SPY NEWS: 2022 — Week 45
Summary of the espionage-related news stories for the Week 45 (November 6–12) of 2022.
1. Ukrainian SBU Dismantled FSB Spy Ring Planning Assassinations of Special Operations Forces Commanders
On November 9th the Ukrainian Security Service (SBU) announced that they “neutralised the enemy DRG, which was preparing the assassinations of the commanders of the Special Operations Forces of the Armed Forces of Ukraine. It was established that the saboteurs scouted the points of deployment and movement of Ukrainian troops on the territory of the capital and in the border areas of the northeast of our country. One of their main tasks was the collection of personal data and whereabouts of commanders of combat units of the Special Operations Forces of the Armed Forces of Ukraine. The aggressor planned to use the received information to prepare for the physical liquidation of the Ukrainian defenders and the destruction of their weapons and military equipment. According to the investigation, the group was formed by a staff member of the FSB to carry out intelligence and subversive activities against Ukraine. It included a resident of the border region of Sumy Oblast, who was recruited by the Russian intelligence services after the start of the full-scale invasion. It was he who was in direct contact with his “handler” and coordinated with him the plans and algorithms of actions regarding the execution of enemy tasks. For communication, they used closed channels of electronic communication in compliance with conspiracy measures.”
2. Spy Collection: The CIG/CIA “Spyman” Statuette
On November 9 we published a short video for a statuette from the United States intelligence community. As per its description, “in this episode we cover a rare artefact from the United States, a figurine made out of wood and known as the “Spyman.” Its history goes as far back as the WWII Office of Strategic Services (OSS), its successor, the Central Intelligence Group (CIG), as well as CIG’s successor, the Central Intelligence Agency (CIA) with its Office of Technical Service (OTS).”
3. Google TAG: Prigozhin Interests and Russian Information Operations
On November 10 Google’s Threat Analysis Group (TAG) published a new report stating that “TAG is highlighting four case studies involving Russian IO tied to the Internet Research Agency (IRA) and its financier, Russian oligarch Yevgeny Prigozhin. In several cases, those campaigns served the dual purpose of promoting Russia’s agenda and Prigozhin’s business interests. These examples underline broader trends we’re seeing: Russian IO groups are increasingly obscuring their role in influence operations, relying on stronger operational security and cutouts (intermediaries to mask their work) to dissociate themselves from user-facing activity. They launder their messages via local media brands, NGOs and PR firms that were in fact created by Russian shell companies. And in some cases, IRA-affiliated actors have responded to platforms’ enforcement efforts by moving to more permissive online spaces and platforms.”
4. British Embassy Security Guard David Smith Admits Spying for Russia
On November 11th BBC reported that “a security guard has admitted spying for Russia while working at the British Embassy in Berlin. Prosecutors alleged David Smith, 58, had wanted to hurt the UK and the embassy where he had worked for eight years. The Briton was accused of collecting intelligence about the embassy and leaking secret documents. Smith pleaded guilty at the Old Bailey to eight charges under the Official Secrets Act. He is said to have wanted to live in Russia or Ukraine during the time he passed on secret intelligence from May 2020. Prosecutors said he was driven by an intense hatred for his country and angered by the flying of the Rainbow flag in support of the LGBT community. He was arrested in August 2021 and 800 euro (£700) of cash was found in his home in Potsdam, Germany. Smith, now of no fixed abode, pleaded guilty to the charges on 4 November, but reporting restrictions were initially put in place. They were lifted on Friday after the prosecution indicated it would not seek a trial on a ninth charge that he had denied. Smith will be sentenced at a later date and faces a maximum of 14 years in prison.”
5. Podcast: Team House: CIA Deputy Director of the Counterterrorism Centre Darrell Blocker
On November 12th the Team House published a new nearly 2-hours long podcast episode featuring Darrell Blocker. As per its description, “Darrell M. Blocker is a former American intelligence officer who served for 28 years with the Central Intelligence Agency. He held prominent positions including deputy director of the Counterterrorism Center (CTC), Chief of Africa Division, and Chief of Training at Camp Peary, Virginia, better known as “The Farm”. Within the intelligence community, Blocker was known for participating in a number of semi-professional musical ensembles during his postings abroad. He retired in 2018 as the most senior black officer in the CIA’s Directorate of Operations. Since 2019 Blocker has been chief operating officer of intelligence and advisory firm MOSAIC, and a contributor for ABC News. In November 2020, Fox News reported that president-elect Joe Biden had included Blocker among his shortlist of candidates to nominate for Director of the Central Intelligence Agency; in the end, the position went to William Burns.”
6. North Korean Cyber Espionage Operation Targeting News Media and Research Institutes
According to ThreatRecon cyber threat intelligence private firm, on November 8th “North Korea Government sponsored hacking group SectorA05 targeted spear phishing attack against News Medias and North Korea Research Institutes. They used IP was same as other hacking event.”
7. Brothers Peyman and Payam Kia Arrested by Swedish Intelligence Agency After Allegedly Spying for Russia
On November 11th the ABC News reported that “two brothers have been charged in Sweden with aggravated espionage after allegedly spying for Russia and its military intelligence service for about a decade. Prosecutors said one of the men worked for Sweden’s domestic intelligence agency. Authorities identified them as Peyman Kia, 42, and Payam Kia, 35. One of the brothers was also indicted for the alleged gross unauthorised handling of secret information. It wasn’t immediately clear which of them it was. “It has been a complex investigation concerning a crime that is very difficult to investigate and the suspicion concerns very serious criminality directed against Sweden’s intelligence and security system,” National Security Unit chief prosecutor Per Lindqvist said. “The information that has been obtained, transmitted and divulged could, by the fact that if it comes into the hands of a foreign power, result in detriment to Sweden’s security.” He later told The Associated Press that the case involved “extremely sensitive topics”, but declined to elaborate. According to the charge sheet obtained by the AP, the men have “jointly” passed information to the Russian military intelligence service GRU during the period between September 28, 2011 and September 20, 2021.”
8. Lockheed Martin to Upgrade the Electronic Warfare and SIGINT Avionics in US Navy E-2D Surveillance Aircraft
On November 11th Military Aerospace reported that “Patuxent River NAS, Md. avionics experts at Lockheed Martin Corp. will upgrade electronic warfare (EW) systems aboard the U.S. Navy E-2D Advanced Hawkeye carrier-based airborne early warning aircraft under terms of a $30.6 million order. Lockheed Martin is upgrading the advanced digital receiver and processor (ADRP) in the U.S. Navy E-2D’s AN/ALQ-217 electronic support measures (ESM) receiver and processor systems. Officials of the Naval Air Systems Command at Patuxent River Naval Air Station, Md., are asking the Lockheed Martin Rotary and Mission Systems segment in Owego, N.Y., also to integrate the ADRP avionics with the E-2D’s mission computer and display system as a form, fit, function replacement for the Advanced Hawkeye aircraft. Electronic support measures represent one branch of EW that detects, intercepts, identifies, locates, records, and analyzes radio signals for threat recognition and EW planning. Electronic Support data can support signals intelligence (SIGINT), communications intelligence (COMINT) and electronics intelligence (ELINT) by passive listening to electromagnetic radiations of military interest.”
9. Qatar Arrests Indian Navy Officers on “Charges of Espionage” for Israel
On November 10th the Al-Mayadeen reported that “Israeli media confirm that “the Qatari authorities have recently arrested former Indian officers, on suspicion of spying for the Israeli occupation. The Israeli newspaper “Jerusalem Post” added that “8 former Indian Navy officers were arrested in Qatar on suspicion of espionage for Israel.” According to media reports, a “high-ranking official was sent from India to Doha last month, amid efforts to release the eight former officers,” revealing that “the eight suspects were appointed by a private company that provides training and services to the Qatari Navy.” And the “Indian Express” newspaper explained that “Qatari intelligence arrested the 8 personnel of the Indian Navy in Qatar 72 days ago,” and indicated that the Indian official was sent at the end of October to assist her embassy officials in securing the release of the employees. The newspaper said: “These eight officers were employed by a private company in Qatar called Dahra Global Technologies and Consultancy Services, which works to provide training, logistics and equipment maintenance to the Qatari Emiri Navy.” The newspaper revealed that the CEO of the company is Khamis Al-Ajmi, a retired squadron commander from the Royal Air Force of Oman.” The article continues that “the eight employees have been with the company for 4 to 6 years, and one of the detained officers is ex-Indian Navy Commander Purindu Twari, who in 2019 received an important medal from former President of India Ram Nath Kovind. Currently, the company’s website is down. The newspaper said that the Indian ambassador to Qatar, Deepak Mittal, like his predecessor, had previously visited the company’s facilities and praised its work to strengthen relations between India and Qatar.”
10. Defence Intelligence of Ukraine: Rulers of the Stars
On November 11th Grey Dynamics published this article. As per its introduction, “the Defence Intelligence of the Ministry of Defence of Ukraine (DIU) acts as the overarching authority for all military intelligence assets across the Ukrainian Armed Forces. Their motto is Sapiens Dominabitur Astris, in English: the wise will rule the stars. Birthed from the ashes of the Soviet Union, for over 30 years they have been responsible for all components of Ukrainian military intelligence and helped to legitimize the Ukrainian Armed Forces. The DIU has a multitude of responsibilities, ranging from identifying potential threats to facilitating cooperation with foreign nations.”
11. Webinar: The (Missing) Radios of the German U-boat U-505
The Antique Wireless Museum released the recording of a webinar for the espionage story of the WWII German U-Boat U-505. As per its description, “in her uniquely unlucky career with the Kriegsmarine, the German U-boat U-505 had the distinction of being the “most heavily damaged U-boat to successfully return to port” in World War II on her fourth patrol, and the only submarine in which a commanding officer took his own life in combat conditions on her tenth patrol, following six botched patrols. She was captured on 4 June 1944 by United States Navy Task Group 22.3, one of six U-boats that were captured by Allied forces during World War II. The submarine was towed to Bermuda in secret and her crew were interned at a US prisoner of war camp, where they were denied access to International Red Cross visits. The Navy classified the capture as top secret and prevented the Germans from discovering it, and in 1954 the U-505 arrived at the Museum of Science and Industry in Chicago, but the Radio room was empty.”
12. Phone Spying Scandal Exposes ‘Impotent’ Europe, Says Lead MEP
The EU Observer reported on November 8th that “democracy in Europe is being undermined by alleged government-led spyware on citizens, journalists and politicians, says a leading MEP. “When it comes to defending the most important thing, democracy and freedom, Europe is weak and impotent,” said Dutch liberal MEP Sophie In’t Veld on Tuesday (8 November), who is demanding an “immediate moratorium” on the software throughout the EU. The MEP is tasked with drafting a report following a months-long investigation by a special European Parliament committee into the use of spyware in member states. The committee probe was launched earlier this year following revelations that an Israeli-made spyware known as Pegasus had been used against journalists, lawyers, and politicians, and others. That inquiry has since expanded to cover other types of spyware, including Predator. On Tuesday she presented a 159-page draft report on the abuse throughout some 17 EU states — placing extra emphasis on Cyprus, Greece, Hungary, Poland, and Spain. However, In’t Veld’s draft had not yet been discussed among other members of the committee. And its chair, Dutch centre-right Jeroen Lenaers, said her report should not be understood as the conclusions or the position of the committee as a whole. “Only the final report and recommendations, as adopted at the end of our period of activity, represents the position of the European Parliament as a whole,” he said. Although the final report is set to be finalised sometime next year, the draft still provides an initial sobering assessment of how governments are said to use national security as an excuse to pry on their own citizens. “All of them use the cloak of national security to create an area of lawlessness,” said In’t Veld.”
13. Turkey: Striking MIT Analysis from Greek general: It Conducts Both Foreign Policy and Point Operations
On November 9th the Turkish newspaper Yeni Şafak reported that “the operations carried out by the National Intelligence Organisation (MIT) abroad made Greece uneasy. In an article he wrote for Hellas Journal, Greek Lieutenant General Lazaros Kambouridis warned Greece, noting that the MIT implements Turkey’s foreign policy on the one hand, and carries out successful armed operations on the other. “The presence of the National Intelligence Organisation (MIT) Head Hakan Fidan in all of Erdogan’s official visits and contacts abroad is a worrying point,” Kambouridis said. While the National Intelligence Organisation carries out successful operations one after another against the so-called senior executives of the terrorist organisation PKK and DAESH, both in Iraq and Syria, fugitive FETO members all over the world breathe a sigh of relief. The point operations of the MIT, which dealt strategic blows to terrorist organizations, were reflected in the media of neighbouring Greece, which is in tension with Turkey. Greek Lieutenant General Lazaros Kambouridis, who served as the Defence Attaché at the Greek Embassy in Ankara between 2013 and 2017, wrote in Hellas Journal, “It conducts both foreign policy and armed operations: Is the Turkish MIT dangerous for Greece?” In the article, he warned Greece by pointing to the foreign operations of the MIT.”
14. Netherlands: Terrorist Threat Assessment Netherlands (DTN) 57
On November 7th the Dutch General Intelligence and Security Service (AIVD) issued an announcement stating that “the National Coordinator for Security and Counterterrorism (NCTV) today published the Netherlands Terrorism Threat Assessment (DTN) 57. The threat level remains at level 3. This means that the threat is still significant and the chance of an attack is imaginable. The threat level has not changed since 2019. However, the nature of the terrorist threat has changed in recent years: the threat in and against the Netherlands has become more multifaceted and more diffuse. The DTN 57 outlines the current threat developments. Among other things, attention is paid to global jihadism, right-wing extremism and anti-government extremism.” The Threat Assessment Report is available here.
15. Spy Agencies Must Regulate Ethics of Manipulation in HUMINT, Researcher Argues
The Intel News reported on November 7th that “it is difficult to argue against the widely shared view that clandestine human intelligence (HUMINT) is replete with ethical dilemmas. These are inherent in the process of gathering intelligence via the use of human sources or covert agents. Yet it is possible — indeed desirable — for intelligence agencies to implement well-regulated ethical approaches to clandestine HUMINT, according to Dr. Stephan Lau, a junior professor of psychology and member of the Faculty of Intelligence at the Federal University of Administrative Sciences in Berlin, Germany. In an article entitled “The Good, the Bad, and the Tradecraft: HUMINT and the Ethics of Psychological Manipulation”, which was published last month in the peer-reviewed journal Intelligence and National Security, Lau argues that the concept of manipulation, which is often central in HUMINT, is nothing new. In fact, he explains, manipulation is a type of social influence that occurs naturally in human interactions, and may even have positive outcomes, depending on the case. Indeed, researchers have analyzed manipulation as a form of beneficial influence, which can help further commonly established social goals and norms. If anything, therefore, argumentative — also known as persuasive — forms of influence are normative aspects of interpersonal negotiation between humans.”
16. Podcast: SpyChat: 30-Year CIA Veteran Carol Rollie Flynn
On November 11th the International Spy Museum released the recording of a virtual event from the Spy Chat series. As per its description, “join us for an online discussion of the latest intelligence, national security, and terrorism issues in the news. Spy Museum Executive Director Chris Costa will lead the briefing. Costa a former intelligence officer of 34 years with 25 of those in active duty in hot spots such as Panama, Bosnia, Afghanistan, and Iraq is also a past Special Assistant to the President and Senior Director for Counterterrorism on the National Security Council. He will be joined by Carol Rollie Flynn, President of the Foreign Policy Research Institute. A 30-year veteran of the Central Intelligence Agency (CIA), Flynn held senior executive positions there including Director of CIA’s Leadership Academy, Director of the Office of Foreign Intelligence Relationships, Associate Deputy Director of the National Counterterrorism Center, Executive Director of the CIA Counterterrorism Center, and Chief of Station in major posts in Southeast Asia and Latin America. She has extensive experience in overseas intelligence operations, security, and counterintelligence. Flynn is also an adjunct Professor at Georgetown University’s School of Foreign Service/Security Studies Program where she has co-directed the National Security Critical Issue Task Force (NSCITF). The NSCITF has conducted research on Lone Wolf Terrorism, Countering Violent Extremism, and Insider Threat. She has also taught at the Fordham University Graduate School of Business and previously served as adjunct staff at Rand Corporation. She serves on the Advisory Board of the International Spy Museum and is a member of the Council on Foreign Relations.”
17. Alexander Azarov, Spymaster of the Belarusian Dissidence in Exile
The Intelligence Online released this article on November 11th. As per the article, “the Warsaw-based Bypol union of Lukashenko regime defectors is proving to be a thorn in Belarusian intelligence’s side. The man behind the movement, Alexander Azarov, has seen it grow from informal roots in October 2020 into a structured organisation.”
18. Finland CERT Reports Record Number of Denial-of-Service Attacks
On November 10th The Record reported that “Finland’s Computer Emergency Response Team (CERT) received more notifications in October about denial-of-service attacks than it has ever received before — equivalent to a quarter of what it normally is alerted to throughout an entire year. Such attacks “rarely succeed in causing real and long-lasting damage,” the Kyberturvallisuuskeskus (Cyber Security Center) said in its cyber weather roundup for October. The CERT — an official authority that sits under Finland’s transport and communications agency — had also received “a few notifications” about ransomware incidents, which have increased compared to last year as well. Distributed-denial-of-service (DDoS) attacks have grown in popularity amid a surge in hacktivist activity around the Russian invasion of Ukraine. Such attacks flood websites with junk traffic in order to make them unreachable. Pro-Ukrainian groups have been accused of being involved in “illegal operations” by Alexander Krutskikh, a spokesperson for Russia’s Ministry of Foreign Affairs. Krutskikh alleged in June that “more than 65,000 ‘armchair hackers’ from the United States, Turkey, Georgia, and EU countries regularly took part in coordinated DDoS attacks” against Russian targets. Pro-Russian groups such as Killnet recently targeted websites belonging to several state intelligence agencies across the former Eastern Bloc, though they didn’t cause significant damage. The uptick in DDoS activity follows the head of the Finnish Security Intelligence Service warning it was “highly likely that Russia will turn to the cyber environment over the winter.” However, the agency’s director Antti Pelttari said that the intelligence service considered it “unlikely that any cyberattack will paralyze critical infrastructure [in Finland] in the near future.”.”
19. Crypto Museum: 4 New Entries
This week the Netherlands-based Crypto Museum added the following four new additions to its collection: 1) MEL L662 communications receiver, 2) Lesegerät Enigma external lamp panel, 3) A better copy of the CIA TAR-224A spy radio manual, and 4) The Mohawk Business Machines.
20. Netherlands: Russian Spy Maintained Contact with CDA-Prominent Van der Linden for Years
On November 11th, the Dutch De Volkskrant reported that “in 2019, the AIVD intelligence service intercepted and observed former chairman of the Senate René van der Linden because of his contacts with high-ranking persons within Vladimir Putin’s regime. After the downing of MH17, the CDA member traveled to Moscow several times.” The article states he also had close contacts with Russian intelligence officer Valeri Levitski.
21. Podcast: SpyCast: “Nazis on the Potomac” — with former National Park Service Chief Historian Bob Sutton
The International Spy Museum’s SpyCast released a new episode on November 8th featuring former National Park Service Chief Historian Bob Sutton. The intelligence topics covered are: 1) The interrogation of top Nazis for intelligence, 2) The analysis of literally tons of captured German documents, 3) Refining ways to escape and evade Nazis in German occupied Europe, and 4) The importance of intelligence on the German Army’s Order of Battle.
22. Ukrainian SBU Detains Corrections Officer Who Was Adjusting Russian Missile Strikes on SBU’s Facilities in Mykolaiv
On November 8th Ukraine’s SBU announced that they “detained a corrections officer who was pointing Russian missiles at the building of the SBU in Mykolaiv. The agent covertly collected information about the locations of the Ukrainian military and law enforcement agencies involved in the defence of Mykolaiv. First of all, the occupiers “hunted” for the exact coordinates of the SBU facilities, on which they planned to carry out a targeted missile strike. The adjuster tried to transmit the collected information through an anonymous Telegram channel created by the Russian intelligence services. However, the SBU employees worked ahead of time and detained him. The perpetrator turned out to be a local resident, who came forward to cooperate with the aggressor himself. To do this, he actively spread his pro-Kremlin views through social networks and justified the war crimes of the invaders. That is how he came to the attention of the occupiers and was involved in intelligence gathering. During the searches, the law enforcement officers found evidence of subversive activities.”
23. Cyprus MPs Launch Inquiry Into Spyware Development on the Island
Reuters reported on November 9th that “Cyprus’s parliament opened an inquiry on Wednesday into the development of spyware on the island, after a draft European Parliament committee investigation report said it was an important export hub for the surveillance industry. Sophie in’t Veld, the rapporteur of the first draft report for a European Parliament committee called PEGA, said on Tuesday that Cyprus was an “attractive place” for selling surveillance technologies, adding that the “abuse of spyware in EU member states is a grave threat to democracy on the entire continent”. The report cited Cypriot officials as saying ‘three to four’ companies produce spyware on the island. “Its been confirmed that Cyprus is a greenhouse for companies which produce spyware … which has political backing,” said MP Aristos Damianou of the opposition AKEL party, which sought the parliamentary inquiry. A government spokesperson did not immediately respond to a request for comment. Cypriot President Nicos Anastasiades last week said any involvement of Cyprus in spyware surveillance in other countries was ‘imaginary’.”
24. Video: Spycameras: The Soviet Neozit Clandestine Camera
On November 6th the SpyCamerasAurus YouTube channel published this new video. As per its description, “this is the modern, 1970s updated version of the Soviet Ajax F-21, now with a plastic body, relatively quiet electric motor film advance, and an electric remote release. This camera was known as the ‘Neozit’. It was used in the Soviet Union by the KGB. Like its predecessor, the Neozit was intended to be used covertly taking photographs from within concealments. The camera has a button disguise to enable it to be worn on the operator’s body. It is also known to have been hidden within various bags, briefcases, or even hard backed books. The remote cable release contains two 3v rechargeable button cells. The camera end of the electric release cable has two small holes that allow a special battery tester to verify the charge condition of the batteries. The electronic shutter speeds are 1/60 to 1/500 s. film sensitivity is set on a sliding control within the camera. The ‘Nailon’ (Ajax F21 with electronic shutter) is similar. The Neozit has a 24x24 mm frame and uses 27 mm wide film cut from un-perforated 35mm film.”
25. Spy Way of Life: The Imperial Tailoring Co., Putin’s Bespoke Tailor
This week’s selection by Intelligence Online’s Spy Way of Life was the Imperial Tailoring Co shop in Moscow, Russia. As per the article, “this week, Intelligence Online steps into the plush interior of the Moscow store behind an empire of custom-made Kotwani suits, the must-have for any diplomat or politician wanting to play by the post-Soviet rule book.”
26. United States: 3 Charged with Sending Defence-Related Data to China
US News reported on November 10th that “three people and a business have been charged in federal court with participating in an illegal scheme to export controlled data to China and to defraud the Defense Department. An indictment was unsealed Wednesday in Kentucky after the arrest of the defendants. Phil Pascoe, 60, and Monica Pascoe, 45, both of Floyds Knobs, Indiana; Scott Tubbs, 59, of Georgetown, Kentucky; and Quadrant Magnetics LLC were charged with violations of the Arms Export Control Act, wire fraud, and smuggling, a statement from the Justice Department said. The defendants are accused of illegally scheming to send defense-related technical data to a company in China and of unlawfully supplying the Defense Department with earth magnets from China for military items. Pascoe is the president of Quadrant, a magnetic-technology company that said it was basing its operations in Louisville, WAVE-TV reported. The defendants are accused of sending drawings to China from 2012 to 2018 that had data about Defense Department equipment, the statement said.” Here is the US Department of Justice press release of the case.
27. United States: Declassified DHS Bulletin: Online Foreign Influence Snapshot August 2022
The Public Intelligence released this document on November 7th. It’s from the Office of Intelligence & Analysis of the Department of Homeland Security (DHS) and as per its summary, “we judge that narratives driven by Chinese, Iranian, and Russian state media, and proxy websites linked to these governments, often involve fact-based articles as well as editorials; these publications may include misinformation, disinformation, or factual but misrepresented information. This monthly “Snapshot” compiles English-language narratives, which we assess are intended for US and Western audiences, and highlights both consistent trends and emergent messaging, which we assess to reveal foreign actors’ changing influence priorities. We judge that, typically, China uses state and proxy media — including US-based outlets — to try to shape diaspora conduct and US public and leadership views; Iran state media manipulates emerging stories and emphasizes Tehran’s strength while denigrating US society and policy; and Russia uses both state and proxy media to amplify narratives seeking to weaken Washington’s global position relative to Moscow’s. This snapshot identifies the most persistent or emergent narratives being spread by these actors for English-speaking — probably US — audiences, as well as narratives of interest to Homeland Security stakeholders.”
28. Nancy Wake: The Gestapo’s №1 Most Wanted Spy
On November 8th Grey Dynamics published this article. As per its introduction, “Nancy Wake, with the German given moniker “White Mouse”, is one of the most famous spies in history and the most decorated heroines of World War II. She was a member of the Special Operations Executive (SOE), a key figure to the French resistance, and the Gestapo’s number one most wanted individual.”
29. U.S. Navy Engineer and His Wife Get Long Prison Sentences for Trying to Sell Classified Information
Following week 6 story #52, week 7 story #11, and week 11 story #13, on November 10th Clearance Jobs reported that “on November 9, U.S. District Judge Gina M. Groh sentenced Jonathan and Diana Toebbe to long prison sentences for their theft of U.S. Navy nuclear secrets. Interestingly, Judge Groh gave Diana Toebbe (21-years) a longer prison sentence than her husband (19-years). The Toebbes’ original plea agreement was rejected by Judge Groh in August and the couple was told at that time they may resubmit a revised plea or face a jury trial, on all charges. In late-September, they resubmitted a revised guilty plea. They pled to one count of conspiracy to communicate restricted data, a felony, in exchange for dropping other charges. The upper range of punishment for that crime is no more than life in prison plus a possible fine of up to $10,000 and supervised release of no more than five years. The plea did not indicate a minimum sentence, thus giving the judge the leeway to adjudicate and sentence as she felt appropriate.” Here is the US Department of Justice press release for the case.
30. Chinese Cyber Espionage Activity Tracked as EARTH LONGZHI
On November 9th cyber security and intelligence firm TrendMicro published this technical analysis. As per its introduction, “in early 2022, we investigated an incident that compromised a company in Taiwan. The malware used in the incident was a simple but custom Cobalt Strike loader. After further investigation, however, we found incidents targeting multiple regions using a similar Cobalt Strike loader. While analyzing code similarities and tactics, techniques, and procedures (TTPs), we discovered that the actor behind this attack has been active since 2020. After clustering each intrusion, we concluded that the threat actor is a new subgroup of advanced persistent threat (APT) group APT41 that we call Earth Longzhi. In this entry, we reveal two campaigns by Earth Longzhi from 2020 to 2022 and introduce some of the group’s arsenal in these campaigns. This entry was also presented at the HITCON PEACE 2022 conference in August this year. Since it first started being active in 2020, Earth Longzhi’s long-running campaign can be divided into two based on the range of time and toolset. During its first campaign deployed from 2020 to 2021, Earth Longzhi targeted the government, infrastructure, and health industries in Taiwan and the banking sector in China. In its second campaign from 2021 to 2022, the group targeted high-profile victims in the defense, aviation, insurance, and urban development industries in Taiwan, China, Thailand, Malaysia, Indonesia, Pakistan, and Ukraine.”
41. What an Indictment of Alleged Chinese Intelligence Operatives Reveals About U.S. Double Agent Operations
On November 8th Zach Dorfman of The Brush Pass published his investigation of the recent US counter-intelligence operations targeting Chinese operatives. As per the article, “on October 24, the Department of Justice announced the indictment of Guochun He and Zheng Wang, a pair of alleged Chinese intelligence officers, on money laundering and obstruction-related charges (but not, interestingly, for espionage itself). He and Wang are accused of attempting to procure sensitive information about the ongoing prosecution of a “global telecommunications company” — unnamed in the court documents, but based on the timeline and description, is clearly Huawei, the Chinese telecommunications giant. Any time the Justice Department decides to indict alleged foreign intelligence officials — especially when there’s little to no chance these officials will ever appear inside a U.S. courtroom — the deeper strategy or meaning of the action bears scrutiny. Sometimes, an indictment is just an indictment: an individual or entity is accused of committing a crime, and prosecutors fully expect to try them in court. The purported legal violation is what matters. But in these sorts of cases, national security officials use them as a wider tool of statecraft, or as part of an integrated offensive counterintelligence program. To give one, minor example: sometimes in national-security related indictments, the U.S. will release candid photos of alleged spies, say, sitting at their desks. These aren’t Facebook or LinkedIn photos; the operative doesn’t appear to recognize that his picture is being snapped. But as U.S. officials have told me, the decision to include such a photo in an indictment isn’t happenstance. It’s a signal from the U.S. intelligence community: We’ve been watching you and we’ve had access to your device. Which can then send the affected party — and his or her intelligence service — into a frenzy. How long has this device been compromised? Are other devices used by this person also breached? What operations may have been affected? And so on.”
42. Armenia Plans Security Apparatus Overhaul Under Watchful Eyes of Neighbours
Intelligence Online reported on November 9th that “Armenia’s 2023 budget discussions bring back into the public debate the creation of an external intelligence service, at a time of instability in the political and security environment in the region.”
43. Ukrainian SBU Disrupted Infrastructure Used by Russian Intelligence to Disseminate Information Operations
On November 11th Ukraine’s Security Service (SBU) announced that they “eliminated an enemy bot farm that created more than 500 accounts every day to spread Kremlin propaganda. Cyber specialists of the Security Service blocked a powerful bot farm that worked for the intelligence services of the aggressor country. As a result of investigative and operative actions in Kyiv and Vinnytsia regions, five of its organisers were exposed, who conducted information operations against our state. The specialised equipment of the enemy “cell” allowed daily registration of more than 500 anonymous accounts in various social networks, including those banned in Ukraine. It was these fake accounts that were used to spread Kremlin propaganda in the internet spaces. First of all, the perpetrators massively spread disinformation about the situation at the front, and also justified the armed aggression of the Russian Federation. Similar “dismissals” were submitted on behalf of “average” citizens who allegedly live in Ukraine, in particular in its temporarily occupied areas. According to the investigation, the enemy bot farm was organised by four residents of Vinnytsia region, and its technological support was carried out by a resident of Kyiv. It was established that they offered “services” to “disperse” destructive content from the Russian Federation. At the same time, the attackers’ main clients were representatives of the intelligence services of the aggressor country, who used “bots” to impose racist ideology and Moscow’s lies about the war in Ukraine. Through impersonators, the enemy bought anonymous accounts and used them to carry out information-subversive activities. For each “bot”, the dealers were paid by electronic transfers that went through the payment systems of the Russian Federation.”
44. Turkish MIT Espionage Trial in Germany Begins
DW reported this week that “the first hearing of the trial of Aziz A., who allegedly carried out espionage activities for the National Intelligence Organisation (MIT) in Germany, was held at the Düsseldorf State Supreme Court. It is alleged that German citizen Aziz A., accused by the Office of the Chief Prosecutor of working with Ali D., who was convicted of espionage, agreed to collect information for the Turkish intelligence. In the indictment, which was shared with the public last August, the Federal Prosecutor’s Office argued that A. gave D. the names of two people suspected of being members of the Gülen organisation and provided detailed information about one of them. It is alleged that A. also sold ammunition to D., with whom he went to the shooting range. The prosecution accuses A. of being an intelligence service agent and violating the gun laws. The Supreme Court announced that A. has begun to make “confessions” at today’s hearing. As part of the case, seven hearing dates were set until the middle of this month. Ali D. was sentenced to a suspended sentence of one year and nine months by the court in Düsseldorf in July. The court ruled that there was evidence that D. had collected information for the Turkish intelligence about people of Turkish origin or Turkish nationals living in Germany.”
45. Malvinas: The British Plan to Attack Argentine Aircraft Carrier with the Help of US Spy Satellites
The AviaciOnline published this article on November 10th. It starts by saying that “during the Malvinas/Falklands War, the RAF tried to put the Argentine aircraft carrier ARA Veinticinco de Mayo (V-2) out of the game with a daring plan that included Buccaneer aircraft and target information provided by American spy satellites. Today I would like to bring you an excellent article entitled «Buccaneers of the high frontier: Program 989 SIGINT satellites from the ABM hunt to the Falklands War to the space shuttle», written by Dwayne A. Day (renowned historian and researcher of space programs) and published by the specialized site The Space Review. In May 1982, the Royal Air Force developed an audacious plan to attack and put out of service the main asset of the Argentine Navy, the aircraft carrier ARA Veinticinco de Mayo.”
46. Israeli Surveillance UAV Crashes in Negev
On November 9th Klyoum reported that “the spokesperson for the occupation army announced tonight that an unmanned Israeli Air Force plane crashed in the occupied Negev. The military spokesman stated this evening, Wednesday, according to the translation of “Safa”, that a large spy plane crashed near the city of “Arad”, east of the occupied Negev, without any causing any injuries, as reinforced forces of the occupation army rushed to the place to collect its wreckage. In this context, the commander of the Air Force, “Tomer Bar” decided to freeze the operation of the drones of the same type until an investigation into the circumstances of the accident, as the occupation army refused to disclose the type of plane and Hebrew media sources said that it is about a large “Heron” spy plane that the military uses to carry out missile strikes, as it is equipped with Hellfire laser-guided missiles.”
47. Caution with BeiDou: Chinese ‘GPS’ May Be Spying On Us
China Revealed published this news video on November 8th. As per its description, “the Chinese Communist Party (CCP) has pushed to develop its own Satellite Navigation System, BeiDou, to break its dependence on the already-known American GPS and European GALILEO. On November 4, China’s State Council Office released the white paper “BeiDou in the New Era,” which talks about its latest update while trying to extol the virtues and advantages of using this new Chinese system.”
48. Podcast: CIA: Into the Archives: Why Does CIA Have Historians
On November 10th the United States Central Intelligence Agency (CIA) released its 4th podcast episode as part of the “Langley Files.” As per its description, “on this episode of The Langley Files, CIA’s Chief Historian joins Walter and Dee to talk about the Agency’s cadre of in-house historians. They’ll discuss how these officers’ work studying the past supports CIA’s mission in the present, what it’s like going through the Agency’s archives … and how one of the fastest, highest-flying operational jet aircraft ever built ended up in the parking lot of CIA Headquarters. *Nothing in this podcast should be construed to be an endorsement by the CIA or the US Government of any particular company, product, or service.”
49. Russian FSB Stopped Subversive Activities of Ukrainian SBU Agents in Kherson
On November 8th Russia’s Federal Security Service (FSB) announced that they “uncovered and stopped the activities of the sabotage and reconnaissance group of the SBU, whose tasks included the commission of terrorist acts against high-ranking members of the military-civilian administration of the Kherson region. As a result of the operational-search activities and investigative actions, 9 citizens of Ukraine were identified and detained, and their handlers — SBU officers Samir Shukurov, Viktor Khomyak and Dmitry Sidey are hiding outside Russia. As part of operational measures, more than 5 kg of plastic explosives, electric detonators, initiation devices, 3 ready-to-use IEDs, grenades, small arms and ammunition, as well as special reconnaissance equipment were seized from the detainees. A car bomb was discovered and defused, with the help of which the saboteurs planned to make an attempt on the administration staff.”
50. Podcast: Spycraft 101: A Scottish Civilian Up Against a Nazi Spy Ring with Dr. Andrew Jeffrey
On November 7th Spycraft 101 released a new podcast episode. As per its description, “today, Justin sits down with author and researcher, Dr. Andrew Jeffrey. Alongside his historical books, Andrew has made on-air contributions for British, Dutch and French documentaries and is a former Royal Navy Reservist, and a volunteer Lifeboatman with the Royal National Lifeboat Institution. Andrew’s latest book tells the tale of a Scottish civilian Mary Curran, who spotted the suspicious activity of Nazi spy Jessie Jordan. Mary’s quick wit, alertness, and instincts broke down a long established espionage network spanning both sides of the Atlantic Ocean.”
51. Australian ASIO Publishes Photos of Headquarters — The Ben Chifley Building
On November 7th the Australian Security Intelligence Organisation (ASIO) made a tweet saying “the view from aASIO HQ, the Ben Chifley Building, is ever changing — much like the security environment ASIO operates in. Learn more about how ASIO defines security at https://www.asio.gov.au/resources/need-know/how-we-define-security.” The tweet included new photographs of the ASIO’s headquarters building.
52. United States: Former U.S. Military Pilot Sentenced for Acting as Paid Agent of the Government of the People’s Republic of China and Lying on National Security Background Forms
This is a follow up from week 25 story #34. On November 7th the US Department of Justice issued this press release stating that “former U.S. Army helicopter pilot-turned-civilian-contractor Shapour Moinian, 67, of San Diego, was sentenced in federal court today to 20 months in prison for acting as an agent of the government of the People’s Republic of China (PRC) and accepting thousands of dollars from representatives of the Chinese government to provide aviation-related information from his defense-contractor employers. According to court documents, Moinian served in the U.S. Army in the United States, Germany and South Korea from approximately 1977 through 2000. After his service, Moinian worked for various cleared defense contractors in the United States — including in San Diego — as well as the Department of Defense. “Cleared” is a term that indicates a contractor is permitted to work on projects that involve classified information. According to his plea agreement, while Moinian was working for a cleared defense contractor, or CDC, on various aviation projects used by the military and U.S. intelligence agencies, he was contacted by an individual in China who claimed to be working for a technical recruiting company. This person offered Moinian the opportunity to consult for the aviation industry in China. In March 2017, Moinian travelled to Hong Kong where he met with this purported recruiter and agreed to provide information and materials related to multiple types of aircraft designed and/or manufactured in the United States in exchange for money. Moinian accepted approximately $7,000-$10,000 in U.S. currency during that meeting. According to his plea agreement, at this meeting and at all subsequent meetings, Moinian knew that these individuals were employed or directed by the PRC. Upon returning to the United States, Moinian began gathering aviation-related materials, which included transferring material from a CDC to a thumb drive. In September 2017, Moinian traveled overseas and, during a stopover at the Shanghai airport, met with Chinese government officials and provided aviation-related materials on a thumb drive, including proprietary information from a CDC. Thereafter, Moinian arranged to be paid for this information through the South Korean bank account of his stepdaughter. Moinian told his stepdaughter that these funds were payment for his consulting work overseas and instructed her to transfer the funds to him in multiple transactions. Moinian also received a cell phone and other equipment from these individuals to communicate with them and aid in the electronic transfer of materials and information.”
53. Russia: In Memory of the Legendary Intelligence Officer Arnold Deutsch
On November 8th the Russian Foreign Intelligence Service (SVR) issued a press release with a transcript of an interview about Soviet Union intelligence officer Arnold Deutsch (1903–1942). Its overview says that “today marks the 80th anniversary of the heroic battle given to the Germans by the Soviet tanker “Donbass”, which made a solo voyage in the Arctic. But only today it is possible to tell in which direction the Soviet illegal intelligence agent who was on board was actually heading. About why, while preparing this material, we must shade some of the faces today, my colleague Sergey Brilev. He returned from a unique expedition to the Arctic and immediately followed in the footsteps of that spy to another part of the world.”
54. Podcast: State Secrets: Vice Admiral Frank Whitworth- Director, National Geospatial Intelligence Agency
On November 7th the Cipher Brief’s State Secrets podcast released a new episode. As per its description, “in this State Secrets episode, Cipher Brief CEO & Publisher Suzanne Kelly sits down with the Director of the National Geospatial-Intelligence Agency, Vice Admiral Frank Whitworth at NGA Headquarters in Springfield, Virginia to talk about what’s going on in hot spots like North Korea, as the North undertakes a series of missile launches, about NGA’s expected role with the artificial intelligence program known as MAVEN, and about how the agency is partnering with commercial businesses to know the world even better. Vice Admiral Whitworth took on the role as Director this past June and he brings an impressive intelligence background in the military to the new job. His command tours included serving as commander of Joint Intelligence Center Central, commanding officer of the Navy element of U.S. Central Command and commanding officer at the Kennedy Irregular Warfare Center. He also served as director of Intelligence for The Joint Staff and as director of Intelligence for U.S. Africa Command and as director of Intelligence for Joint Special Operations Command. The list goes on.”
55. Ukrainian SBU Exposed Russian Agent in Kharkiv
On November 8th Ukraine’s SBU stated that they “exposed an enemy agent in a cassock who worked for the Gauleiter of the Kharkiv region. He turned out to be the abbot of one of the churches of the UOC of the Moscow Patriarchate in the Kharkiv region. During the temporary occupation of the Kupiansk district, he called on the local religious community to support the invaders, and in his “sermons” he justified the aggressor’s crimes. In addition, he contributed in every possible way to the spread of the occupation regime in the occupied part of the region and for this purpose personally contacted the local Gauleiter Vitaly Ganchev. It was with him that the representative of the UOC MP coordinated his actions regarding the use of the church to attract citizens to the ranks of the enemy and discredit the Defence Forces of Ukraine. To carry out subversive activities, he involved a parishioner from one of the local villages, who helped him spread pro-Kremlin propaganda. However, during the liberation of the district, the cleric and his accomplice fled to Russia, where they are trying to hide from justice. Currently, both persons involved have been notified of suspicion and have been declared wanted.”
56. Did the CIA Create the 1968 Liberty City Riot?
On November 10th the Covert Action Magazine published this article saying that “Robert Aldridge’s article below presents evidence that the U.S. government and CIA may have schemed to manipulate the outcome of U.S. presidential elections along with foreign ones. Aldridge focuses on the 1968 elections in which the CIA may have aided the Republican candidate, Richard Nixon, by helping to foment a race riot near the Miami Beach Convention Center where he secured the presidential nomination. The purpose of the riot was to sway voters to select Nixon as the “law and order” candidate over his more liberal rival, Nelson Rockefeller. The CIA wanted Nixon because he was a war hawk who, despite his claim to want to seek “peace with honor,” went on to expand the Vietnam War. The two men tasked with writing the official report about the riot, Louis J. Hector and Paul Helliwell, had backgrounds in the Office of Strategic Services (OSS) and CIA and whitewashed what actually happened — in a way reminiscent of the Warren Commission and other government cover-ups.”
57. Ukrainian GUR Colonel Charged with Espionage in Crimea to 19.5 Years in Prison
According to the Russian Krivoe Zerkalo from November 9th, “the verdict of the Southern District Military Court against the colonel of illegal intelligence of the Main Intelligence Directorate of the Ministry of Defence of Ukraine (GUR MOU) D. A. Shtyblikov, who was found guilty of committing high treason, entered into force, the Center for Public Relations (CSP) of the FSB of the Russian Federation reported on November 9. Shtyblikov was “charged” with 19 and a half years in prison with a term served in a correctional colony with a strict regime. This is in conjunction with the sentence imposed on him in 2017 by the Sevastopol City Court in the form of 5 years in a strict regime colony for preparing a series of explosions at civilian infrastructure facilities in Crimea and the Black Sea Fleet. The investigation and the court established that in 2014, after Crimea became part of Russia, Shtyblikov, performing the task of the GUR MOU, remained on the peninsula. Having received Russian citizenship, he got a job as a civilian staff in one of the military units of the Black Sea Fleet. All this was done only in order to collect and transfer to the Main Intelligence Directorate of the Ministry of Defence of Ukraine intelligence constituting a state secret about the activities of military units stationed in the Republic of Crimea. The Federal Security Service of Russia (FSB RF), within the framework of an initiated criminal case under article 275 of the Criminal Code of the Russian Federation “Treason”, the espionage activities of an illegal intelligence officer of the GUR MOU was promptly suppressed.”
58. Intel Service: Swiss Ready to Block Russian Spies if Need Be
The Associated Press reported on November 9th that “Switzerland’s intelligence agency says a widening rift between Western democracies and autocracies like Russia and China has underpinned a rise in spying activities, warning that Switzerland will move to keep Russian agents off its soil if necessary. The Swiss Federal Intelligence Service, in an annual threat assessment presented on Wednesday, said the Alpine country is facing a “deteriorated” politico-security environment, in part due to fallout from Russia’s invasion of Ukraine. It added that security and defense cooperation in Europe is likely to become increasingly important for Switzerland — which has long touted its neutrality. Foreign intelligence services in Switzerland, the report said, are already targeting and spying on critics of their leadership back home or on members of ethnic and religious minorities on Swiss soil. “Geneva remains a hotspot for spying activities,” it added. The Swiss city is home to many international and United Nations institutions and advocacy groups. The FIS noted that other European countries have expelled Russian intelligence officers, and Switzerland “will use tools at its disposal, and, notably, entry bans, that can prevent these intelligence officers from entering Swiss territory.” Foreign agents continue to try to acquire equipment in Switzerland that could be used for weapons of mass destruction programs or the devices that could be used to deliver them, the report said. Turning to the international environment, the FIS said that with Russia “pursuing imperialist objectives in Ukraine above all, its desire for conquest has taken precedence over its economic interests.” It noted that Moscow’s strategy is likely to continue despite military setbacks in Ukraine.” You can find the complete FIS intelligence report here.
59. Behind the New Deal Between Turkey’s MIT and the Mossad
On November 11th Intelligence Online reported that “with Israeli-Turkish diplomatic relations now fully restored, a reconciliation over intelligence sharing appears to have been sealed as well. Turkish intelligence services and the Mossad recently discreetly signed an understanding aimed largely at allowing Tel Aviv to track down Iranian cells in Turkey.”
60. SIGINT Historian: First World War SIGINT Liaison with the Russians
The former departmental historian of Britain’s GCHQ published this blog post starting by saying that “I’ve written before about attempts to establish a Sigint liaison with the USSR during the Second World War. Less well known is the attempt to do something similar during the First World War. On 25 August 1914, Captain Adrian Simpson of the Royal Engineers Signal Section (the predecessor of the Royal Signals) embarked for Petrograd on a mission to look at the improvement of wireless telegraphy links between the UK and Russia to better facilitate liaison between the two allies, each of whom was fighting the Germans and Austro-Hungarians on different fronts. Simpson spent the period October 1914 to the end on January 2015 on the front with the Russian Army and returned to Petrograd where he compiled a report for the War Office. His report contrasted the extremely high quality of the equipment the Russians had built or purchased with the very poor quality of the operators. He had worked hard to improve matters himself: he had rebuilt the antenna system at the main Petrograd wireless station and boosted the power available to the transmitters but was nevertheless hampered overall by the operators, all civilian even on the front.”
61. A UNESCO Employee Espionage Scandal for Moroccan Intelligence
On November 8th Watanserb reported that “after it was suspected of being involved in espionage operations and carrying out operations not allowed to, for the benefit of foreign entities — the Moroccan intelligence — UNESCO, after a long-term administrative investigation, dismissed a female employee of Moroccan nationality.”
62. Ukrainian SBU Detained Enemy Agitator in Bukovina
On November 12th Ukraine’s SBU stated that they “detained an enemy agitator who was preparing fakes for Solovyov’s talk show. Cyber specialists of the Security Service exposed an enemy internet agitator in Bukovina, who was spreading misinformation about the internal situation in the region and discrediting the Defence Forces of Ukraine. Among his most common “dumps” are posts on the banned vKontakte social network about the alleged worsening of the socio-political situation in western Ukraine due to the war with the Russian Federation. He also “dispelled” lies about the activities of state authorities, Ukrainian military units, and volunteer organisations. Among the recipients of this fake information was the Kremlin propagandist Solovyov, with whom the detainee was in direct contact. It was the agitator who helped him create destructive content for further publication in provocative stories and “talk shows” on the “Russia 1” TV channel. For this, the henchman of the aggressor hoped to obtain citizenship of the Russian Federation and settle in one of the settlements near Moscow. According to the investigation, the attacker turned out to be a resident of Chernivtsi region, who previously practiced law. After the start of the full-scale invasion, he actively called for support for the occupiers on social media, and also justified their war crimes. In this way, he got into the field of view of representatives of the Kremlin’s news media and began to “cooperate” with them to the detriment of the state security of Ukraine. He used messengers and anonymous Telegram channels of the aggressor country to communicate with them.”
63. Egypt Uses the Climate Summit App to Spy on Participating Activists
The Network Monitoring reported on November 7th that the Egyptian authorities are using the Climate Summit mobile application (COP27) as a covert means for surveillance on participating activists. The Guardian also reported this stating that “the official Cop27 app, which has already been downloaded more than 5,000 times, requires sweeping permissions from users before it installs, including the ability for Egypt’s ministry of communications and information technology to view emails, scour photos and determine users’ locations, according to an expert who analysed it for the Guardian. This data could be used by Abdel Fatah al-Sisi’s regime to further crack down on dissent in a country that already holds about 65,000 political prisoners. Egypt has conducted a series of mass arrests of people accused of being protesters in the lead-up to Cop27 and sought to vet and isolate any activists near the talks, which will see governments attempting to hammer out an agreement over dealing with the climate crisis. “This is a cartoon super-villain of an app,” said Gennie Gebhart, the Electronic Frontier Foundation’s advocacy director. “The biggest red flag is the number of permissions required, which is unnecessary for the operation of the app and suggests they are trying to surveil attendees. “No reasonable person will want to consent to being surveilled by a nation state, or having their emails read by them, but often people click these permissions without thinking much.” She added: “I can’t think of a single good reason why they need these permissions. It’s an open question how this information will be used — it raises a lot of scary possibilities. It may well have a silencing effect in that people self-censor when they realize they are being watched in this way. It can have a chilling effect.” Hussein Baoumi of Amnesty International told the Guardian that tech operatives working for the rights organisation had examined the app and flagged a number of concerns prior to Cop27. The app was able to access users’ camera, microphone, Bluetooth and location data as well as pair two different apps.”
64. Bangladesh: Technical Intelligence Service Faces Shrinking Cyber Offer
Intelligence Online reported on November 10th that “the National Telecommunication Monitoring Centre needs a partner to develop its Integrated Lawful Interception System at a time when Western cyber firms have been pulling out of the country.” It also highlighted that “Bangladesh’s technical intelligence agency, the National Telecommunication Monitoring Center, is seeking a contractor for its strategic interception platform project.”
65. Secret CIA Report on Emirates Hijacking: Profile of Turkish Suspect Who Wanted to Travel
The Greek newspaper Proto Thema reported on November 12th that “the alarm stopped sounding, the thriller ended, but somewhere there the mystery began about the person who led to a transient panic, the sudden change of course of two Emirates airline flights. The ground proved fertile, in the last hours, for a rich scenario surrounding the 35-year-old Turkish national who “imposed” a forced return in one case and a suspension of the route in the other, but without ultimately boarding an aircraft himself. Despite initial reports of an Arabic-speaking suspect on the New York-bound flight, the 35-year-old was found outside the airspace. Specifically, he was located at his home, according to an investigation carried out by the authorities, and ultimately he was not arrested as it was found that he lives with a legal permit in Greece. But his profile, even though the alarm has ended, is of particular interest. There are three questions that make up the triptych of the riddle: Why was it found in Greece? Is he associated with any Islamic organisation? What is his profession? According to the report sent by the CIA to the Greek intelligence, the man appears to be deeply Islamist who has some connection with terrorism, the Islamic State in particular. The organisation he is allegedly associated with, in particular, is Daesh, as ISIS is called in Arabic. It is recalled that the initial information referred to an Arab origin onboard the aircraft. Behind the revelation about the man of Turkish origin, who lives and works in Greece, is his roommate , who “pinned” him to the American intelligence services, speaking of a terrorist on the fly who was traveling to the USA to see his family. The 35-year-old received asylum on April 13 in Thessaloniki, while he obtained a legal residence permit on June 1. In recent months he has been working in a software company based in Athens, while in recent years he has been mainly involved in the software engineering industry, developing new skills and automation tests.”
66. Iranian Cyber Espionage Actor Profile: A Muddy, Advanced Persistent Teacher
On November 10th the private security and intelligence firm PwC published this intelligence report. As per its introduction, “on 26th October 2022, the US Department of Treasury issued broad sanctions against Iranian entities including a cyber security company, Ravin Academy, and the two individuals that founded it “for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, the MOIS.” Ravin Academy and its founders have been known to the PwC Threat Intelligence team since early 2020 as having ties to several Iran-based threat actors including Yellow Nix (aka MuddyWater, MERCURY, TA450). We are publishing a portion of our private client reporting in light of the October 2022 indictments. Ravin Academy is an Iranian company incorporated in 2019, that purports to provide cyber security education and training in both defensive and offensive fields. It also conducts vulnerability research, as well as specialized research into “advanced persistent (APT) teams.”2 PwC analysts identified the following incorporation records of Avayeh Hooshmand Ravin. We assess that this is the name that Ravin Academy was incorporated under. These incorporation records list the following corporate appointments. These match the co founders listed on Ravin Academy’s website and in the October 2022 US Treasury sanctions announcement.”
67. United States: CIA Democrats — Abigail Spanberger and Elissa Slotkin — Gain Reelection to Congress, While Anti-CIA Candidate Geoff Young Loses
The Covert Action Magazine published this story on November 9th stating that “two former CIA officers, Abigail Spanberger and Elissa Slotkin, won reelection on Tuesday night, while anti-CIA candidate Geoff Young was defeated in Kentucky’s 6th district. Spanberger, a Democrat, defeated her Republican challenger Yesli Vega with 51.9 percent of the vote in Virginia’s 7th district, while Slotkin, also a Democrat, defeated Tom Barrett, a former army pilot, with 50.8 percent of the vote in Michigan’s 7th district. Young lost to Republican incumbent Andy Barr after receiving 26.3 percent of the vote.” The article concludes that “the popular maxim “once a CIA agent, always a CIA agent” seems to generally fit both Slotkin and Spanberger as they continue to promote the Agency’s interests in Congress in violation of the separation of powers between the executive and legislative branches. The extent to which Spanberger and Slotkin function as actual spies remains uncertain, but these neocons continue to ply their trade by advancing anti-Russian propaganda and other disinformation whose purpose is to ratchet up conflicts with Russia and China and expand the evolution of the United States into a police state.”
68. Turkish MIT Assassinates PKK/YPG Official in Syria
On November 6th it was reported by AA that “according to information obtained from intelligence sources, terrorist Sulayva, who joined the terrorist organisation PKK in 2013, first engaged in terrorist activities in Sinjar, Iraq, and then in Tel Tamir region of Syria. After working as a heavy weapons officer in the Hasakah region of Syria, Sulayva was reassigned to the Rasulayn-Tel Tamir region in 2017. Sulayva, who organised the terrorist acts against the security forces in the Peace Spring Operation carried out by the Turkish Armed Forces in 2019, was tracked by the MIT. After the leaders of the organisation were neutralised in the operations carried out in Ayn Isa, the terrorist Sulayva, who was assigned to this region, was neutralised by the operation organised by the MIT.”
69. Mysterious Initiative for the Return of Former Sudan Spy Chief
On November 8th Sudan Tribune reported that “on Saturday, November 5, 2022, dozens of supporters of the former director of the dissolved National Intelligence and Security Service (NISS) Salah Abdallah Gosh, organized a rally in Meroe city of the Northern state as part of a popular initiative for his return to the country. Eyewitnesses in the area told Sudan Tribune that his supporters launched a campaign calling for Gosh’s return in the city’s market, where they posted his pictures with slogans glorifying him and expressing solidarity. After that the crowd moved into a large hall inside a branch of Omdurman Islamic University in Meroe, chanting slogans linking political reforms to Gosh’s return. The event sheds light on the man who has been in self-imposed exile in Egypt since the fall of Omer al-Bashir’s regime in April 2019. In addition, it has raised many questions about his political future, especially as Islamists accuse him of being behind the overthrow of the Bashir regime.”
70. Australia: Spy Boss Denies She Told MPs to Get Second Phone for TikTok, But Says You Should Anyway
On November 8th The Australian reported that “one of the nation’s top spy chiefs says Australians should consider getting a second phone if they wanted to use social media apps such as TikTok. While Australian Signals Directorate (ASD) boss Rachel Noble denied recommending politicians and their staff should make the switch, she told a Senate estimates hearing that having a phone free of social media was the only way to have “absolute certainty” of data privacy. “Our advice was, frankly, for people who are members of parliament who might be particularly targets of espionage … that if you wanted absolutely certainty that your social media app couldn’t have access to those things … would be to have a second phone which you exclusively use for that,” she said. Earlier this year, it was reported ASD held confidential briefings with politicians and staff to warn them that some apps were undertaking excessive data collection and requesting access to contact lists, location data and photographs. “It’s disappointing that the contents of that private briefing was reported to the media,” Ms Noble said.”
71. Norway Plans Sanctuary for ‘Spy’ Whale Hvaldimir Who Came in From Cold
The Guardian reported on November 6th that “when a beluga whale started to play with Norwegian fishing boats and interact with tourists in 2019, it became an internet sensation. The sociable creature seemed drawn to humans, and they were drawn to him. But Hvaldimir’s story seems to be a sad one; wearing a tight harness stamped with “equipment of St Petersburg”. The media went crazy, with talk of a “spy whale”. Because he seems to be trained by and used to people, he is not functioning well in the wild and is under threat by salmon farmers, conservationists have said, as he spends his time by the nets, eating the fish attracted by the salmon food and annoying fishermen.”
72. Syriatel Employee Reveals the Most Prominent Methods of the Assad Regime to Spy on Syrians
Orient published this exclusive story on November 6th saying that “a former Syriatel employee revealed the most prominent ways that the Assad regime has used to spy on Syrians since the beginning of the revolution, noting that the traditional methods of surveillance from the past, and that the Assad regime has hired Iranian telecommunications experts to develop espionage techniques. It became clear after its establishment of what became known as the (Information Security Branch) in 2011. Speaking to Orient Net, the communications engineer and one of the former employees of Syriatel (Ibrahim Al-Sabbagh) said that the idea of cyber espionage on citizens began with the start of the revolution in 2011, and the entry of Syrians into the field of social communication, as Syrians before the revolution depended only on calls via cellular or land lines of communication with some programs (dating and chatting), which were originally intended for this purpose only and do not support any other feature.” The 5 methods described are: 1) Online HUMINT, 2) Intercepting voice communications, 3) Fake mobile applications, 4) Restriction of services, and 5) Recruiting informants/agents.
73. Israeli Elibit Supplies Alinet EW and SIGINT System to Morocco
This week it was reported by Military Africa that “Israeli Elbit Systems was awarded an approximately $70 million contract in June to supply “Alinet” Electronic Warfare (EW) AND Signal Intelligence (SIGINT) solutions to Morocco in a contract that will be executed over a period of two and a half years. Under the contract, Elbit Systems will provide ground-based EW and Signal Intelligence (SIGINT) units equipped with Electronic Support Measures, Electronic Counter Measures as well as Command and Control systems. These units will generate a comprehensive passive air and ground picture and provide an electronic order of battle, enabling effective responses to both aerial and land-based threats. “As part of the contract, Elbit Systems will supply ground EW and SIGINT units equipped with electronic support means, electronic countermeasures as well as command and control systems. These units will create a comprehensive passive air and ground picture and provide an electronic order of battle, which enables an effective response to both air and ground threats,” the statement said.”
74. Turkey: Interdata Moves Into Interception Market Thanks to Discreet RedEye Acquisition
Intelligence Online reported on November 10th that “Alper Ozbilen’s Turkish defence empire has acquired new interception capacities by integrating Ankara-based provider RedEye into its subsidiary Interdata. This move will allow the company to broaden its range of services.”
75. Israeli Shin Bet Admits Tracking Journalists Using Mobile Phone Data
On November 11th the Middle East Eye reported that “Israel’s security service Shin Bet has been using a database collected from mobile phone companies to monitor the activity of journalists, in both criminal and security-related investigations, according to local media. The information came to light in the state’s response to a petition filed by a civil rights group with the High Court, Haaretz reported on Friday. Using the database, the agency can work out where a journalist is based on their mobile phone location, as well as whom they talked to and for how long, the newspaper said. Under the petition, the Association of Civil Rights in Israel (ACRI) had asked the High Court to remove a clause from the law regulating Shin Bet’s operations that compel mobile phone companies in Israel to provide the agency with information regarding every call or message passing through their operations. The law, which was approved in 2002, regulates the mostly-secret operations of Shin Bet, which are not subject to public oversight. The data collected by the mobile phone companies has been kept by Shin Bet for the last two decades, Haaretz said. Clause 11 of the law says the use of this data is subject to prior approval by the head of Shin Bet, who is required to report to the prime minister and attorney general about such permits every three months, and once a year to the Knesset committee dealing with the agency. Under the petition, the ACRI says the clause includes constitutional errors, since the authorisation determined in it is not explicit and detailed, as required when there is an invasion of privacy, and that such authorisation goes beyond what is required for state security, Haaretz reported. The civil rights group also argues there is no mechanism for protecting people with professional immunity such as journalists, and that the decisions of the Shin Bet chief and the prime minister are not subject to judicial oversight, with insufficient mechanisms for monitoring. Earlier this year, Shin Bet admitted to using spyware to track Palestinians’ mobile phones and sending them threatening text messages during protests in occupied East Jerusalem in May 2021. The revelation came soon after Israeli police admitted using the same tracking system against civilians.”
76. Norway: Russia Claims Exposed Agent is Heroin Smuggler: Asks for His Extradition
On November 12th the Norwegian VG reported that “Russian Sergei Vladimirovich Cherkasov was revealed as a Russian GRU spy in the Netherlands in June. Now the Russians are trying to get him home. The case has several similarities with Russian Mikhail Valeriyevich Mikushin, who is charged with espionage in Norway. Both are accused of being GRU illegals. Both obtained false Brazilian identity and citizenship. Both claimed they had a Brazilian mother and a Portuguese father. They studied at North American universities, before applying to Europe. In reality, they are both revealed as officers in the Russian intelligence service GRU, and part of the country’s hybrid warfare. While Mikushin is in custody in Norway charged with espionage, Cherkasov was immediately returned to Brazil when he arrived in the Netherlands in April. In July this year, he was sentenced to 15 years in prison for identity fraud in Brazil. VG has gained access to documents that show how the Russian authorities are now working to bring Cherkasov home. In the Russian narrative, Cherkasov is not a spy. They claim, however, that he is a wanted heroin trafficker on the run. Investigations carried out by VG and the investigative journalist network Bellingcat show that the story has several weaknesses. Eight days after the Dutch Security Police (AIVD) publicly exposed Cherkasov as a Russian GRU agent, the Russian authorities send a long document to Brazil. Cherkasov is then already in custody in Brazil, but has not yet been sentenced. The document is signed by Russia’s Deputy Attorney General Pior Petrovich Gorodov and sent to Brazil’s Minister of Justice Anderson Gustavo Torres. The Russians nicely ask that Cherkasov be detained — they want to prosecute him for a smuggling case in Moscow that is several years old. If Brazil cannot extradite Chserkasov in connection with the smuggling case, the Russian authorities ask Brazil to consider whether there are grounds for deporting him under the Immigration Act. Over dozens of pages, the Russian authorities claim that Cherkasov is wanted for the sale and smuggling of Afghan heroin “through an organized group and on a particularly large scale” in Russia. The espionage charge is not mentioned in the documents VG has gained access to.”
77. United States: Happy Veterans Day from NRO
To celebrate the United States’ Veterans Day the National Reconnaissance Office (NRO) published this short video on November 11th.
78. Russian Spy Chief’s Son Has a Budapest Home Address. In the Company Property of An Old Friend of Orbán’s Chief of Staff
On November 10th the Hungarian Direkt36 reported that “in one of the most popular shopping streets in downtown Budapest, Deák Ferenc Street, also known as Fashion Street, you can find shops of multiple Western fashion brands — Tommy Hilfiger, Zara Home, COS — which have withdrawn from Russia or suspended their operations after the invasion of Ukraine. A statement from the Swedish company group, which also owns COS, for example, said at the time of the closure of its stores that it was deeply concerned by the tragic developments in Ukraine and stood by those who had suffered. While the majority of Russians would not have access to these fashion and home furnishing brands even if they could afford them, the family of a key figure in the Kremlin’s war machine would only have to walk a few meters to go shopping. Even a few months ago, the registered home address of Andrey Naryshkin, son of Sergey Naryshkin, the head of Russia’s Foreign Intelligence Service (SVR), was in a corner building on Fashion Street, in an apartment in a stylish Bécsi Street house (we do not disclose the exact address due to privacy reasons). This is revealed by a document issued by the Pest County Government Office on June 15, 2022, shared with Direkt36 by Molfar, a Ukrainian open-source intelligence (OSINT) group. Since the invasion of Ukraine, Molfar has been working on investigating hidden Western assets of the Kremlin elite, in addition to uncovering Russian war atrocities. Molfar has commissioned a Greek private investigations agency, Marathon Investigations, which, in the course of its investigations covering several EU countries, found reports that members of the Naryshkin family had obtained residency permits in Hungary under a golden visa scheme that is a source of concern for both national security and corruption reasons. This was previously reported by Direkt36, together with 444.hu and Russian daily Novaya Gazeta. Our research at the time did not reveal exactly where the Naryshkin family settled in Hungary, i.e. where their home address was. Years later, however, the private investigators commissioned by Molfar obtained the document showing the home address by submitting a request to the Hungarian authorities this spring, with the help of a Ukrainian legal consultancy firm called Juscutum. They requested information from Hungarian state registers on Sergey Naryshkin and another senior Russian national security leader, as well as their family members.”
79. Boris Johnson Met with Son of Ex-KGB Oligarch the Day After he was Sanctioned
On November 12th the British Mirror reported this exclusive story saying that “Boris Johnson had a meeting with Russian-born pal Lord Lebedev the day after the media tycoon’s ex-KGB dad was hit by war sanctions in Canada. Since then former spy chief Alexander Lebedev, 62, has faced no such crackdown from British authorities. The rendezvous between the then PM and Evening Standard owner Lord Lebedev last May is said to have been a non-official ‘social meeting’. But the day after it took place Lord Lebedev’s father quit as director of Independent Print Ltd, his only listed UK directorship. The firm provides services for his son’s newspaper. When the May meeting took place, Mr Johnson was already under pressure over claims he overruled Lords authorities to get his friend a seat. And in July it emerged Mr Johnson had met Mr Lebedev Snr while Foreign Secretary in 2018 after the Salisbury poisonings. Mr Johnson insisted the meeting — at his pal’s home in Italy — was social with no need for security staff. The Sunday Mirror understands no officials were at the May meeting with Lord Lebedev. A No10 official insisted it was a social meeting.”
80. Iran’s Information Terrorism and “Opium War” Against Azerbaijan
On November 12th AzeMedia reported that “along with military threats, the Iranian regime continues to use methods of information terrorism against Azerbaijan. Sahar TV, the main broadcaster of the Islamic Republic’s top religious leadership, has recently intensified its attacks on Azerbaijan and its authorities. At the same time, Iranian secret services accuse Azerbaijan of orchestrating the terrorist attack in the city of Shiraz. The Tasnim news agency, affiliated with the Islamic Revolutionary Guard Corps, has also been zealously organizing regular information provocations against Azerbaijan. Let’s start with some background information about Sahar TV, which has been engaged in purposeful subversive work against Azerbaijan for many years. Along with propaganda of Shiism, it systematically ignites social discontent in Azerbaijan, discredits the authorities, and sows the seeds of separatism. The main activity of Sahar, broadcasting in six languages, including Azerbaijani, is aimed at increasing the number of agents of Iranian influence. Suffice it to say that Sahar’s Azerbaijani service was established in 1992, and since then the TV channel has invariably viewed the existence of the independent Republic of Azerbaijan as a threat to the Islamic Republic of Iran. One of the main instruments of propaganda of the Ayatollah regime, broadcasting in English, French, Kurdish, Bosnian, and Farsi, Sahar TV also conducts information terrorism against other countries. In particular, Sahar satellite broadcasts reach the southern districts of Azerbaijan and, unfortunately, exert influence on a certain segment of the country’s population, some members of which consciously collaborate with the secret services of the Islamic Republic, becoming agents of Iranian influence, whom the intelligence services of Azerbaijan regularly track down and isolate from society. While Sahar TV increases the flow of information provocations against Azerbaijan, the media directly linked to the Iranian counterintelligence, Ettela’at, accuse Baku of involvement in the organization of the terrorist attack in Shiraz.”
81. Ukrainian SBU Hacked Internet TV in Crimea for Information Operations Dissemination
According to details published by Pravda Gerashchenko on November 12th, “military counter-intelligence officers of the SBU hacked internet TV in Crimea to remind Russian rashists that war crimes have no statute of limitations.”
82. U.S. Intelligence Report Says Key Gulf Ally Meddled in American Politics
On November 12th the Washington Post released this exclusive story stating that “the United Arab Emirates steered U.S. foreign policy in its favor through a series of legal and illegal exploits, according to an unprecedented U.S. intelligence document. U.S. intelligence officials have compiled a classified report detailing extensive efforts to manipulate the American political system by the United Arab Emirates, an influential, oil-rich nation in the Persian Gulf long considered a close and trusted partner. The activities covered in the report, described to The Washington Post by three people who have read it, include illegal and legal attempts to steer U.S. foreign policy in ways favorable to the Arab autocracy. It reveals the UAE’s bid, spanning multiple U.S. administrations, to exploit the vulnerabilities in American governance, including its reliance on campaign contributions, susceptibility to powerful lobbying firms and lax enforcement of disclosure laws intended to guard against interference by foreign governments, these people said. Each spoke on the condition of anonymity to discuss classified information. The document was compiled by the National Intelligence Council and briefed to top U.S. policymakers in recent weeks to guide their decision-making related to the Middle East and the UAE, which enjoys outsize influence in Washington. The report is remarkable in that it focuses on the influence operations of a friendly nation rather than an adversarial power such as Russia, China or Iran. It is also uncommon for a U.S. intelligence product to closely examine interactions involving U.S. officials given its mandate to focus on foreign threats. “The U.S. intelligence community generally stays clear of anything that could be interpreted as studying American domestic politics,” said Bruce Riedel, a senior fellow at the Brookings Institution who served on the National Intelligence Council in the 1990s. “Doing something like this on a friendly power is also unique. It’s a sign that the U.S. intelligence community is willing to take on new challenges,” he said. Lauren Frost, a spokeswoman at the Office of the Director of National Intelligence, declined to comment when asked about the report.”
83. Use of Pegasus Spyware in ‘Catalan Gate’ Not Justified, Says EU Parliament
On November 9th the EUractiv reported that “the government’s use of the Pegasus Spyware against pro-independence Catalan politicians was not justified as there was no threat to the country’s security, a preliminary report drafted by the European Parliament found. According to the report published Tuesday “it is not possible to establish” an alleged threat to national security invoked by the Spanish government to justify the use of the Pegasus spyware against pro-independence Catalan politicians. The document is a first version of the conclusions reached by the Parliamentary Committee on the use of Pegasus, drafted by Dutch Liberal MEP Sophie in ‘t Veld. However, the draft will be amended, as some Spanish members of her own liberal group (Ciudadanos/Citizens) do not feel “comfortable” with the tone of the text, sources in the Spanish parliamentary group told EFE. The text highlights the scandal dubbed “CatalanGate” and also the spying on Spain’s Prime Minister, Pedro Sánchez, and two of his ministers. Spain is one of the five member states, along with Greece, Cyprus, Poland and Hungary, that has its own specific chapter in the report. The Spanish section, which attributes the spying case to the Spanish and Moroccan governments, assesses factors such as the Spanish legal framework and the responsibility of the Spanish National Intelligence Centre and the scrutiny of its activity and warns that certain legal safeguards to the right to privacy of communications in Spain date from a time when surveillance was much less advanced than it is today.”
84. ‘Dark Ships’ Emerge From the Shadows of the Nord Stream Mystery
On November 11th the Wired reported that “according to the analysis by satellite data monitoring firm SpaceKnow, the two “dark ships,” each measuring around 95 to 130 meters long, passed within several miles of the Nord Stream 2 leak sites. “We have detected some dark ships, meaning vessels that were of a significant size, that were passing through that area of interest,” says Jerry Javornicky, the CEO and cofounder of SpaceKnow. “They had their beacons off, meaning there was no information about their movement, and they were trying to keep their location information and general information hidden from the world,” Javornicky adds. The discovery, which was made by analyzing images from multiple satellites, is likely to further increase speculation about the cause of the blasts. Multiple countries investigating the incident believe the Nord Stream 1 and 2 pipelines were rocked by a series of explosions, with many suspicions directed at Russia as its full-scale invasion of Ukraine continues. (Russia has denied its involvement.) Once SpaceKnow identified the ships, it reported its findings to officials at NATO, who are investigating the Nord Stream incidents. Javornicky says NATO officials asked the company to provide more information. NATO spokesperson Oana Lungescu says it does not comment on the “details of our support or the sources used” but confirmed that NATO believes the incident was a “deliberate and irresponsible act of sabotage” and it has increased its presence in the Baltic and North Seas. However, a NATO official, who did not have permission to speak publicly, confirmed to WIRED that NATO had received SpaceKnow’s data and said satellite imagery can prove useful for its investigations.”
85. United States: Internal Documents Show How Close the F.B.I. Came to Deploying Spyware
On November 12th the New York Times reported that “during a closed-door session with lawmakers last December, Christopher A. Wray, the director of the F.B.I., was asked whether the bureau had ever purchased and used Pegasus, the hacking tool that penetrates mobile phones and extracts their contents. Mr. Wray acknowledged that the F.B.I. had bought a license for Pegasus, but only for research and development. “To be able to figure out how bad guys could use it, for example,” he told Senator Ron Wyden, Democrat of Oregon, according to a transcript of the hearing that was recently declassified. But dozens of internal F.B.I. documents and court records tell a different story. The documents, produced in response to a Freedom of Information Act lawsuit brought by The New York Times against the bureau, show that F.B.I. officials made a push in late 2020 and the first half of 2021 to deploy the hacking tools — made by the Israeli spyware firm NSO — in its own criminal investigations. The officials developed advanced plans to brief the bureau’s leadership, and drew up guidelines for federal prosecutors about how the F.B.I.’s use of hacking tools would need to be disclosed during criminal proceedings. It is unclear how the bureau was contemplating using Pegasus, and whether it was considering hacking the phones of American citizens, foreigners or both. In January, The Times revealed that F.B.I. officials had also tested the NSO tool Phantom, a version of Pegasus capable of hacking phones with U.S. numbers. The F.B.I. eventually decided not to deploy Pegasus in criminal investigations in July 2021, amid a flurry of stories about how the hacking tool had been abused by governments across the globe. But the documents offer a glimpse at how the U.S. government — over two presidential administrations — wrestled with the promise and peril of a powerful cyberweapon. And, despite the F.B.I. decision not to use Pegasus, court documents indicate the bureau remains interested in potentially using spyware in future investigations.”
86. Sweden: The Spy Was Hunted for Years — May Have Sold Out Säpo’s Entire Personnel List
Following this week’s story #7 local media in Sweden reported that “the Security Service suspected for years that there was a mole at the heart of the intelligence service — but they failed to stop the spying. Now Peyman Kia, 42, and his brother Payam Kia, 35, are accused of selling defence secrets to a Russian contact in exchange for dollars and gold. It appears from the investigation that Russia is suspected of having obtained quantities of top-secret reports — and Säpo’s entire personnel list.” Based on this report, the two agents were using Uppsala public toilets as dead drop locations to pass USB drives with classified information to their Russian GRU handler.
