SPY NEWS: 2022 — Week 33

Summary of the espionage-related news stories for the Week 33 (August 14–20) of 2022.

1. ASIO History: Royal Commission on Intelligence & Security

On August 18th, the Australian Security Intelligence Organisation (ASIO) published this tweet following by an article covering how “in 1974, the PM announced the Royal Commission on Intelligence & Security to be conducted by Justice Robert Hope. This first Hope Royal Commission examined Australian security agencies, their history, administration & functions.”

2. South Korea: Prosecutors Raid Ex-NIS Chief’s and Ex-Defense Minister’s Residences

As reported by KBS World, “Prosecutors on Tuesday raided the residences of former spy agency chief Park Jie-won and former defense minister Suh Wook as part of the investigation into the 2020 death of a South Korean public official. Investigators from the Seoul Central District Prosecutors’ Office began combing through Park’s and Suh’s houses as part of efforts to look into allegations that the previous government fabricated internal documents to make it appear that the public official who was killed by North Korean soldiers near the western maritime boundaries had sought to defect to the North.”

3. Spy Collection: Presentation of the ELTA Systems’ AISIS Spy Plane (2013)

On August 15th we published a short video “produced in April 2013 by the Israeli ELTA Systems Ltd. (part of IAI — Israel Aerospace Industries) to promote the Airborne Integrated Signal Intelligence System (AISIS) that they had developed, and which was already used by the Israeli intelligence community.”

4. Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors

Mandiant cyber threat intelligence firm published a technical analysis stating that “over the last year Mandiant has been tracking UNC3890, a cluster of activity targeting Israeli shipping, government, energy and healthcare organizations via social engineering lures and a potential watering hole. Mandiant assesses with moderate confidence this actor is linked to Iran, which is notable given the strong focus on shipping and the ongoing naval conflict between Iran and Israel. While we believe this actor is focused on intelligence collection, the collected data may be leveraged to support various activities, from hack-and-leak, to enabling kinetic warfare attacks like those that have plagued the shipping industry in recent years.”

5. Podcast: Europol: Operation Greenlight Part 1 — The International Sting

On August 16th Europol published its second ever podcast episode which is the first part of the Operation GREENLIGHT, presented by United States FBI Special Agents Stephanie Stevens and Nicholas Cheviron, along with Georgios Raskos, Head of the Organised Crime Unit at Europol’s European Serious and Organised Crime Centre. As per the description, “criminal networks are dependent on covert communication. This episode is the first of two looking at Operation Greenlight, one of the largest and most sophisticated international law enforcement operations to date dealing with encrypted networks. Two special agents from the FBI speak about creating the ANOM service and how criminals, in the wake of the EncroChat and SKY ECC takedowns, started making use of the smartphone-based messaging app for offences such as drug trafficking and money laundering.”

6. Former spy: Canadian Politicians ‘At All Levels’ Are Receiving Money from Foreign Governments

As reported by LifeSiteNews, “a former spy shockingly revealed there are many Canadian politicians “at all levels” of government who are known to be in the pocketbooks of some foreign governments. According to Blacklock’s Reporter, Michel Juneau-Katsuya, who is a former chief of the Asia-Pacific desk at Canada’s spy agency, the Canadian Security Intelligence Service, told the House of Commons ethics committee on Tuesday that they have had “to monitor parliamentarians.” “There are elected officials at all levels whether it’s municipal, provincial or federal who are being paid by foreign governments and who are not necessarily acting in the interests of Canada,” Juneau-Katsuya said. Juneau-Katsuya would not say which countries in specific were involved. However, China has been called out in the past for conducting secret operations in Canada. As noted by Blacklock’s Reporter, in June 2021, Canada’s cabinet to a committee “warned Chinese authorities against interference activities.” “The Government of Canada is aware foreign states including the People’s Republic of China or its proxies may attempt to harass, threaten and intimidate Canadians, persons residing in Canada or their families in Canada or abroad, particularly Chinese diaspora or ethno-cultural communities,” the committee submission noted. Despite this, Juneau-Katsuya did reveal, however, that payouts to politicians are “still happening.” “Foreign agents try to recruit elected officials,” Juneau-Katsuya said.”

7. Ukrainian SBU Detains Russian Agent in Odessa

On August 15th Ukraine’s Security Service (SBU) announced that they “detained a Russian agent who was collecting data for shelling in the south of Odessa. The SBU detained an agent of the Russian intelligence services who was gathering intelligence on the locations and movements of the Armed Forces and Teroborona units, the functioning of reserve airfields and military training grounds in the south of Odesa region.” The report continues that the information he passed to his handler included: 1) exact coordinates of defence objects on the map, 2) detailed descriptions of the condition of the targets, the material from which it was built, its purpose and use by the military, the surrounding territory, 3) the number of personnel and military equipment at the facilities and their movement, and 4) the number of equipped fortifications.

8. Iran Desk at Turkish Intelligence Agency MIT was Gutted by the Erdoğan Government

Investigative journalist Abdullah Bozkurt published this story on Monday saying that “the Iran desk at Turkey’s national intelligence agency MIT was intentionally gutted in the aftermath of several police investigations that exposed how senior government officials including then-prime minister and current president Recep Tayyip Erdoğan were in bed with Iranian operatives.”

9. Podcast: Spy Chat: Chris Costa and Gina Bennett

On Thursday the International Spy Museum published the recording of a virtual event that originally took place on August 11th. As per the description, “join us for an online discussion of the latest intelligence, national security, and terrorism issues in the news. Spy Museum Executive Director Chris Costa will lead the briefing. Costa, a former intelligence officer of 34 years with 25 of those in active duty in hot spots such as Panama, Bosnia, Afghanistan, and Iraq is also a past Special Assistant to the President and Senior Director for Counterterrorism on the National Security Council. He will be joined by Gina Bennett, former CIA analyst and advisor. Bennett is a recently retired seasoned counterterrorism specialist who authored some of the earliest warnings of today’s terrorism trends, including a 1993 report that served as the first warning of the growing danger of the movement Osama bin Laden was fomenting. She is an Adjunct Associate Professor at Georgetown University’s Center for Security Studies. Bennett is often featured in documentaries and other media profiling her role in counterterrorism and as a pioneer for women in National Security and Intelligence careers, which she now continues as the new Strategic Advisor for Girl Security, an organization which seeks to empower, secure, and advance young girls into national and international security missions. Bennett is the mother of five children, who were the source of inspiration for her two books comparing national security to parenting.”

10. European Groups Demand Closing Twitter Account of MBS Officer Director over Espionage Activities

Following last week’s espionage charges (see week 32 story #37), this week it was reported that “European groups demanded Twitter close the account of Badr Al-Asaker, office director of Saudi Crown Prince Mohammed bin Salman for his espionage activities. The Guardian newspaper criticized Twitter for allowing Badr Al-Asaker to maintain a verified account, followed by about two million people, despite accusations that he had previously been accused of recruiting and paying Twitter workers to report on opponents’ accounts secretly. A US jury indicted a former Twitter employee, a US-Lebanese citizen, Ahmed Abu Ammo, on charges of using his position in Twitter to spy on users critical of the Saudi government. Court documents named two other Saudis who previously worked for Twitter, Ahmed Al-Mutairi and Ali Al-Zubara, who the FBI wanted on charges of spying for the Saudi government.”

11. Calls for Czech Spy Chief and Interior Minister to Resign as STAN Corruption Scandal Widens

On August 16th it was reported that “opposition parties are calling for Czech Interior Minister Vit Rakusan and newly appointed head of the foreign intelligence service Petr Mlejnek to resign as the Mayors and Independents party (STAN) corruption scandal widens. In June, STAN, the second strongest ruling coalition party, led by Rakusan, was rocked by a kickback scandal at the Prague Transportation Company involving the then Deputy Mayor of Prague Petr Hlubucek, who has since resigned his posts with the Prague municipality and the party. Police raided the offices of the Prague municipality, the Prague Transportation Company, and the Czech General Health Insurance Company, taking into custody and pressing charges against more than 10 people so far, including STAN party sponsor Michal Redl. Redl is a former business partner of the fugitive gangster Radovan Krejcir, who is currently in jail in South Africa for attempted murder. The scandal has now widened to embroil Mlejnek, who was formally appointed the head of the Czech Office for Foreign Relations and Information (UZSI) by Rakusan on July 8. Last week Czech online outlet Seznam Zpravy reported that Mlejnek had been in regular contact with Redl since 2012.”

12. United States National Cryptologic Museum Rediscovering Artefacts Hidden Away in NSA Warehouse

On August 17th, the United States National Security Agency (NSA) published this article talking about some of the artefacts hidden away at the NSA’s National Cryptologic Museum (NCM) warehouse.

13. Ukraine’s SBU Uncovers Two Government Officials that “Switched Sides”

With a formal announcement Ukraine’s SBU stated that “the Gauleiter in the Kupiansk district voluntarily switched to the side of the enemy since the beginning of the full-scale invasion of Russia into the territory of Ukraine. Having received a fake government position, he began to actively improve his work and called on his subordinates to cooperate with the occupiers. The official from Luhansk Oblast had experience in the field of agro-industrial complex management before her appointment. She received the position in exchange for loyalty. Currently, both collaborators have been charged.”

14. Russia Says Britain Requested Permission for Spy Plane to Fly over Russia

As reported by Reuters, “Russia’s Defence Ministry said on Tuesday that Britain has requested permission for its RC-135 spy plane to fly over Russia, a move it termed “a deliberate provocation”. A U.K. Ministry of Defence source denied that Britain had asked permission to fly a spy plane over Russia. The Russian Defence Ministry said that Russia’s airforce had been tasked with preventing any violations of Russian airspace.”

15. Russian SVR Celebrates 80th Anniversary of Operation DUBROVTSY

On August 17th the Foreign Intelligence Service (SVR) of Russia announced the 80th anniversary of Operation DUBROVTSY, saying that “in the summer of 1942, the Dubrovtsy reconnaissance group was abandoned in the Nazi-occupied Oryol, consisting of only two people — employees of the Orlovsky UNKVD, I. M. Vorobyov and P. G. Aleksakhin. From June 11 to August 9, the intelligence officers collected information about the enemy’s forces, his location, and the occupation regime. Despite the fact that a special headquarters was operating in Oryol to combat partisans and the patriotic underground, German intelligence and counterintelligence were stationed, Dubrovtsy managed to establish contact with agents and attract new assistants to cooperation. Not a single person betrayed them. Having successfully completed the task, the group returned to the mainland, and only years after the end of World War II it became known that the intelligence gathered by this group helped confirm the direction of the impending German strike to the south.”

16. Ex-CIA Director Claims Modern GOP Most Dangerous Political Force He’s Encountered

Caroline Downey reported that “the former CIA director and former NSA director under the Bush administration claimed Wednesday that the modern GOP is the most treacherous political force he has encountered in his lifetime. General Michael Hayden concurred with the inflammatory comments of Edward Luce, associate editor at the Financial Times, who tweeted: “I’ve covered extremism and violent ideologies around the world over my career. Have never come across a political force more nihilistic, dangerous & contemptible than today’s Republicans. Nothing close.” “I agree. And I was the CIA Director,” Hayden wrote in a quote tweet.”

17. German Peenemünde Research Facility was Bombed in 1943 Based on Polish Intelligence

The Polish Foreign Intelligence Agency (AW) posted on August 17th that “in 1943, with information provided by the Polish intelligence, Allied aviation bombed the Peenemünde landfill, which contained a German research facility for the V1 and V2 missiles.”

18. Podcast: Spycraft 101: A Hollywood Spy: The Story of Borris Moros with Jonathan Gill

On August 15th the Spycraft 101 published a new podcast episode with the description of “Hollywood film producer, Soviet spy, and FBI double agent Boris Morros is one of the most unlikely figures in espionage history. Boris was born in Russia to a poor Jewish family and eventually attended a music conservatory in Petrograd as a teenager. There he began performing at the Tsar’s Winter Palace before the 1917 revolution which ushered in the new Soviet state under Lenin and the Bolsheviks. Boris fled Russia and after a harrowing journey settled into a new life in the United States. He was a talented musician and a consummate negotiator and dealmaker, and soon parlayed his musical skills from playing at local synagogues all the way up to work on Broadway musicals. But Boris found his real calling in the nascent American film industry when he landed a job at Paramount, still headquartered in New York. For decades afterwards, Morros was a film industry fixture, first in New York and later in Hollywood California. He scored dozens of films and hobnobbed with Golden Age stars and starlets. Then, the Soviet NKVD came calling. Boris’ influence in Hollywood was what they wanted, and they used their control over his remaining family in the Soviet Union as leverage against him. Boris began working with the NKVD, offering jobs with his international production company which served as cover for Soviet agents worldwide. But he also managed to turn the tables on his handlers and used his own leverage, as well as their lack of understanding of business and American culture to gain the upper hand. In this way he survived one of the most dangerous games of all, when nearly everyone he came in contact within the espionage game ended up dead or imprisoned. For episode 37 of the Spycraft 101 podcast I spoke with Jonathan Gill, author of Hollywood Double Agent: a biography of this nearly forgotten but incredibly influential spy. We discussed Boris’ uncanny ability to switch sides at a moment’s notice and survive any situation, which eventually led him straight to the FBI. As a double agent he testified before Congress and dealt a major blow to Soviet espionage in the US in the late 1950s.”

19. How China and Russia Poison Italy’s Infosphere: The Intel Committee’s Report

On Friday, Decode 39 published this story saying that “as anticipated by Decode39, the Italian Parliament’s Intelligence Committee released its annual paper. One of the key issues it explores is the autocracies’ influence campaigns, which, according to the authors, risk “polluting and distorting the public debate in Italy and in Western countries.”

20. MSTIC Disrupted Russian Cyber Espionage Operation

On August 15th it was announced that the Microsoft Threat Intelligence Centre (MSTIC) took actions to disrupt Russian cyber espionage operations that have been active since 2017.

21. Ukraine’s SBU Detains Russian FSB Agent in Zaporizhzhia

As per Ukraine’s SBU, they announced the arrest of “a Russian agent who adjusted missile strikes on Zaporizhzhia in exchange for the promise of a “leadership position” in the event of the occupation of the city. The agent scouted locations of deployment and movement of units of the Defence Forces of Ukraine near the southern front and collected information about the results of enemy shelling of civilian and critical objects infrastructure of Zaporozhye. In the case of capturing the city, the aggressors promised their agent one of the leading “positions” in the occupation administration. And the perpetrator himself planned to join the so-called “firing squads” of the invaders to torture and kill Ukrainian defenders. It was established that the traitor was recruited by a case officer of the 5th Service of the FSB for intelligence and subversive activities. The occupiers used the materials obtained from him to adjust fire strikes on Zaporozhye and plan sabotage.”

22. Podcast: Maritime Patrol with Captain Sean “Leeds” Liedman

The Fighter Pilot Podcast published a new episode covering various topics of the US Navy P-3 Orion and P-8 Poseidon spy planes. As per the description, “on this episode, retired U.S. Navy Captain Sean “Leeds” Liedman joins us for an exhaustive discussion on the history, hardware, and humans involved in maritime patrol with special focus on the P-3 Orion and P-8 Poseidon. Due to the interview length, no announcements or generic listener questions are featured this week.”

23. Multi-Year Chinese Cyber Espionage Operation Targeting Global Humanitarian, Think Tank, and Government Organisations

Private threat intelligence firm Recorded Future published an 11-pages long report covering a multi-year cyber espionage operation attributed to the Chinese intelligence services.

24. Former CIA Officer Joshua Schulte Faces as Many as 80 Years in Prison After Being Convicted For Providing Information to WikiLeaks

Former United States CIA analyst John Kyriakou published an article on August 16th saying that “a federal jury in New York last month convicted former CIA officer Joshua Schulte on nine felony counts under the Espionage Act for providing information to WikiLeaks that became known as Vault 7. Schulte has consistently denied that he was the source of the information. Two years ago, he was convicted on two of the original 11 charges, while the jury hung on the remaining nine. The most recent trial, in which Schulte represented himself, was on those nine counts, and he now faces as many as 80 years in prison. Schulte is yet to be tried on state child pornography charges. Prosecutors had literally no evidence that Schulte had taken the data from the CIA and transferred it to WikiLeaks. But they contended that he was a computer genius who is so brilliant that he was able to cover his tracks. They alleged that he leaked the information because he was a disgruntled former CIA employee who hated his boss, couldn’t get along with his coworkers, and sought revenge against the Agency. That was enough for the jury.”

25. Polish ABW Detains Polish National as Russian Spy

On August 18th, the Polish government announced the detainment of a Polish national named Jarosław A. As per the announcement, “the detention took place on July 11, 2022 in the Śląskie Voivodeship. The ABW officers also searched in the following voivodeships: Opolskie, Łódzkie, Warmińsko-Mazurskie and Małopolskie, places related to Jarosław A. and other persons related to him, whom the detainee intended to use for the benefit of Russian intelligence. As part of the investigation, evidence was obtained showing that the suspect expected a financial gain, as well as help in eliminating personal enemies. Using his acquaintances, he intended to provide the Russian side with a wide spectrum of information, also in the sphere of state defence and security. He was also ready to perform other tasks commissioned by the intelligence in the territory of Poland. The suspect was aware of the illegal nature of the actions taken, aimed at establishing long-term cooperation with Russian intelligence.”

26. British MoD Looking at High-Altitude Spy Balloons

As reported by Janes, “the UK Ministry of Defence (MoD) has selected Sierra Nevada Corporation (SNC) unmanned high-altitude balloon (HAB) as part of Project Aether, the company announced on 10 August. Project Aether is a UK MoD programme that seeks an unmanned stratospheric ultra-persistent communication and intelligence, surveillance, and reconnaissance (ISR) capability. An SNC spokesperson told Janes that the company intends to launch the platform in September during a 12-day period in the southwestern region of the US.”

27. Mossad Appoints Two Women for First Time to Top Spy Roles

This week it was announced that the Israeli “Mossad made history on Thursday, announcing that it has appointed two women to senior roles in the organization. There are now four women in the executive forum that leads the agency. The first woman, “A.,” took up her role recently as head of the Mossad’s Intelligence Department, which is equal to the level of the head of Military Intelligence in the IDF. The second woman, “K.,” was appointed to head the Iran Department. The Mossad’s Intelligence Department, currently managed by two women, A. and her deputy, “H.,” is considered one of the organization’s core anchors and growth engines.”

28. Ukrainian SBU Detains Russian Agent

On August 16 Ukraine’s SBU posted that they “detained a Russian who was scouting the artillery positions of the Armed Forces of Ukraine in the east of Ukraine. First of all, the enemy was interested in the positions of the Ukrainian artillery, which destroys the command posts and ammunition depots of the occupying groups. The agent turned out to be a Russian citizen who had a temporary residence permit in Ukraine. After the beginning of the full-scale invasion of Russia, he reached out to representatives of the Russian intelligence services through personal connections. He accompanied his intelligence by photographing and videotaping the relevant locations with reference to the area. The occupiers planned to use them for precise missile strikes on units of the Defence Forces of Ukraine. However, SBU employees promptly exposed, located and detained the enemy agent.”

29. New US Army Intelligence Unit Having Big Impact on Recently Established “Triad”

The FedScoop reported that the United States “Army Cyber Command’s new intelligence unit blending historical military intelligence activities with commercial data and public information is providing critical insights in a rapid manner to a newly established “triad” between the service’s cyber, missile defense and special operations organizations. Last week, the Army announced this new triad between Army Cyber Command, Army Space and Missile Defense Command and Army Special Operations Command, which aims to to deliver more options to commanders in an integrated fashion. “Probably the biggest contribution was one being able to take a fusion of traditional intelligence and what we were seeing publicly available information, in order to inform the commander forward of what we were seeing,” Lt. Gen. Maria Barrett, commander of Army Cyber Command, said during a presentation at the TechNet Augusta conference Wednesday. Adversaries are globally focused, and so is the Army. “Three operational units with unique authorities and capabilities — and we see the globe,” she said. “We were seeing some things in the electromagnetic spectrum, we were seeing things in the information environment and we were able to provide that back very quickly because of the Big Data Platform and the [Cyber Military Intelligence Group], that intelligence group, being able to turn that pretty quickly.” The Cyber Military Intelligence Group (CMIG) directs, synchronizes and coordinates intelligence support for cyber, information and electronic warfare operations while also providing support to U.S. Cyber Command and other combatant commands. It was created to perform functions not found anywhere else within the Army or intel community, and blend open source information with military intelligence.”

30. Video: Jack Murphy on Coming Across a Chinese Honeypot

On Friday, US Special Operations veteran and host of the Team House podcast, Jack Murphy shared the “story of when a he came across a Chinese honeypot in Vegas at SHOT Show.”

31. Expert Q&A on the Growing Spy Game in Canada

On August 17th the University of Victoria published this Q&A answering common questions for modern espionage in Canada by University of Victoria subject matter expert Midori Ogasawara.

32. CIA Sued Over Alleged Spying on Lawyers, Journalists Who Met Assange

As reported by the Voice of America (VOA) this week, “a group of journalists and lawyers sued the CIA and its former director Mike Pompeo over allegations the intelligence agency spied on them when they visited WikiLeaks founder Julian Assange during his stay in Ecuador’s embassy in London. The lawsuit said the CIA under Pompeo violated the privacy rights of those American journalists and lawyers by allegedly spying on them. The plaintiffs include journalists Charles Glass and John Goetz and attorneys Margaret Kunstler and Deborah Hrbek, who have represented Assange. “The United States Constitution shields American citizens from U.S. government overreach even when the activities take place in a foreign embassy in a foreign country,” said Richard Roth, the lead attorney representing the plaintiffs. The CIA, which declined to comment on the lawsuit, is prohibited from collecting intelligence on U.S. citizens, although several lawmakers have alleged the agency maintains a secret repository of Americans’ communications data.”

33. Ukraine’s SBU Accuses Former Officer of Working for Separatist Forces

On August 17th Ukrainian SBU announced that after an investigation they identified that a former SBU officer, Vasyl Bovsunovsky (cryptonym “Kaban”), collaborated with the Donetsk People’s Republic (DNR) forces where he carried out “reconnaissance and subversive actions” targeting Ukraine, and was later appointed as the Commander of Military Unit №5002.

34. German Intelligence Says it Expects More Russian Propaganda, Espionage Activities in the Coming Months

As reported, “Germany’s domestic intelligence service said Wednesday it expects to see more Russian propaganda and espionage activities in the coming months. ” Russia is using issues relating to Europe’s energy supply in particular as a… lever,” the Federal Office for the Protection of the Constitution said in a statement. The targeted dissemination of false information, for example on gas shortages and price increases, was an attempt to stir up fear in Germany about energy and food shortages that could threaten the country’s existence, the office said. “Russian propaganda is likely to proliferate within extremist circles and fuel conspiracy narratives with the aim of driving a wedge into our society,” the statement continued. The Russian state is also expected to “further intensify and adapt its political and military reconnaissance efforts,” the office said.”

35. Podcast: SpyCast: Foreign Denial and Deception with Bill Parquette

This week the International Spy Museum’s SpyCast released a new podcast episode featuring Bill Parquette, former Lt. Col. in the U.S. Army, starting his career with 10 years in the 82nd Airborne, and is currently Professor of Practice at Penn State University. The intelligence subjects covered are: 1) Denial and deception — what it is and why it matters, 2) Key examples of denial and deception, 3) Detecting denial and deception operations, and 4) How to avoid seeing monsters everywhere.

36. Cyprus’ Role in Greek Spy Scandal Will Come to the Fore

This article was published on Friday saying that “reactions over Cyprus’ link with the espionage case involving the Greek state spying on Greek EU lawmaker Nikos Androulakis continue to mount as EU parliament’s plenary session looms. The European Parliament’s socialist group on Tuesday had called for a full investigation and a plenary debate on Greece’s wiretapping scandal. The next plenary sitting will be held on September 12. Akel MEP Giorgos Georgiou and Edek MEP Demetris Papadakis told daily Politis on Friday that the plenary discussion will focus both on the use of espionage software in Greece and also on the operation of companies producing such software in Cyprus.”

37. Former Estonian Spy Chief On Why the West Should Continue to Support Ukraine

Vazha Tavberidze reported this week saying that “Eerik-Niiles Kross is a Soviet-era dissident who later headed independent Estonia’s foreign intelligence service. Now a lawmaker for the Estonian Reform party, Kross is a longtime critic of Russian President Vladimir Putin, was an adviser to the Georgian government during its brief 2008 war with Russia, and the author of dozens of articles on Russia and NATO. He has even been sought internationally by Russian authorities over the alleged hijacking in Baltic waters in 2009 of a Russian-crewed cargo ship, called the Arctic Sea, that was subsequently rumored to have been transporting weapons. (The allegation was described as nonsense by Kross and Estonian officials.) Kross talked to RFE/RL Georgian Service fellow Vazha Tavberidze on August 10 about Russia’s invasion of Ukraine, why he’s OK with the EU excluding Russians who won’t “defect,” a narrowing identity gap between “Old” and “New” Europe, and critical lessons from the West’s experience with post-Soviet Georgia.”

38. US to Provide ScanEagle Spy Drones to Ukraine

Jon Harper reported that “a new round of U.S. security assistance for Ukraine, announced Friday, will for the first time include ScanEagle unmanned aerial systems that could be used to locate and target Russian forces. The long-endurance intelligence, surveillance and reconnaissance (ISR) platform is characterized as a Group 2 UAS based on its weight and other characteristics. The platform is about 5 feet in length with a maximum payload weight of 11 pounds, according to manufacturer Insitu, which is owned by Boeing. It can operate at altitudes up to 19,500 feet and can loiter for more than 18 hours. The ScanEagle can be equipped with a variety of sensors including electro-optical and infrared cameras, and feed information back to users using encrypted data links.”

39. Mali Lays Heavy Charges of Espionage Against France

As reported this week, “Mali has brought very serious accusations against France, including that of carrying out espionage activities and supporting terrorist groups by threatening the stability of the country. These accusations come the day after the final withdrawal of the Barkhane force. For Driss Ganbouri, expert in terrorism, this case reveals “a struggle between the great powers in Africa”. On August 15, Malian Foreign Minister Abdoulaye Diop sent a letter to the UN Security Council in which he accused Paris of carrying out espionage activities and helping jihadists by supplying them with weapons while France was supposed to help Bamako bring back peace and stability through its Barkhane force. The charges against France are very heavy and Bamako has requested an emergency meeting of the Security Council. The letter mentions that Paris provided arms and ammunition to terrorist groups in Mali, as well as intelligence.”

40. Indian Cyber Espionage Operation Targeting Pakistani MoD

On August 18 cyber threat intelligence researcher Kimberly discovered and disclosed technical indicators of an active cyber espionage operation attributed to an actor dubbed as PATCHWORK, who has been previously associated with the government of India. The operation involved a lure document impersonating the Ministry of Defence (MoD) of Pakistan which, if opened, it was covertly installing a custom cyber espionage software implant.

41. Ukrainian SBU Detains Russian FSB Agent in Kiev

On August 18th Ukrainian SBU announced the detainment of “a Russian agent who “drove” more than 120 units of the occupiers’ equipment to the outskirts of Kiev. According to the SBU, the agent turned out to be a resident of Sumy Oblast, recruited by the intelligence services of Russia. From the first days of the temporary occupation of the region, he began active cooperation with the enemy, offering to become a guide and show safe ways to Kiev. And after the liberation of the Sumy region, the agent continued to cooperate with the Russian FSB and fulfil the tasks of his handlers. He collected data on the locations, numbers and armaments of the Defence Forces in the region. The suspect gave the FSB officers coordinates of military facilities in the area. He used closed channels of electronic communication for communication.”

42. Pakistani Cyber Espionage Operation Targeting Bangladesh

Cyber threat intelligence researcher Blackorbird discovered and disclosed technical indicators of an active cyber espionage operation attributed to an actor dubbed as KASABLKANKA, who has been previously associated with the government of Pakistan. The operation impersonated UNICEF and domestic mobile applications to target individuals in Bangladesh. If they opened the impersonated links, a cyber espionage software implant was covertly installed.

43. Spy Way of Life: EINSTEIN Unter den Linden Cafe-Restaurant

This week’s selection for the Intelligence Online’s Spy Way of Life series was the EINSTEIN Unter den Linden cafe-restaurant, located in Berlin, Germany. As per the article, “all over the world, spies like to meet in favourite spots where discreet conversations and chance meetings can occur. This week Intelligence Online visits the emblematic Einstein UdL in Berlin, a city where spying is making something of a comeback.”

44. Saudi Snitching App Appears to Have Been Used Against Jailed Leeds Student

The Guardian reported that “the Saudi woman who was sentenced to 34 years in prison for a tweet appears to have been denounced to Saudi authorities through a crime-reporting app that users in the kingdom can download to Apple and Android phones. A review of Leeds PhD student Salma al-Shehab’s tweets and interactions shows she was messaged by a person using a Saudi account on 15 November, 2020 after she posted a mildly critical tweet in response to a Saudi government post about a new public transportation contract. The user told Shehab that he had reported her on the Saudi app, which is called Kollona Amn, or We Are All Security. It is not clear whether the Saudi officials responded directly to the report, but the 34-year-old mother was arrested two months later.”

45. Punjab Cops Recover Pakistani Army Weapons from Terrorist Outfit Busted in Delhi, Links to Pakistani Spy Agency

India Narrative reported a story with links to Pakistan’s spy agency, the ISI. As per the article, “sophisticated weapons used by the Pakistani army have been recovered from the four-member ISI-backed terrorist module busted ahead of Independence Day celebrations, the state’s Director General of Punjab Police, Gaurav Yadav has disclosed. The accused were associated with Canada-based Arshdeep Singh alias Arsh Dala, a native of Dala village in Moga, who is a Khalistan Tiger Force (KTF) operative involved in various criminal activities in Punjab and abroad and is most wanted by the Punjab Police.”

46. Ukrainian SBU Exposes FSB Wiretapping Attempt in Verkhovna Rada

On Friday Ukraine’s SBU announced a Russian FSB attempt to place covert listening devices (bugs) at the Verkhovna Rada (Supreme Council of Ukraine). As per the announcement, “an official was persuaded to cooperate by an FSB officer during a trip to the temporarily occupied Crimea before the start of a full-scale invasion. On the instructions of his Russian handler, the agent was supposed to collect intelligence about the visits of foreign delegations to the Ukrainian parliament, in particular their personal composition, the content of official and informal conversations. In addition, he was tasked with studying the possibility of installing special technical means of covert intelligence gathering in halls and on the sidelines.”

47. Pakistani ISI Spy Arrested by Rajasthan Police in India

Following last week’s (story #56) arrests of agents of the Pakistani ISI, this week it was reported that “Rajasthan Police arrested a 47-year-old man suspected to be an agent of Pakistan’s Inter-Services Intelligence (ISI). The accused, identified as Bhag Chand, is a Pakistani Hindu migrant, who was living as an Indian national, and was arrested from Bhati Mines area in South Delhi. He was arrested on the intervening nights of Monday and Tuesday.” The report continues that “the accused had migrated to India from the Sindh region in Pakistan in 1998 and got his Indian nationality in 2016. He is currently employed as a labour supervisor. An ISI operative, Abid, had prodded Bhag Chand’s maternal uncle to meet him and both started communicating on WhatsApp. Upon interrogation, Bhag Chand revealed that Abid used to communicate with him using a Pakistan-based WhatsApp number. In 2020, Bhag Chand facilitated Abid in acquiring an Indian WhatsApp number. Further, during the months of August- September, 2021, he had facilitated Abid in acquiring another Indian WhatsApp number, subscribed in his wife’s name. After months of communication with Bhag Chand, Abid then asked him to visit military areas, befriend serving military personnel and introduce them to him. Abid also tasked Bhag Chand to transfer money on his behalf.”

48. Russian SVR Speech at the MCIS 2022

On August 16th, during the Moscow Conference on International Security (MCIS) 2022, the Colonel General of the SVR gave a speech titled “From the Point of View of the SVR of Russia” and the transcript of it was later shared by the SVR online.

49. North Korean Cyber Operation Targeting IT Job Seekers

As reported this week, North Korean cyber operators have been targeting IT job seekers, especially in the financial technology sector. The objective of the operation appears to be the covert collection digital funds to evade the economic sanctions that North Korea has.

50. Western Spies Took Samples of Iranian Soil for Nuclear Testing

Following week 27 (stories #49, #59 and #60) this week Tehran Times reported that “Esmail Kowsari, who is sitting on Parliament’s National Security and Foreign Policy Committee, said the sampling was a type of espionage. “This was definitely a type of espionage. The hostile countries had told these people to collect soil from some places they suspected to be suspicious so that it could be tested. Foreign spies should know that our security apparatuses have not and will not leave them alone and are constantly monitoring them,” Kowsari, a former IRGC general, told Fars News. In early July, the IRGC announced that it detained a number of foreign diplomats who were collecting soil samples deep inside Kerman deserts where the IRGC had just conducted a missile drill. The IRGC said at the time that the British deputy ambassador to Iran was among the arrested. “These criminals do not consider that America has more than 5,000 and the Zionist regime [Israel] has more than 250 nuclear warheads, but even though we say through official and media announcements that we are enriching uranium for electricity production and agricultural issues, they want to take measures against us through cooking up documents and stealing Iranian soil,” Kowsari said. He added, “The Westerners should know that the situation has changed now and today no one cares about such issues in order to use them to cook up documents against us.” Underlining that “we are doing our own work and do not pay attention to these things,” he said, “Westerners are not people who consider themselves the owners of everything. Those days when they considered themselves the owners of the whole world are over. We are doing our own thing and they have to run after us to see if they catch up or not.”.”

51. US CAO Classifies TokTok as High-Risk for Espionage

The US House of Representatives, Chief Administrative Officer (CAO) issued a security advisory stating that “TikTok mobile application has been deemed by the CAO Office of CyberSecurity to be a high-risk to users due to its lack of transparency in how it protects customer data, its requirement of excessive permissions, and the potential security risks involved with its use.”

52. Russia’s Spies Misread Ukraine and Misled Kremlin as War Loomed

This is an article published by the Washington Post stating that “in the final days before the invasion of Ukraine, Russia’s security service began sending cryptic instructions to informants in Kyiv. Pack up and get out of the capital, the Kremlin collaborators were told, but leave behind the keys to your homes. The directions came from senior officers in a unit of Russia’s Federal Security Service (FSB) with a prosaic name — the Department of Operational Information — but an ominous assignment: ensure the decapitation of the Ukrainian government and oversee the installation of a pro-Russian regime. The messages were a measure of the confidence in that audacious plan. So certain were FSB operatives that they would soon control the levers of power in Kyiv, according to Ukrainian and Western security officials, that they spent the waning days before the war arranging safe houses or accommodations in informants’ apartments and other locations for the planned influx of personnel. “Have a successful trip!” one FSB officer told another who was being sent to oversee the expected occupation, according to intercepted communications. There is no indication that the recipient ever made it to the capital, as the FSB’s plans collapsed amid the retreat of Russian forces in the early months of the war. The communications exposing these preparations are part of a larger trove of sensitive materials obtained by Ukrainian and other security services and reviewed by The Washington Post. They offer rare insight into the activities of the FSB — a sprawling service that bears enormous responsibility for the failed Russian war plan and the hubris that propelled it.”

53. Yemen Shares Video of Spy Network Attempting to Infiltrate Joint Forces

As reported by local media, “on Thursday, August 18, the military media of the Joint Forces distributed a video containing the confessions of a network that the Houthi militia tried to plant among the Joint Forces to carry out espionage missions. The network includes six members: “Abdul Karim Abdullah Mahdi Al-Haidari — from Dhamar Governorate, Mushtaq Ali Muhammad Hassan Al-Aswad — from Dhamar Governorate, Raafat Abdul Raouf Ali Al-Qadi — from Taiz Governorate, Bashir Abdo Muhammad Al-Jab — from Dhamar Governorate, Amin Mahyoub Ahmed Abdullah Amer.” — from Taiz governorate, and Hassan Hamid Ayyash Al-Zubaidi — from Al-Hodeidah governorate.” They were arrested before they could complete the affiliation procedures, and some were in the training period. In their confessions, the network members admitted that they were sent by leaders linked to the so-called Houthi security and intelligence service to the West Coast Front to carry out espionage missions in the ranks of the Joint Force.”

54. Romania Declares Russian Diplomat PNG over Espionage Concerns

The Romanian Ministry of Foreign Affairs announced that a diplomat from the Russian Embassy of Bucharest was declared Persona Non Grata (PNG) due to participating in activities incompatible with his diplomatic status. The article notes that “often this wording is used when it comes to suspicion of espionage.”

55. United States NGA — TEARLINE — North Korea’s Komdok Mining Region

On August 15th, the United States National Geospatial-intelligence Agency (NGA) led Project TEARLINE released a new report saying that “despite instructions to transform the Komdok mining region into a model mining community, so far efforts have been largely focused on expanding housing and band-aid repairs from the 2020 typhoons. But the terrain and weather patterns of this region make even those efforts seem in vain without greater investment in infrastructure, energy provision and anti-flooding mitigation. Without such efforts, plans for the Komdok region appear little more than empty promises.”

56. Ukrainian SBU Detains Two FSB Agents in Kramatorsk

On Friday Ukraine’s SBU announced the detainment of “a Russian who was transferred to Ukraine by the FSB to gather intelligence near Kramatorsk. During the counter-subversive “clearing” of the front-line areas in the east of our country, SBU officers detained two Russian agents. Among them is a Russian citizen who, 5 years ago, did his military service in Kostroma. The FSB transferred him to Ukraine to carry out reconnaissance and subversive actions under the guise of a peaceful resident of Donetsk region. They exposed him on the territory of Druzhkivka. Another SBU counter-intelligence agent was exposed in the city of Bilytske, Donetsk region. He “reported” to the occupiers about the routes for the movement of military equipment of the Armed Forces of Ukraine in the front-line areas.”

57. Russian FSB Detains SBU Agent in Krasnodar

On Friday the Federal Security Service (FSB) of Russia announced the detainment of a man in Krasnodar for conducting espionage on behalf of the Ukrainian SBU. He has the cryptonym “Archie” and was receiving payments to “illegally receive and transmit information that could be used against the security of Russia.”

58. French Viginum Spy Agency Seeks More Attention

As reported by Intelligence Online, the French spy agency Viginum, created in July 2021, to combat foreign influence operations “seeks to move up a gear after a year in operation.” As per the article, the agency is “a goal that is now a priority for the French government.”

59. Turkish MIT Assassinates 6 PKK/KCK Members in Iraq

According to Turkish media, the Turkish spy agency (MIT) assassinated 6 individuals in northern Iraq, the Iraqi Kurdistan region, for being members of the PKK/KCK, which is classified as a terrorist organisation by Turkey.

60. Chinese Cyber Espionage Operation Targeted Over 80 Organisations

As reported by Bleeping Computer, cyber threat intelligence private firm Group-IB issued an analysis of 2021 cyber espionage operations attributed to a Chinese nation-state actor dubbed as WINNTI. According to the report, they “targeted at least 80 organizations last year and successfully breached the networks of at least thirteen.” Among them, they “targeted hospitality and software development firms in the U.S., an aviation firm in India, government, manufacturing, and media entities in Taiwan, and even software vendors in China.”

61. Ukrainian SBU Uncovers Russian Agents in Penitentiary System

As reported on Friday by the SBU, they “exposed Russian agents in the penitentiary system of the southern regions of Ukraine. The perpetrators gave the enemy information about the employees of penitentiary institutions who did not betray their oath and remained loyal to Ukraine. It was established that the “liaison” was the “head of the HR department” illegally created by the occupiers of the “department of the Federal Penitentiary Service in the Kherson Region”. The former personnel officer of one of the correctional colonies of the Kherson region received this pseudo-position for voluntarily cooperating with the occupiers. He received the information requested by the enemy from an official of the regional structural unit of the State Criminal Enforcement Service of Ukraine. The received information of the intelligence services of Russia was used for the purpose of intelligence and subversive actions against Ukraine. Including for putting pressure on law enforcement officers and their relatives, their possible recruitment and obtaining information of an official nature.”

62. Ex-B.C. Journalist and Democracy Activist Placed on Chinese ‘Wanted’ List

The Q107 reported on August 17th that “a Richmond democracy activist has found himself on Hong Kong’s most wanted list. As Emad Agahi reports, that has other activists calling on the federal government to speak up in his support. Most Canadians will never wake up to find a pair of agents with Canada’s national spy agency at their door, but that’s the situation a former newspaper editor living on the Lower Mainland found himself in Wednesday morning. Victor Ho, the former editor of the Sing Tao Daily, Canada’s largest Chinese-Canadian newspaper, and a Hong Kong democracy activist, was recently placed on a “wanted list” by security officials in Hong Kong, for alleged violations of the territory’s National Security Law.”

63. Secret Sharing Nuclear Scientist Will Now Get Fate Decided by a Jury

On August 16th, Christopher Burgess published this article covering the case of Toebbe, saying that “today in the courtroom of the Northern District of West Virginia, located in Martinsburg, WV, Jonathan Toebbe and his spouse, Diana Toebbe were supposed to be sentenced to prison. The couple had already pleaded guilty to a number of charges, including the Atomic Energy Act and threat to national security. The judge rejected the plea deal, citing that the recommended period of incarceration as being inadequate. Jonathan Toebbe, who was the principal and instigator of the theft and onward attempt to transmit the purloined information to a foreign government, now understood to have been Brazil, was expected to have been sentenced to 12–17.5 years. His wife, who was described by both the defense and prosecution as having played a willing, yet limited role in the couple’s espionage was expected to be sentenced to 36 months.”

64. Iran Says Swedish Citizen Detained for Espionage Might Face Other Charges

This is a follow up from week 30 (story #67). This week, Reuters reported that “a Swedish citizen detained in Iran on suspicion of espionage might face other charges, Iranian judiciary spokesperson Masoud Setayeshi said on Tuesday in a televised news conference. The suspect, who remains unnamed, had been under surveillance by the intelligence ministry during several previous trips to Iran because of “suspicious behaviour”, the official IRNA news agency reported in July.”

65. Russian SVR Continues to be Targeting Microsoft Cloud Services

Cyber threat intelligence private firm Mandiant released a report discussing how Russia’s SVR has been conducting cyber espionage operations targeting Microsoft’s cloud services (e.g. Microsoft 365). Mandiant also released a 53-pages long white paper for the same subject.

66. Russians Detain Their Own Former Spy Chief on Route to Front Line

The Telegraph reported on August 14th that “a former Russian spy who led rebels in Ukraine’s Donetsk region in 2014 has been detained after attempting to join the front line of the Kremlin’s war. Igor Girkin, also called Igor Strelkov, decided to sign up after growing frustrated with the slow progress of the conflict. Photos on social media show a clean-shaved Mr Girkin without his trademark moustache in an apparent attempt to travel in disguise to the battle near Kherson, southern Ukraine. His Russian nationalist supporter Alexander Zhuchkovsky said that Mr Girkin had been detained by Russian forces in Crimea as he headed to the front line near Kherson, southern Ukraine. “Strelkov is a man with vast military experience,” he said.”It is a great political crime that such a person cannot get to the front.” Mr Girkin gained a cult following among hardcore Russian nationalists in 2014 after he led rebel forces in Donetsk. He styled himself as an officer of the Russian Imperial army, striding around, barking orders and chain-smoking.”

67. David Vigneault Prepares the Canadian Security Intelligence Service for Foreign Interference Battle

Intelligence Online reported that “David Vigneault, head of the Canadian Security Intelligence Service since 2017, is well aware of the growing threat to Canadian interests posed by China. He is trying to prepare his service to deal with this, but his country is struggling to make the necessary security adjustments.”

68. Ukrainian SBU Detained Russian Agents Trying to Join the Armed Forces of Ukraine

On Saturday SBU reported that “two residents of the Vyshhorod district, who assisted the Russian troops during the temporary occupation of part of Kiev region, turned out to be traitors. The armed men took an active part in the so-called filtering measures, looking for Ukrainian patriots among the local residents who resisted the invaders. They also tortured an underage boy for helping units of the Armed Forces to identify equipment and places of deployment of the occupiers. After the liberation of Kiev Oblast, the accomplices of the occupiers remained in the territory of the region. One of the traitors left for the neighbouring region, where he signed a contract with the Armed Forces, in order to spy and transmit information to the enemy about the movement routes and locations of Western weapons, while the other wanted to “enlist” from one of the territorial communities near Kiev. But SBU employees carefully followed every step of the enemy agents and exposed their plans in a timely manner.”

69. Podcast: Combat Story: MARSOC, CIA GRS Operator Jason Lilley

On Saturday, the Combat Story published a new nearly 2-hour long podcast episode featuring Jason Lilley, “a former Marine infantryman, Marine Recon, sniper, MARSOC, and then CIA Global Response Staff (or GRS) operator.”

70. Developments with Chinese Spy Ship in Sri Lanka

Following week 31 (story #48) this week there were numerous developments. First, on Monday India “handed over a Dornier-228 maritime patrol and reconnaissance aircraft to Sri Lanka to reaffirm bilateral security ties.” Later it was discovered that a “lawmaker on August 8 lobbied in favour of the ship being allowed to dock notwithstanding what he called were Indian concerns in front of President, PM and Beijing’s close friend Mahinda Rajapaksa.” Eventually it was reported that “despite India’s opposition, China’s ballistic missile and satellite surveillance vessel ‘Yuan Wang 5’ has reached Sri Lankan port.”

71. Albania Arrests Two Russians and One Ukrainian for Espionage

On Saturday local media reported that “the Albanian Ministry of Defence announced, on Saturday evening, that two Russians and a Ukrainian had been arrested on charges of espionage on a military facility in southern Albania. The Ministry said in a statement that one of the two Russian men, identified only by his initials “M. Z.” and who is 24 years old, was detained after entering the yard of the facility located in the Gramsh area, 80 km south of the capital, Tirana.” The report continues that the spies used some paralysing spray against the guards and also that “a 33-year old Russian woman, also identified by her initials “S. T.”, and a 25-year old Ukrainian man, F. A., were arrested outside the military compound, and their car was confiscated.”