SPY NEWS: 2022 — Week 46

Summary of the espionage-related news stories for the Week 46 (November 13–19) of 2022.

1. Greece: How and With Whom Did the Ministry of Digital Governance of K. Pierrakakis Create a “Parallel EYP” for the Predator

This week there were three investigative journalism articles from Greece sheeding more light into the recent spy scandal. The first is from ProNews stating that “many questions are now being raised about a certain person in Kyriakos Pierrakakis’ Ministry of Digital Governance, who had financed the purchase of part or the whole “package” of the Predator espionage software, investigations are now being carried out on the key people who played a role in the KETYAK project of 40 million joined the Recovery Fund in 2021 for the creation of the “shadow electronic EYP”. This person is Thomas Dombridis , an executive of the Ministry of Defence from 2002 to 2020, who was appointed head of cyber security of the Ministry of Defence in 2017 during the administration of G. Roubatis, but in 2020, he was now moved to the Ministry of Digital Governance. If there is something strong that unites Thomas Dombridis with Roubatis and Pierrakakis, it is their political origin: the “Papandreian” and “Semitic” PASOK. Which survives “horizontally” in the midst of SYRIZA and ND administrations. In his CV, he artfully hides the fact that he served in the Ministry of Internal Affairs for 18 years. From his current position, however, he signed the financing of Predator: “Head of the General Directorate of Cyber ​​Security of the Ministry of Digital Governance (National Cyber ​​Security Authority)”. It states that “Between 2009–20 he was the head of the National CERT”. Something that they don’t remember him as the head of the Directorate V of the EYP.” The second article is from Reporters United stating that “wiretapping: All the identities of Yannis Lavranos — Faced with the findings of the EfSyn — Reporters United investigation, Yiannis Lavranos, the businessman whom the government is trying to hide from the public eye, speaks for the first time and gives answers about his relations with Maximou. — The connections of the businessman with the former general secretary of the government Grigoris Dimitriadis and the ministers Kyriakos Pierrakakis and Nikos Panagiotopoulos — The invisible aspects of his business activity: Two plus one fake identities.” And the third release uncovered the identities of 38 people that were under covert surveillance using Predator.

2. Germany Warns Its Delegation of Egyptian Spies at COP27

On November 13th Reuters reported that “German federal police have warned their nation’s delegation at the COP27 environmental summit in Egypt that its members may be subject to spying by Egyptian security agents, three people with knowledge of the matter said. In an email sent on Saturday, the police, known in Germany as the BKA, warned delegates of “overt and covert surveillance through photography and videography” by Egyptian agents, said one of the people quoting from the email. Reuters did not view the email sent by the police. Two other officials in Germany confirmed the existence of the warning, though they declined to elaborate on its specific wording. There was no immediate response to requests for comment from Egypt’s COP27 presidency or the state information service, which handles relations with foreign media. A spokesperson for the German police declined to comment.” This is a follow up from last week’s story #63.

3. Russian SVR: The Second Life of MI6 Officer George Blake

The Foreign Intelligence Service (SVR) of Russia published two articles recently. The first is a video for the 100th anniversary of J. Blake (1922–2020) who was an MI6 intelligence officer and was recruited as a double agent by the KGB, and later Russia’s SVR. The second post states that “in 1956, at the time when the Soviet delegation headed by Nikita Khrushchev arrived in London for negotiations, a secret tunnel was accidentally discovered in the Soviet sector of Berlin leading from the Western sector directly to the communication cable of our group of troops. It turns out that this is the fruit of a joint special operation by the US and British intelligence — the CIA and MI6. A major international scandal is brewing. But no one could even imagine that Moscow knew about the top-secret tunnel even before the start of its construction. And the “accidental” discovery was in fact carefully planned and staged by the Soviet intelligence services. Who warned the USSR about the impending special operation? What role did this man play in the work of Soviet intelligence? And why did he get 42 years in prison? Watch the new release of the X-Files with Andrey Lugovoi program on the Zvezda TV channel.”

4. Podcast: Spycraft 101: Demoralize and Deceive: OSS Psychological Warfare with Ann Todd

On November 13th the Spycraft 101 published a new podcast episode. As per its description, “this week, Justin sits down with historian and author Ann Todd. From working at the National Museum of the Marine Corps in Quantico, Virginia, to writing and consulting for the National Geographic Society and giving presentations for the National Park Service on the history of the OSS, Ann is an expert. Ann joins us today to discuss OSS action in the “forgotten theater” of WWII, China-Burma-India, as well as the people who made it possible. Principally, Elizabeth “Betty” P. McIntosh and her black propaganda operations to blackmail and demoralize the enemy in an incredible display of psychological warfare.”

5. UK: Russian Spy Ship Off Scottish Coast

UK Defence Journal reported on November 13th that “the Russian spy ship ‘Admiral Vladimirskiy’ is off the eastern coast of Scotland heading south.
The vessel, designed to conduct underwater scientific research, left the Baltic Sea earlier this month. According to the blog PlentyofShips, the Admiral Vladmirskiy is the sole survivor of a six unit class of large scientific vessels known as Expeditionary Oceanographic Ships (EOS). “Admiral Vladimirskiy is a very capable scientific vessel particularly in regard to underwater scientific research. Whilst not owned or operated by the highly secretive underwater surveillance & warfare unit known as the Main Directorate for Deep Sea Research (GUGI) or the PP Shirshov Institute of Oceanology whose vessels regularly collect underwater intelligence particularly near underwater cables, the Admiral Vladimirskiy’s scientific data collection is highly likely used to supplement intelligence gleaned by the GUGI & PP Shirshov scientific fleets & could be used for future surveillance mission planning. Admiral Vladimirskiy’s future tasking is unknown at this time.”.”

6. China’s Phantom Police Station in Paris Keeps Watch on Taiwanese

Intelligence Online reported on November 14th that “the work of a parish, and of a cultural centre, both very close to Taipei’s government, is forcing the Chinese Communist Party to take a close look at Paris’s Chinatown.” The article states that this is located at “Notre Dame de Chine parish, at 27 avenue de Choisy in the 13th arrondissement of Paris.”

7. Documentary: Mossad Assassination, Destroy, Espionage Without a Trace

On November 14th the RedFox YouTube channel published this documentary with its description saying that this “documentary produced by Fox tells the most prominent details of the Israeli Mossad, which specializes in intelligence work outside the borders and is responsible for dozens of assassinations around the world.”

8. Whistleblower: Spyware Helps the Mafia Rule in Cyprus

On November 13th the Matrice Digitale reported that “a Cypriot whistleblower and former aide to President Nikos Anastasiades accused the EU country’s authorities of engaging in surveillance activities for the benefit of powerful Russians, something the president vehemently denies. Makarios Drousiotis, who now works as a journalist, served as an assistant to Anastasiades and later worked for Commissioner Christos Stylianides until the latter’s mandate expired in 2019. Drousiotis said authorities used digital surveillance and eavesdropping techniques. and that he was personally targeted, including during his time with the Commission. EURACTIV contacted the office of President Anastasiades, who called the allegations “baseless accusations” and added that he had nothing to say other than “to express utter contempt for yellow junk journalism and malicious lies.” Interviewed by EURACTIV, Drousiotis stated that her phone and his computer were hacked in 2018, while he was still working for Stylianides at the Commission. At the time he had also started a private corruption research project in Cyprus, focusing on the links between Anastasiades and the powerful Russian businessman Dmitri Rybolovlev.”

9. China, Iran Use Private Investigators to Spy On, Oppress US Dissidents

The Jerusalem Post reported on November 14th that “authoritarian regimes like Iran and China have found a new way to spy on dissidents living abroad in Western democracies like the US: Hiring private detectives. This information, first reported in The New York Times, builds off several previous instances and reports on how Tehran and Beijing have used private investigators to reach across the world and have access to dissident voices against their regimes. China and Iran have a history of setting up espionage networks in the US, often focusing on national security targets or on individual dissidents. China in particular has been accused of trying to access American technology and push Chinese interests in the US. However, there is also an apparent concerted effort to try and silence dissenting voices, even in the US. In one example from July 2022, Department of Homeland Security employee Craig Miller and retired DHS agent turned private investigator Derrick Taylor were arrested and charged by the US Justice Department for their role in a Chinese plot of “transnational repression” to silence dissidents. This was made possible by Taylor allegedly spying on dissidents and gathering and disseminating negative information gained from law enforcement databases.” And it continues that “in another case from July 2021, Iranian nationals were indicted on a plot to try and kidnap Iranian dissident journalist and human rights activist Masih Alinejad living in the Brooklyn. This was also done with the help of private investigators, who gathered information that they would use for their planned kidnapping. In this case, one of the private investigators hired by Iranian intelligence, 71-year-old Michael McKeever, was simply told that he was to monitor a woman identified as a missing person from Dubai who fled to avoid paying back debt, as described by The New York Times.”

10. Hamas Emerges as Newest Cyber Espionage Powerhouse

The Jewish Voice reported on November 13th that “the Iran-backed Hamas terror group is investing great resources in its cyber espionage capabilities, opening an increasingly dangerous front in its war against Israel, according to a new report. “Hamas has demonstrated steady improvement in its cyber capabilities and operations over time, especially in its espionage operations against internal and external targets,” the Atlantic Council think tank said in a report this week. “The group’s burgeoning cyber capabilities, alongside its propaganda tactics, pose a threat to Israel, the Palestinian Authority, and U.S. interests in the region — especially in tandem with the group’s capacities to fund, organize, inspire, and execute kinetic attacks.” While Hamas is well-known for its deadly terror strikes on Israel, the group is putting an increased emphasis on its virtual attack networks, which should not be underestimated, according to the report. “It comes as a surprise to many security experts that Hamas — chronically plagued by electricity shortages in the Gaza Strip, with an average of just 10 to 12 hours of electricity per day — even possesses cyber capabilities,” the Atlantic Council said. Cyber espionage campaigns allow Hamas to wage outsized influence on its enemies, particularly Israel. Hack attacks orchestrated by Hamas in recent years have exposed Israeli military secrets and infiltrated the country’s law enforcement apparatus, highlighting the danger the terror group poses in the virtual world.”

11. South Korea: Military Intelligence Unit Adds New Areas of Responsibilities for Defence Technology Protection

On November 14th Yonhap News Agency reported that “a key South Korean military intelligence unit will be given additional areas of responsibilities, such as cybersecurity, to better protect the country’s defense technologies, the defense ministry said Monday. The ministry put on public notice a revision to a decree governing the operation of the Defense Counterintelligence Command (DCC), as it has been striving to shield the arms industry from potential technology thefts, cyberattacks and other threats. Under the revision, the DCC will undertake four additional defense areas — cyberspace, encryption, electromagnetic waves and satellites — as the current DCC decree does not specify those areas, according to the ministry. “We have taken into account the fact that the spectrum of security tasks has recently been going beyond the traditional domains, such as facilities, documents and conventional information and communications, to include cyber and outer space,” the ministry said in a press release.”

12. Review of the Canadian Forces National Counter-Intelligence Unit

On November 15th the Canadian National Security and Intelligence Review Agency (NSIRA) published the “Review of the Canadian Forces National Counter-Intelligence Unit” which was a previously classified as secret report from December 2020. The overview says that “this review focused on one aspect of the Department of National Defence / Canadian Armed Force’s (DND/CAF) intelligence activities: The Canadian Forces National Counter-Intelligence Unit (CFNCIU, or the Unit). The review was selected given that it is consistent with NSIRA’s emphasis on conducting a series of safeguarding reviews over the next few years. The review examined CFNCIU’s domestic efforts at investigating Counter Intelligence (Cl) threats posed to DND/CAF, the rationale used by CFNCIU for justifying investigations, and the associated activities that transpire once this determination is made. NSIRA reviewed the Unit’s case files, interviewed CFNCIUFIQ staff, detachment investigators and other internal stakeholders, as well as key senior officers with the aim of understanding CFNCIU’s contribution to Cl and insider-threat scenarios within DND/CAF. Based on the assessment of this information, NSIRA made several findings and recommendations to improve how intelligence is derived from investigations and conveyed to government decision-makers. It is important to note that since inception of the Unit in 1997, the CFNCIU has been the subject of ten internal studies, each of which have identified the Unit as having suffered from resource and policy limitations (among others), resulting in an inability to fully meet its mandate. This review does not significantly depart from these previous assessments.”

13. Iran and Hezbollah’s Espionage and Terrorist Activities in Scandinavia

On November 13th the Alma Research & Education Centre published this article saying that “against the background of the negotiations between Iran and the world powers regarding the nuclear issue and the fear that billions of dollars transferred to the Iranians will be channeled to the intelligence and terrorist activities of their proxies, there is concern about the nature and scope of Iran’s activity in Europe. Already today, the radical Shiite axis led by Iran in Europe performs an extensive activity of this nature. This activity is based on civilian infrastructures, such as associations and religious centers. These infrastructures are a potential platform for terrorist activity on European soil. Iran conducts these activities through a single, cross-border community to which Shi’ites supporting its radical ideology belong. Its target audience is Shiites in general, and sometimes even Sunnis are pinpointed as those who can be influenced to behave according to Iranian ideology. The common intent of all Iran’s allies and proxies is to advocate and aspire to implement the export of the radical Shi’ite Islamic revolution worldwide. All the activity appears to be conducted under a large umbrella organization called Ahlul Bayt, which was established by Iran’s Supreme Leader Khamenei in 1990.”

14. Greek EYP Agent Exposed Covertly Attending Scientific Conference

On November 14th Greek Macedonia newspaper reported that “the 1st Panhellenic Scientific Conference organised by the Scientific Society for the Study of the Vlach Culture, with the theme “The Vlachs of Greece, Identity and Otherness in space and time” was under covert surveillance of the EYP. The conference included a number of presentations by scientists dealing with the area of ​​Vlach culture, while its proceedings were broadcast live on YouTube and social networks. Despite this, it seems that during the entire duration of the work, EYP employees were present in the work room. After all, the complaint was made by the Professor of the University of Ioannina, Vassilis Nitsiakos, from the stage of the conference and closing the proceedings. Earlier, Vassilis Nitsiakos emphasized the value of the participation of scientists and criticised the underground war that the Scientific Society received from various paracentres. He did not directly denounce the presence of an EYP person in the conference hall and, looking towards them, he called them to leave while some of those present shouted “shame”. It seems literally incredible for the Greece of 2022 that a scientific event would be put under covert surveillance of the National Intelligence Service. “There are also people from EYP here and they will listen to them. We did live streaming but EYP sent people here that we pay as tax payers when they could be at home listening… The EYP gentleman who is here should get up and leave now. … The gentleman should leave… He is also of Vlach origin… He should get up and leave. Its a shame. That’s why we pay you, to come and watch us on a program that is live streaming. We live in a bourgeois democracy, in a liberal system. This gentleman cannot be here and eavesdrop on the chats. Panhellenic people will hear this,” said the Professor of the University of Ioannina.”

15. Ukrainian SBU Detained Russian Agent in Kharkiv

On November 14th Ukraine’s Security Service (SBU) announced that they “detained a Russian agent who “surrendered” the positions of the Ukrainian Air Defence Forces in the Kharkiv region. Cyber ​​specialists of the Security Service exposed another enemy adjuster in the east of our country. As a result of the investigative and operational actions in Kharkiv, an accomplice of the Rashists was detained, who passed on intelligence to the aggressor about the deployment and movement of Ukrainian troops in the territory of the region. Among the main objectives of his reconnaissance and subversive activities was the identification of probable combat positions of the air defence of the Armed Forces in the eastern direction. The occupiers used the received intelligence to prepare and carry out targeted missile strikes on Ukrainian sites. According to the investigation, the detainee is a resident of the Saltivskyi housing estate — one of the most affected by enemy shelling in the Kharkiv region. In the summer of this year, he began to look for ways to “exit” the invaders to help in the war against Ukraine through social networks. To do this, he published information on the places of temporary bases of units of the Defence Forces on social networks. It was established that, after the attacker published sensitive information, the “opened” positions of the Ukrainian Air Defence Forces were targeted five times by the enemy.”

16. New Cyber Espionage Operation Using Palestine as a Lure

On November 14th the RedDrip Team discovered and disclosed technical indicators of a previously unknown cyber espionage operation. The operation involved a lure document titled “The national role of the revolutionary and national councils in confronting the plans for liquidation and Judaization.” If opened, it was covertly installing a custom cyber espionage software implant. The operation was attributed to an actor dubbed as ARIDVIPER which is reportedly a Middle East-based entity, likely a Hamas-operated group from the region of Gaza.

17. Video: Spycameras: The Tessina 35mm Subminiature Camera

On November 13th the Spycamerasaurus published a new video. As per its description, “the Tessina is probably the smallest half-frame 35mm camera being a diminutive 2 1/2 x 2 x 1 inch (69 x 56 x 27mm) and weighing only 5 oz (166g). It uses 16.5" (41cm) lengths of standard 35mm film and so film options are extensive. It produces a frame size of 14x21 mm, larger than most other subminiature formats but in a camera smaller than most 16mm cameras. It is a twin-lens reflex with pop-up viewfinder and a clockwork motor drive designed for waist-level inconspicuous photography. It has been in production since the late 1950s. It was designed and patented by Dr. Rudolph Steineck. The camera was manufactured by the Siegrist Company in Grenchen, Switzerland. Before switching to production of the Tessina, the company had manufactured and supplied small precision parts to the Swiss watch industry amongst others. Accordingly, the high quality that Swiss watches are renowned for was reflected in the construction of the Tessina. Over 400 micro parts were used and small rubies were used to prevent wear in moving parts. There are three models of Tessina; the original ‘35’, the ‘L’ and the Automatic. The original has X, F, and M synch; the L and the Automatic have X and M synchronization, and a standard PC flash connector. The other differences is that the L has larger grooves on the shutter wheel to mate to the optional exposure meter. Most are finished in bright ‘chrome’ stainless steel or brushed aluminium, but a few are finished in red, gold or black. Two versions of the black finish are found. One has a soft finish and the front and back are brushed aluminium. The other has a crackle surface including front and back. These coloured versions fetch a healthy premium in price. Even rarer is the “silent” Tessina, intended for clandestine work, fitted with a Teflon disc to apply friction to the gears, reducing the noise of the built-in spring drive. For complete silence a noise free version without spring drive was available. Used by the CIA, the East German STASI and the KGB, the Tessina has been evidenced as used in concealments such as cigarette packets or glasses cases.”

18. UK: MI5 Director General Ken McCallum Gives Annual Threat Update

On November 16th Britain’s MI5 Director-General, Ken McCallum, announced the annual threat update. It starts by stating that “today, I’ll give our annual public update on the threats the UK is facing, and what MI5, with partners, is doing about them. No-one should be under any illusion about the breadth and variety of the threats we face in 2022: 1) We’ve seen Putin’s illegal invasion of Ukraine bringing war to Europe — raising national security questions many thought consigned to the history books. 2) We’re seeing an increasingly assertive Chinese Communist Party using overt and covert pressure to bend other countries to its will. 3) Instability in Iran is bringing real-world consequences here. 4) We’re still contending with transnational terrorist groups that are down but definitely not out. 5) As well as the wicked problem of self-initiated lone actor terrorists, fiendishly hard to detect and disrupt.”

19. French Intelligence Increasingly Mobilised Against Cults

On November 17th Intelligence Online reported that “cult-like organisations have grown more and more active since the start of the Covid-19 pandemic. As a result, French anti-cult agency MIVILUDES, now under the authority of the interior ministry, is increasingly collaborating with the intelligence community.”

20. Crypto Museum: vIPer Universal Secure Phone

This week the Netherlands-based Crypto Museum published a new page for vIPer. As per its introduction, “Sectéra vIPer, also known as V·IP·ER, is a universal secure telephone set for connection to VoIP and analogue (PSTN) networks, developed around 2010 by General Dynamics in Fairfax (Virginia, USA). It can be used for secure (NSA Type 1) as well as non-secure phone calls, and offers SCIP compatibility. Unlike earlier secure phones, like STE and STU-III , it does not need a crypto card or Crypto Ignition Key (CIK). It is the only NSA certified secure VoIP phone available today (2022).”

21. Podcast: SpyCast: “Trafficking Data: The Digital Struggle — with China” with Aynne Kokas

The International Spy Museum’s SpyCast podcast published a new episode on November 15th. As per its description, “this week’s guest is Aynne Kokas, author of the new book Trafficking Data. With huge increases in literacy and the information revolution brought, we are in a technologically enabled world of data overload. This data, of course, can be harvested for intelligence insights by intelligence agencies. Aynne helps us prise apart how the data we generate is used, misused, or abused in the context of the relationship between the US and China. Aynne is an Associate Professor of Media Studies at the University of Virginia. For over twenty years she has researched the US and Chinese as a consultant, professor, Fulbright scholar, and employee of Fortune 500 companies. She is also the author of the award-winning book Hollywood Made in China.” The intelligence topics covered are: 1) Tik-Tok and Chinese intelligence, 2) Silicon Valley and Big Tech’s role in the data wars, 3) The intelligence struggle between the world’s two largest economies, and 4) How to secure your data or your companies.

22. United States CIA: Defence Department Reunites a CIA Officer’s Family with Long-Lost Relative

On November 16th the United States Central Intelligence Agency (CIA) published this article stating that the “CIA is proud to share a story about the U.S. military’s steadfast efforts to reunite the remains of a fallen World War II hero with his family — including a great-niece who serves as one of the Agency’s representatives to the Department of Defense.” The article continues that “For Noëlle, a seasoned CIA officer, working with DOD has been rewarding on many levels. She occasionally passes through the POW/MIA Corridor as she walks the halls of the Pentagon making vital connections between CIA and DOD. In these moments, she remembers Uncle Al, her great-uncle, whose remains were recovered by DOD in 2006, 63 years after he was killed during WWII.”

23. Azerbaijani State Security Service Announces Disclosure of ‘Iranian Spy Network’

AM News reported on November 14th that “according to Azerbaijani media reports, “The State Security Service managed to establish that the captain of the Caspian Marine Oil Fleet vessel Zahir Askerov, receiving a religious education in Qom, entered into secret cooperation with representatives of the Iranian secret services. During the past period Askerov collected information on foreign companies and representative offices of foreign states in Azerbaijan, on the place and time of naval exercises in the Caspian Sea, on the cargoes delivered to oil platforms, passing the mentioned information through a cell phone and directly during meetings with his curators in Iran. Another investigation revealed that citizen Elnur Rasulov, while in Iran in 2018, arranged for secret cooperation with Iranian intelligence services through two handlers who introduced themselves as “Meise” and “Doctor.” Rasulov further involved his relative, Arif Rasulov, and together with him, through WhatsApp, photographed oil and gas pipeline sites in the Garadagh district of Baku, drones of the Defense Ministry and the State Border Service (SBS) at the airport, territory where tanks and various military equipment were stored at the Technofest festival in Baku, strategic and military facilities, anti-aircraft missile complexes, as well as other radar control facilities located in Baku, as well as in Salyan and Fizuli districts. It was also found that another citizen of Azerbaijan, Bakhtiyar Aghazadeh was recruited by the Iranian special services while receiving a religious education in that country. At the request of his handlers Aghazadeh collected information on the missions of foreign states in Azerbaijan, the social and political processes taking place in the country, the military units, their deployment and appointments, including the command staff, and passed it on to the Iranian special services. Citizen Mirhafiz Jafarzadeh, fulfilling the instructions of Orhan Mammadov, who has been on the international wanted list since 2018 and is now in hiding in Iran, transmitted the location of military installations and other information to the Iranian intelligence services via Telegram. Zahir Askerov, Elnur Rasulov, Arif Rasulov, Mirhafiz Jafarzadeh and Bakhtiyar Aghazadeh were prosecuted under Article 274 (high treason) and arrested by court order. The investigation revealed that Tohid Ibrahimbeyli, Orhan Mammadov, Elshad Hajiyev and others, acting on the orders of the Iranian secret services and hiding in Iran from criminal prosecution, created closed groups called “Discussions” and “Advertisements” in WhatsApp messenger, attracting Azerbaijani citizens there, and spread through these groups radical, religious-extremist ideas, contrary to the internationally recognized human rights, contrary to the Constitution of the Republic of Azerbaijan, intended to create a religious state in Azerbaijan.”

24. United States CIA Chief Meets Putin’s Spy Chief, Warns Against Nuclear Weapons

The Voice of America (VOA) reported on November 14th that “U.S. Central Intelligence Agency Director William Burns is in Turkey to deliver a message to President Vladimir Putin’s foreign spy chief about the consequences of a potential Russian use of nuclear weapons, a White House spokesperson said. In the first known high-level face-to-face U.S.-Russian contact since Putin’s Feb. 24 invasion of Ukraine, Burns was in Ankara on Monday to meet Sergei Naryshkin, head of Russia’s SVR foreign intelligence service. “He is not conducting negotiations of any kind. He is not discussing settlement of the war in Ukraine,” said the spokesperson, speaking on condition of anonymity. “He is conveying a message on the consequences of the use of nuclear weapons by Russia, and the risks of escalation to strategic stability,” the spokesperson said. “He will also raise the cases of unjustly detained US citizens.” Burns, a former U.S. ambassador to Russia who was sent to Moscow in late 2021 by U.S. President Joe Biden to caution Putin about the troop buildup around Ukraine, is not discussing a potential settlement to the war in Ukraine, the spokesperson said.”

25. Video: The Spy Network: Delta Force First Ever Mission in Panama to Save a CIA Spy

On November 17th the Spy Network published a new video. As per its description, “it is The 20th of December, 1989. Kurt Muse, an American spy needs to be rescued from the Carcel Modelo Prison, in Panama. There is only one unit capable of breaking this precious American asset free out of his cell, the operatives of Delta Force. What otherwise would have meant the death of Kurt Muse, has been dubbed as operation Acid Gambit, part of Operation Just Cause, and it quickly became a mission the operators would never forget.”

26. Somalia: Farmajo’s Ex-Spy Chief Fahad Yasin Plots His Comeback from Ankara, Turkey

The Africa Intelligence reported on November 14th that “less than six months after Farmajo’s presidential election defeat, his intelligence chief is angling to return to the Villa Somalia alongside his former boss as soon as he can.”

27. Morocco: Hermes 900 UAS Selected for Surveillance & SIGINT

Following week 45 story #73 about Moroccan intelligence allegedly obtaining Israeli Elbit Systems SIGINT UAV capabilities, this week Unmanned Systems Technology reported that “Elbit Systems has confirmed that it has been awarded a contract valued at $72 million to supply Hermes 900 Unmanned Aircraft Systems (UAS) and training capabilities to an international customer. The contract will be performed over a two-year period. Under the contract, Elbit Systems will supply Hermes 900 UAS equipped with the SkEye Wide Area Persistent Surveillance system, SPECTRO XR multi-spectral Electro-Optical payload, Satellite Communication, Signal Intelligence (SIGINT) payloads and additional capabilities. The Hermes 900 UAS has been selected to-date by more than 15 customers, attesting to the system’s successful combination of technological sophistication, reliability, open architecture and a solid growth path. Yoram Shmuely, General Manager of Elbit Systems Aerospace, commented: “This contract is another vote of confidence in the Hermes family of UAS. We are witnessing growing demand around the globe for our unmanned solutions that are capable of effective integration with manned forces to address the rapidly evolving threats in all domains of operation.”.”

28. Turkish Embassy Police Spied in Greek Cities of Athens and Thessaloniki, Secret Document Reveals

The Nordic Monitor reported on November 16th that “a police liaison officer assigned to the Turkish embassy in Athens ran a covert operation to collect intelligence in Athens and Thessaloniki, a secret Turkish government document obtained by Nordic Monitor has revealed. The document, sent by the Security General Directorate (Emniyet) on September 2, 2020 to nearly a dozen provincial police departments, said the Turkish Foreign Ministry had passed on intelligence gathered by a police officer who works at the Turkish embassy. The communiqué, classified as secret, mentioned six business establishments in Athens and Thessaloniki and 13 residents who are allegedly linked to the Gülen movement, a group critical of the government of Turkish President Recep Tayyip Erdoğan. The people who were spied on were owners and operators of various businesses including a restaurant, a market, a real estate brokerage and a rental a car agency. In some cases, spouses of the owners were also targeted. The document noted that the intelligence was part of a broader clandestine operation launched by the Turkish government in Greece to identify targets from the Gülen group, confirming that multiple agencies were involved in spying in a foreign territory. The spying activity shows that the Erdoğan government not only disregards the law in a NATO ally — a neighboring country — by engaging aggressive spying activities but also does not feel bound by Turkish laws that prohibit Turkish police from carrying out such work.”

29. Espionage Case Leads a Moroccan in Germany to Arrest

Agadir24 reported on November 15th that “yesterday, Monday, November 14, the German authorities in the Cologne region arrested a man of Moroccan nationality, suspected of being a “spy for his country’s intelligence agency.” The German Public Prosecutor levelled various accusations against the arrested man, including “undertaking to the Moroccan intelligence service, between April 2021 and March 2022, to spy on protesting supporters in Germany.” The age of the arrested man was not disclosed, and the prosecution confirmed that he had “already transferred information about some people to his country’s intelligence,” noting that “his residence was searched and some items were seized.” This, and the concerned person was presented to an investigation judge, where it was decided to keep him in pre-trial detention.”

30. Worker at Canada’s Largest Electricity Producer Charged with Spying for China

On November 15th Reuters reported that “an employee at Canada’s largest electricity producer Hydro-Quebec who was involved in researching battery materials has been charged with espionage for allegedly trying to steal trade secrets to benefit China, Canadian police said on Monday. Chinese-Canadian relations have been choppy in recent years, with both sides accusing each other of industrial espionage. Earlier this month, Canada ordered three Chinese companies to divest their investments in Canadian critical minerals, citing national security. Yuesheng Wang, 35, who worked at the state-owned firm as a researcher in battery materials, will appear on Tuesday in court in Longueuil, Quebec, police said in a statement. He is to face four charges including obtaining trade secrets, unauthorized computer use, fraud for obtaining trade secrets, and breach of trust by public officer, it said. “While employed by Hydro-Quebec, Mr. Wang allegedly obtained trade secrets to benefit the People’s Republic of China (PRC), to the detriment of Canada’s economic interests,” the Royal Canadian Mounted Police said. Wang, who is from Candiac in the province of Quebec, allegedly committed the crimes at the electricity utility from February 2018 to October 2022. An RCMP special national security unit began investigating in August, police said. Wang worked for a Hydro-Quebec research unit devoted to developing battery materials that has teamed up with industry players including the U.S. Army Research Laboratory. He started working there in 2016 and was fired this month, the company said.”

31. United Arab Emirates: Mohammed Bin Rashid Space Centre Steers Third SAR Satellite Project

Intelligence Online reported on November 14th that “the Mohammed Bin Rashid Civil Space Centre in Dubai has quietly launched a Synthetic Aperture Radar (SAR) satellite programme that threatens to overshadow a similar project initiated by Edge Group. The UAE Space Agency is also developing its own SAR plans.”

32. North Korean Cyber Espionage Activity Targeting South Korea

On November 16th the ASEC published a threat analysis for some new cyber espionage attributed to North Korea, targeting individuals in South Korea. The operation involved a lure Word document titled “CNA[Q].doc” and impersonating an interview with CNA Singapore Broadcasting. If opened, it was covertly installing a custom cyber espionage software implant.

33. Netherlands: Problems with the Outdated Interception System are Worse Than Minister Yesilgöz Made it Out to Be

On November 15th the Dutch NRC reported that “a significant portion of telephone conversations tapped by the police in ongoing investigations were unavailable throughout October due to a malfunction. The problems with a heavily outdated tapping system of the Dutch police are more serious than Minister Dilan Yesilgöz (Justice and Security, VVD) has suggested in parliamentary letters. While the minister stated during a parliamentary debate last month that the investigation was not endangered by the disturbances, in reality the police had been struggling for weeks with a malfunction in the tapping system that made it impossible to listen to part of the tapped conversations. This is shown by research by NRC. The missing tap conversations for weeks — specifically those of provider KPN — is another setback in the failure of the tapping system that NRC revealed last month.” The article concludes that “the old, failing interception system should have been replaced long ago. Already in 2019, the Israeli arms manufacturer Elbit won the contract for a new system. Since then it has not been possible to get it to work. As a result, the police remain dependent on an interception system of another Israeli company that has been written off for years: Verint/Cognite, resulting in an additional cost item of many millions. It is salient that the ‘new’ Elbit system with which the supplier won the Dutch contract in 2019 is now also outdated. Elbit has developed a version of the ‘i360’ purchased by the Netherlands. The ministry now says in a response that it has agreed with Elbit after the contract that the Netherlands will receive the new version of the system. The House of Representatives was never informed about this either. When asked whether the contract rules have been violated now that Elbit supplies a different system than the one with which it won the tender, the ministry says that the choice for the “newer version” fits “within the rules that apply to this contract and purchase”.”

34. Official US Army Application had Russian Code, May Have Harvested User Data

On November 15th the C4ISRNet reported that “the U.S. Army confirmed that an officially approved app was built using code from a tech company with Russian roots that provides popular tools for developers to send customized notifications to their users. At least 1,000 people downloaded the app, which delivered updates for troops at the National Training Center on Fort Irwin, California, a critical waypoint for deploying units to test their battlefield prowess before heading overseas. The app fell out of use in 2019 due to routine personnel changeover, and likely wouldn’t have been approved today due to more stringent IT protocols in recent years, according to an Army official and a service spokesperson. The confirmation comes after a Reuters investigation spotlighted the situation. Some of the app’s code came from a company known as Pushwoosh, which reportedly went to significant lengths to present itself as a U.S.-based entity, according to Reuters. Those efforts included fake LinkedIn profiles, phony addresses and more. The company’s founder, Max Konev, told the news organization that he was “proud to be Russian” in a September statement. The U.S. considers Russia a top-tier threat to national security, alongside China. Officials in Washington have repeatedly warned of Moscow’s hacking chops and its ability to wage influence campaigns abroad, and cybersecurity experts told Reuters that Russia’s intelligence services may be able to compel companies like Pushwoosh to turn over their data, regardless of where it’s stored. According to legal experts interviewed by Reuters, the company was able to circumvent industry regulations and government contracting rules against doing business with Russian companies. Such restrictions have tightened since Russia’s renewed invasion of Ukraine that began in February, and a growing number of companies have come under formal sanctions as well.”

35. Ukrainian SBU Detained Russian GRU Agent in Vinnytsia

On November 17th the Ukrainian Security Service (SBU) announced that they “detained an agent of Russia’s military intelligence who was “directing” Russian missiles at energy facilities in Vinnytsia. The agent covertly collected intelligence about the locations and movements of the Defence Forces in the region. In addition, he transmitted to the aggressor the exact coordinates of strategically important critical infrastructure facilities and life support system facilities. It was on his “tip-off” that the occupiers planned to carry out a series of targeted missile strikes on the region’s energy-generating enterprises. As a result of the investigative and operational actions, SBU officers established the location and detained the enemy agent, thereby preventing an attempt to transfer the coordinates of the Ukrainian energy facility to the Russian Federation. The detainee turned out to be a former Soviet military man who retired from the army in the early 1990s. After that he lived in Vinnytsia. According to operational data, even then he was recruited by representatives of Russian military intelligence, who after the collapse of the USSR put him on “waiting mode”. At the beginning of the full-scale invasion, a staff member of the Russian intelligence came to him and asked for “help” in carrying out reconnaissance and subversive activities against Ukraine. The traitor agreed to the “offer”, after which he received hostile tasks. To fulfill them, he covertly observed Ukrainian sites and carried out photo and video recording. He transmitted the received information to Russia through a previously developed Telegram channel in the form of notes on electronic cards with media files. During the search of the suspect’s place of residence, law enforcement officers found a mobile phone with evidence of correspondence with the Russian “handler”.”

36. Businessman Who Went Missing in Azerbaijan Rendered to Turkey by MİT

On November 13th the Stockholm Centre for Freedom reported that “Uğur Demirok, a Turkish businessman who went missing in Azerbaijan on Sept. 6, was abducted and illegally brought to Turkey by the National Intelligence Organization (MİT), Turkish Minute reported on Saturday, citing a report by Turkey’s state-run Anadolu Agency. Anadolu said Demirok was sought on terrorism charges for membership in the Gülen movement, a faith-based group accused by Ankara of orchestrating a failed 2016 coup and designated as a terrorist organization. The movement strongly denies involvement in the coup attempt or any terrorist activity. According to a report by the Bold Medya news website in October, the 42-year-old Demirok, who had been working in the medical equipment business in Baku for the past seven years, left his home to go to work on the morning of Sept. 6 and was never heard from again. A worker from the carwash on the same street as Demirok’s office, in front of which his car was found with its doors unlocked on the day he went missing, reportedly told the businessman’s wife that he saw masked people putting him in a van and taking him away. Ömer Faruk Gergerlioğlu, a human rights advocate and deputy for the pro-Kurdish Peoples’ Democratic Party (HDP), on Oct. 12 brought the issue of Demirok’s abduction to the parliamentary agenda, saying the businessman’s family was worried for his safety and urging the Interior Ministry and the Ankara Police Department to issue a statement. According to the MP, Demirok’s family was previously told by Azerbaijani officials that he was taken to Turkey as part of an operation carried out by Turkish spies. After they went to the missing persons bureau in Ankara, the family found that Demirok was being held at the counterterrorism branch (TEM) of the Ankara Police Department. However, when Demirok’s lawyer went to see him, the officials told him his client wasn’t there, according to Gergerlioğlu.”

37. Podcast: State Secrets: Curator of Secrets

The Cipher Brief’s State Secrets published a new episode on November 15th. As per its description, “in 1972, former CIA Executive Director William Colby proposed that the spy agency set up an employee museum as a way to share the unique mission and the impact that CIA had around the world. It took 16 years for it to come to fruition. And some 34 years after that, a new museum expansion and renovation is helping the Agency mark its 75th Anniversary. Now, the museum hosts artifacts from some of the Agency’s most successful — and some unsuccessful missions. In this episode of The State Secrets Podcast, Cipher Brief CEO & Publisher Suzanne Kelly sits down with the CIA’s Curator of Secrets — Museum Director Robert Byer, who gave The Cipher Brief team a tour of the new space and the new exhibits. Some of them stretch back to the days of the OSS — the World War II Precursor to CIA. And some, were used in active intelligence operations as recently as this summer. All have been declassified. Here’s a peek inside the world’s most secretive museum at CIA Headquarters, and Suzanne Kelly’s conversation with Museum Director Robert Byer.”

38. Sweden: Increased Funding for FRA

On November 16th the Swedish FRA announced that “the proposal from the government is that FRA’s budget should increase from this year’s 1.582 billion kroner to 1.927 billion kroner in 2023. Then the growth will continue and FRA’s allocation is proposed to be 2.295 billion kroner in 2024 and 2.785 billion kroner in 2025. Those figures have been adjusted upwards for a preliminary price and wage recalculation 2024–25. The background to the investments is the deteriorating security policy development, both globally and in Sweden’s immediate area. “The defence radio station’s ability to follow and analyze the current situation and trends in Sweden’s immediate area must continue to be developed and strengthened,” the government writes, among other things, in its proposal. The government also points out that it is important that the authorities’ work with security protection continues. FRA’s increased funding must be used to strengthen its entire operation.”

39. Poland: Director of the CIA on a Visit to Warsaw

The Polish government issued a press statement on November 16th stating that “Mariusz Kamiński, Minister of Special Services Coordinator, met today in Warsaw with CIA Director William Burns to discuss the current security situation in the light of Russian aggression against Ukraine. During the visit of the Director of the US Central Intelligence Agency, current challenges related to the ongoing war in Ukraine were discussed, as well as the issue of Polish-American cooperation in the field of security. During the conversation, reference was also made to yesterday’s events in Ukraine and Poland and their possible implications for Poland, our region and allies. It was another meeting of Polish and American top-level representatives responsible for the activities of intelligence services and security, which is confirmed by close bilateral relations and close contact with our partners.”

40. Ukrainian SBU Discovered Lists of FSB Agents in Kherson

On November 16th the Ukrainian SBU announced that they “discovered lists of FSB agents who collaborated with the enemy during the occupation of Kherson. During stabilisation measures in liberated Kherson, SBU officers found classified FSB documents containing information about their collaborating agents. Among the withdrawn: 1) ️agents’ handwritten “obligations” about confidential cooperation with the FSB; 2) ️cases of agency study; 3) ️notification of agents about the results of enemy missions; 4) ️”search protocols” in the residences of Kherson residents. Representatives of the Russian intelligence services left secret documents on the territory of a local garage cooperative during the escape from the counteroffensive of the Defence Forces. According to the exposed materials, it was established that enemy henchmen gave “tips” to the occupiers on the whereabouts of Ukrainian patriots, in particular, members of the resistance movement in the territory of the southern region. Also, agents of the Russian intelligence service participated in the illegal persecution of local residents on fabricated “criminal cases.” Documented facts of abduction and torture of the victims, as well as the looting of their homes under the guise of conducting “searches” were revealed. SBU officers received information that the accomplices of the aggressor were recruited by case officers of the FSB, who were part of the “temporary operational group VOG-8”. It was its representatives who were engaged in the coordination of reconnaissance, covert and subversive activities in the southern direction. Currently, the seized materials have been sent for examination for further operational actions to expose Russian intelligence networks. The security service warns of the inevitability of punishment for voluntary cooperation with the occupiers. Complex measures to neutralise the enemy’s subversive activities were carried out by the SBU and the National Police of the Kherson region.”

41. Public Records Expose Indian Government’s Full Access To Nation’s Internet Traffic

On November 15th the TechDirt reported that “the government of India continues to increase its monitoring of residents’ day-to-day lives. Like pretty much every other country in the world, India relies on the internet to handle communications, data, and multiple services used by residents. The government, under Prime Minister Narendra Modi, has become less democratic and more authoritarian. To keep dissent to a minimum, the government has repeatedly expanded its power to surveil internet traffic and communications, under the theory that doing so will somehow make the nation more secure. Expansions of government power are codified with alarming regularity — much of it focused on controlling narratives, snooping on residents, and bending foreign social media platforms to its will. Under Modi’s government, platforms and service providers have been stripped of safe harbor protections in order to be held directly responsible for user-generated content. In addition, the government has added compelled assistance mandates, which force service providers to log tons of user data continuously and provide government on-demand access to this information. The end result has been proactive removal of questionable content by service providers in order to avoid being punished by the Modi government for allowing “illegal” content to be spread by India’s internet users.”

42. North Korean Cyber Operators Target European and Latin American Organisations with New Software Implant

As reported on November 15th by the Bleeping Computer, “North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America. DTrack is a modular backdoor featuring a keylogger, a screenshot snapper, a browser history retriever, a running processes snooper, an IP address and network connection information snatcher, and more. Apart from spying, it can also run commands to perform file operations, fetch additional payloads, steal files and data, and execute processes on the compromised device. The new malware version doesn’t feature many functional or code changes compared to samples analyzed in the past, but it is now deployed far more widely. As Kaspersky explains in a report published today, their telemetry shows DTrack activity in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the United States. The targeted sectors include government research centers, policy institutes, chemical manufacturers, IT service providers, telecommunication providers, utility service providers, and education.”

43. United States: FBI Director Warns of Potential Chinese Government Exploitation of TikTok

On November 15th The Record reported that “the director of the FBI warned Congress on Tuesday about the ways the Chinese government may weaponize the popularity of social media giant TikTok in its favor. FBI Director Christopher A. Wray appeared alongside Department of Homeland Security Secretary Alejandro Mayorkas and National Counterterrorism Center Director Christine Abizaid to testify at a House Homeland Security Committee hearing on worldwide threats. The hearing ranged from fiery discussions about the southern border to issues surrounding cybersecurity. Rep. Diana Harshbarger (R-TN) focused her questions on TikTok, which is currently being reviewed by the Treasury Department’s Committee on Foreign Investment in the U.S. (CFIUS) over potential national security concerns. Harshbarger asked Wray whether the FBI has been involved in the review and about the agency’s view of the app’s safety. “We do have national security concerns from the FBI’s end about TikTok. They include the possibility that the Chinese government could use it to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations if they so choose, or to control software on millions of devices which gives the opportunity to potentially technically compromise personal devices,” he said.”

44. Moldova Plans to Expand Program to Combat “Russian Spies” in the Country

Russia Today (RT) reported on November 17th that “the spokesman of the Moldovan parliament, Igor Grosu, announced additional powers for the intelligence and security service of the republic as part of the fight against “Russian spies”, which, according to him, are many in the country.
“One of these days, a new version of the law on the intelligence and security service will be registered, which will provide additional, new tools for the service to fight against “agents”, against Russian spies with which the country is full,” RIA Novosti quoted him as saying , citing a speech on the air of the TV channel Journal TV. The Moldovan politician also expressed dissatisfaction with the refusal of the Socialist Party deputies to condemn Russia’s actions in Ukraine. According to Grosu, in the future it is planned to propose amendments to the legislation regarding the betrayal of the Motherland and actions in the interests of other countries to the detriment of Moldova. Earlier, the Moldovan Foreign Ministry announced that one of the employees of the Russian Embassy in Chisinau was declared persona non grata. The Russian Foreign Ministry said that the Russian side declared persona non grata an employee of the Moldovan Embassy in Moscow.”

45. Britain’s Secret Role in the Brutal War in Vietnam

Declassified UK published this article on November 14th stating that “there is a myth the UK did not support Washington’s war against Vietnam in the 1960s and 1970s. In fact, Labour and Conservative governments backed every phase of US military escalation and played secret roles in the conflict, declassified files show: 1) UK sent SAS team to Vietnam in 1962, flew secret RAF missions to deliver arms, and provided intelligence to US; 2) UK governments lied to parliament they were not providing military advice to South Vietnam’s brutal regime; 3) Labour government secretly gave arms to US for use in Vietnam, stressing need for “no publicity”; 4) It also connived with Washington to deceive UK public over its support for US; 5) UK governments knew of atrocities against civilians but backed US war aims; And 6) Whitehall only started to advocate a peaceful solution, on US terms, once the war became unwinnable.”

46. Ukrainian SBU Detains Russian FSB Agent in Chernihiv

On November 15th Ukraine’s SBU announced that they “detained a Russian spy who was scouting the positions of the Defence Forces near the northern border of Ukraine. He covertly collected intelligence about the locations and movements of Ukrainian troops in the region. First of all, he was interested in data on the number of personnel, military equipment and available weapons of the Defence Forces near the state border. SBU officers foiled the plans of the Rashists and detained their accomplice in an attempt to pass classified information to Russia. The agent was found to have a mobile phone with evidence of “correspondence” with a representative of the Russian intelligence service. According to the investigation, the detainee turned out to be a Russian citizen, who had been living in one of the border villages of the Chernihiv region for several years and was engaged in passenger transportation. In addition, he periodically traveled to Russia, where he visited his relatives and resolved personal issues. In this way, he came into the field of view of the intelligence services of the aggressor country. It was established that during one of these trips he was recruited by an FSB staff member to carry out reconnaissance and subversive activities in the north of Ukraine. For this, the enemy agent received an operational pseudonym and detailed instructions on the collection and methods of transmitting classified information. Anonymous messengers were used to communicate with each other.”

47. Chinese Cyber Espionage Operation Targeting Certificate Authority, Government Agencies in Multiple Asian Countries

On November 15th the Symantec Threat Intelligence team published a technical analysis of a new cyber espionage activity associated with an actor dubbed as BILLBUG, previously associated with the intelligence services of China. As per the article, “the victims in this campaign included a certificate authority, as well as government and defense agencies. All the victims were based in various countries in Asia. Billbug is known to focus on targets in Asian countries. In at least one of the government victims, a large number of machines on the network were compromised by the attackers. The targeting of a certificate authority is notable, as if the attackers were able to successfully compromise it to access certificates they could potentially use them to sign malware with a valid certificate, and help it avoid detection on victim machines. It could also potentially use compromised certificates to intercept HTTPS traffic. However, although this is a possible motivation for targeting a certificate authority, Symantec has seen no evidence to suggest they were successful in compromising digital certificates. Symantec has notified the cert authority in question to inform them of this activity. This activity has been ongoing since at least March 2022.”

48. Spy Way of Life: Fraternelle des Agents Parachutistes (FAP) in Ixelles, Belgium

This week’s selection for Intelligence Online’s Spy Way of Life was Fraternelle des Agents Parachutistes (FAP), located in Brussels, Belgium. As per the article, “the Fraternelle des Agents Parachutistes in Brussels, where members of Belgium’s special forces and senior NATO officials share drinks by the fireplace in this cosy venue inspired by traditional British gentlemen’s clubs.”

49. Lookout Discovers Long-running Surveillance Campaigns Targeting Uyghurs

The Lookout threat intelligence team published this report stating that “researchers from Lookout Threat Lab have uncovered two new surveillance campaigns targeting Uyghurs in the People’s Republic of China and abroad. One campaign introduces a novel Android surveillance tool we named BadBazaar that shares infrastructure with other previously encountered Uyghur-targeted tooling — as outlined in a 2020 whitepaper from the Lookout Threat Intelligence team. The other employs updated variants of a previously disclosed tool, MOONSHINE, discovered by Citizen Lab and observed to be targeting Tibetan activists in 2019. Although surveillance and detainment campaigns against Uyghurs and other Turkic ethnic minorities have been operational for years, this issue has been a subject of heightened international attention following a critical report from United Nations Human Rights Commissioner, Michelle Bachelet in August 2022. The report indicated that China may have committed crimes against humanity in its treatment of Uyghurs in the Xinjiang region. On October 31st 2022, 50 countries submitted a joint statement to the UN General Assembly vocalizing their concern over the “ongoing human rights violations of Uyghurs and other predominantly Muslim minorities” in China. Mobile surveillance tools like BadBazaar and MOONSHINE can be used to track many of the “pre-criminal” activities, actions considered indicative of religious extremism or separatism by the authorities in Xinjiang. Some activities that may result in a user being detained include using a VPN, communicating with practicing Muslims abroad, using religious apps, and using certain messaging apps like WhatsApp that are popular outside of China. BadBazaar and these new variants of MOONSHINE add to the already extensive collection of unique surveillanceware used in campaigns to surveil and subsequently detain individuals in China. Their continued development and their prevalence on Uyghur-language social media platforms indicate these campaigns are ongoing and that the threat actors have successfully infiltrated online Uyghur communities to distribute their malware.”

50. Greece to Tighten Intelligence Service Control After Wiretapping Scandal

The Greek Reporter published this story on November 16th stating that “the conservative government in Greece is proposing a new law to tighten checks on the country’s intelligence service following the wiretapping scandal that has rocked the nation. The draft law which was posted online for public consultation on Tuesday aims to update the process of lifting the confidentiality of communications and to optimize operations of the Greek National Intelligence Service (EYP), according to the Ministry of Justice. The conservative government of Kyriakos Mitsotakis is under extreme pressure from the opposition to explain why EYP wiretapped the mobile phone of socialist leader Nikos Androulakis with the illegal software called Predator. Mitsotakis has refused to divulge the reasons in public and said that the surveillance was legal. He added, however, that if he had known, he would not have authorized it.”

51. New North Korean Cyber Espionage Operation Impersonating Zabbix to Target Android Devices

On November 17th the ThreatBook private cyber threat intelligence firm published technical indicators of a new cyber espionage operation attributed to an actor dubbed as APT32 or OCEAN LOTUS, previously associated with the intelligence services of North Korea. The operation involved a server impersonating Zabbix SaaS solution for Android devices, but it was delivering a custom cyber espionage software implant.

52. Exclusive: Ex-Russian Spy Flees to the NATO Country that Captured Him, Delivering Another Embarrassing Blow to Moscow

Michael Weiss did this exclusive report from Tallinn, Estonia on November 18th. The report says that ““the Russians have no idea,” Alexander Toots, the head of Estonian counterintelligence, tells me, laughing. “They have absolutely no idea he is here. You can be the one to tell them.” Toots was referring to the defection of a Russian spy to Estonia. But Artem Zinchenko isn’t just any spy. He was the first agent of Russia’s military intelligence arrested by Estonia, in 2017, then traded back to Moscow a year later for an Estonian citizen in Russian custody. Zinchenko has now sought asylum from the very NATO country that unmasked and imprisoned him for spying against it. Zinchenko’s defection has not been publicly disclosed by either side until now, in what must count as a humiliating blow not only to the Kremlin but also to his onetime masters in the GRU, as the former Soviet military intelligence service is still known. In early October, the Estonian government granted Yahoo News unprecedented access to Zinchenko. Over the course of four hours he offered up his autobiography, reflective and remorseless, detailing his supporting role in the mostly unseen shadow play between Russian espionage and Western efforts to thwart it. Estonia, once occupied by the Soviets, is now at the forefront of countering Russian intelligence gathering and provocations on NATO soil. As Zinchenko told it, his decision to defect was as much motivated by the Kremlin’s brutality at home and abroad as it was by what he saw as Estonia’s humanity toward him, an enemy agent. His cautionary tale is also an indictment of the policies of Russian President Vladimir Putin, a former KGB case officer whose own spy apparatus has been weakened amid his Ukraine war, according to British intelligence.”

53. Sweden’s Espionage Scandal Raises Hard Questions on Spy Recruitment

Following last week’s stories #7 and #86, on November 16th the Foreign Policy reported that “two Iranian-born brothers, one of whom has served as a Swedish intelligence officer, have been charged with spying for Russia for several years. Their espionage is likely to cause serious damage — and it highlights a long-standing issue in intelligence: how people born in hostile countries can be particularly vulnerable to recruitment by those countries and their allies. Peyman Kia, who is 42 years old, was a Swedish success story. Kia arrived in Sweden with his family in the 1980s after they fled Iran, and he gained Swedish citizenship in 1994 (as did his younger brother, Payam Kia). He completed a bachelor’s degree and a master’s degree at Uppsala University and got a job as an investigations officer at Swedish Customs. Only a few months later, he was hired by the Swedish Security Service (SÄPO), which is also in charge of counterintelligence. After three and a half years there, in February 2011, Kia joined Sweden’s MUST military intelligence service, which is also in charge of foreign intelligence. Swedish media report that while at MUST, Peyman Kia is even thought to have been part of KSI, the agency’s inner sanctum. But shortly after joining MUST, the elder Kia began spying for the GRU, Russia’s military intelligence agency. The espionage continued throughout his service with MUST, in a subsequent new posting with SÄPO, and even in a job as chief security officer with the Swedish Food Agency that he began in December 2015. After a while, he appears to have recruited Payam, who is charged with having assisted him in the logistics of his interactions with the GRU.”

54. Germany: Former Army Reserve Officer Found Guilty of Espionage for Russian GRU

Following week 13 story #80, on November 18th the Tagesschau reported that “an “extremely pro-Russian attitude” and an urge to “make oneself popular and important with Russian military personnel”. Judge Jan van Lessen from the 6th Criminal Division of the Düsseldorf Higher Regional Court attested to this motivation for the accused. The 66-year-old ex-reserve officer Ralph G. received a suspended sentence of one year and nine months for intelligence work for Russia. In addition, he must bear the costs of the procedure. The accused had provided information to the Russian military intelligence service GRU for years. This included extensive information on reservists, cooperation between the Bundeswehr and civilian institutions, cyberspace and EU sanctions against Russia.”

55. United States: Project ARGUS — An Airborne Wide-Area Persistent Surveillance System (AWAPSS)

On November 16th this snippet of ARGUS was published. In the video, BAE Systems’ designer Yiannis Antoniades briefly describes this AWAPSS surveillance capability. Some details are also available on BAE Systems’ official website.

56. Britain’s Secret Propaganda Campaign in the Vietnam War

Following this week’s story #45, on November 17th the Declassified UK published this article saying that “the UK Foreign Office’s propaganda unit, the Information Research Department, worked to gloss over Washington’s complicity in civilian bloodshed during its devastating war in Vietnam, declassified files show.” The research of Declassified UK discovered that: 1) IRD operated in the UK, sending material to dozens of British journalists and political figures to “support the US cause”; 2) IRD sought to rehabilitate a Vietnamese Hitler admirer; 3) It offered “special” assistance to Washington over the infamous Gulf of Tonkin incident; And 4) And it directly assisted South Vietnam’s regime, regarding it as an “emergency target.”

57. Senior IRGC Officer Killed in Western Iran Amid Violence-Marred Protests

On November 19th the AA reported that “a senior Islamic Revolutionary Guard Corps (IRGC) officer in the western Kermanshah province of Iran was killed Friday by armed protesters, according to officials. Col. Nader Bayrami headed the IRGC intelligence department in Sahneh, a mountainous city in eastern Kermanshah. Bayrami was killed during a ceremony to mark the anniversary of the death of a prominent local artist, according to IRGC public relations in the province. It said a group of “rioters,” armed with cold weapons, clashed with security forces on the sidelines of the ceremony. When Bayrami intervened, he was fatally stabbed with a knife in his heart, causing his death, it said. At least 30 people have been arrested in connection to the killing and handed over to the judiciary. The fatal stabbing comes as sweeping protests in Iran have been triggered by the death of Mahsa Amini, 22, while in the custody of the country’s morality police in September. Fatal attacks on police officers and paramilitary Basiji forces have become increasingly common in recent months, with several knife assaults and shootings reported across the country. At least six security personnel were killed Thursday by armed assailants in separate incidents in western and central Iran. Col. Hassan Yousefi was killed in Sanandaj in northwestern Kurdistan province, Amini’s hometown. A viral video showed him lying in the street with his head bleeding profusely. In another incident from the northeastern city of Mashhad, three young members of the paramilitary voluntary Basiji forces were stabbed to death by an armed man.”

58. United States: Trump Tweeted an Image from a Spy Satellite, Declassified Document Shows

On November 18th the NPR reported that “three years ago, Donald Trump tweeted an image that left intelligence experts gobsmacked. The picture was of a rocket that had exploded on a launch pad deep inside of Iran. It was so crisp, that some initially thought it may not have been taken by a satellite. “This picture is so exquisite, and you see so much detail,” says Jeffrey Lewis, who studies satellite imagery at the Middlebury Institute of International Studies at Monterey. “At first, I thought it must have been taken by a drone or something.” But aerospace experts quickly determined it was photographed using one of America’s most prized intelligence assets: a classified spacecraft called USA 224 that is widely believed to be a multibillion-dollar KH-11 reconnaissance satellite. Now, three years after Trump’s tweet, the National Geospatial-Intelligence Agency (NGA) has formally declassified the original image. The declassification, which came as the result of a Freedom of Information Act request by NPR, followed a grueling Pentagon-wide review to determine whether the briefing slide it came from could be shared with the public.”

59. British Spy Chief: Iran Tried 10 Times to Kidnap or Kill UK-linked Individuals

Reuters reported on November 16th that “Iran’s intelligence services have made at least 10 attempts to kidnap or even kill British nationals or individuals based in the United Kingdom regarded by Tehran as a threat, the head of Britain’s domestic spy agency said on Wednesday. Ken McCallum, Director General of the Security Service known as MI5, said while Tehran was using violence to silence critics at home, its “aggressive intelligence services” were also projecting a threat to Britain directly. “At its sharpest this includes ambitions to kidnap or even kill British or UK-based individuals perceived as enemies of the regime,” McCallum said in a speech at MI5’s headquarters. “We have seen at least 10 such potential threats since January alone.” Iranian officials were not immediately available for comment. Last week, British Foreign Secretary James Cleverly said he had summoned Tehran’s most senior diplomat over alleged threats by Iranian security forces to journalists in Britain.”

60. Long-Delayed Ruling in Assassination and Corruption Case Awaits New Iraqi PM

Intelligence Online reported on November 17th that “former CIA director David Petraeus, among other retired intelligence and military officials, offered testimony in the case of Wye Oak v. Iraq. Dale Stoffel, the CEO of the US firm Wye Oak, was murdered in the country in December 2004. A new ruling is expected next year.”

61. New Chinese Cyber Espionage Activity Targeting Governments Worldwide

On November 18th the cyber threat intelligence team of Trend Micro published this technical analysis for activity attributed to an actor dubbed as EARTH PRETA, previously associated with the Chinese intelligence services. As per the report, “we have been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world. Based on the lure documents we observed in the wild, this is a large-scale cyberespionage campaign that began around March. After months of tracking, the seemingly wide outbreak of targeted attacks includes but not limited to Myanmar, Australia, the Philippines, Japan and Taiwan. We analyzed the malware families used in this campaign and attributed the incidents to a notorious advanced persistent threat (APT) group called Earth Preta (also known as Mustang Panda and Bronze President). In our observation of the campaigns, we noted that, Earth Preta abused fake Google accounts to distribute the malware via spear-phishing emails, initially stored in an archive file (such as rar/zip/jar) and distributed through Google Drive links. Users are then lured into downloading and triggering the malware to execute.”

62. Turkey: Ümit Özdağ: An Assassination Report Came to Me Through Two Different Channels

On November 17th the Turkish Cumhuriyet reported that “Victory Party Chairman Ümit Özdağ was the guest of Instant Headline presented by Cumhuriyet writer Tuncay Mollaveisoğlu in TELE1. Özdağ stated that he had access to information regarding his ‘assassination plot’ and shared this information with the National Intelligence Organisation (MIT). “A report of an assassination plot came from two different sources” Özdağ said, “an assassination report against me came from two different channels. Last month, I sent this information to the Undersecretary of the National Intelligence Organisation, now its President, through the party channel in an official letter. This is the information that came to me. I said, ‘I was informed that an assassination would be carried out against me through a study carried out by the state’ and we sent the details with a signed letter from our secretary general. We sent it to enter the state records,” he said.”

63. GRU 26165: The Russian Cyber Unit that Hacks Targets On-site

The Atlantic Council published this article on November 18th starting by stating that “Russian hackers are not always breaching targets from afar, typing on their keyboards in Moscow bunkers or St. Petersburg apartment buildings. For some Russian government hackers, foreign travel is part of the game. They pack up their equipment, get on international flights, and covertly move around abroad to hack into computer systems. Enter GRU Unit 26165 (of the military intelligence agency Glavnoye Razvedyvatelnoye Upravlenie), a military cyber unit with hackers operating remotely and on-site. Despite the security risks on-site cyber operations pose to governments and international organizations, and the questions they raise about how the West should track and combat Russian state hacking, Russia’s activities in this realm are not receiving sufficient policy attention.”

64. United States: Bixby Man Sentenced to Serve Five Years in Federal Prison for Conspiracy to Steal Trade Secrets from Oklahoma City Oil and Gas Company

On November 15th the US Department of Justice in collaboration with the FBI Counterintelligence Division released this press statement saying that “yesterday, JOSHUA DECKER, 37, of Bixby, Oklahoma, was sentenced to serve 60 months in federal prison for conspiracy to steal trade secrets, announced U.S. Attorney Robert J. Troester for the Western District of Oklahoma. On May 26, 2021, the government filed a one-count Superseding Information charging Decker with conspiracy to steal, download, and possess trade secrets. According to the Superseding Information, Decker was a controller for the valve division of an oil and gas company that serves customers engaged in drilling and production. With its valve operations headquartered in Oklahoma City, the company manufactures compact manifold ball valves sold across the United States. In March 2017, while employed as the controller at the company, Decker registered with the Oklahoma Secretary of State a new company called Legacy Valve Systems (“Legacy”). He then recruited co-workers at the victim company to join him at Legacy. The Superseding Information alleges that from March to September 2017, Decker conspired to steal numerous trade secrets from the victim company. Specifically, it alleges Decker and others acting at his direction downloaded the technical drawings, material specifications, and manufacturing instructions for the victim company’s valves, and Decker transmitted the victim company’s detailed financial information — including cost information and sales by product and customer — by email to himself. The Superseding Information further alleges that Decker provided the victim company’s drawings to an individual who copied them and replaced the victim company’s logo with a Legacy logo to begin manufacturing and selling valves to compete with the victim company. Decker then directed others to delete all their text messages and files, including messages on an encrypted application, to conceal their theft from the victim company. On June 2, 2021, Decker pleaded guilty to conspiracy to steal trade secrets.”

65. Australia: Spy — Espionage in Australia at Albury’s Library Museum

On November 17th the Australian Security Intelligence Organisation (ASIO) tweeted that “‘Spy: Espionage in Australia’ is now showing at Albury’s Library Museum, until February 2023. Spy showcases gadgets from ASIO & other intelligence agencies, stories of real ASIO officers & the history of espionage in Australia.”

66. ESET Private Firm Releases T2 2022 Nation-State Cyber Activity Report

On November 14th the ESET cyber security and intelligence firm announced the release of this 13-pages long report for cyber activity attributed to advanced actors from T2 2022. As per its introduction, “APT groups are usually operated by a nation-state or by state-sponsored actors. Their aim is to breach the security of governments, high-profile individuals, or strategic companies, and to evade detection in order to harvest highly confidential data. These groups possess advanced levels of expertise and substantial resources, among them techniques, tools, and exploits for zero-day vulnerabilities (vulnerabilities known to attackers and/or the affected vendors, but that have not yet been publicly disclosed or fixed). In T2 2022, we saw no decline in APT activity of Russia-, China-, Iran-, and North Korea-aligned threat actors. Even more than eight months after the Russian invasion, Ukraine continues to be a prime target of Russia-aligned APT groups such as the infamous Sandworm, but also Gamaredon, InvisiMole, Callisto, and Turla. Speaking of defense, the aerospace and defense industries continue to be of high interest to North Korea-aligned groups, along with financial and cryptocurrency firms and exchanges. In the Middle East, organizations in or linked to the diamond industry were targeted by Agrius in what we believe was a supply-chain attack that abused an Israel-based software suite used in these verticals. On the other side of the world, we identified several campaigns by MirrorFace, a China-aligned group, with one possibly targeting the House of Councillors election in Japan.”

67. Leaked Document Reveals Why INTERPOL Overturned U.S. “Red Notice” Against Putin Associate Yevgeny Prigozhin

On November 11th The Intercept published this news story stating that “on the eve of this week’s U.S. midterm election, Russian businessman Yevgeny Prigozhin appeared to acknowledge for the first time that he tried to interfere in the 2016 presidential election. Prigozhin, a close associate of President Vladimir Putin, issued a blunt statement on Monday that said, in part, “We have interfered, are interfering and will continue to interfere. Carefully, precisely, surgically and in our own way.” Prigozhin wasn’t admitting anything the Department of Justice didn’t already know. Special counsel Robert Mueller had detailed his meddling efforts as part of the Justice Department’s investigation into Russian interference in the election. In 2018, a federal grand jury indicted Prigozhin for engaging in “information warfare against the U.S.,” and he was placed on a list of individuals wanted by the FBI, with a $250,000 reward for information leading to his arrest. U.S. officials also obtained a “red notice” from Interpol, requesting that the international police organization’s members arrest him if he came into their jurisdiction. In 2020, Interpol quietly withdrew the notice. The only announcement of the move came from one of Prigozhin’s companies, though without an explanation of why it happened. Interpol and the Department of Justice remained silent. But now a hacked Interpol document reviewed by The Intercept reveals that the organization’s oversight body determined that the red notice requested by the U.S. was of a “predominantly political character” — and a violation of Interpol’s principle of political neutrality. The emergence of the Interpol document — and Prigozhin’s admission to election interference, which he repeated in even stronger words in a statement to The Intercept — are likely to prove controversial. Mueller’s investigation continues to be a lightning rod in American politics, with former President Donald Trump still insisting it was a “witch hunt” aimed at unjustly connecting him to Russian involvement in the election he won against Hillary Clinton. Interpol’s determination that the red notice request was politically motivated might be seen as bolstering the claims of the former president and his supporters. But Prigozhin’s admission that he did in fact seek to interfere in U.S. elections is also likely to renew questions about Interpol at a time when the agency is already facing intense criticism that it is vulnerable to political exploitation.”

68. Ikon, the New Face of Turkish-Singaporean Interception Software Specialist BTT

Intelligence Online reported on November 15th that “BTT, the Turkish software firm exposed in the Hacking Team leaks in 2015, has resurfaced as Ikon Arge Teknoloji thanks to a mysterious Singaporean partner. On the eve of the ‘retirement’ of its fortysomething software research and development chief Alper Tosun, a new entity has absorbed DarkBlue Systems’ staff and attributions. Ikon Arge Teknoloji has taken its place. According to its website, Ikon is mainly active in software R&D with a focus on drones. Like DarkBlue before it, Ikon, which is based in Ankara, is a supplier to Turkish government agencies, including the military research agency TUBITAK, and is a member of the Teknokent Defence Industry Cluster (TSSK). It also has clients in Southeast Asia through its Singapore branch. Darkblue, which has allegedly converted to yacht management, is now inactive. Meanwhile, Ikon executives told Intelligence Online that Ikon worked in the banking sector. Dacca spy software: Before DarkBlue, Tosun founded and headed Bilgi Teknoloji Tasarim (BTT). Email messages between the firm and the Italian interceptions firm Hacking Team, made public by WikiLeaks in 2015, exposed the firm’s role as intermediary between Hacking Team and Bangladesh, whose legal interceptions service, the National Telecommunication Monitoring Centre (NTMC), tried to procure the Italian firm’s software through BTT’s local representative Hasan Emdad Rumi.”

69. United States: Chinese Government Intelligence Officer Sentenced to 20 Years in Prison for Espionage Crimes, Attempting to Steal Trade Secrets From Cincinnati Company

On November 16th the US Department of Justice in collaboration with the FBI Counterintelligence Division announced that “the first Chinese government intelligence officer ever to be extradited to the United States to stand trial was sentenced today in federal court in Cincinnati. Yanjun Xu, 42, was sentenced to 20 years in prison. According to court documents, Xu targeted American aviation companies, recruited employees to travel to China, and solicited their proprietary information, all on behalf of the government of the People’s Republic of China (PRC). “As proven at trial, the defendant, a Chinese government intelligence officer, used a range of techniques to attempt to steal technology and proprietary information from companies based in both the U.S. and abroad,” said Attorney General Merrick B. Garland. “Today’s sentence demonstrates the seriousness of those crimes and the Justice Department’s determination to investigate and prosecute efforts by the Chinese government, or any foreign power, to threaten our economic and national security.” “This case sends a clear message: we will hold accountable anyone attempting to steal American trade secrets,” said U.S. Attorney Kenneth L. Parker for the Southern District of Ohio. “Xu conspired to steal American science and technology. Thanks to the diligent work of the FBI, GE Aviation, and our trial team, he’ll spend decades in federal prison.” “This case is just the latest example of the Chinese government’s continued attacks on American economic security — and, by extension, our national security” said FBI Director Christopher Wray. “The Chinese government tasked an officer of its spy service to steal U.S. trade secrets so it could advance its own commercial and military aviation efforts, at the expense of an American company. This brazen action shows that the Chinese government will stop at nothing to put our companies out of business to the detriment of U.S. workers. As long as the Chinese government continues to break our laws and threaten American industry and institutions, the FBI will work with its partners across the globe to bring those responsible to justice.” On Nov. 5, 2021, a federal jury in Cincinnati convicted Xu on all counts: conspiracy to commit economic espionage, conspiracy to commit trade secret theft, attempted economic espionage and attempted trade secret theft. Xu was a career intelligence officer, beginning in 2003 and rising to the rank of deputy division director at the Chinese Ministry of State Security (MSS), the intelligence and security agency for China. According to court documents and trial testimony, beginning in at least December 2013, Xu targeted specific companies in the United States and abroad that are recognized as leaders in the field of aviation. Xu used aliases, front companies and universities to deceive aviation employees and solicit information. He identified individuals who worked for the companies and recruited them to travel to China, often initially under the guise that they were traveling to give a presentation at a university. Xu and others paid the individuals stipends on top of covering travel costs. The scheme was executed with full coordination between the MSS and China’s aviation entities. Xu worked with others in the MSS to hack or copy computers in hotel rooms while the aviation employees — his “guests” — were taken to dinner by the MSS. Xu also openly talked about efforts to obtain U.S. military information in addition to commercial aviation trade secrets.”

70. Sweden’s Parliament Votes Through Controversial Espionage Law

On November 16th The Local reported that “Sweden’s parliament on Wednesday voted through a new law on foreign espionage that controversially alters passages in the constitution on freedom of the press and freedom of expression. The law passed with a huge majority, with 270 MPs voting in favour and only 37 against. Before the vote, Prime Minister Ulf Kristersson defended the changes as necessary to improve Sweden’s ability to cooperate internationally, stressing that it “states explicitly in the law that it is not about constraining the work of journalists, but about an express will to hurt these interests. He said that the need for the law had become increasingly apparent. “It has been pointed out to us for a long time that there is a gap in Swedish law which makes it more difficult for us to work together with other countries in international operations,” he said. “It is therefore reasonable, if Sweden wants to be a party of those operations that we have the same laws as other Nordic countries have, and which take a significant account of journalistic work and public expression.” During the debate, the Left Party MP Jessica Wetterling, said that the new law was “opening Pandora’s box”, by putting new restrictions on the freedom of expression and of the press. “This is going to lead to enormous uncertainty over what you can publish and people are going end up self-censoring and not dare to be whistleblowers,” she said. The new law will create new crimes of “foreign espionage”, “aggravated foreign espionage”, and “disclosing secret information in international cooperation”. These offences will require changes to Sweden’s press and freedom of expression legislation, putting new limits on the these constitutional rights. This means that it could be a punishable crime in some situations to disclose secret information which comes about as a result of Sweden’s international cooperation which could harm Sweden’s relationships to another country or international organisation.”

71. New North Korean Cyber Espionage Operation Targeting NAVER South Korean Online Platform Users

On November 18th the ThreatBook private cyber threat intelligence firm disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as KIMSUKY, previously associated with the North Korean intelligence services. The operation involved a website impersonating the South Korean NAVER online platform in order to conduct a credential harvesting operation.

72. Podcast: True Spies: The Bin Laden Files — Part I and II

This week SpyScape’s True Spies series released two new episodes. The first, released on November 15th, is part 1/3 from “The Bin Laden Files” seris and per its description, “as a new era of True Spies begins, Sophia di Martino joins the experts to reveal Osama bin Laden’s origins, methods and motivation. CIA operatives Gina Bennett and Tracy Walder join CNN’s Peter Bergen, the man who first interviewed Osama, to share the unvarnished truth about Bin Laden’s rise to power. In Part 1 of this three-part epic we follow Bergen to the mountainous Afghan-Pakistan border region for the recording of the first televised interview with the Al Qaeda leader.” Later on the same day the second part was also released. As its description, “in Part 2, the world begins to pay attention to Bin Laden — and the CIA makes its first moves against the Al Qaeda kingpin. From SPYSCAPE, the home of secrets. A Cup And Nuzzle production. Series producers: Gemma Newby, Joe Foley. Produced by Max Bower. Music by Nick Ryan.”

73. India: Foreign Ministry Driver Arrested for Espionage, Was Honey-Trapped

The NDTV reported on November 18th that “a driver employed at the Ministry of External Affairs was arrested today from Jawahar Lal Nehru Bhawan in New Delhi on espionage charges. He was allegedly transferring information and documents in exchange for money to a Pakistani person who was pretending to be a woman named Poonam Sharma or Pooja.
Sources in the crime branch of Delhi Police, which made the arrest, said the driver was honey-trapped.

74. Turkey: The MIT Operation Against the PKK’s Women’s Organisation

On November 18th the AA reported that “Norşin Afrin, one of the so-called women’s organisations of the terrorist organisation PKK, and 4 terrorists with her were neutralised with an operation carried out by the National Intelligence Organisation (MIT) in the Gara region in northern Iraq. According to the information received by the AA correspondent from intelligence sources, MIT worked to locate Afrin, with special methods that are not to be disclosed. As a result of the investigation, MIT operatives determined the location of Afrin. Having learned that Norşin Afrin was going to this region to direct the actions to be taken against the security forces taking part in the operations in Iraq, the MIT took action. Norşin Afrin and 4 terrorists with her were neutralised with an operation carried out by the MIT in the Gara region in northern Iraq. It was stated that the PKK concealed that Norşin Afrin was neutralised in order to prevent the escape of the members of the organisation.”

75. Italy: The Unsuspected Yacht that Spied on the 5th Eskadra Russa

On November 19th Michele Florio tweeted about a historical espionage topic from Italy. As per his tweet, during the Cold War in Italy (1972–1992) the “auxiliary vessel MEN209 of the Italian Navy was an elegant yacht used with success as spy ship in the SIGINT role. From 1992 converted to submarine rescue boat as ITSArgo.”

76. AFIO Interview: Itai Shapira, Col. (Ret.), former Israeli Defence Intelligence, on “Intelligence Culture in Israel”

On November 14th the United States Association of Former Intelligence Officers (AFIO) published the recording of an interview which originally took place on August 26, 2022. As per its description, “interview of Friday, 26 August 2022 of Col Itai Shapira, a former Deputy Head of Analysis for the Israeli Defense Intelligence Service. Host: AFIO’s President, James Hughes, a former senior CIA Operations Officer. They discuss the topic of “The Israeli National Intelligence Culture” — which is the theme of the thesis he is working on for his doctorate. It is based on his experiences being in military intelligence for twenty-six years. He is studying the system of beliefs, of values, of approaches, unique to Israeli intelligence, but also themes which are universal or shared with other intelligence services or agencies. While there is an abundance of literature about Israeli Intelligence, there is little on “the culture” of the intelligence service. He looks at the intelligence service through a cultural lens…at the organization, process, and products all through the lens of culture. Also discussed were the differences in how Israel attracts, trains, and retains intelligence officers — particularly for military intelligence — versus Mossad, Shin Bet, and various US and UK intelligence services.”

77. UK: Hostile States are Targeting You, Speaker Warns MPs

BBC reported on November 17th that “MPs have been warned they are being targeted by “hostile states”, with their mobile phones “a potential goldmine” of sensitive information. In a letter to MPs, Commons Speaker Sir Lindsay Hoyle urged MPs to avoid using their phone for sensitive conversations or even having it in the same room. “If hackers have switched on the microphone on one phone everyone in the room might be overheard,” he wrote. The government is creating a taskforce to defend the UK from hostile actors. Last month reports emerged that former prime minister Liz Truss’s phone was hacked while she was foreign secretary. The Mail on Sunday reported that private messages between Ms Truss and foreign officials, including about the Ukraine war, fell into foreign hands.”

78. Exclusive: Ex-Canadian Spy Calls for Shamima Begum’s UK Return after Spy Agency ‘Cover Up’

This is a follow up from week 35 story #22 and week 39 story #6. The ITV reported on November 18th that “a former Canadian intelligence officer has called for Shamima Begum to be returned to the UK because of what she claims were failures and a cover up involving the spy agency she once worked for. Huda Mukbil, who used to be a senior officer at the Canadian Security Intelligence Service, says her former colleagues broke their own rules because the smuggler who brought Ms Begum and two school friends into Syria was also working as a covert source for the agency at the same time. Next week the latest step in Ms Begum’s battle to have her British citizenship reinstated is expected to come to court. The 23-year-old was stripped of her British citizenship in February 2019 when the Home Secretary judged her to be a threat to national security. But Ms Begum’s lawyers are likely to argue that she should have her nationality reinstated because she was a victim of trafficking who was smuggled in by double agent Mohammed al-Rashed. “I think it’s important to repatriate her to the UK as well as making sure that she has the support”, said Ms Mukbil, who has assessed the evidence of the role played by al-Rashed while he was under Canadian direction. “It’s a traumatic experience to be exploited in this way, unfortunately, by a Canadian source and to be trafficked and exploited by Isis fighters” she told ITV News. “I’m not here to change anyone’s view on her but I think serious consideration needs to be given to her age when she was trafficked.” Ms Mukbil, who worked in the UK and in the Middle East during the rise of Isis, believes the Canadian intelligence agency did not follow proper procedures in its engagement with al-Rashed, so details of its involvement in the case should now be made public. CSIS is alleged to have broken rules preventing its human sources from engaging in illegal activities while carrying out work on behalf of the service.”

79. Armenian NSS Captures Soldier Conducting Espionage

On November 15th the Armenian National Security Service (NSS) announced that “the officers of the Military Counteriintelligence Department of the Armenian National Security Service, as a result of operational activities carried out within the framework of the fight against crimes, discovered another case of state treason. It was found that Armenian citizen, soldier who participated in the 3-month conflict announced by the Ministry of Defence in August-November 2021, Private E.A. got acquainted with a person who is an employee of a foreign intelligence service, acting under a pseudoname, and being recruited by the latter, out of personal interest, collected through the WhatsApp application of his mobile phone at the same time and gave the representative of the intelligence service the military position entrusted to him, its specific location, the staff of the position, information constituting state and service secrets regarding the quantity, armament, and the order of service in them, in exchange for which he allegedly received naked photos of his interlocutor. The mentioned person was arrested within the framework of the criminal proceedings initiated in the investigative department of the NSS. The criminal investigation continues.”

80. 3 New Videos by Former United States CIA Officer Jason Hanson

Throughout this week former CIA officer Jason Hanson published the following three videos: 1) 2 Most Important Evasive Driving Tips, 2) How to Pick a Lock in 30 Seconds, and 3) Rifle to Pistol Transition.

81. Two New Videos on Number Stations

Ringway Manchester published two new videos this week on the subject of number stations. The first was the “Why Does This Top Secret Government Numbers Station Use Windows XP!”, and the second one the “The Strangest Secret Numbers Stations Imposters & Oddities!”

82. CBS News: From the Archives: Former U.S. Spies Meet ex-KGB Agents after End of Cold War

On November 19th the CBS News published this video from their archives. As per its description, “in this segment from Nov. 19, 1992, CBS News correspondent Peter Van Sant reports from Moscow, Russia, as former U.S. spies meet their Cold War adversaries, former KGB agents, to discuss potential joint ventures in corporate security.”