through Facebook and eventually was recruited in March 2022. Since then, he was collecting intelligence related to the locations of military facilities, units, and other sensitive information and was transferring them to his handler via WhatsApp and Messenger mobile applications. In return he was receiving payments of $200 through bank transfers.

65. Iranian Cyber Espionage Operation Impersonating Flynas

On June 28th, cyber threat intelligence researcher Simon Kenin discovered and disclosed technical indicators of a cyber espionage operation attributed to the Ministry of Intelligence of Iran (MOIS). The operation was impersonating the Saudi domestic airline Flynas (formelly Nas Air), likely targeting entities in Saudi Arabia and Qatar. If the target opened the lure file, it was covertly installing a commercially available remote access software (ScreenConnect), giving the Iranian cyber operators full access to the target’s device.

66. United States CIA Operatives and NATO SOF Inside Ukraine

The New York Times published an article titled “Commando Network Coordinates Flow of Weapons in Ukraine” which outlines that “some CIA personnel have continued to operate in the country secretly, mostly in the capital, Kyiv, directing much of the massive amounts of intelligence the United States is sharing with Ukrainian forces, according to current and former officials. At the same time, a few dozen commandos from other NATO countries, including Britain, France, Canada and Lithuania, also have been working inside Ukraine.”

67. Chinese CVERT Report on NSA-Linked Cyber Espionage Suite

The Chinese National Computer Virus Emergency Response Centre (CVERT) published a 7-pages long report analysing a cyber espionage software codenamed FOXACID which, according to the report, was used by the Tailored Access Operations (TAO) department of the United States National Security Agency (NSA) to conduct cyber espionage in entities located in China, Russia, as well as countries in Europe, Asia and Middle East. The report also highlights that in at least one occassion, it “was assigned to GCHQ, a UK intelligence agency, for supporting MITMA mission.”

68. German BND: How Secret Does a Spy Agency Has to Be?

Following the story #19, Florian Flade published another article this week about the German Foreign Intelligence Agency (BND). This article is based on input from BND officers and investigative reporting. The article highlights the need for more transparency with more focus on the several thousands of intelligence reports BND produces which are never declassified, unlike in other countries where there is a process for declassification.

69. Canada’s RCMP Spy Agency Needs More Oversight and Reforms

According to APTN National News the the Community-Industry Response Group’s (C-IRG) founding policing plans raise a lot of concerns. Roach, a law professor at the University of Toronto stated that “there were some things in the documents that I found disturbing.” The report continues that those plans for the Canadian domestic spy agency (RCMP) could end up repeating the situation of the past RCMP Security Service which “had an ultra-secret bully squad — referred to in one internal memo as the “dirty tricks department” — responsible for agitation, assault, robbery, abductions, a dynamite heist and one notorious barn burning. In many cases, RCMP spies targeted law-abiding groups advocating for change through the democratic process, such as the National Indian Brotherhood, the predecessor of today’s Assembly of First Nations, which was subjected to break-ins and infiltration by police moles and agents provocateurs.” The article concludes that “the Civilian Review and Complaints Commission (CRCC) said it received nearly 500 complaints about police conduct from areas where the C-IRG has been active” and RCMP will need more oversight and reforms to overcome those issues.

70. Ukrainian SBU Update on 3 Completed Counter-Intelligence Operations

Ukraine’s SBU issued a press release about 3 recently completed counter-intelligence operations on July 2nd. Those were: 1) In Kiev SBU neutralised a Russian agency that was collecting intelligence on the defence positions of the Armed Forces and Civil Defence (Teroborona) troops, as well as the socio-political situation in the capital. 2) In Donetsk, SBU detained a Russian agent that was gathering intelligence related to the coordinates and movements of military equipment and units in Bakhmut, and 3) In the city of Vinnytsia, SBU neutralised two groups that were facilitating the illegal transportation of Ukrainian military-age males that didn’t want to fight abroad.

71. Chinese Cyber Espionage Operation Targeting Industrial Sector in Pakistan, Afghanistan and Malaysia

The ICS-CERT of Kaspersky uncovered and publicly disclosed a cyber espionage operation attributed to a Chinese nation-state actor. The operation began in March 2021 and continued at least until October 2021. It was targeting Industrial Control Systems (ICS) and telecommunications providers in Pakistan and Afghanistan, as well as a port in Malaysia. The purpose of the operation was to covertly collect sensitive information (espionage).

72. German Domestic Spy Agency Tightens Control

As Intelligence Online reported, Germany’s domestic intelligence agency (BfV) “readying itself for an extra layer of command, in the form of a supervisory body.”

73. Mossad’s Plans to Spy on the Palestinian Resistance in Turkey

The Al Jazeera released an almost 1-hour long documentary on the increasingly closer relationships of the Turkish National Intelligence Organisation (MİT) and the Israeli Mossad. The documentary shows Mossad officers in their attempts to establish spy cells in Turkey, the case of the 15 Mossad agents that MİT arrested through double agents infiltrating that network, as well as one of the strategic goals of Mossad in this collaboration which is the ability to infiltrate Palestinian groups in Turkey.

74. The United States U-2 Dragon Lady Spy Plane Gets Rid of the Film Cameras

The Warzone published an article on July 1st about a historical moment for the U-2 Dragon Lady, a long-range reconnaissance aircraft originally operated by the United States CIA, and later by the Air Force. As per the article, “the U.S. Air Force’s 9th Reconnaissance Wing says that the U-2 Dragon Lady spy plane has flown Beale Air Force Base’s last Optical Bar Camera, or OBC, mission. In service for over half a century with the U-2, the OBC is one of the high-flying plane’s oldest sensor systems. Making its exit from Beale truly marks the end of an era in more ways than one. A Dragon Lady piloted by U.S. Air Force Lt. Col. Ralph Shoukry flew the last sortie with the OBC from Beale — the home of the U-2 community — on June 24. Upon its return to the base, technicians ceremoniously lowered the sensor out of the jet one final time. Because the OBC is a wet film camera, its last flight from the base also effectively ended wet film processing at the 9th Reconnaissance Wing. With that, Beale’s U-2s have finally fully embraced the digital imaging age.”

75. ‘Italygate’ Conspiracy Pusher Was Fired by CIA

The SpyTalk published an article stating that Bradley Johnson, “the former CIA man at the heart of “Italygate,” the pro-Trump, Qanon-fueled conspiracy theory that satellites and military technology were used to steal the 2020 election from Donald Trump, was fired from the spy agency for “unprofessional” conduct, according to former coworkers.”

76. Video: The FBI Agent Who Became Russia’s Most Valuable Spy, Robert Hanssen

The Law & Crime Network published a 10-minute long video over the case of former United States FBI Counterintelligence Special Agent Robert Hanssen who became a Russian spy and continued to operate undetected from 1979 all the way to 2001 when he was arrested.

77. How North Korea is Using Cryptocurrencies to Evade Sanctions

The New York Times published an article on July 1st going over some of the methods the North Korean government agencies used to evade the United Nations economic sanctions during the pandemic. The article focuses mainly on the use of cryptocurrencies and cyber operations conducted by North Korea’s intelligence services. As per the article, “talented students are carefully screened and groomed from an early age. The best of them join the hacker-training programs at the Moranbong University, run by the Reconnaissance General Bureau, North Korea’s main spy agency, or at the military-run Mirim College, according to South Korean officials. After graduation, most are assigned to the Reconnaissance General Bureau’s cyberwarfare arm, Department 121. In North Korea, only a small number of workers whose loyalty is vetted by the regime are allowed to work abroad. Hackers are among them, operating in China, Russia, Belarus and Southeastern Asian countries like Singapore, the Philippines and Malaysia, often posing as freelance computer engineers.”

78. In Turkey the 16 Arrested Mossad Agents Were Brought to Court

Following the October 2021 arrest of 16 Mossad agents in Turkey by MİT, this week they were brought to court. They were operating in 4 cells, located in different provinces of Turkey, and this was the 5th hearing of that case. It was decided that they’ll remain under arrest while the investigation is still ongoing. According to Cumhuriyet, “Ahmad Zaid was the case officer of the Israeli intelligence service, he was in Germany as of the date of the incident, the Israeli intelligence service contacted the Palestinian and Syrian suspects in Turkey. He used 16 Arab individuals as spies for money to conduct surveillance on the activities, social lives, education processes, foreign connections of non-governmental organisations established by foreign nationals in Palestine, in particular, and to be informed about the activities and structures of groups resisting the occupation in Turkey. It is claimed that Abdulkadir Barakat, one of the defendants who entered Turkey unofficially in the last months of 2015, directed the money transfer of the espionage network in Turkey. It is requested that all defendants be sentenced to 15 to 20 years in prison for the crime of “transferring state’s secrets for political or military espionage” .”

79. Russian Scientist Arrested in on Chinese Espionage Charges

On July 1st it was reported that “Dmitry Kolker, a doctor of physics and mathematics at Novosibirsk State University, whose website says he is head of a quantum optical technologies laboratory, was detained on charges of high treason.” According to that report, his family is saying that “he was accused of collaborating with Chinese security services. Kolker has previously lectured at an international conference in China and had now been moved to a prison in Moscow.”

80. Spies of the US Revolutionary War

Kate Egner Gruber of the American Battlefield Trust published this article which is titled “Spies of the Revolutionary War: Subterfuge and Espionage During America’s Fight for Independence” and is covering various aspects of that topic.

81. Podcast: The Statecraft and Spycraft of MI6’s Former Chief

On July 1st, the Secrets of Statecraft published a new 53-minute long episode featuring Sir Richard Dearlove who served as Chief of Operations of MI6 from 1996 to 1999 as well as the Head of the MI6, known as the Chief or simple “C” from 1999 to 2004. As per the description, “he speaks of the effect of Kim Philby’s treachery on the Service, Cold War victories against the KGB, James Bond and John Le Carré, and the rosy prospects for British Intelligence post-Brexit.”

82. Worldwide Cyber Espionage Operation Against Email Servers Attributed to Unknown Actor

On June 30th it was reported numerous email servers using Microsoft’s Exchange product were covertly infiltrated at a global scale. The operation started as early as March 2021 and continued at the time of this publication. So far, cyber security experts identified compromised systems “belonging to government and military organisations from Europe, the Middle East, Asia, and Africa.” The worldwide cyber espionage operation was attributed to an actor that is unknown with which nation-state is associated with, and was dubbed as GELSEMIUM. The actor has been active at least since 2014 and in this case, the activity was described as “a worldwide espionage operation.” The article concludes that GELSEMIUM “is mainly known for targeting governments, electronics manufacturers, and universities from East Asia and the Middle East and mostly flying under the radar.”

83. Bangladesh Security Forces Arrest Female Indian Spy

Local media reporter that Bangladeshi security forces arrested an Indian female, of Marathi origin, near the Rooppur Nuclear Power Plant (RNPP) on July 1st. As per the announcement, she was operating as an spy for India’s main foreign intelligence agency, the Research & Analysis Wing (RAW), and in her possession they found the following documents: 1) RNPP security plan, 2) Gate security plan, 3) Lift plan, 4) Shipment detail plan, 5) Building roof plan, 6) Gate control room design & furniture layout plan, 7) Electrical & network plan, 8) Checkpost design, and 9) Jetty plan.

84. How Russian Spies Operate in Switzerland

Jonas Roth of the Swiss Neue Zürcher Zeitung published this article summarising some of the tradecraft of Russian intelligence officers and agents based on what is publicly known. The full title of the article is “«The embassy serves as a logistics base» — how Russian spies operate in Switzerland. There are numerous Russian spies and agents in Switzerland, many of them under diplomatic camouflage. Since the war in Ukraine, their numbers have likely increased. What are they doing there?”