SPY NEWS: 2022 — Week 32
Summary of the espionage-related news stories for the Week 32 (August 7–13) of 2022.
1. Kosovo Declares Detained Over Espionage Concerns Russian Journalist as PNG
Last week (story #42) Kosovo detained Russian journalist Daria Aslamova over allegations of being a covert Russian GRU agent. This week, Kosovo banned D. Aslamova from entering Kosovo for the next 5 years, making her a Persona Non Grata (PNG). The decision was made after Kosovo Ministry of Interior concluded that she is a Russian spy. The Radio Free Europe also published an article titled “Who Is Daria Aslamova, The Russian Journalist Expelled From Kosovo?”
2. Spy Collection: Canadian Forces Intelligence Branch Journal (Fall 1989)
On Monday we published a short video for the Canadian Forces (CF) Intelligence Branch Journal edition from Fall 1989. This journal was published twice per year for internal use by the CF Intelligence Branch.
3. Facebook/Meta Quarterly Adversarial Threat Report
A group of experts from Facebook (Meta) published their Quarterly Adversarial Threat Report. The main threats that Facebook/Meta dealt with which are mentioned here were: 1) A cyber espionage operation attributed to a nation-state actor dubbed as BITTER, likely from India, targeting people in New Zealand, India, Pakistan, and the United Kingdom. 2) A cyber espionage operation attributed to Pakistani services targeting people in Afghanistan, India, Pakistan, UAE, and Saudi Arabia, including military personnel, government officials, employees of human rights, and other non-profit organisations and students. 3) Removal of social media networks operated by nation-state actors to influence the public opinion. And many other threats.
4. Greek Prime Minister Under Pressure Over Covert Surveillance on Political Opponent and Journalists Using the Country’s Spy Agency
After last week’s revelations (story #54) and the resignation of the Greek National Intelligence Service’s (EYP) Head, The Guardian reported that “an eavesdropping scandal that sees Greece’s intelligence chief and the head of his personal office resign within minutes; calls for further resignations amid revelations of “dark practices”, and a spy crisis likened to Watergate. The Greek prime minister, Kyriakos Mitsotakis, is facing his toughest hour in office following the discovery that the mobile phone of his political opponent, the leader of the country’s third largest party, was tapped by order of EYP, the intelligence service that reports directly to his office. “I never expected the Greek government to spy on me using the darkest practices,” the Pasok party head, Nikos Androulakis who is also a member of the European parliament, said in a televised address late on Friday as the extent of the espionage became apparent. “It is our democratic duty to protect the human rights and freedoms of Greek citizens. Today is a moment of truth for those whose arrogance and sense of impunity make them capable of anything.” The prime minister’s Maximou office, only hours earlier, had revealed the resignation of Panagiotis Kontoleon, until then the much-revered EYP chief, for “incorrect actions”. The news had followed the shock announcement that Mitsotakis’s nephew and most trusted aide, Grigoris Dimitriadis, had also stepped down — taking a bullet for his boss that was hoped would put the scandal to bed. Regarded as an eminence grise with wide-ranging powers, Dimitriadis had been Kontoleon’s point man in Maximou”.
5. Presentation: Investigating Links Between Iranian Hacktivists and Nation State Groups
On Monday, the CREST Conference published a recording of a presentation by Rhianna King, Strategic Cyber Threat Intelligence Team Lead at Security Alliance. As per the video’s description “in September 2020, two Iranians were indicted by the US for defacing 51 US-hosted domains in January of that year. The defacements came immediately after the revered Iranian General Qasim Suleimani was assassinated in a US drone strike and featured his image, along with anti-US sentiment. Similar defacements continue to occur on the anniversary of the General’s assassination, with rumours suggesting that the hacktivist activity is linked to the Iranian government. This presentation walks through a 2021 investigation that sought to identify whether there are, in fact, links between the indicted individuals and the government. Next to that, the presentation addresses whether activity related to the 2022 anniversary of the assassination differed from previous years. Rhianna King is a seasoned analyst from a conventional Military Intelligence background, and is currently the Strategic CTI Team Lead at SecAlliance. In this role, Rhianna is responsible for monitoring geo-political events, horizon scanning and tracking threat actor activity, as well as mentoring our more junior analysts. Outside of work, Rhianna is captain of the TechVets Capture the Flag (CTF) team and a member of Chatham House.”.”
6. Israeli Domestic Spy Agency Recommends Ending Gaza Offensive
It was reported that “Israel’s domestic intelligence service Shin Bet on Sunday recommended ending the ongoing military offensive in the Gaza Strip, according to Israeli media. Israeli warplanes on Sunday continued airstrikes in the blockaded Palestinian territory for the third day, as the death toll from the attacks soared to 29 and over 250 others injured. Shin Bet’s chief Ronan Bar told the Israeli security cabinet that Gaza airstrikes achieved their goals by dealing a heavy blow to the Islamic Jihad group, the Walla news website reported. Israel achieved a “planned strategic goal” of separating the Hamas group, which rules the Gaza Strip, from being involved in the ongoing conflict, Bar said. Israel cited an “imminent threat of attack” by the Islamic Jihad group for launching its military offensive in the Gaza Strip. The attacks came amid rising tensions across Palestinian territories following the detention of Bassam al-Saadi, a senior leader of Islamic Jihad, in an Israeli raid in the occupied West Bank city of Jenin early this week. The Israeli army said Saturday that the Gaza offensive may last for a week.”
7. One Year After Afghanistan, US Spy Agencies Pivot Toward China
On August 8th, the Associated Press reported that “in a recent closed-door meeting with leaders of the agency’s counterterrorism center, the CIA’s №2 official made clear that fighting al-Qaida and other extremist groups would remain a priority — but that the agency’s money and resources would be increasingly shifted to focusing on China. One year after ending the war in Afghanistan, President Joe Biden and top national security officials speak less about counterterrorism and more about the political, economic and military threats posed by China as well as Russia. There’s been a quiet pivot within intelligence agencies, which are moving hundreds of officers to China-focused positions, including some who were previously working on terrorism. Intelligence officials stress that the counterterrorism fight is hardly being ignored. Just a week ago, it was revealed that a CIA drone attack killed al-Qaida leader Ayman al-Zawahri in Kabul. But days later, China staged large-scale military exercises and threatened to cut off contacts with the U.S. over House Speaker Nancy Pelosi’s visit to Taiwan. It underscored the message CIA deputy director David Cohen had delivered at that meeting weeks ago: The agency’s top priority is trying to understand and counter Beijing.”
8. Ukrainian SBU Detains GRU Assassins Plotting the Killing of Ukrainian Minister of Defence and Spy Chief
Ukraine’s Security Service (SBU) announced on August 8th that “as a result of a multi-stage special operation, the sabotage and intelligence group of the Main Directorate of the General Staff of Russia (better known as the GRU) was neutralised. The perpetrators were preparing for the physical liquidation of the Minister of Defence and the Head of the Main Directorate of Intelligence of our country, as well as a well-known Ukrainian activist. For the assassination of each of them, the Russian handlers promised a reward in the amount of 100 to 150 thousand USD. It was established that the group was formed by staff members of the military intelligence of Russia to carry out subversive actions in Ukraine. The group included a resident of the temporarily occupied Luhansk, who as part of the illegal armed formations of the terrorist organisation “LNR” and took an active part in combat operations against the ATO forces in the east. On the instructions of his handler from Moscow, he, using his connections among criminal circles, was looking for an assassin to commit contract killings. A resident of Kiev responded to his offer. For 5 thousand USD he agreed to eliminate a Ukrainian soldier who, according to the occupiers, was allegedly involved in the physical massacre of Russian prisoners of war. This assassination was supposed to be a “test trial” before the main tasks. And in order to assassinate the Heads of the Defence departments, the liaison officer decided to personally come to the territory under the control of the Ukrainian authorities. Here, together with an accomplice, they had to prepare a “liquidation” plot and submit it for approval to their managers in Russia. The officer disguised the routes of movement, so he drove into Ukraine through the territory of Belarus. SBU employees documented his arrival in the Volyn region through the Domanove checkpoint and his meeting with an accomplice. In order to prevent the commission of particularly serious crimes, counter-intelligence officers of the Security Service with the involvement of soldiers of the Central Security Service “A” detained both criminals in Kovel. During the search, evidence of criminal acts, as well as a passport of a citizen of Russia, were found in the “bondman’s possession”. Currently, both detainees have been charged with treason committed under martial law and intentional murder.”
9. Greek Spy Agency Gets Its New Chief — Themistocles Demiris
Following the resignation of the former National Intelligence Service (EYP) due to the wiretapping scandal (last week’s story #54), it was announced that the new EYP Director is Themistocles Demiris, a former journalist who, since 1981, is a member of the Ministry of Foreign Affairs, having served as Attaché in Iraq, UNESCO, Cyprus, Egypt, Belgium, and elsewhere, and has also served in the Cryptographic Service. He knows Greek, English, French and Italian and before his appointment as the Director of EYP, he was the Secretary General of the Greek Ministry of Foreign Affairs.
10. SIGINT intelligence in the Falklands War
Nicholas Fullick of Grey Dynamics published this article starting by saying that “GCHQ is now well-known as being Britain’s most secret SIGINT intelligence agency. From its conception until now, it has been listening in to Britain’s enemies’ communications and helping shape British foreign policy since 1919. During the Falklands war, this was also true. Although there were some failings, SIGINT helped Britain win the Falklands war and helped to teach some important lessons for future engagements.”
11. Podcast: Combat Story: SEAL Team 3 & DEVGRU Intelligence Officer Kristen Murdock
The Combat Story published a new podcast episode featuring Kristen Murdock. As per the video’s description, “today we hear the Combat Story of Kristen Murdock, who spent 13 years in the Navy as a Naval Intelligence Officer from an Aviation Squadron off a carrier to Naval Special Warfare Development Group (DEVGRU). Kristen spent most of her military time deployed around the world and focused primarily on intelligence in the Middle East, South Asia, North Africa, and the Horn of Africa, including deployments at the strategic level with joint staffs to the tactical with SEAL Team 3 and DEVGRU. After her time in service, Kristen transitioned thanks to a phenomenal program designed for Special Operations service members and support staff called The Honor Foundation which helped her find her next career in Silicon Valley working in the Trust and Safety space at Facebook and, most recently, Twitch, as a senior leader. Kristen narrowly avoided be kicked out of the Naval Academy and had her dreams of flying shattered at the last moment but ended up hustling to find a more rewarding path in Intel that serves as a great lessons for those still rising through the ranks and I hope you enjoy her insights into the shadowy world of intel at a Tier 1 unit as much as I did.”
12. New Issue of Italian Spy Agency’s Gnosis Journal
On August 8th, the Gnosis journal, second volume for 2022, was published by the Italian AISI. This journal’s contents are: 1) The Security and Intelligence Agency (SOA) of Croatia, 2) The technological dimension of intelligence: Lessons from history, 3) Eyes in the sky: Notes on the contribution of the Air Force to information between reconnaissance and intelligence (1947–1996), 4) Kommando Rowehl: Eagle eyes for the Luftwaffe, 5) «centum oculi vigilant pro te». The “eyes” of the Navy in war and peace, 6) Eliso Porta and the Mohawk Operation, 7) The ghost ship: The secret missions of the Gianicolo“owl ship” in the summer of 1915 — Part II, 8) The information service in the battle of the solstice (15–23 June 1918), 9) From the attack on Dollfuss to Anschluss. Some reports of the Sim from Vienna and Munich, 10) Word of the enemy: Information gathered from British sailors imprisoned in Italy, 1940–1943, 11) Information and deception. The war of the Sim against Yugoslavia, 12) The eye of the Sim on the Vatican City, 13) Italy in the face of Yugoslav disintegration (1989–1992), 14) A coffee with Admiral, 15) Irregular War and Intelligence Services, 16) Letter to Sir Bernard Law Montgomery. The Honorary Phantom, 17) «Good luck in the fight against Israel». Syria-East Germany cooperation in the Stasi archives, etc.
13. Chinese Cyber Espionage Operation Targeting 13 People in Taiwan and Philippines via MiMi Chat
On Friday, cyber threat researchers Daniel Lunghi and Jaromir Horejsi discovered and disclosed a new cyber espionage toolset used by Chinese intelligence operatives who compromised a Chinese instant messaging application called MiMi (mimi = 秘密 = secret in Chinese) so that people that installed it were also covertly installing custom cyber espionage software implants giving the Chinese intelligence operatives full remote access. According to the researchers, this was a highly targeted operation with just 13 targets, 10 in Taiwan, 2 in Philippines, and 1 in both countries.
14. Podcast: Team House: Senior CIA Officer Who Ran The Paramilitary Program in Afghanistan — Milt Bearden
On Saturday, the Team House released a new podcast episode featuring Milt Bearden. As per the video’s description, “a landmark collaboration between a thirty-year veteran of the CIA and a Pulitzer Prize–winning journalist, The Main Enemy is the dramatic inside story of the CIA-KGB spy wars, told through the actions of the men who fought them. Based on hundreds of interviews with operatives from both sides, The Main Enemy puts us inside the heads of CIA officers as they dodge surveillance and walk into violent ambushes in Moscow. This is the story of the generation of spies who came of age in the shadow of the Cuban missile crisis and rose through the ranks to run the CIA and KGB in the last days of the Cold War. The clandestine operations they masterminded took them from the sewers of Moscow to the back streets of Baghdad, from Cairo and Havana to Prague and Berlin, but the action centers on Washington, starting in the infamous “Year of the Spy” — when, one by one, the CIA’s agents in Moscow began to be killed, up through to the very last man. Behind the scenes with the CIA’s covert operations in Afghanistan, Milt Bearden led America to victory in the secret war against the Soviets, and for the first time he reveals here what he did and whom America backed, and why. Bearden was called back to Washington after the Soviets withdrew from Afghanistan and was made chief of the Soviet/East Euro-pean Division — just in time to witness the fall of the Berlin Wall, the revolutions that swept across Eastern Europe, and the implosion of the Soviet Union. Laced with startling revelations — about fail-safe top-secret back channels between the CIA and KGB, double and triple agents, covert operations in Berlin and Prague, and the fateful autumn of 1989 — The Main Enemy is history at its action-packed best.”
15. Ukrainian SBU Uncovers Russian Penetration in Kharkiv SBU Office
On August 9th, Ukraine’s SBU announced that they successfully “detained an officer of the SBU Headquarters Office in the Kharkiv region, who worked for the Russian intelligence services. On the assignment of the enemy, he joined the Ukrainian intelligence service shortly after the large-scale invasion of Russia. Thanks to his position, the detainee passed Ukrainian intelligence about the Russian Armed Forces, as well as the plans and activities of the Armed Forces of Ukraine, Ukrainian law enforcement agencies and special services to the enemy. The occupiers used this information to redeploy their own units in order to protect them from the artillery strikes of the Armed Forces. In addition, Russia used the information to plan sabotage, as well as massive artillery and targeted missile attacks on strategic objects of the city. According to the investigation, the traitor is a former official of the Kharkiv City Council. He was recruited by a case officer of the FSB, who approached him himself. In exchange for cooperation, the enemy provided the “mole” with security guarantees for him and his family if Russia managed to capture the region. According to SBU counter intelligence, the agent passed the collected information to a representative of the Russian intelligence services through closed communication channels in compliance with the rules of conspiracy. Law enforcement officers arrested the traitor “red-handed” after he asked a representative of the Russian intelligence services to attack the facility where the SBU personnel are located.”
16. Col. Bartosz Jarmuszkiewicz Appointed New Head of Poland’s AW
On August 8th, the government of Poland announced that Colonel Bartosz Jarmuszkiewicz is appointed as the Head of AW, the country’s foreign intelligence agency, by Prime Minster Mateusz Morawiecki after announcing that the existing Head of AW, Piotr Krawczyk, is recalled from his position.
17. CIA-JSOC Convergence Impedes Covert Action Oversight, Researcher Warns
The Intel News reported that “it is clear that the convergence between the CIA and JSOC is a product of the peculiar counter-terrorism environment that developed in response to the attacks of 9/11. Arguably, therefore, as Washington continues to shift its focus away from non-state actors, and concentrate instead on great-power competition, the CIA will return to its traditional intelligence role. In turn, its special operations wings, which have been involved in lethal operations since 9/11, will atrophy. It follows that the CIA-JSOC convergence, which makes it difficult for Congress to keep an eye on intelligence operations, is likely to subside and may even disappear altogether.”
18. Josephine Baker Was the Star France Wanted — and the Spy It Needed
Lauren Michele Jackson published this article on the New Yorker about Josephine Baker, stating that “when the night-club sensation became a Resistance agent, the Nazis never realized what she was hiding in the spotlight.”
19. Podcast: SpyCast: CIA Officers Turned Authors
The International Spy Museum’s SpyCast released a new episode with David McCloskey and James Stejskal, both former United States CIA officers who later became authors. The intelligence topics covered are: 1) What it is like writing spy fiction as a former practitioner, 2) How fact informs fiction, 3) Writing as a former analyst compared to as a former operator (James), and 4) Reactions by the intelligence community to practitioners-turned-authors.
20. Germany Puts Reserve Officer on Trial as Russian GRU Agent
On Thursday it was reported that “a reserve officer of the German Armed Forces has been put on trial for allegedly passing sensitive information to the Russian foreign intelligence service GRU between 2014 and 2020. The 65-year-old is on trial at the Dusseldorf Higher Regional Court, and if convicted, he could face up to 10 years in prison. According to the indictment, the man from Erkrath near Dusseldorf betrayed information on the inner workings of the Bundeswehr’s reserve system and on civilian-military cooperation in crisis situations. The information is also said to concern the effects of the sanctions imposed on Russia in 2014 following the annexation of Crimea and the Nord Stream 2 Baltic Sea pipeline, a project that was halted following Russia’s invasion of Ukraine in February. According to the indictment, the documents and information came partly from public sources but also from non-public sources. As a motive, the Federal Prosecutor’s Office suspects “sympathy for the Russian Federation”. They have not been able to establish any monetary payments. The defendant had attracted attention because he had been invited to official events by Russian authorities. He had already made a partial confession during the preliminary proceedings, a court spokeswoman said.” Note that this is a follow up from week 13 (story #80).
21. ASIO Posts About 1950s Agent Anne Neill
The Australian Security Intelligence Organisation (ASIO) published a photo with the caption “Anne Neill was an ASIO agent during the 1950s. In this time she provided intelligence from a trip to Moscow & a Soviet Embassy function in Canberra, where she met Third Secretary Vladimir Petrov shortly before his defection.” More details on Vladimir Petrov is available on ASIO’s website.
22. Ukrainian SBU Announces Russian Agent Sentenced to 15 Years in Prison
On August 9th, Ukraine’s Security Service (SBU) stated that a “traitor who helped Russia occupy the Kiev region was sentenced to 15 years in prison. This decision was made by the Brovar city district court of the Kiev region based on evidence collected by SBU investigators. In particular, a 58-year-old resident of the village of Peremoga, Brovar district, was found guilty of treason committed under martial law and sentenced to 15 years in prison. It was established that since the beginning of the temporary occupation of part of the Kiev region, the traitor took the initiative to cooperate with representatives of the armed forces of Russia. He provided the occupiers with: 1) ️information on the location of territorial defence checkpoint, 2) ️comprehensive files on local residents, including residential addresses, type of professional activity and ideological beliefs, 3) “surrendered” employees of law enforcement agencies, military personnel, representatives of TRO and their family members. In addition, the traitor helped the occupiers commit acts of looting: he “pointed” to abandoned homes and “joined the process.” In exchange for his loyalty, he received “guarantees of personal security” from the enemy invaders. The SBU unraveled the entire chain of his actions and submitted the materials to the court.”
23. United States NSA Launches New Codebreaker Challenge for 2022
On August 8th, the US National Security Agency (NSA) launched the 2022 “Codebreaker Challenge” targeting US students. As per the announcement, “students who think they have what it takes, or who want develop their technical skills, can sign-up at nsa-codebreaker.org. Learn more about this year’s challenge here.”
24. Turkish MİT Assassinates YPG/PKK Official in Syria
On Friday Turkish media started reporting that the National Intelligence Organisation (MİT) successfully assassinated “Iranian-origin “Rezan Cavit,” code-named Yusif Mehmud Rebani, the so-called Amude-Darbasiyah’s provincial head of the PKK.” Note that both YPG and PKK are classified as terrorist organisations by Turkey. The assassination operation took place in Qamishli, Syria on August 6th after MİT tracked and located him there.
25. In Somalia, Al-Shabaab Executed 6 People for Espionage
Based on local media reports from August 10th, in “the city of “Jaleb” in the Middle Juba region in southern Somalia Al-Shabaab executed 6 people today on charges of espionage for the Somali government, the United States of America, and Kenya. Al-Shabaab stated that the people who were executed in a public square in the city of “Jaleb” were arrested from different areas under its control, and that they confessed that they were spies working for the Somali government and the countries supporting it, and they had facilitated air strikes that killed some of its fighters.”
26. Ukraine’s SBU Disrupts Russian Online Information Operations
On August 9th, Ukrainian SBU announced that they neutralised a network of 4 who were conducting pro-Russia information operations online. Specifically, 1) In Kharkiv, a “pro-Kremlin agitator was detained. He turned out to be a production designer of one of the local channels, who was recruited by the Russian intelligence services. The man developed mock-ups of leaflets and videos aimed at providing moral and psychological support to the occupying groups, which are conducting combat operations on the territory of Ukraine.” 2) In the region of Dnipro, “two more enemy henchmen who were promoting pro-Kremlin propaganda on social networks were neutralised. One of them came into the field of view of enemy intelligence services during his stay in Russia. Another resident of the region was involved in subversive actions by the occupiers because of his pro-Kremlin views, which he spread in the social circle.” And 3) In the city of Rivne “a propagandist who promoted communist ideas and spread totalitarian symbols banned in Ukraine was exposed.”
27. Podcast: Grey Dynamics: Former DIA intelligence Analyst Marcel Plichta
On Friday Grey Dynamics released a new podcast episode featuring Marcel Plichta. As per the description, “Marcel is at the moment doing his PhD at St. Andrews. And before that, he was an intelligence analyst for the DIA, which stands for Defence Intelligence Agency and is the Pentagon’s intelligence agency. Right now he lives in beautiful Scotland working on other exciting problems that he will talk about with us today. In this episode, we talked about the US new Africa strategy, Russia’s growing influence in Africa and in particular through Wagner PMC.”
28. India’s Soldiers in Shadows: Remembering Ravindra Kaushik’s Supreme Sacrifice for Nation
The Mirror Now published this article on August 10th briefly covering the history of Ravinder Kaushik, better known as BLACK TIGER, a spy of India’s Research & Analysis Wing (RAW) from the 70s who managed to infiltrated the Pakistani Army and high-ranking officials until another Indian spy, Inayat Masiha, was caught and led to the capture of Kaushik. In 1985 Kaushik was sentenced to death but in 2001 he died pulmonary TB and heart illness.
29. Cyber in Saudi Arabia, Huge Investments with Israeli Spying Companies
On August 11th the Saudi Leaks reported that “informed sources revealed that the Saudi authorities had concluded contracts that included huge investments with Israeli spying companies as part of the launch of the Cyberk program to develop the cyber security sector in the Kingdom. The sources told Saudi Leaks that the contracts include spending millions of dollars annually to import the latest Israeli espionage and surveillance technologies to Saudi Arabia to develop its capabilities in this field.”
30. Ukraine’s SBU Detains Russian Agent in Kiev for Providing Information on Supplies of Western Weapons
On Thursday SBU announced that they “detained a Russian agent who was collecting intelligence on the supply of Western weapons to Ukraine. First of all, the enemy was interested in classified information about imported military equipment for the needs of the Armed Forces units. The occupiers planned to use the received information to launch missile attacks on Ukrainian critical infrastructure facilities used for transporting foreign weapons. In addition, in case of receiving intelligence materials, the enemy intended to use them to disrupt the international agreements of our state with partner countries in the field of defence. According to the investigation, the traitor is a resident of Kiev who positioned himself as a military expert. It was established that he was recruited by a staff member of the Russian intelligence services to carry out reconnaissance and subversive activities in the territory of the capital region.”
31. CIA Operator’s War Story: Ambush in Pakistan (Part 1)
On August 9th, a former United States CIA operator from American Kinetix (AX) published a 24-minute long video narrating in detail a story of meeting an asset in the border region of Afghanistan-Pakistan, from the CIA facility that was located at the Camp Chapman, in Khost province of Afghanistan. This is the first part of the story.
32. Indian Cyber Espionage Operation Targeting Pakistani Officials
On Saturday, private security firm EUNOMATIX discovered and disclosed technical indicators of an active cyber espionage operation attributed to an actor dubbed as PATCHWORK, who has been previously associated with the government of India. The operation involved a lure electronic document impersonating an announcement for a new “paperless” service from Pakistani government’s National Information Technology Board (NITB). If opened, it was covertly installing a custom cyber espionage software implant.
33. Malaysia — Ex-Spy Chief Gets a Full Acquittal
On Wednesday it was reported in Malaysia that “former spy chief Datuk Hasanah Abdul Hamid, who was once embroiled in a RM50.4mil criminal breach of trust charge followed by theft of evidence money in her case, is now a free woman. The High Court here has given her a full acquittal instead of the discharge not amounting to an acquittal (DNAA) granted last year. Judicial Commissioner Roz Mawar Rozain, in her decision, said it was unfair to have the charge looming over Hasanah’s head. Hasanah was seen crying and hugging another woman just after the proceedings ended. She had pleaded not guilty to CBT involving US$12.1mil (RM50.4mil) belonging to the Malaysian government at the Sessions Court on Oct 25, 2018. The 65-year-old was accused of committing the offence at the office of the director-general of the Research Division of the Prime Minister’s Department in Putrajaya between April 30 and May 9, 2018. The charge under Section 409 of the Penal Code provides an imprisonment for up to 20 years, whipping and a fine, upon conviction. However, the former director-general of the Malaysian External Intelligence Organisation (MEIO) was granted a DNAA on April 12 last year, with the possibility of being charged again.”
34. NSO Group Has 22 Customers in the European Union for its Cyber Espionage Solutions
Omer Benjakob of Haaretz reported that “representatives of the European Parliament Committee of Inquiry on Pegasus spyware recently visited Israel and learned from NSO personnel that the company has active contracts with 12 of the 27 European Union members. The replies of the Israeli cyber warfare company to the committee’s questions, which were obtained by Haaretz, reveal that the company is now working with 22 security and enforcement organizations in the EU.”
35. Ukrainian SBU Captures FSB Agent in Bakhmut
On August 10th Ukrainian Security Service (SBU) announced the detainment of “a Russian agent who adjusted missile strikes on Ukrainian positions in the east. The traitor provided the enemy with targets for missile strikes on the Donetsk region and reported on the results of “arrivals”. According to the investigation, a resident of Bakhmut was recruited by an officer of the 5th Service of the FSB after the start of a full-scale Russian invasion. I received the “offer” regarding secret cooperation on my own phone via messenger. It has been established that the Russian handler chose the operational pseudonym “Sivii” for him and set him the task of gathering intelligence on the deployment of personnel and military equipment of the Armed Forces of Ukraine in the eastern direction. The agent transmitted data through closed communication channels. In his messages, he indicated the geolocations of objects and confirmed them with photo and video recording. During the search, he was found to have means of communication with evidence of communication with the Russian handler.”
36. Israeli Woman Accused of Espionage Tried to Commit Suicide
On August 11th it was reported that “an Israeli woman accused of spying for Iran about six months ago tried to commit suicide.” The report continues that “after a suicide attempt, she is in critical condition. In January, the Israeli intelligence service Shin Bet announced that it had uncovered and stopped Iranian recruitment of Israeli women to spy for Tehran. Charges were brought against the five involved. As part of the case, it turned out that four women of Persian origin and another man were recruited by Iranian intelligence agents to perform assignments in Israel.” This is related to the case of week 2 story #20 where, as per the article, “the women were recruited by a man who introduced himself to most of them as a Jew from Iran named Rambod Namdar. They kept in touch with him on social media. The Shin Bet stated that some of the women continued their relationship with him and completed tasks he assigned them in exchange for money, although they suspected that he was an employee of the Iranian intelligence service.”
37. Former Twitter Manager Convicted of Spying for Saudi Arabia
This week the 2019 Saudi Arabia espionage case of using Twitter employees to spy on targets of the Saudi intelligence services closed for one of the suspects. As per CBS News “a former Twitter employee has been convicted of failing to register as an agent for Saudi Arabia and other charges after accessing private data on users critical of the kingdom’s government in a spy case that spanned from Silicon Valley to the Middle East. Ahmad Abouammo, a U.S. citizen and former media partnership manager for Twitter’s Middle East region, was charged in 2019 with acting as an agent of Saudi Arabia without registering with the U.S. government. A jury found him guilty on six counts, including conspiracy to commit wire fraud and money laundering. The jury acquitted him on another five charges involving wire fraud.” Gizmodo states that “the verdict came down late Tuesday, and all that’s left is sentencing, which could be up to 20 years in federal prison.”
38. Podcast: 7am: The Secret Jailing of an Australian Spy
On August 10th the 7am published a new podcast episode described as “a former intelligence officer in Canberra was charged, sentenced, and jailed in complete secrecy in 2018. It was only after he brought his own legal complaint, and a couple of journalists noticed some security guards in the courthouse, that anything about his case was made public.”
39. Sp
Eurasianet published a report stating that “Vsevolod Osipov was unmasked as an informant for Russia’s security services. He had been sent to Tbilisi to monitor the many Russian dissidents who have flooded the Georgian capital recently. But he says his new notoriety hasn’t much affected his life here, and done little to scare away patrons – primarily Russians themselves – at the busy wine bar in central Tbilisi where he works as a sommelier. “An occasional customer who recognizes me from the news stories may come up and ask questions, but beyond that I don’t get much attention,” Osipov told Eurasianet. In mid-July, the Russian independent news website Meduza published a lengthy piece about Osipov. In it, the 20-year-old Muscovite admitted to working for the Russian Federal Security Service (FSB): first in Moscow to report on the libertarian party of which he was a member, and then in Tbilisi. The young spy’s confession, which was then rereported in several other media, would seem to be big news in Georgia, where concern about the large influx of Russians is keen. But it’s barely made a ripple. “I thought that the Georgian police would show up to question me, but nobody seemed to care, except maybe an occasional reporter,” Osipov said, with a smile and a faint note of disappointment. Osipov’s story did prompt a concerned social media buzz among Georgia’s fast-growing Russian community.”
40. Russian FSB Cyber Espionage Operation Impersonating SBU
Cyber threat intelligence researcher Jazi discovered and disclosed technical indicators of a new cyber espionage operation attributed to GAMAREDON, an actor previously associated with Russia’s FSB, targeting Ukrainian officials through emails impersonating notifications from Ukraine’s SBU. If the file attachment is opened, it is covertly installing a custom cyber espionage software implant.
41. Yemeni Forces Dismantle 7 Houthi Militia Spy Cells
On Thursday local media reported that “the joint forces in Yemen dealt the largest security blow to the Houthi militia by dismantling 7 spy cells.” The cells consisted of 37 people, “some of whom carried out the task of maritime smuggling of Iranian weapons.” Apart from this, a military spokesperson said that the cells were also “carrying out espionage” activities.
42. Podcast: AFIO: Ron Estes, Former Senior CIA Operations Officer
The Association of Former Intelligence Officers (AFIO) from the United States published a 36-minute long video with Ron Estes, former Senior CIA Operations Officers, talking about his experiences with CIA Chief of Station (COS) Richard Welch who was assassinated in Athens, Greece on December 23, 1975. R. Estes was the Deputy COS (DCOS) and after R. Welch’s death, he became the Athens CIA COS
43. ABW Reports Hybrid Attack on Poland
On August 9th a spokesman for the Minister of Special Services Coordinator of Poland issued a press released from the country’s domestic spy agency (ABW) saying that “the operation of destabilising the Polish border with Belarus is carried out using methods typical of hybrid aggression. From the very beginning, the Polish services assessed that these actions were a threat to the state.” The press release splits the threats to the following sections: 1) Unsealing the border, 2) Internal destabilisation, 3) Testing of Polish procedures within NATO and the EU, and 4) Information warfare.
44. Ukrainian SBU Announces FSB Agent Convicted to 12 Years in Prison
On August 11th the Ukrainian Security Service (SBU) announced that a Ukrainian national from Dnipro, who was recruited as an FSB informant, and arrested in April 2022 was sentenced to 12 years in prison for espionage charges.
45. SIGINT Historian: Need to Know and Action-On
On August 11th Tony Comer, formerly the departmental historian at Britain’s GCHQ published this blog post covering the principle of “need to know.”
46. High-Level Ukrainian Intelligence Official Admits U.S. Deeply Involved in Ukraine Conflict
The Covert Action Magazine released this article saying that “Major General Vadym Skibitsky, the deputy head of the Kyiv regime’s military intelligence directorate, admitted in an interview with the British daily Telegraph, that the U.S. government is involved in targeting decisions regarding U.S. supplied Lockheed Martin’s High Mobility Artillery Rocket Systems (HIMARS). Moscow has seized on this admission to charge the U.S. with direct involvement in the Ukraine War. Asked by the Telegraph how the HIMARS have so precisely targeted Russian fuel and ammunition depots (at least this is what the Kyiv regime has alleged — ed.), as well as battlefield headquarters in eastern Ukraine, General Skibitsky replied, “in this case in particular, we use real-time information.” U.S. officials are not providing direct targeting information, Skibitsky claimed, because it would potentially undermine their case for not being direct participants in the war. However, he suggested that there was a level of consultation between intelligence officials of both countries prior to launching missiles that would allow Washington to stop any potential attacks if they were unhappy with the intended target.”
47. New Module in Indian Cyber Espionage Solution
The MorphiSec private firm published an analysis for a new module in a cyber espionage solution used by an actor dubbed as DONOT and who has been previously associated with an entity developing cyber espionage solutions for the Indian government.
48. U.S. Government Pursues More Aggressive Action to Curb Espionage at Universities
As reported this week “the U.S. Governmental Accountability Office (GAO) thinks the FBI and other agencies are not doing enough to address the espionage threat on U.S. university campuses. It issued a report, “Enforcement Agencies Should Better Leverage Information to Target Efforts Involving U.S. Universities” on June 14, 2022, urging the FBI, the Department of Homeland Security, and the Department of Commerce to step up their outreach efforts to address the threat. Commerce, DHS, and FBI have all concurred with GAO’s recommendations. As a result, U.S. colleges and universities to face yet another organizational risk: an increase in campuses visits by export control and law enforcement agents.”
49. Webinar: Agent Josephine Baker with Damien Lewis and Jonna Mendez
Following story #18, on August 9th the International Spy Museum published the recording of a webinar that originally took place on July 27th. As per the description, “prior to World War II, Josephine Baker was renowned for her singing and dancing, her beauty and sexuality; she was the highest-paid female performer in Europe. And when the Nazis seized her adopted city, Paris, she was banned from the stage. Yet instead of returning to America, she vowed to stay and to fight the Nazi evil. Overnight, she went from performer to Resistance spy. Join us for a tantalizing conversation about Baker with author Damien Lewis and former CIA Chief of Disguise Jonna Mendez. Lewis has uncovered little known history about the famous singer’s life in his new book Agent Josephine: American Beauty, French Hero, British Spy.
Lewis will share the new historical material, including previously undisclosed letters and journals, he has unearthed that upend the conventional story of the “Bronze Venus.” Mendez is a longtime admirer and champion of Baker’s spy work and heroism. Discover how Baker became a hero of the three countries in whose name she served — the US, France, and Britain — and fully deserving of her unique place in the French Panthéon.”
50. Ukrainian SBU Captures FSB Sleeper Agent in Kharkiv
On Friday Ukraine’s SBU stated that they detained a “sleeper” FSB agent, tasked with adjusting missile strikes in Kharkiv. SBU said that “it was on his “tip-off” that the aggressors launched rocket attacks on the building of the regional state administration and 7 other civilian objects. He forwarded the intelligence in the form of text files with a detailed description of the objects and information about the presence of people in them. According to the investigation, the traitor is a former law enforcement officer who was recruited by an FSB case officer while crossing the Russian border in 2019. After receiving an operational nickname and undergoing training, the agent was placed in “standby mode”. After the Russian invasion, a Russian handler contacted the agent. In the case of successful implementation of the instructions, the occupiers promised to “take” their supporter to the Russian territory and issue citizenship. But SBU officers prevented these “plans” and detained the agent.”
51. U.S. Charges Iranian Operative With Plotting To Kill Ex-National-Security Adviser Bolton
RFE/RL reported that “the U.S. Justice Department has charged a member of Iran’s elite Islamic Revolutionary Guards Corps (IRGC) in connection with an alleged plot to kill former White House national-security adviser John Bolton. The Justice Department announced the charges against Shahram Poursafi, also known as Mehdi Rezayi, 45, of Tehran in a news release on August 10. The charging documents identify Poursafi as a member of the IRGC. Iran rejected the charges as “ridiculous and baseless.” Foreign Ministry spokesman Nasser Kanaani was quoted by Iranian media as saying that Iran strongly warned against any action committed against Iranian citizens on the pretext of the accusations. The department said Poursafi “attempted to pay individuals in the United States $300,000 to carry out the murder” in either Washington or the neighboring U.S. state of Maryland. Prosecutors said the plot was likely in retaliation for the January 2020 drone strike that killed Qasem Soleimani, who was the head of the IRGC’s elite Quds Force.” The US Department of Justice announcement is here.
52. Greek Spy Agency’s New Legislative Framework for SIGINT
Following the scandal in Greece (see story #4), on Thursday the Greek government published updated legislation as an immediate response to the espionage against journalists and politicians using the cyber espionage suite Predator. The legislation has two updates: 1) From now on, the Head of the Agency will be appointed after review from a special parliament committee, including the acting Head, and 2) That any form of covert surveillance, especially signals intelligence-based, will need to be reviewed and approved by a competent Appellate Prosecutor.
53. Trump Search Warrant: FBI Took Top Secret Files from Mar-a-Lago
As reported by BBC, “the FBI seized top secret files in a search of former US President Donald Trump’s estate in Florida this week, documents show. Agents removed 11 sets of documents, including some marked “TS/SCI”, a designation for material that could cause “exceptionally grave” damage to US national security. Mr Trump denied any wrongdoing and said the items were declassified. It was the first time an ex-president’s home was searched in a criminal probe. The list of items was made public on Friday afternoon after a judge unsealed a seven-page document that included the warrant authorising the search of Mr Trump’s Palm Beach residence, Mar-a-Lago. It said more than 20 boxes of items were taken on Monday, including a binder of photos, a handwritten note, unspecified information about the “President of France” and a clemency letter written on behalf of long-time Trump ally Roger Stone. As well as four sets of top secret files, the cache includes three sets of “secret documents” and three sets of “confidential” material. The warrant indicates that FBI agents were looking into potential violations of the Espionage Act, which makes it illegal to keep or transmit potentially dangerous national security information.”
54. This Double Agent Spied for the CIA and KGB — And Was a Famous Swinger
On August 13th Todd Farley of the New Yorker published this article. The article starts by saying that “long before Austin Powers was a randy spy, there was Karel Koecher. Koecher was a Czechoslovakian émigré who lived in New York City from the 1960s to the ’80s. Although he spied for several competing agencies — the American CIA, the Soviet Union’s KGB, and Czechoslovakia’s StB — Koecher was most memorable as an eager participant in the East Coast’s early sex-club scene. And he was anything but under the radar. “Koecher was a bit strange. Usually people keep their clothes on at least some of the time, but he was always walking around naked,” recalls a fellow orgy guest in “The Liar: How a Double Agent in the CIA Became the Cold War’s Last Honest Man” (Public Affairs, August 23rd) by Benjamin Cunningham. “And he always had an erection.” While Koecher was an enthusiastic swinger, he was a reluctant spy. Born in 1934 near Prague, he was unhappy with Czechoslovakia’s socialist turn after World War II, and so fought against its Communist Party.”
55. Iran to Build 3 More Suspected Spy Satellites as Concern Mounts over Russia Ties
As reported by the Times of Israel, “Iran plans to commission three more versions of a satellite launched this week by Russia, Tehran’s government spokesman said Friday. The Khayyam blasted into orbit on Tuesday, prompting US accusations that it is intended for spying. Iran dismissed Washington’s claim as “childish.” “The construction of three other Khayyam satellites with the participation of Iranian scientists is on the government’s agenda,” its spokesman Ali Bahadori-Jahromi said on Twitter. A Soyuz-2.1b rocket sent the satellite into orbit from the Moscow-controlled Baikonur Cosmodrome in Kazakhstan on Tuesday. Responding to the launch, Washington said Russia’s growing cooperation with Iran should be viewed as a “profound threat,” but the head of Iran’s space agency, Hassan Salarieh, dismissed the accusation. He said the Khayyam is designed to meet Iran’s needs for “crisis and urban management, natural resources, mines, agriculture and so on.” The Khayyam was built by the Russians under Iran’s supervision, Salarieh said at a press conference on Wednesday. Ahead of the launch, The Washington Post quoted anonymous Western intelligence officials as saying that Russia “plans to use the satellite for several months or longer” to assist its war effort before allowing Iran to take control.”
56. Two Youths Arrested for Spying for Pakistani Agency, Used to Send Information in Exchange for Money
As reported on Saturday, “two youths have been arrested by the Rajasthan Police on charges of spying for the Pakistani Intelligence Agency. It is alleged that these youths were sending out confidential information in the greed of money. Director General of Police (Intelligence) Umesh Mishra told that the Rajasthan Crime Investigation Department (CID-Intelligence) has been sent to Bhilwara resident Narayan Lal Gadri (27) and on social media (24) of Kuldeep Singh Shekhawat (24), working on a liquor contract in Jaitaran (Pali). Through social media, information was received about being in constant contact with Pakistani intelligence agency. He told that CID-Intelligence Jaipur kept a constant watch on the activities of both of them.”
57. What is the Cyprus Government Scared of and it Does Not Want to Shed Light on the Wiretapping and Surveillance Network?
In Cyprus, Giorgos Koukoumas, spokesperson of the AKEL C.C. political party issued a statement on August 11th saying that “the black spy van and the companies of Dillian and Avni, their links with the Police and the Cypriot Central Intelligence Agency (KYP), the activities of the NSO Group and the political connections of Israeli spies constitute a sinister network dangerous to democracy and the rule of law in our country. What is the government afraid of as it does not want to shed light on this network of eavesdropping, surveillance, wiretaps and espionage?”
58. Podcast: Lex Fridman: Andrew Bustamante: CIA Spy
Lex Fridman published a new podcast episode featuring Andrew Bustamante, former United States CIA covert intelligence officer, covering a wide variety of espionage-related topics.
59. SpaceX Will Launch Top Secret US Spy Satellites with the Reusable Falcon Heavy Rocket Now That it’s Received Space Force Approval
On August 12th it was reported that “SpaceX has received approval from the US Space Force to launch top secret spy satellites with its reusable Falcon Heavy rocket, Bloomberg first reported. The launches will come under the National Security Space Launch mission, the Space Force told Bloomberg in a statement. The first Falcon Heavy launch is expected to go ahead between October and December and will send a satellite into orbit for the National Reconnaissance Office — an agency that builds and operates spy satellites, the Space Force said, per Bloomberg.”
