SPY NEWS: 2022 — Week 41

Summary of the espionage-related news stories for the Week 41 (October 9–15) of 2022.

1. ‘Ukraine is Going to Win’: Estonia’s Departing Spy Chief Opens Up on Putin’s War

Michael Weiss of Yahoo! News reported that “how will the war end? “Ukraine is going to win,” Marran says without hesitation. “They have to win because for Ukraine, it’s an independence war. It’s not just a regional conflict, and that’s why they are highly motivated.” Though he is less certain of when, exactly, that victory will come. By running raw manpower into the meat grinder of war, Putin can prolong the fighting. “My father was fond of the expression Nado, Fedya, nado,” Marran says, quoting a line from the hit 1965 Soviet comedy “Operation Y and Shurik’s Other Adventures.” Literally it means “it’s necessary, Fedya, it’s necessary,” but it connotes a sense of implacable stubbornness in the face of extreme adversity. “The Russians are like this, and we shouldn’t underestimate their ability to press on when others would give up. The first conscripts who will arrive, or have already arrived, at the war zone are the easiest targets for Ukrainians, but it’ll likely be a kind of a Darwinist cycle of events. The ones that survive the first months will learn how to do the job and they’ll become better soldiers because Nado, Fedya, nado.”.”

2. Germany’s Cybersecurity Chief Faces Dismissal, Reports Say

On October 10th Reuters reported that “German Interior Minister Nancy Faeser wants to dismiss the country’s cybersecurity chief due to possible contacts with people involved with Russian security services, German media reported late on Sunday, citing government sources. Arne Schoenbohm, president of the BSI federal information security agency, could have had such contacts through the Cyber Security Council of Germany, various outlets reported. Schoenbohm was a founder of the association, which counts as a member a German company that is a subsidiary of a Russian cybersecurity firm founded by a former KGB employee, they wrote. Schoenbohm did not immediately reply to a message sent to him via social media. Neither the interior ministry nor the BSI immediately replied to requests for comment. “These accusations must be decisively investigated,” said Konstantin von Notz, the head of the parliamentary oversight committee for Germany’s intelligence agencies.”

3. Chinese Cyber Espionage Operation Targeting Myanmar

This week the Threat Research & Intelligence team of the private security firm BlackBerry published technical analysis showing how they “recently uncovered a campaign by an advanced persistent threat (APT) group called Mustang Panda that is leveraging the PlugX malware family to target the Southeast Asian state of Myanmar. Our team analyzed the samples in question and found their embedded configurations revealed a set of command-and-control (C2) domains that masquerade as Myanmar news outlets. This is not the first time a campaign targeting this state has impersonated Myanmar news outlets or used PlugX malware. These tactics, techniques, and procedures (TTPs), along with other corroborating evidence — such as a previous indication that the group was active in this location — lead us to assert with reasonable confidence that the China-based threat group known as Mustang Panda is responsible for this campaign.”

4. Spain Reveals a Spy Network Run by Moroccan Intelligence Through Its Consulate in Madrid

On October 10th Salem Hanafi reported that “the National Court ratified the decision of the Ministry of Justice to refuse the Spanish citizenship of an employee of the Moroccan Consulate in Madrid, accused of his involvement in a spy plot in Spain, orchestrated by the intelligence services in Rabat. According to a report by the Spanish “lavozdegalicia”, the judicial decision was based on a secret report issued by the National Intelligence Centre (CNI), which also revealed that there is a “head of a Moroccan intelligence service in Spain” who recruits delegates as spies. The report said that CNI was forced to announce the existence of this nest of secret agents associated with the diplomatic representation of the neighbouring country to prevent this agent, who is married to a Spanish citizen of Moroccan origin, who also has two Spanish children, from acquiring citizenship by residency. The report indicated that the decision of the third section of the Court of Genova Street, dated September 14, confirmed the decisions of the General Directorate of Records and Notaries in June and December 2019, which refused to grant citizenship to this resident “for reasons of public order or national interest.”.”

5. Russians Bought Real Estate in Finland Near Airfields and Other Strategic Locations

On October 10th IS reported that “Russian “agents” living or staying in Finland could be preparing energy attacks similar to the Nord Stream gas pipeline explosions in their Russian-owned properties. Since early summer, Ilta-Sanomat has published several reports on their locations and ownership. According to Tover, Russia is waging a tough energy war against the entire West. The former head of intelligence is convinced that over the years, Russia has acquired land and real estate from Finland also in a strategic sense — including those that it could use to its advantage in a crisis situation.” The article notes that “the FSB has prepared Russian military operations in different countries in the same way as the KGB did during the Soviet Union. In these target countries, for example, Russians have infiltrated society, and potential future attacks have then been practiced in safe houses or terrains owned by Russians, Tover says.”

6. Pakistani ISI Line Busted by Indian Army Officer

The Times o India reported that “an Army officer posted in Assam received messages and voice notes from an Ahmedabad number and the sender identified himself as a fellow officer, but the accent and suspicious web links led to the discovery of an ISI connection. The officer in Assam got a WhatsApp message from someone claiming to be Vijay Kumar Sharma in mid-September. Sharma wanted the officer to update his EPPO (Electronic Pension Payment Order) details. The officer clicked the link Sharma had sent and noticed that the web address did not feature “gov”. The officer alerted military intelligence which gave a tip-off to the Ahmedabad crime branch. According to a senior crime branch officer, Sharma’s message read: “Good Evening Sir. Sr. Off. Vijay Sharma here. Please fill up your EPPO details by clicking the given website link.” The crime branch officer said the sender’s accent on voice notes amplified suspicions. Investigations have revealed that the number in question was given to a staffer of the Pakistan embassy named Shafaqat Jatoi by Abdul Wahab Pathan, a resident of Panch Patti in Ahmedabad. Pathan allegedly gave 15 Indian sim cards to Jatoi in exchange for Pakistani visas and money between 2017 and 2019. Jatoi left India in 2019-end. Using Indian phone numbers, ISI agents made WhatsApp calls to armed forces personnel, posing as officers of the Indian Army. The crime branch officer said the ISI agents tried to make their targets enter crucial details on websites mimicking those of Indian bodies such as Kendriya Sainik Board and the Department of Ex-servicemen Welfare. When a target fell into the trap, ISI agents stole personal data and bugged the phone. According to crime branch sources, these phishing websites were created in the second week of September. Earlier, ISI operatives have honey-trapped a few armed forces personnel.”

7. United States CIA Assassin in Castro Plots Dies

Sri Lanka Guardian reported that “Rolando Cubela, a Cuban revolutionary who plotted with the CIA to kill Fidel Castro, died in Miami in August, his passing unnoticed in the English-language U.S. press. While the U.K. Telegraph ran a (paywalled) obituary, neither the New York Times or the Washington Post has reported the death of a man whose rise and fall once convulsed the governments of Cuba and the United States and generated headlines worldwide. Rolando Cubela Secades was 89 years old. I heard about Cubela’s death independently from three friends in Miami who heard the news from his family. He was living in a Miami nursing home until he passed, they said. Cubacute, a Spanish language news site in Miami, quoted Cubela’s sister saying he had died of a respiratory infection. The son of a tailor from the provincial city of Cardenas, Cubela enrolled as a medical student at the University of Havana where he emerged as a leader of the rebellion against the dictatorship of Fulgencio Batista. In October 1956 he gained notoriety for assassinating Col. Antonio Blanco Rico, a top military officer, in a Havana nightclub. Cubela won glory in December 1958 when his Revolutionary Directorate forces joined with Fidel Castro’s July 26 movement to win the decisive battle of Santa Clara, which toppled the Batista regime and brought Castro to power. Amid a struggle for control of the University of Havana campus, Cubela was elected president of the student federation, a politically powerful position. At first he was a revolutionary firebrand, celebrating the closing of a pro-American newspaper and the defeat of the CIA-trained brigade at the Bay of Pigs in April 1961. But as Cubela became disenchanted with Castro’s hard left turn to one-party socialism, he turned on his former comrades. In August 1962, he met with two CIA men in a Helsinki nightclub. “He said he was not interested in risking his life for any small undertaking,” the CIA reported “but if that he could be given a really large part to play, he would use himself and several others whom he could rely upon.” Known by the code name AMLASH, Cubela subsequently underwent secret training at a CIA safe house in France.”

8. Podcast: Hoover Institution: Chinese Spies — Is America Helpless Against PRC Espionage?

This week the Hoover Institution published a new podcast episode. As per its description, “Hoover Institution fellow Michael Auslin is joined by former Anna Puglisi, former National Counterintelligence Officer for China, and Matt Brazil, author of Chinese Communist Espionage, to discuss just how widely and successfully Chinese spies have penetrated American business, government, and academia.”

9. Latvian VDD Denies Entry to Over 200 People Deemed High-Risk

The State Security Service (VDD) of Latvia issued an announcement on October 12th stating that “since the Russian invasion of Ukraine, the State Security Service (VDD) in cooperation with other services has been working in an intensified mode to identify persons connected to Russia who may pose a threat to the national security of Latvia. So far, a total of 209 risk persons have been denied residence in Latvia in accordance with the recommendations of the Ministry of Internal Affairs and Communications. VDD pays increased attention not only to Russian nationals, but also to citizens of its closest ally Belarus and other foreigners who are connected to Russia. When identifying risk persons, the VDD in cooperation with other institutions implements various measures to prevent potential danger: inclusion of persons in the so-called black list, or the list of foreigners whose entry into the Republic of Latvia is prohibited; banning entry into Latvia, stopping persons at the eastern border of the country; refusal or cancellation of visas and residence permits; preventive talks, etc.”

10. Britain’s GCHQ Head: Putin Making Strategic Errors Due to Unconstrained Power

The Guardian reported on October 10th that “Vladimir Putin has made strategic errors in his pursuit of the war in Ukraine partly because there are so few restraints on his leadership, the head of the British spy agency GCHQ will say in a speech on Tuesday. Russia’s soldiers are running out of supplies and munitions and initial gains made by Moscow are being reversed, Jeremy Fleming is expected to add in a rare public address. “Far from the inevitable Russian military victory that their propaganda machine spouted, it’s clear that Ukraine’s courageous action on the battlefield and in cyberspace is turning the tide,” Fleming will say. Focusing on the Russian president directly, Fleming is expected to say that “with little effective internal challenge, his decision-making has proved flawed” and that he has engaged in “a high-stakes strategy that is leading to strategic errors in judgment”. On Monday, Moscow launched a wave of missile strikes aimed at Kyiv and other major urban centres, killing at least 11 people, which Putin said was in response to the weekend bombing of the bridge connecting occupied Crimea to Russia. Western intelligence has repeatedly emphasised how it believes that Putin has micromanaged the conduct of Russian forces in the seven-month-long war. Last month US officials said it was thought the president had rejected a request from his generals to retreat from the city of Kherson on the west of the Dnieper River. But although intelligence officials believe there is increasing anxiety within the Kremlin at the progress of the war, Putin’s position is thought to remain strong. In the unlikely event he was to be suddenly replaced it is not certain it would result in a significant change in Russian strategy, either. The GCHQ director will highlight the costs to Russia from the months of fighting, arguing that Moscow’s forces have become exhausted and its recent mobilisation of conscripts shows signs of desperation. “We know — and Russian commanders on the ground know — that their supplies and munitions are running out,” he will add.”

11. Ukrainian SBU Detained Russian Agent in Dnipro

On October 9 Ukraine’s Security Service (SBU) announced that they they detained “a member of the closest circle of the former People’s Deputy of the Illi Kiva, who is currently hiding abroad from justice for crimes against Ukraine. The enemy agent remained in the Dnipro after the beginning of the full-scale Russian invasion to carry out subversive activities in favour of the occupiers. First of all, the attacker tried to identify and transfer the geolocation of Ukrainian air defence units to the aggressor. According to the SBU counter-intelligence, the traitor is a local IT businessman who met Kiva in 2014. Later, at the suggestion of a traitorous people’s deputy, the entrepreneur headed one of the city’s public associations, which is under the control of the leadership of the outlawed party of the National Guard. He collected intelligence about the locations and movements of the units of the Armed Forces, as well as gave the invaders the coordinates of critical infrastructure sites. In his “reports”, he made public the photo and video materials he received during covert surveillance of sites. To each of them he added text messages with a detailed description of the surrounding area and clarifying characteristics. The aggressor used the information obtained to carry out missile strikes on the city and plan sabotage.”

12. Is the CIA Supporting Another Colour Revolution in Iran — Like the One that Installed the Shah in 1953?

The Covert Action Magazine published this article on October 10th concluding that “while there may be no smoking-gun proof of CIA involvement in the Iranian protests, all the signs are there that history is being repeated — from the vocal support of President Biden and U.S. media to the protests, to the heavy involvement of the NED in Iran, to the role being played by exiled feminist Twitter warriors with ties to U.S. government-funded agencies. In spite of mounting inflation and divisions over the hijab policy, the regime of the Ayatollahs will likely endure, however, because Iranians know their history. They remember the brutality of the U.S. installed Shah and the CIA’s overthrow of Iranian democracy, and understand how Western imperialism weakened and humiliated many Middle Eastern countries before — and will do it again — as always under the phony veneer of advancing women’s and other human rights.”

13. Spy Way of Life: Erbil Rotana Hotel, Iraqi Kurdistan

This week’s selection for Intelligence Online’s Spy Way of Life was the Erbil Rotana Hotel, located in the Iraqi Kurdistan. As per the article, “the heavily guarded Erbil Rotana hotel in Iraqi Kurdistan where the region’s key players cross paths and rub shoulders.”

14. UK MoD to Launch Military Spy Cube Satellites in November

Janes reported on October 12th that “two UK Ministry of Defence (MoD) CubeSats — Prometheus-2 and Coordinated Ionospheric Reconstruction CubeSat Experiment (CIRCE) — will be launched in November, Virgin Orbit said on 11 October. The satellites will be launched onboard Virgin Orbit’s Cosmic Girl aircraft as part of the company’s ‘Start Me Up’ space mission. The confirmed launch date has not been specified. Start Me Up involves a total of nine individual satellites, including Prometheus-2 and CIRCE, which will be launched from UK soil — the first orbital satellite launch in the country’s history. Prometheus-2 is a CubeSat intended as a test platform for monitoring radio signals including Global Positioning System (GPS), conducting sophisticated imaging, and paving the way for a more connected space-based communication system, Minister for Defence Procurement Jeremy Quin said at the Defence Space 2022 conference in London. A three-year mission, the CubeSat was developed in collaboration with Defence Science and Technology Laboratory (Dstl), In-Space Missions, and Airbus Defence and Space. Dstl owns the satellite.”

15. Pakistani Cyber Espionage Operation Target India

Cyber threat intelligence researchers discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as TRANSPARENT TRIBE, who has been previously associated with the intelligence services of Pakistan. The operation involved fake CVs which, if opened, were covertly installing a cyber espionage software implant known as Crimson RAT.

16. Lebanon: Israeli Naval Buoys Are Used for Espionage

The Al-Mayadeen reported this week that “speaking to Al- Mayadeen about the file of demarcating the maritime borders between Lebanon and occupied Palestine, Alfa pointed out that there are suspicions that the Israeli Unit 8200 is using border buoys to spy. He stressed that Lebanon has all the elements for the success of negotiations to obtain oil and gas rights.”

17. Webinar: An Insight into Pakistan’s Anti-Espionage Act

On October 12th the TCM Originals published a 10-minute long webinar. As per its description, “Pakistan’s Official Secrets Act, 1923 is also known as the Anti-Espionage Act. Here’s how the law applies to Pakistan’s current political scenario, from audio leaks to the case of the cypher.”

18. Booking of Spying Capabilities Stokes Fear Hungary is Building a Surveillance State

The Balkan Insight published on October 13th that “in recent weeks, millions of Hungarians received an official survey to fill out for the country’s decennial census. What followed on Hungarian social media was an outburst of anxiety, sometimes even outright paranoia. Why is Prime Minister Viktor Orban’s government so meticulously inquiring about one’s housing, living standards, and so on? Should I admit I own two flat-screen TVs? And where will all this sensitive private data end up, anyway? Censuses are the most regular tools in the hands of governments to collect essential data for research and policymaking purposes. In Hungary, however, this new census has not only tapped into a deep mistrust of anything government-related but also into underlying fears that Orban is building a surveillance state. Last year, it was revealed that Hungary had been spying on its own citizens — including journalists, media company owners and politicians — with state-of-the-art Israeli spyware called Pegasus. Rumours of covert surveillance operations against journalists and the opposition have been swirling for years, but this was the first time that credible evidence was presented. That was when I also learned that I, too, had become a target of surveillance with this spyware technology.”

19. Mexican Scientist Convicted for Helping Russia Spy on US Had High-Level Mexican Political Connections

Following the week 7 (story #8) and week 25 (story #16), this week the OCCRP reported that “a Florida judge sent Mexican scientist Héctor Cabrera-Fuentes to jail in June on the charge of being an unregistered foreign agent. Now, reporters have discovered he was involved in discussions with the government of President Andrés Manuel Lopez Obrador on plans for an ambitious railway project.” It continues stating that “reporters from OCCRP and the Miami Herald have also discovered that this improbable saga included stops at Mexico’s National Palace, the official workplace of President Andrés Manuel Lopez Obrador. At the palace, Cabrera-Fuentes met numerous times with officials involved in Lopez Obrador’s lofty ambition to build a railway across southeastern Mexico known as the Trans-Isthmus Corridor, which could upend some global shipping routes and challenge the Panama Canal. Cabrera-Fuentes had been living in Singapore, and the Mexican government hoped to enlist him to attract investment from the Asian financial power, according to Hazael Matus Toledo, the mayor of El Espinal, who said he attended meetings between senior government officials and the scientist-turned-spy. “The last meeting was to be on a Tuesday. He was arrested on a Sunday,” Matus told OCCRP. It is unclear how the government of Lopez Obrador connected with Cabrera-Fuentes, or exactly what role he was playing in the development of the rail project. However, the Trans-Isthmus Corridor is widely seen as a bid by the populist president to attract Asian investment, and a potential threat to U.S. hegemony in the region. The office of the president did not respond to requests for comment on Cabrera-Fuentes’s relationship with the Mexican government.”

20. Al-Shabaab Executes 6 CIA Agents in Somalia

On October 15th Al-Somal reported that “reports from the city of Sako in the Central Juba region of southern Somalia indicate that Al-Shabaab has executed six men in the city on charges of espionage. The group said the six men were working for the US Central Intelligence Agency, but it was not clear if they were members of the group. Al-Shabaab regularly targets and executes people it says are spies after being subjected to airstrikes by US drones. The execution comes after the US military’s recent success in assassinating Abdullah Nazir, one of the founders of the Al-Shabaab movement, in the “Al-Haram” area of ​​Middle Juba. Nazir was one of the seven leaders of Al-Shabaab that the United States promised a $3 million reward for information leading to their capture.”

21. Germany ‘Erroneously’ Granted Entry Visa to Known Russian Intelligence Officer

Intel News reported on October 10th that “last summer, German embassy staff in Russia issued an entry visa to a Russian national, despite warnings by at least two European security agencies that he was a known intelligence officer, according to a report. The incident has fueled persistent allegations that Berlin’s counterintelligence posture against Russia is ineffective. According to the German newsmagazine Der Spiegel, it was in July of this year when the German Embassy in Moscow received an application for an entry visa to Germany by a Russian national. The application included an official invitation issued to the visa applicant by the Russian Consulate General in the eastern German city of Leipzig. However, the application prompted a strong counterintelligence warning by the Federal Office for the Protection of the Constitution (BfV), Germany’s domestic security agency. According to Spiegel, at least one more European intelligence agency warned against allowing the Russian national to travel to Western Europe. The reason for the warnings was that the visa applicant was known to operate internationally under diplomatic cover, on behalf of a Russian intelligence agency. The counterintelligence warnings were examined and caused the visa application to be rejected. However, a month later the applicant submitted a second application for an entry visa to Germany. Remarkably, the German embassy approved the second application, after “no longer recogni[zing] any suspicion of espionage” in association with this case. One possible reason, according to Spiegel, was that Russian officials had applied pressure on the German government, asking for a review of the application. When the issue was raised in Berlin, an internal review was launched. It reportedly found that the espionage warnings had been “overlooked due to an [administrative] error”. The visa was thus promptly canceled. Der Spiegel claims it is “possible that the accidental visa issue was related to [Berlin] wanting to show good will to the Russian side”.”

22. Ukrainian SBU Dismantled Russian GRU Network in Kharkiv

As reported on October 12th by Ukraine’s SBU, they “neutralised a multifunctional network of the Russian GRU in the Kharkiv region: they helped the enemy target the Armed Forces of Ukraine. The traitors acted on the orders of the Russian military intelligence (better known as the GRU) and had a wide range of tasks. In particular, the accomplices of the enemy were exposed: 1) ️collected and transmitted intelligence about the deployment of the Defence Forces of Ukraine and military equipment; 2) ️engaged in corrections and reporting on the results of Russian missile and artillery strikes on Ukrainian targets; 3) ️”hunted” for HIMARS missile systems. According to available data, the organisers of the network are two residents of the Kharkiv region. They formed a pool of informants from among their acquaintances and friends, whom they used “in the dark”. Both organisers agreed to cooperate with Russia for ideological reasons and because of promises of “high positions” in the event of occupation of the region. They also received a monetary reward for each piece of intelligence. One of them moved to the temporarily occupied territory at the beginning of the full-scale invasion and continued his subversive activities from there. And this despite the fact that his son is a soldier of the Armed Forces of Ukraine and fights against the Russians. So far, the SBU has detained a GRU agent who remained in the territory controlled by Ukraine.”

23. Indian Cyber Espionage Operation Targeting Kashmir

Cyber threat intelligence reseracher Kimberly discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as DONOT, and who has been previously associated with Innefu Labs, a private Indian cyber-espionage firm working with government agencies. The operation involved a lure Microsoft Word document titled “kashmir_27Oct2022.doc” which, if opened, was covertly installing a custom cyber espionage software implant.

24. Turkish MIT Assassinates PKK/YPG Member in Syria

Turkish media reported on October 14th that “based on information received from intelligence sources, Nejdet Dağlarer, codenamed “Geli Serhat”, the so-called Çavreş brigade headquartered in the Şeddade region of Syria, was neutralised with a special operation carried out by MIT in Syria. It was learned that Dağlarer was surveilled by MIT for his activities in Turkey and his actions against the Turkish Armed Forces in Syria. It was determined that the terrorist, who joined the rural staff of the PKK terrorist organisation in 2009, continued his armed activities in the Şemzinan region of Hakkari, on the Iranian border, in 2012. It was stated that the terrorist Dağlarer was wounded in the arm during a clash with the security forces while he was in the region. It was determined that Dağlarer, who was found to have crossed into Iraq and then Syria in 2016 after his activities in Turkey, carried out activities on behalf of the organisation in the Aleppo region for a long time, and took an active role as a guide especially during the Olive Branch and Peace Spring operations. It was stated that the terrorist Dağlarer was in charge of the so-called tunnel and emplacement in the Aynularap region in 2020, and when it was neutralised, he was responsible for the so-called Çavreş brigade, one of the rural cadres of the PKK/YPG. Intelligence sources evaluated that the neutralisation of the so-called Çavreş brigade, one of the largest terrorist units in Syria, seriously damaged the organization’s structure in Syria.”

25. What is MI5 Hiding in its Secret 60 Year-Old Files?

Declassified UK published this article on October 11th. As per the article, “scores of MI5 files on two of the most sensational political and security scandals in the history of modern Britain — the Profumo affair and the Cambridge spy ring — were released at the National Archives on Tuesday. But they are so heavily redacted that it is clear those that would cause the most damage and most embarrassment if they were released, remain suppressed, 60 years after the events they describe.” The article includes the following sections: 1) Sex, spying and politics, 2) Withheld indefinitely, 3) Dumped by MI5, 4) Covering up the Cambridge spy ring, and 5) 37 years monitoring.

26. Australia: Mike Burgess Aims to Take Australia Into Global Intelligence Premier League

Intelligence Online published this article on October 14th, saying that “the current head of the Australian Security Intelligence Organisation (ASIO) and former head of the Australian Signals Directorate (ASD) is a living symbol of the Australian intelligence sector’s determination to raise its game to meet the perceived threat posed by China.”

27. This is How “Hamas Beauties” Hacked the Phones of Israeli Officers

The Echorouk El Yawmi newspaper reported on October 13th that “a recent report published by Al Jazeera Net revealed the most prominent operations of the Al-Qassam cyber unit, which were carried out by “Hamas’ beauties”, and targeted Israeli security systems. According to the report, Hamas has reversed the game to its advantage and is using social media to trap Israeli army officers with the help of beautiful girls. Usually, the Israeli intelligence services used this method to entrap Palestinian youths to recruit them. In 2017, the “Hamas Beauties” held talks with dozens of Israeli soldiers from fake accounts, and asked them to download a phone application, through which their phones were hacked and controlled.”

28. Secretive Turkish Intelligence Unit Set to Conduct Clandestine Operation in Greece

Nordic Monitor reported on October 10th that “the Turkish president, who in recent months has repeatedly threatened an invasion of Greek islands in the Aegean Sea, plans to deploy a secretive, specially trained unit attached to intelligence agency MIT to escalate tensions with Greece, a NATO ally and neighbor. The MIT unit, the existence of which has never been publicly admitted, is a relatively new tool in the arsenal of Turkey’s intelligence agency and will be put to use for the first time in setting up a clandestine, military-style operation against a Western country. The plot includes several options, ranging from sabotage in Greek islands close to the Turkish mainland to raising a Turkish flag on one or several uninhabited islets and rock formations as well as conducting a false flag operation to justify a Turkish response. Turkish President Recep Tayyip Erdoğan is still considering the alternatives submitted to him by his confidant, Hakan Fidan, the head of MIT, and has not yet decided which course of action he wants to take. According to information obtained by Nordic Monitor from sources familiar with the plot, it will be up to this special unit created within the intelligence agency to carry out the operation in the Aegean Sea with logistical support from the Turkish military’s air and naval assets. The plot, kept strictly confidential on a need-to-know basis within Erdoğan and Fidan’s close circle, will be put into motion sometime near the general election in 2023 to rally the nation behind Erdoğan and bring a windfall vote for his ruling Justice and Development Party (AKP) and its nationalist allies.”

29. When Spyware Turns Phones Into Weapons

The Committee to Protect Journalists (CPJ) published this article on October 13th saying that “there’s nothing new about governments or criminal gangs spying on journalists or activists they fear might expose or discredit them. But the development of high-tech “zero-click” spyware — the kind that takes over a phone without a user’s knowledge or interaction — poses an existential crisis for journalism and the future of press freedom around the world.”

30. Australian Federal Police (AFP) Secret Agents Exposed in Colombian Data Leak

Bleeping Computer reported on October 14th that “identities of secret agents working for the Australian Federal Police (AFP) have been exposed after hackers leaked documents stolen from the Colombian government. The leak comes from a hacktivist group called Guacamaya and includes more than five terabytes of classified data, including emails, documents, and methods AFP agents were using to stop drug cartels from running their business in Australia. Details exposed this way are from 35 AFP operations, some of them still active, and also include surveillance reports from agents, phone tap recordings, and payroll data for Colombian officers. The AFP is not the only law enforcement agency collaborating with the Colombian government so police agencies from other countries are likely to be affected.”

31. Russia Detained Ukrainian Agent in Kherson

RT reported on October 14th that “the National Guard announced that officers of the department detained an accomplice of the Armed Forces of Ukraine in the Kherson region, who transmitted intelligence about the Russian Armed Forces. “During a special operation, the National Guard identified a local resident suspected of cooperation with the Armed Forces of Ukraine,” the statement says. According to the agency, from March to August 2022, he was collecting intelligence about the movement of the Russian military in the Kherson region, and then passed the relevant data to Ukrainian intelligence. Earlier, the Russian Guard detained a resident of the Zaporozhye region who was transmitting data about the Russian military.”

32. Germany: Intelligence Control Council is Being Rebuilt

Tagesshau reported on October 14th that “on Monday, the German public will get a rare insight into the work of the secret services. Then the meeting of the Parliamentary Control Committee (PKGr) is to take place in the Bundestag. The heads of the Federal Intelligence Service (BND), the Federal Office for the Protection of the Constitution (BfV) and the Federal Office for the Military Counterintelligence Service (BAMAD) answer questions from MPs. The group normally meets in secret, but spectators and listeners are allowed once a year. A lot has happened in the control of the secret services in recent years. The trigger was the NSA affair ten years ago. In the process, it became clear that the surveillance by the BND had also crossed borders. Stricter rules followed. The public PKGr hearing was introduced, and a new BND law was passed. This prescribes more precisely what the foreign secret service is allowed to do. In addition, to support the members of the Parliamentary Control Committee (PKGr), the Bundestag has now introduced a “permanent representative” who, with his team, is allowed to control, for example, work with spies. What was particularly drastic, however, was that a new supervisory authority was created. So far, hardly anyone has taken notice of it — but it could soon become even more powerful. Since the beginning of the year, the Independent Control Council (UK Council), a supreme federal authority, has been controlling the BND’s technical surveillance measures. According to information from WDR and NDR, there are now plans in the federal government to have the surveillance measures of the Office for the Protection of the Constitution and the military counter-intelligence service checked by the new body in the future. This could eliminate the G10 Commission, a control body consisting of independent, honorary lawyers who have hitherto approved the secret services’ technical wiretapping measures in secret meetings.”

33. Analysis: Same Cloak, More Dagger: Decoding How the People’s Republic of China Uses Cyberattacks

This week US private firm Booz Allen Hamilton published this 76-pages report. As per its executive summary, “cyberattacks by the People’s Republic of China (PRC) pose a growing threat to U.S. national security. The PRC has a proven pattern of infiltrating the critical infrastructure of its national competitors — including the U.S. — and has demonstrated the ability to conduct disruptive and destructive attacks against key sectors. These attacks have become an integral part of Beijing’s playbook to deter and compel its opponents, especially the U.S., while minimizing escalation. While many documented examples of these offensive operations are already public, the lack of cohesive analysis tying these operations to the broader PRC strategy hinders U.S. preparedness for this threat. This report shows a pattern of PRC cyberattacks over the past decade designed to influence countries, organizations, and people that threaten the PRC’s stated core interests. For example, PRC actors likely: Knocked the U.S.-based developer platform GitHub offline for enabling targeted subversion of PRC censorship; Disrupted semiconductor manufacturing in Taiwan after it re-elected a resistant president seeking closer U.S. ties; Infiltrated American natural gas pipeline operators in response to the U.S. strategic reorientation to the Indo-Pacific. Now, U.S. critical infrastructure organizations and countless companies with global interests face increased risk from PRC cyberattacks. Beijing’s intensifying pressure on Taiwan, in
particular, greatly raises the likelihood of cyberattacks disrupting critical supply chains.”

34. Who Will Solve This Encryption of the Spy Brian Regan?

CipherBrain published this article on October 13th. As per the article, “Spy Brian Regan sent a coded message to the governments of China, Libya and Iraq. Can a reader decipher this message? I have blogged about Brian Regan, the spy with spelling deficiencies, several times. Regan, a satellite specialist with the National Reconnaissance Office in the U.S., wrote a letter to Saddam Hussein offering classified information for sale. He sent similar letters to other government leaders. In each case, he enclosed printouts from a secret database as samples of his work. His misfortune: There was also a spy on the receiving end, and he informed the U.S. FBI.”

35. Podcast: CIA — The Recruiter: What Does It Take to Join CIA?

This week the United States Central Intelligence Agency (CIA) published their 3rd podcast episode. As per its description, “on this episode, Dee and Walter sit down with an Agency recruitment leader to learn what characteristics CIA is looking for when selecting candidates, how CIA differs from the private sector, and the number of occupations that the Agency has to offer — which may surprise you. *Nothing in this podcast should be construed to be an endorsement by the CIA or the US Government of any particular company, product, or service.”

36. Cyber Espionage Operation Targeting the Palestinian Government

Cyber threat intelligence researcher Jup1a discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as ARID VIPER. The operation involved two lure files titled “The Ministry of State for Wall and Settlement Affairs established by the Palestinian government.xz” and “The situation of Palestinian refugees in Syria refugees in Syria.exe” which, if opened, was covertly installing a cyber espionage software implant.

37. Saudi Arabia: Government Appoints Khashoggi Murder Cover-up Agent as President of Counter-Terrorism Court

Saudi Leaks reported on October 15th that “saudi Arabia issued a royal decree appointing a detective implicated in the cover-up of Jamal Khashoggi’s murder as President of the country’s counter-terrorism court, as well as detectives and prosecutors loyal to the Crown Prince to serve as judges for the court, according to Democracy for the Arab World Now (DAWN). As a result of these appointments, the court has handed several harsh jail terms, reversing relatively milder penalties granted by lower courts, including sentencing two Saudi women to 34 and 45 years in prison, respectively, for their use of social media. These appointments were made following the arrest and removal of at least nine notable judges by the State Security Agency on April 11, 2022. “The Crown Prince is appointing loyalist security officials who lack even basic training as judges to its kangaroo ‘counter-terrorism’ court, punishing the mildest social dissent with shocking sentences,” said Abdullah Alaoudh, Gulf Director at DAWN. “Rewarding a detective involved in the cover-up of Jamal Khashoggi’s murder with an appointment to head this court is only the latest snub to accountability for the murder and a glimpse into the government’s staggering disregard for justice and due process.” The royal proclamation announcing the appointment of at least ten investigators and prosecutors to the Specialized Criminal Court, dated June 9 and acquired by DAWN, is unique in Saudi Arabia. One selected is Abdullah bin Shayea al-Qahtani, who formerly worked as a prosecutor in the State Security Circuit of the Public Prosecution. In addition to acquiring a bachelor’s degree in law or its equivalent, judges are generally required to attend at least two years of judicial training and study at the High Judicial Institute. The appointments came after the State Security Agency removed at least nine justices from the Terrorism Court, the Terrorism Appeals Court, and the High Court, arresting and charging them with treason. There is no information on the prosecution of these judges. Detective Awadh bin Ali bin Ayedh al-Mayshar al-Ahmari has been appointed as President of the Specialized Criminal Court. Al-Ahmari was implicated in the cover-up of the Khashoggi murder in Istanbul, heading to the Saudi Consulate in Istanbul in 2018 with Attorney General Saud al-Mojeb reportedly to investigate the murder. Nevertheless, according to the report of the Special Rapporteur on Extra-Judicial, Summary, or Arbitrary Executions of the United Nations, the Saudi delegation assisted in removing the evidence of the crime, preventing Turkish authorities from investigating the location, and providing false information to the public about what had transpired.”

38. EU Under Scrutiny for Bankrolling Surveillance in Africa

EU Observer reported on October 12th that “a verdict is imminent on the EU Commission, for projects it financed to help dubious governments in Africa spy on their own people. The money comes from the EU Trust Fund for Africa, part of which is being used to develop mass-scale biometric identity systems across the African continent.”

39. Podcast: Spycraft 101: Killing Castro: The Unlikely Alliance Between the CIA and the Mob with Thomas Maier

On October 10th Spycraft 101 published a new podcast episode. As per its description, “this week, Juston sits down with Thomas Maier. Thomas is an author and award-winning investigative journalist, having worked at NewDay since 1984. He has also written several historical books, including When Lions Roar about the Churchills and the Kennedys, and Masters of Sex, which was produced as a series on Showtime for four years. His latest book, Mafia Spies, details the inside story the inside story of the relationship between several senior figures in organized crime in the early 1960s and members of the Central Intelligence Agency who wanted Fidel Castro dead, as well as their unlikely and temporary alliance.”

40. Serbian and Romanian Military Intelligence Chiefs Meeting

On October 12th the Military Intelligence Agency (VOA) of Serbia issued a press release stating that “the Deputy Prime Minister and Minister of Defence Dr. Nebojsa Stefanović met today with the head of the Military Intelligence Directorate of the Ministry of National Defence of the Republic of Romania, Major General Gabriel Angel. Minister Stefanović and Major General Angel discussed possible modalities for further improvement of cooperation between the two services, as well as the current political and security situation in the Western Balkans and in Europe. On this occasion, Minister Stefanović also thanked Romania for its consistent position on non-recognition of the so-called Kosovo and respect for the territorial integrity and sovereignty of the Republic of Serbia. Along with Minister Stefanović, the director of the Military Intelligence Agency, Major General Zoran Stojković, attended the meeting.”

41. United States: Jareh Dalke Arrested for Offering NSA Documents to the Russians

Following week 39 (story #34), ElectroSpaces published this article on October 12th. As per the article, “on September 28, the FBI arrested Jareh S. Dalke, who attempted to sell the Russians some highly classified documents which he exfiltrated within less than a month after he started working at the NSA. Court records provide a lot of interesting details about this case, but also raise a number of questions.” The article continues in the following four sections: 1) A job at the NSA, 2) Contacting the Russians, 3)

42. Finland’s Supo: Drones Increasingly Spotted Near Critical Infrastructure

YLE news published this story on October 13th stating that “drones have increasingly been spotted in general, as well as around critical infrastructure in Finland, according to the Finnish Security and Intelligence Service (Supo). “Drone sightings have increased and some of those sightings were near critical infrastructure,” said Lotta Hakala, Supo research specialist. Drones are small, remote-controlled aircraft, and while they can be used for nefarious purposes, the devices are also very popular among a growing number of hobbyists as well as commercial aerial photographers. Critical infrastructure includes energy and transportation systems such as power plants, railroads and airports. Investigating infrastructure threats by nation states is Hakala’s field of specialty. She said that Supo is monitoring the situation very actively, noting that drone sightings have been made in different parts of the country. Authorities have not been able to confirm why most of the drones were flying in certain areas, but have confirmed that some of the sightings involved commercial photographers or similar activities. “We carry out background investigations, but we can’t track down who was involved in all cases,” Hakala said. “We can’t rule out anything.” Generally, the security service presumes the increased sightings of drones are partly due to an overall increase in vigilance. However, it urges members of the public to report drone sightings to authorities, especially if they are spotted flying around critical infrastructure sites. “If they’re around a no-fly zone near critical infrastructure, it’s worth getting in touch with the local police,” Hakala said.”

43. Senior Undercover Chinese MSS Officer Conducting Influencing Operations in Australia

Senior Analyst Alex Joske published this Tweet with a photograph on October 10th saying that “the Australian embassy (and many others) treated one Chinese scholar as a valued contact and source in the 2000s. Here he is at the Australian ambassador’s residence. My book shows he’s a senior undercover MSS officer specialising in influence operations against Five Eyes nations.”

44. Ukrainian SBU Dismantles Russian Spy Network of 7 People and Shares FSB Tactic for Agent Networks in Ukraine

On October 13th Ukraine’s SBU published this announcement stating that the “counter-intelligence of the Security Service neutralised a Russian agent network, which the enemy had spread to various regions of Ukraine. It included 7 prisoners who were in the territories of correctional facilities in the Kyiv, Kharkiv, Dnipro and Chernihiv regions, where they arrived after being transferred from the prison of the temporarily occupied Luhansk region. All of them had a minimum term behind bars, so the FSB recruited “convicts” and “prompted” them to ask Ukraine to transfer the temporarily occupied Luhansk Region from prison, as provided by law. After the end of the prison term, the new Russian agents were supposed to carry out hostile tasks against Ukraine. As the SBU established, the handler of this network was the “head of the operational unit of the correctional colony №38” of the LNR terrorist organisation. He coordinated his actions with case officers of the FSB. However, the employees of the Security Service acted in anticipation, promptly exposed the Russian agents and thereby foiled the enemy’s plans to obtain intelligence.”

45. Spymasters Tahnoon bin Zayed and Mohammed Al Naamani Draw Up New UAE-Oman Intelligence Pact

Intelligence Online reported on October 14th that “at a summit in Muscat last month, Oman’s intelligence chief Mohammed Al Naamani and the UAE’s national security adviser Tahnoon bin Zayed drew up plans for the two countries’ new security cooperation.”

46. Here is What We Know About the Russian Spies in the Netherlands

On October 14th the Dutch NOS published this article saying that “at least twenty Russian official covers — spies in diplomatic services — were still active in The Netherlands at the beginning of this year. Seventeen of them were deported in March. Unlike ordinary diplomats, the intelligence officers are hardly traceable on the Internet. They are not active on social media or stopped being active years ago. Several of their spouses can, however, be found online. Thanks to them, we know a little bit more about the lives of these official covers. We also talked to sources in the intelligence world and submitted the list to the Dossier Center. The Center is an organization financed by Mikhail Khodorkovski, a Russian businessman in exile, with access to databases containing information leaked earlier about the training and background of Russian intelligence officers.” The article reveals the identities of the following Russian spies: 1) SVR Crypto Expert Kirill Matveev (30), 2) SVR Crypto Expert Aleksey Druzhin (33), 3) SVR Supervisor Sergey Pyatnitskiy (52), 4) GRU Crypto Expert Oleg Korotkov (53), 5) SVR Counterintelligence Officer (VKR) Roman Nefedov (34), 6) SVR Counterintelligence Officer Aleksey Frolov (34), 7) SVR Technical Surveillance Expert Maksim Matveev (29), 8) SVR SIGINT Expert Pavel Nesterov (31), 9) SVR Chemical & Nuclear Technology Espionage (KN) Stanislav Mokritskiy (39), 10) GRU Officer Ivan Lykov (44), 11) GRU Officer Andrey Vedeneev (38), 12) Head of GRU Department of the Embassy Mikhail Klimuk, 13) GRU Officer Andrey Kolotov (36), 14) GRU Officer Aleksey Chadin (43), 15) GRU Crypto Expert Dmitriy Pichugin (53), 16) GRU Crypto Expert Mikhail Milashuk (63), 17) GRU Officer (previously military unit 22177) Vadim Eliseev (56), and 18) GRU Officer Boris Mokrov (34).

47. Danish Government Backs Probe Into Spy Chief Scandal

Reuters reported on October 14th that “Denmark’s government backed on Friday opposition calls for an investigation into the case of a former spy chief accused of leaking state secrets. In a book published this week and partly written in custody, ex-foreign intelligence unit head Lars Findsen said the government unfairly suspended him in 2020 for political motives. “We need broad political trust in the work of the intelligence agencies and if distrust arises, we think it’s sensible to establish an investigative commission,” Justice Minister Mattias Tesfaye told local broadcaster TV 2. A majority of parties now support a parliamentary probe. In a security scandal roiling the Nordic country, Findsen spent two months at the start of this year in custody, where he partly wrote “The spy chief — Memories from cell 18”. Prior to his arrest in December, Findsen was suspended over accusations of wrongdoings from an independent board overseeing the unit. He says the government attempted to avoid a scandal by putting him and other employees at the agency on furlough. Last month, the state prosecutor charged him with passing state secrets to six people including two journalists over the course of 16–17 months. Findsen denies wrongdoing.”

48. Norway: Russians Arrested: Taken with Two Drones at Storskog

NRK reported on October 13th that “the police in Finnmark are asking for two weeks’ detention for a Russian who filmed with a drone in Norway. They will review large amounts of seized film, and the charges may be extended.” The article continues that “Minister of Justice Emilie Enger Mehl (Sp) is aware of the case at Storskog, and thinks it is good that the police are vigilant and have control at the border. Could this be espionage? It is too early to draw conclusions. Now this case is under investigation by the police, and I cannot comment on individual cases. At the same time, it is known that we have an intelligence threat against us which has been reinforced by what is happening in Europe, Mehl says live on NRK Dagsrevyen. She points out that the government has strengthened the preparedness of the police, PST and the National Security Agency.”

49. French DGSE and Israeli Mossad Have Front Row Seats at Upcoming Al Halabi Trial in Vienna

As reported by Intelligence Online on October 13th, “the torture trial of former Syrian intelligence officer Al Halabi, due to open in Austria soon, raises questions about the handling of intelligence sources in countries with complex governance.”

50. Ukrainian SBU Detained Russian Agent “Red Handed” in Kharkiv

On October 14th Ukraine’s SBU announced that they detained “another Russian agent in the Kharkiv region. The enemy’s accomplice managed to be detained “red handed” while gathering intelligence about the positions and movements of Ukrainian equipment and military personnel. During the search, a mobile phone, SIM cards and a laptop with evidence of illegal activity were seized from him. According to the investigation, an 18-year-old resident of Krasnograd, Kharkiv region, acted in the interests of the Russian intelligence services. He agreed to cooperate with the enemy for a monetary reward.”

51. Lebanese Cyber Espionage Operation Targeting Israel

On October 11th cyber security and intelligence private firm ESET published a technical analysis for some previously undocumented custom cyber espionage tools. As per the analysis, “ESET researchers reveal their findings about POLONIUM, an advanced persistent threat (APT) group about which little information is publicly available and its initial compromise vector is unknown. POLONIUM is a cyberespionage group first documented by Microsoft Threat Intelligence Center (MSTIC) in June 2022. MSTIC’s assessment is that POLONIUM is an operational group based in Lebanon, coordinating its activities with other actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS). According to ESET telemetry, POLONIUM has targeted more than a dozen organizations in Israel since at least September 2021, with the group’s most recent actions being observed in September 2022. Verticals targeted by this group include engineering, information technology, law, communications, branding and marketing, media, insurance, and social services. Our findings describing the tactics of this group, including details about a number of previously undocumented backdoors, were presented in late September at the Virus Bulletin 2022 conference.”

52. Germany: Allegations Against BSI President: Are Schönbohm’s Days Numbered?

Following story #2 from this week, Tagesschau reported on October 13th that “Federal Minister of the Interior Nancy Faeser did not want to commit himself on Wednesday when she was asked whether BSI President Arne Schönbohm would be replaced. “I’m currently examining the events that were in the press over the weekend. I can’t say more about that today,” said the minister. Schönbohm is under pressure for several reasons. It’s about the question of whether his agency might not have taken a warning from the Office for the Protection of the Constitution seriously enough. And he has been criticized for not keeping enough distance from a dubious club whose chairman is a personal friend. According to information from Kontraste and “Zeit” , the Federal Ministry of the Interior says that Schönbohm’s days as BSI boss are numbered. The current debate about Schönbohm picked up speed after the “ZDF Magazin Royale” in cooperation with the research platform Policy Networks Analytics reported on the company Protelion GmbH from Berlin, which had submitted one of its products to the BSI for certification. The company is linked to the Russian software group OAO InfoTeCS, which in turn is said to be linked to Russian intelligence services. Protelion operated under the name Infotecs Security Software GmbH until March 2022. There were conflicts about the certification process because the Federal Office for the Protection of the Constitution warned the BSI about the company, but apparently did not get through to the BSI. Until it was expelled on October 10, 2022, Protelion GmbH was also a member of the “CyberSicherheitsrat Deutschland eV” (CSRD), an IT lobby association that was originally founded by Arne Schönbohm himself and his friend Hans-Wilhelm Dünn.”

53. North Korean Cyber Espionage Targeting South Korean Entities

The Shadow Chaser Group of the GcowSec team discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as KIMSUKY, who has been previously associated with the intelligence services of North Korea. The operation involved a lure CV written in Korean which, if opened, was covertly installing a custom cyber espionage software implant.

54. Netherlands: The AIVD Protects State Security, But Endangers Journalists

The Dutch NRC published this story on October 14th. As per the article, “the intelligence agencies AIVD and MIVD systematically recruit journalists as sources, informants or even spies. This also happens to journalists who can get into trouble in conflict areas such as the Middle East. This is evident from research by NRC. 16 of 32 journalists who approached NRC for this article say they have received requests from the AIVD or MIVD. These are editors and correspondents who write on topics or work in areas that have the attention of the agencies. In a few cases, the AIVD appeared to be willing to pay. The reason for the survey was an internal AIVD document that NRC saw through Publeaks. The document lists the names of 21 ‘sources and agents’. Among them are eight journalists. In a response, the AIVD says it will investigate the leaking of the document.”

55. UK: Latest Release of Files from MI5; Spies, Social Climbers and Suspicious Stories from the Files of MI5

Following this week’s story #25, the United Kingdom’s National Archives issued this press release stating that “today we have made available to the public 147 previously top secret files from the Security Service, or MI5. The records cover a range of subjects predominantly from the 1960s and 1970s although there are some from earlier years. Personal files include individuals classed as Cold War-era Soviet intelligence officers, agents and suspected agents, right wing extremists who came to the attention of MI5, and other individuals of Security Service enquiry. All the files in the release will be available to download from Discovery, our catalogue. Many of the files concern individuals involved in the Profumo Affair. They include Evgenyi Ivanov, the Soviet intelligence officer at the centre of the controversy, and Stephen Ward, the osteopath and portrait artist who was well connected with people of influence, before being tried and found guilty of living off immoral earnings. There are also files on several people with links to the Cambridge spy ring, including Fred Warner, Jack Hewit, Victor and Tess Rothschild, and Goronwy Rees. Thirteen files relate to John Vassall, the British civil servant who was jailed for spying for the Soviet Union, likely under threat of blackmail, and another selection of files on the Krogers, the suburban couple implicated in the Portland spy ring.” Along with this, the National Archives also published this blog post covering: 1) John Vassall — a ‘social climber’?, 2) Fred Warner — ‘Less than frank’?, and 3) Irwin Sanders — An intelligence nuisance.

56. Iranian-American Convicted as Spy Siamak Namazi Returned to Prison in Iran

Following week 40 (story #57), EuroNews reported on October 13th that “Iranian-American businessman Siamak Namazi was forced back to Tehran’s Evin prison on Wednesday after Iranian authorities granted him provisional release on Oct. 1 and allowed his elderly father to leave Iran for medical treatment on Oct. 5, lawyers said. The family’s attorney, Jared Jensser, said in a statement that Namazi, who was indicted in 2016 on espionage charges that were dismissed by the United States as groundless, will pass seven years since his arrest and detention on Thursday in Iran. “Yesterday, members of the Islamic Revolutionary Guard Corps informed without providing any explanation,” Genser added, saying that the provisional release was renewed once on Oct. 8. “Later this morning (Tehran time), the Islamic Revolutionary Guard Corps re-detained Siamak and forced him to return to Evin Prison,” he added.”

57. Iran Publishes the Confessions of 4 Iranians Who Worked for Mossad

Al-Ain published this story on October 13th stating that “on Wednesday evening, Iranian state television published confessions of people it said were Iranian Kurds who planned to bomb industrial facilities in Isfahan, central Iran. Isfahan, located in the centre of Iran, includes the controversial Natanz nuclear facility, and is one of Iran’s most important nuclear sites. In the details, the Iranian report, which was followed by the “Al-Ain News” correspondent in Tehran, and was also published by the official news agencies, including the “Fars News” of the Revolutionary Guards, said that “the detainees are four members of the Iranian Kurdish opposition Komala Party.” One of the detainees said, during his confessions, which was broadcasted on Iranian state television, without mentioning his name, that “the Komala Party informed him that he must undergo training and that he will be transferred from the Sulaymaniyah Governorate in northern Iraq to the Kirkuk Governorate” blindfolded. The Iranian TV report added that “these were transferred from northern Iraq to Botswana in Africa, and they underwent training by 20 officers from the Israeli Mossad.” The report continued, “The four detainees from the Kurdish Komala Party trained at a military base in the Republic of Botswana, and according to the plan prepared by the Mossad, the aim was to blow up industrial facilities in the province of Isfahan, central Iran.” According to the report, “the arrest operation against them was carried out by the Iranian security and intelligence apparatus in late September.” The Komala is one of the main Kurdish parties opposing the Iranian regime. It has a military wing and usually clashes with Iranian forces on the western border with the Kurdistan region of Iraq. Iran classifies the Kurdish groups opposing it as “separatist terrorist organisations”, and the Komala Party is based in the mountainous areas of Sulaymaniyah province in northern Iraq.”

58. Hong Kong Should Be a Hub for Many Things, But Not Espionage

According to this article from South China Morning Post, published on October 11th, “I got a kick out of reading this lead story from the Financial Times last week. It reported, rather breathlessly: “China has demanded the floor plans of all properties rented by foreign missions in Hong Kong, in a move diplomats believe reflects Beijing’s paranoia about overseas interference in the Asian financial hub’s turbulent politics.” “Paranoia”, in the first paragraph? You mean they haven’t been interfering in Hong Kong? US officials have openly testified before the US Congress about their subversive activities in the city during the 2019 riots, and complained about not getting enough funding, budgets being cut and otherwise not getting all the resources they needed. These days, for most Anglo-American news outlets, you can move whole stories about Hong Kong and mainland China from the news section to the op-eds and you wouldn’t know the difference. So Chinese authorities have demanded, the FT reported, “floor plans, details of rental or sale terms, as well as lease or sale agreements” from foreign missions. That’s actually standard practice on the mainland. Now horror of horrors, it’s being extended to Hong Kong. It’s about time, I say. There is a new cold war threatening to become a hot war with the United States and its allies against China. What do you think those countries have been doing in Hong Kong, an open Chinese city they could move their spies in and out of easily, or used to?”

59. France Says Fifth Frenchman Detained in Iran, EU to Impose New Sanctions

EuroNews reported on October 11th that “French Foreign Minister Catherine Colonna said on Tuesday that five French nationals were now being held in Iran, and that the European Union had agreed technical aspects of imposing sanctions on Tehran that will come into effect next week. France criticised Iran on October 6, accusing it of “dictatorship practices” and holding its citizens hostage, after a video was released showing a French couple admitting to espionage, after weeks of unrest that Iran has linked to foreign adversaries. France then urged its nationals to leave Iran as soon as possible, saying they were at risk of arbitrary arrest.”

60. Polish-French Collaboration on Space-Based Intelligence

On October 14th the Director of the Polish Institute of International Affairs (PISM) published this statement saying that “Gen. Blazeusz of Poland General Staff on the Polish-French military cooperation in space domain: “soon an agreement will be sealed on the satellite cooperation, we will start from IMINT, then SATCOM, ultimately we will also develop SIGINT. It will be a long term Polish-French operation.”.”

61. British Police Spy Unlawfully Operated in Germany, Court Finds

The Guardian released this article on October 11th stating that “a German court has decided that a British undercover police officer who spied on environmental campaigners operated unlawfully during his deployment in that country. The ruling concludes a long-running legal case that was initiated by one of the campaigners who was spied on by Mark Kennedy, the undercover officer. A judge in the German state of Mecklenburg-Vorpommern said on Monday that Kennedy’s deployment there had been “objectively illegal” because it had not been given the necessary approval by judges. The decision focuses attention on how European police have collaborated to infiltrate political groups as part of an extensive surveillance operation. Kennedy, a member of a covert British police unit, spent seven years spying on environmental and leftwing activists until he was unmasked in 2010. During his deployment he travelled outside Britain and spied on activists in at least 14 countries. After his unmasking, German police were forced to admit that Kennedy had worked for three German states during at least five visits to the country between 2004 and 2009. In Germany, he infiltrated groups of environmental activists, anarchists, anti-fascists and campaigners who were protesting against G8 summits, including the 2007 G8 in northern Germany. Kennedy befriended an activist, Jason Kirkpatrick, who subsequently took legal action in Germany to help expose the scope of the spy’s conduct. On Monday, Kirkpatrick and the defendant, the interior ministry of the state of Mecklenburg-Vorpommern, agreed to settle the case after it emerged that little evidence about Kennedy’s deployment in Germany survived.”

62. IRGC’s Intelligence Arrests Individual Working for Israel Spy Agency in Kerman

On October 11th ParsToday reported that “the head of the Justice Department in Kerman, Hojjatoleslam Ebrahim Hamidi, said on Tuesday that the detainee had been involved in espionage activities for the Zionist regime and “intended to carry out anti-security measures and acts of sabotage” in the province, Tasnim news agency reported. The plot was, however, thwarted thanks to the vigilance of the IRGC’s Intelligence Organization, he added. The judicial official said the man — whose identity was not disclosed — was operating in Iran under the guise of a businessman. He had traveled to different countries with the goal of transferring information and receiving training from Israeli operatives for sabotage operations, he added. The last destination prior to his detention had been Erbil, the capital of Iraq’s semi-autonomous Kurdistan region, Hamidi said. The individual was reported to be using social media platforms and encrypted software to communicate with the Israeli regime’s spy and military agencies. The detainee, the report said, intended to leave the country to meet with an Israeli agent in one of the regional countries and receive a new mission, but he was arrested before leaving the country. Back in July, Intelligence Ministry arrested a network of Israel’s Mossad spy agents at the western borders, confiscating a large cache of weapons and ammunition that they were planning to use to provoke riots and terror inside the country. Also in April, it arrested three agents working for the Israeli spy agency in the country’s southeastern province of Sistan and Baluchestan.”

63. Budworm: Espionage Group Returns to Targeting U.S. Organisations

Cyber security and intelligence private firm Symantec published this technical analysis on October 13th. As per its introduction, “the Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is the first time in a number of years Symantec has seen Budworm targeting a U.S-based entity. Along with the above high-value targets, the group also conducted an attack against a hospital in South East Asia.”

64. Russians Expelled from Netherlands Were Spying on High-Tech Sector, Recruiting Informants

Following this week’s story #46, on October 14th the NL Times reported that “the other eleven focused on actively gathering intelligence or identifying possible recruits. Two specifically worked on recruiting sources from Dutch intelligence personnel and from foreign services active in the Netherlands, like the CIA. They also watched the Russian embassy personnel for signs of them defecting to the Dutch intelligence services. At least two others were military technology experts, according to NOS. The broadcaster’s sources assume they were gathering information about microchips for the Russian army. Two years ago, the Netherlands deported another Russian too actively involved in this pursuit. Ben de Jong, an expert in Russian intelligence services and affiliated with Leiden University, told NOS that the Russians weren’t necessarily looking for Dutch information. “If a Russian service succeeds here in recruiting someone from Foreign Affairs or Defense, then there’s a good chance they will also discover secrets shared with the Netherlands by other countries or organizations. In this way, the Netherlands acts as a back door.”.”

65. U.S. Has Made ‘Dramatic Change’ in Technology Used for Nuclear Code System: Revamped Spy Museum Gives Public Access to One of Nation’s Most Secretive Subjects

This was a story published by the Wall Street Journal on October 14th and covers the newly re-opened National Security Agency’s (NSA) National Cryptologic Museum (NCM). Among others the article has photographs of the following new items: 1) a part of the MP37 biscuit maker. U.S. presidents are said to carry a card with nuclear launch codes nicknamed the biscuit, 2) a DEC Alpha computer server that generated secret keys a president would use to initiate a nuclear attack, 3) the ‘Russian Fish’ instrument was used by the Germans during World War II, 4) the B variant Enigma coding machine, and 5) a cipher reel used by the Confederate Army during the Civil War.

66. Netherlands: ‘Backdoor in the National Police Interception System, Israelis Could Listen In’

The Dutch de Volkskrant reported on October 15th that “concerns about espionage via the national wiretapping system have been around for some time. Experts have warned several times in recent years, including in Nieuwsuur , about the risks of the system with which criminals and terrorism suspects are intercepted. Those concerns centre on the fact that the complex equipment is provided by Israeli companies with close ties to their government. The fear is that the Netherlands hardly knows what the supplier has access to. No one has previously stated that that access has actually been abused. Until 2006, Guilhem Giraud worked as a telecom specialist in France’s internal security service, now known as DGSI. Among other things, he decrypted intercepted satellite communications. In 2006 he transferred to the Ministry of Justice, where he set up a national French interception platform in a team of five. In his book Confidences d’un agent du renseignement français (‘Confessions of a French intelligence officer’) he writes that at the invitation of the Dutch police, he traveled with a colleague in October 2006 to the police tapping centre in Driebergen, to hear what the experiences with the tapping system.” The article concludes that “one year after this report, Israel’s Elbit Systems will be chosen as the new supplier for the tapping system in 2019. Due to issues with that system, it is still not operational and Verint will keep the old system up and running until the end of this year at the latest. According to Minister of Justice and Security Dilan Yesilgöz, the Netherlands ‘consciously’ chooses a commercial party for the tap system. This would be necessary because of the ‘complexity, size of investment and the specialist capacity, knowledge and expertise required’, Yesilgöz wrote to the House in February. ‘Doing it yourself is therefore not an option.’ According to the ministry, ‘contractual agreements have been made and internal management measures have been taken to prevent access by the supplier to sensitive locations and infrastructure of the police.’”

67. The Russian Spy’s Nest in Belgium Exposed

On October 14th the Belgin De Tijd released this story. As per the article, “the Russian embassy in Uccle houses a bastion and a communications centre for dozens of Russian spies — even after 21 of them were evicted early this year. They are active in Belgium and help with clandestine operations in other European countries, according to research by De Tijd and the Dutch NOS/Nieuwsuur.”

68. United States: John Rizzo Was Supposed to Be Constitution’s Last Line of Defense Inside CIA

The Covert Action Magazine published this article on October 15th. It’s written by former CIA Analyst John Kiriakou and concludes that “one of his post-CIA colleagues at the Washington, DC power law firm of Steptoe & Johnson, however, analyzed Rizzo’s career more clearly, perhaps not even realizing what he was saying. He wrote, “For decades he was the last word on what CIA operatives could and could not do within the law. He knew that these judgments were as much about political prognostication as about applying abstract principles of law, and that critics of the American intelligence agencies would always second-guess his conclusions. He knew that using harsh interrogation techniques would sooner or later make the agency vulnerable to claims of lawlessness and torture. He may not have been convinced that the techniques in question would be crucial to preventing another attack or defeating al-Qaeda, but he was clear that the final call should not be made by lawyers. He threw everything into the effort to give the nation’s leaders room to make the decision, including, it turned out, his own reputation.” And there it is: The admission that Rizzo cared more about — sacrificed his career for — politics rather than for the Constitution and the rule of law. Rizzo could have said, “This is wrong. We’re a nation of laws. We’re a nation of respect for human rights. We won’t put ourselves on the same level with the terrorists.” But he didn’t. That is his legacy, no matter how many post-mortem interviews find a second life on YouTube.”

69. Tesla China Sues Former Employee for Infringing Trade Secrets

As per the Pandaily’s post from October 14th, “the dispute between Tesla Shanghai and a former employee over the infringement of trade secrets will be held in Yangpu District People’s Court of Shanghai on December 14. This case is the first case involving the infringement of Tesla China’s trade secrets in the country; the defendant is a former Tesla senior technology project manager, as shown on their social media platform. The person also worked as a planner for SAIC Volkswagen Automotive Co., Ltd. This is not the first time Tesla has sued former employees for infringing upon its trade secrets. In 2019, Tesla sued Guangzhi Cao, a former employee, in the United States for allegedly stealing trade secrets related to Autopilot, an advanced driver assistance system developed by the company, and alleged that he delivered Autopilot technology to XPeng Motors. Finally, the case ended with an apology to Tesla issued by Cao.”

70. Turkish MIT Agent Killed by HPG Revenge Unit

On October 15th the ANF News reported that “in the Serhat region in Northern Kurdistan, an agent of the Turkish intelligence service MIT has been killed by an autonomous revenge unit of the People’s Defence Forces (HPG). The man, whose identity the HPG gave as Ozan Çiftçi on Friday, is said to have been involved in the deaths of fighters of the HPG and the YJA Star (Free Women’s Troops) in several cases as a “local collaborator”. Most recently, he is said to have been significantly involved in the deaths of Evîndar Kevok and Eylem Sîpan, among others. Both guerrillas were from Van and died in mid-August in the course of a Turkish military operation at Tendürek. The HPG did not explain when and where Ozan Çiftçi was “punished by shooting”. The HPG statement also provided information on the current war in Southern Kurdistan (northern Iraq). Since April, the guerrillas there have been resisting an invasion of the Medya Defence Zones, in which chemical weapons, outlawed by the international community, are being used by Turkey. On Thursday, the HPG recorded five such attacks, targeting guerrilla positions in the Sîda and Saca areas in the Zap region. In addition, dozens of artillery attacks were recorded, as well as 33 air strikes, most of them by attack helicopters. Three attacks were carried out by fighter jets and hit Zergelê and Soragulê in the Qandil region.”

71. Podcast: Combat Story: Delta Force, Sniper, CIA Derek Nadalini

The Combat Story released a new podcast episode on October 15th. As per its description, this is about “Derek Nadalini, who spent decades in the Army with both Ranger Battalion and 1st Special Forces Operational Detachment — Delta, better known as The Unit. This is one of the most interesting interviews we’ve ever done.” During the podcast it was briefly highlighted that he also did some contract work for the CIA but no details or specifics were highlighted.

72. India’s Top Spy Agency Forms New Brigade to Protect Sheikh Hasina

As reported by Sri Lankan Guardian on October 15th, “to combat potential insurgencies before the next general election in Bangladesh in 2024, the Research and Analysis Wing (R&AW) has been training special forces in Bangladesh and India. For the last two years, R&AW has trained selected officials from the Directorate General of Forces Intelligence (DGFI), Bangladesh Armed Forces and Indian Armed Forces. R&AW has formed a Brigade called Brigade75. Brigade75 contains officers with specialised training in intelligence collection and surveillance, commando and other special forces missions, and reconnaissance teams. Brigade75 has safe houses in the Indian state of Assam that can accommodate 5,000 detainees. The entire budget for Brigade75 is $4 billion. They intend to safeguard the safety and security of Sheikh Hasina and her ministers and the ascendancy of her Bangladesh Awami League. Brigade75 has been making a list of all political leaders of opposition party leaders and their relatives and regular surveillance of their activities. Brigade75 has also sent out young girls to set up honey traps for top opposition leaders, has already amassed footage of opposition figures having sex, and has threatened to make those films public if the opposition figures speak out against the Bangladesh Awami League. Brigade75 is ready to operate if any disruption occurs in Bangladesh before the next general election. Brigade75 also has specialised inputs from Mossad on technical areas. The aim is to keep this region from further Islamic fundamentalists and keep it vital to keep Bangladesh Awami League in power. Brigade75 has made a list of 50 attacks on churches, Hindu temples, and Bangladesh Awami League rallies that will be carried out gradually over time before the next general election. They planned this to show that the opposition could be a threat to the west, to show that fundamentalist Islam is coming back to the region and to get the west to act quickly. In addition, a list of opposition party leaders has been compiled, which includes Khaleda Zia. She would be poisoned and made to appear to have died of natural circumstances, just like Hussain Muhammad Ershad.”

73. Putin Will Be Replaced — But by Someone Even More Extreme, Warns Former UK Spy Chief

On October 15th the Insider published this article stating that “the former head of the UK’s secret intelligence service said that Russian President Vladimir Putin will be replaced “in due course” — most likely by someone even more extreme. Sir Alex Younger, who served as MI6 chief from 2014 and 2020, appeared on BBC Newsnight on Tuesday and was asked by presenter Kirsty Wark whether Putin could be overthrown. “He’s in danger of being outflanked by the very political constituency he created,” he replied. “The chauvinistic, nationalistic, arguably fascistic, right-wing that was his support base and is now castigating him for not going far and hard enough.” Wark suggested to Younger that Putin’s replacement might be more extreme and further to the right. “Yes — so we need to be very careful what we wish for here,” Younger said. “I personally think in due course, that is what will happen. He will be replaced, but will be replaced by critics from the right.” Several reports suggest that Putin’s inner circle might be starting to turn against him.”

74. What’s in Biden’s Executive Order on Signals Intelligence?

On October 14th the Lawfare published this article providing an overview of the recently signed SIGINT enhancement executive order.