SPY NEWS: 2022 — Week 47
Summary of the espionage-related news stories for the Week 47 (November 20–26) of 2022.
1. Swedish Säpo Arrests Two for Espionage
Following the two arrests from week 45 story #7, on November 22nd it was reported that “the security serivce struck in a dawn raid today against a married couple in the Stockholm area — where the man is suspected of having spied for a foreign power and the wife was an accomplice. According to documents from the district court, the gross illegal intelligence activities are suspected to have been going on for ten years. - In this operation, there was a need to quickly arrest the suspects, says Fredrik Hultgren Friberg, spokesperson at Säpo. At 06:00 this morning, the Security Service carried out a raid in the Stockholm area together with the Armed Forces and the National Police. According to information provided to Aftonbladet, it is a man and a woman, both in their 60s, who have been arrested on suspicion of illegal intelligence activities.” According to Clearance Jobs from November 23rd they were Russian agents, the article also states that “the arrest of Sergej Skvortsov (born 1963) and Elena Koulkova (born 1964), in an operation code named “Operation Spjut,” (Operation Javelin) resembled a scene right out of the Jason Bourne series, complete with Blackhawk helicopters and fast line decent onto the couple’s, home and property. The combined SAPO, military and national police (NAO) effort, created quite the scene as they rushed to secure the premises and prevent the destruction of documents. The Skvortsov is accused of conducting espionage within Sweden and using Sweden as a base to conduct espionage against a third country (unidentified), with Koulkova being charged with being an accomplice. They came to the attention of Swedish authorities allegedly because their company’s books appeared to be cooked, with the company registering a loss each year, only to be revived with an infusion of “interest from investments” to make it marginally profitable. In 2016, the Swedish tax authorities conducted a search and seizure of financial records. The Swedish press speculates that this was the beginning of the end for this pair’s intelligence work. Pete Strozk, firner U.S. FBI special agent, expressed his envy at the finesse of the arrest.” Later on, Eliot Higgins of Bellingcat discovered that the arrested were the registered owners of a flat in Moscow, Russia where several other known GRU operatives were also registered at.
2. United States: CIA Aims to Recruit Spies Among Russians Displeased with Ukraine War
The Wall Street Journal reported on November 23rd that “the CIA’s espionage chief used his first in-person public appearance since taking the post last year to make a pitch to potential agents. David Marlowe, the Central Intelligence Agency’s deputy director of operations, told an academic audience that the invasion of Ukraine has been a massive failure for Russian President Vladimir Putin and opens opportunities for Western intelligence agencies among disaffected Russians.”
3. Podcast: Grey Dynamics: Tsunami Torpedoes, Ukrainian USVs & Narco Subs with HI Sutton
Grey Dynamics released a new podcast episode on November 25th described as “today I spoke with HI Sutton a.k.a Covert Shores. He writes about the changing world of underwater and seabed warfare, covering secretive and unusual vessel technologies used to fight beneath the waves. Combining the latest open-source intelligence (OSINT) with traditional science of defense analysis.” The topics covered were: 1) Illustrating cutting-edge technology in MS Paint, 2) How Ukrainian USVs are changing naval warfare, 3) The future of Frogmen, 4) Narco Submarines, 5) Tsunami creating Russian Poseiden torpedo, and 6) Russian Submarine activity in the Arctic.
4. UK MoD Issues PQQ for ISR Space Project
On November 25th Janes reported that “the UK Ministry of Defence (MoD) has issued a pre-qualification questionnaire (PQQ) for Project Oberon, a programme that seeks high-resolution synthetic aperture radar (SAR) satellites. According to the PQQ released by the MoD on 24 November, the contract will involve a cluster of three satellites equipped with an active SAR payload and, at a lower priority, passive radio frequency (RF) functionality, which the supplier will be required to operate. The main contract is expected to demand a “full end-to-end solution including inter alia; design, development, manufacture, assembly, integration, test, launch, commissioning, operations, and eventual disposal”, the PQQ stated. Up to GBP70 million (USD84.7 million) has been earmarked for the 36-month contract. A further contract option is expected as part of the project — this will require a supplier to deliver mission operations, training, and support (per year) for a further six years, as well as mission integration and implementation into the ground architecture of the multisatellite intelligence, surveillance, and reconnaissance (ISR) ‘ISTARI’ programme, the MoD detailed.”
5. Indian Cyber Espionage Operation Targeting Pakistani Diplomatic Missions
On November 21st cyber threat intelligence researcher Jazi discovered and disclosed technical indicators of a new cyber espionage operation targeting Pakistani diplomatic missions by impersonating an announcement from Pakistan’s Ministry of Foreign Affairs. The operation was attributed to an actor dubbed as BITTER, previously associated with the Indian government. If opened the lure document was covertly installing a custom cyber espionage software implant.
6. Saab Signs Contract for Two SIGINT Ships for Poland
The Naval News reported on November 25th that “Saab has today signed a contract with the Polish State Treasury Armament Agency for design, production and support of two ships for Signal Intelligence (SIGINT) for Poland. The total order value corresponds to approximately EUR 620 million with deliveries planned during 2027. The order is expected to be booked by Saab before year end. A SIGINT ship is used to support the acquisition of intelligence data across the full spectrum of naval intelligence capabilities. Saab will serve as prime contractor, designing and producing the two ships including the integration of advanced mission systems. The ships will be built by subcontractor Remontowa Shipbuilding SA in Poland. “We are proud that Poland has selected Saab as a partner in naval intelligence ship systems. We will contribute with our capabilities by building advanced platforms with world-leading sensors, fully integrating complete mission systems, where we have long experience,” says Saab’s President and CEO Micael Johansson. The effectiveness of the contract is subject to the fulfilment of certain financial conditions. All conditions are expected to be fulfilled by the end of 2022.”
7. Ukrainian SBU Detains MGB DNR Agent in Kharkiv
On November 23rd Ukraine’s Security Service (SBU) stated that they “detained the adjuster of the massive missile attack on military and energy facilities in Kharkiv. The Security Service has located and detained another enemy adjuster during counter-sabotage measures in the liberated areas of eastern Ukraine. The attacker “directed” Russian missiles at military and strategically important objects in the Kharkiv region. According to the investigation, the accomplice of the invaders turned out to be a resident of Donetsk region, who was recruited by the MGB DNR under the control of the aggressor at the beginning of the full-scale invasion. At the behest of the enemy, he moved to Kharkiv to gather intelligence about the locations of units of the Defence Forces, the military and important critical infrastructure facilities. To do this, he went to the city, where he took photos and videos of objects and marked their geolocation on digital maps. The collected intelligence was transmitted through a “courier”. He turned out to be a militant of the terrorist organisation “DNR”, which was part of the occupation group in the eastern direction. For communication, a pre-tested Telegram channel was used, and the transmission of intelligence was carried out in the form of media files with a text description of the nearby territory of the target site. During the search of the detainee’s residence, law enforcement officers found a mobile phone with evidence of correspondence with the occupiers.”
8. Poland Fights Information War for Kyiv in North America
Intelligence Online reported on November 25th that “the Polish government, which is already at the heart of the logistical system for the Western response to Russia’s war on Ukraine, is also one of Kyiv’s leading allies in the information war. It is using American firms to carry out its communications campaigns.”
9. United States: Senators Alarmed Over Potential Chinese Drone Spy Threat
Politico reported on November 23rd that “hundreds of Chinese-manufactured drones have been detected in restricted airspace over Washington, D.C., in recent months, a trend that national security agencies fear could become a new means for foreign espionage. The recreational drones made by Chinese company DJI, which are designed with “geofencing” restrictions to keep them out of sensitive locations, are being manipulated by users with simple workarounds to fly over no-go zones around the nation’s capital. Federal officials and drone industry experts have delivered classified briefings to the Senate Homeland Security, Commerce and Intelligence committees on the development, three people privy to the meetings said. A spokesperson for the Intelligence Committee — which has been kept closely apprised of the counterintelligence risks — declined to comment on the briefings. The other two committees did not respond. This story is based on interviews with seven government officials, lawmakers, congressional staffers and contractors. They were granted anonymity because they are not authorized to speak publicly about private and sometimes classified discussions involving government officials. The officials say they do not believe the swarms are directed by the Chinese government. Yet the violations by users mark a new turn in the proliferation of relatively cheap but increasingly sophisticated drones that can be used for recreation and commerce. They also come as Congress debates extending current federal authorities and adopting new ones to track the aerial vehicles as potential security threats.”
10. Podcast: Spycraft 101: A Father Lost in the Invasion of the Bay of Pigs with Janet Ray
On November 21st Spycraft 101 published this new podcast episode saying that “Alabama National Guard bomber pilot Thomas “Pete” Ray and other members of the ANG’s 117th Tactical Reconnaissance Group volunteered to support the invasion in Cuba after ANG General Reid Doster was approached by the CIA. The CIA had a number of B-26 bombers available for air support, and the 117th was one of the only military units still flying and maintaining those aircraft. Around eighty men traveled to Central America to train the Cuban pilots and crew who would fly the actual missions. But by the third day of the invasion, things were going very wrong at the beachhead, and the surviving Cuban pilots were exhausted after five straight days of combat sorties. The National Guard pilots stepped up to take over and fly missions into Cuba themselves. On April 19th, 1961, two of the B-26s were shot down over southern Cuba. One plane flown by Wade Gray and Riley Shamberger crashed into the sea. Their bodies were never recovered. The other, piloted by Pete Ray and Leo Baker, crashed on land. Ray survived the crash and exchanged fire with Cuban troops before he was captured. He was executed with a bullet to the head shortly thereafter. For the next 18 years, his widow and children fought both the US and Cuban governments for more information on Pete’s last mission, and to recover his remains. Fidel Castro kept Ray in a Havana morgue and demanded concessions the US government was unwilling to give before turning over the body. It wasn’t until 1979 that Pete Ray returned home to be buried in a cemetery in Birmingham, AL. For episode 42 of the Spycraft 101 podcast, I spoke with @janet.ray.miami, Pete’s daughter. Janet was just six years old when she watched her father drive away for a mysterious assignment. She was 24 when she finally laid eyes on his remains and realized he’d been executed on the ground, and had not died in the crash. We discussed one of the often overlooked costs of covert operations: the trials and tribulations of the families left behind, and left in the dark.”
11. Netherlands: AIVD Transfers Files to the National Archives
On November 22nd, with an official announcement, the Dutch AIVD stated that they “transferred some 74,000 files from the period 1946–1998 to the National Archives. These are personal files of the former Central Security Service (CVD) and the National Security Service (BVD). Both services are predecessors of the General Intelligence and Security Service (AIVD). It is the fifth time that the AIVD has transferred part of its archive. This is in line with our aim to be open where possible and contributes to scientific study of intelligence and security services and accountability to the public. The archives provide an insight into the research that the CVD and BVD conducted at the time.”
12. Ukrainian SBU Detained FSB Agent in Odessa
On November 26th Ukraine’s SBU stated that they “detained an FSB agent in Odessa who was filming the positions of the Defence Forces on a hidden video recorder. As a result of a multi-stage special operation, an agent of the Russian intelligence services was detained in Odessa. He covertly collected intelligence about the locations of troops in the region. First of all, he was interested in intelligence on the number of personnel and military equipment, up-to-date information on the defence capability and combat readiness of military facilities. According to the investigation, the traitor turned out to be a local resident — an active supporter of the “Russian world”, but he was not guided only by ideological motives. In particular, the traitor hoped to get a “position” in the occupation administration, in case the region was captured by the occupiers. The detainee went to different districts of Odessa and the suburbs and visually inspected the area. To record military sites, he used a video recorder hidden in the cabin of his own car. He saved the collected intelligence on a memory card, which he planned to hand over to the enemy. However, SBU employees promptly exposed the traitor’s criminal intentions and detained him for attempting to pass intelligence to the enemy. During the search, a hidden video recorder and data carriers with evidence of illegal activity were found in his possession.”
13. Meta Links U.S. Military with Covert Facebook Influence Operation
On November 23rd Bleeping Computer reported that “Meta has removed several accounts on Facebook and Instagram associated with the U.S. military, saying they were used as part of covert influence operations targeting the Middle East and Russia. Meta says it removed 39 Facebook accounts, 26 Instagram accounts, 16 Facebook Pages, and two Facebook groups for violating its ‘coordinated inauthentic behavior’ policy. The most successful of these Facebook pages had 22,000 followers; the more extensive group counted 400 members, while one of the banned Instagram accounts had 12,000 followers. “The U.S. network — linked to individuals associated with the U.S. military — operated across many internet services and focused on Afghanistan, Algeria, Iran, Iraq, Kazakhstan, Kyrgyzstan, Russia, Somalia, Syria, Tajikistan, Uzbekistan, and Yemen,” reads the announcement.”
14. Germany: Domestic Intelligence — For Which the BfV Gets Money
The Tagesschau published an exclusive story on November 24th stating that “the budget of the Federal Office for the Protection of the Constitution has doubled in the past ten years. Secret documents from the authority reveal what the domestic intelligence service believes it needs the money for. Thomas Haldenwang painted a rather bleak picture when he addressed the members of the Bundestag at a public hearing in mid-October. According to the President of the Federal Office for the Protection of the Constitution (BfV), Russia’s war of aggression against Ukraine marked a turning point in Germany’s security policy. Putin’s intelligence services have long been known to be aggressive actors, but now we have to reckon with increased and even more conspiratorial espionage activities, as well as more cyber attacks and disinformation campaigns. The growing number of violent right-wing extremists and conspiracy ideologists should be mentioned, who felt inspired by the energy crisis and inflation. Looking at all areas of his authority’s work, he added: “The need for staff, means and resources in recent years was right and remains justified!” As with almost all security authorities, the budget of the Federal Office for the Protection of the Constitution (BfV) has recently increased steadily. This Friday, the budget for the domestic intelligence service for the coming year is to be decided in the Bundestag. There will probably be a lot of money for the protection of the constitution again. According to research by NDR and WDR , the BfV is to demand a budget of almost 470 million euros in 2023. Although the Office for the Protection of the Constitution would receive a little less money than in 2020 and 2021, the budget of the Federal Office has more than doubled over the past ten years: in 2012 it was just under 190 million euros. Since then, the number of constitutional protectors has increased significantly. In 2011 there were around 2,600 employees at the BfV; in the middle of this year there were almost 4,000.”
15. Spy Collection: Japanese Consul in Vladivostok Caught by Russia’s FSB Conducting Espionage
On November 25th we published a new video in our archived content/raw footage playlist. As per its description, “the Russian Federation expelled Japanese diplomat Motoki Tatsunori on September 26, 2022 based on evidence provided by the Federal Security Service (FSB). Tatsunori was assigned as a diplomat (consul) in the Consulate General of Japan in Vladivostok, Russia. The video shows Tatsunori (left) talking with a female covert operative of the FSB (right) during a clandestine meeting in a restaurant in Primorksy Krai, Vladivostok. During this meeting the female operative provides documents with classified information that Tatsunori allegedly requested in return of a monetary reward from the intelligence service of Japan. Then the video shows Tatsunori confessing what’s shown in the video in the regional office of the FSB. According to the FSB, Tatsunori was an intelligence officer operating under diplomatic cover. He was tasked to acquire classified information related to Russia’s cooperation with countries of the Asia-Pacific region as well as details on the regional impact of the Western economic sanctions.”
16. Israeli Private Firm “XYZ Elements” Helps UAE Develop OSINT Capabilities
According to Intelligence Online from November 25th, “Israel’s Roy Schloman, head of the big data firm nRich, is making headway with his new startup XYZ elements, in the running to help the UAE develop its OSINT capacities.”
17. British Government Bans Chinese Surveillance Cameras from Sensitive Locations
On November 25th The Record reported that “the British government has banned departments from installing at sensitive locations surveillance cameras manufactured by Chinese companies due to potential information security issues, and is facing calls to ban them entirely from the public sector. Announcing the findings of a security review on Thursday, the Cabinet Secretary Oliver Dowden said that the restrictions were being introduced “in light of the threat to the UK and the increasing capability and connectivity of these systems.” Not only will the equipment be disallowed from sensitive sites, departments have also been advised that the same equipment should never be connected to core networks if installed elsewhere. The updated guidance also encourages departments to consider stripping the cameras out from less sensitive sites too to avoid introducing additional risks. The restrictions will affect all cameras “produced by companies subject to the National Intelligence Law of the People’s Republic of China” referencing a law introduced in 2017 which the U.K.’s National Cyber Security Centre (NCSC) has also cited regarding the use of Huawei equipment in telecommunications networks.”
18. Podcast: SpyCast: “The FBI & Cyber” — with Cyber Division Chief Bryan Vorndran (part 1/2)
On November 22nd the International Spy Museum’s SpyCast released this new episode. It’s the first (of the two) parts and its description says that “when Bryan Vorndran attended the FBI Academy in 2003, cyber was not on his personal radar, nor was it on Quantico’s vigorous training schedule. Now, almost 20 years later, Bryan serves as the Assistant Director of the FBI’s Cyber Division. What changed in those 20 years to bring Bryan to the forefront of the cyber battlefield, and how have the tactics and strategies used in this used in this field evolved alongside the ever-changing face of cyber? Tune into this week’s SpyCast episode to find out! The FBI has historically been associated with law enforcement and criminal justice. How does cyber fit into this world, and what is the FBI’s strategy for defending the country against cyber adversaries?” The intelligence topics covered are: 1) The evolution of the FBI and cyber, 2) Weakening cyber adversaries, 3) Motivations behind creating and distributing malware, and 4) How to keep your information safe from cyber attacks.
19. Russian Active Measures in Norway: A Situational Assessment
Grey Dynamics reported on November 20th that “recently there has been an increase in suspected Russian active measures in Norway. Norwegian police detained several Russian citizens in possession of Unmanned Aerial Vehicles (UAVs) as well as sensitive picture and video material of critical energy infrastructure. Furthermore, Norwegian police recently arrested a suspected Russian “sleeper” working at the Tromsø University. Recent activities follow a pattern of Russian aktivnye meropriyatiya, i.e., active measures or political warfare. The strategy typically includes espionage, sabotage, and propaganda based on foreign policy priorities. This year, Norway became the third largest exporter of oil to the EU and is now the largest seller of gas. Hence, it is likely that recent activity is an attempt to put pressure on Norway and Europe, spurring fear and a sense of imminent threat. However, recent detentions indicate an extensive Russian presence in the country, which has implications for European energy stability. Since the sabotage on the Nord Stream pipelines, there are indeed indicators of Russia making a move in Northern Europe, and Norway in particular. As a NATO-member, the unfolding development will have implications for European and Arctic stability.”
20. North Korean Cyber Espionage Operation Targeting Japanese SMBC
Cyber threat intelligence researcher Jazi discovered and disclosed the following technical indicators on November 23rd. They are associated with an ongoing cyber espionage operation attributed to an actor dubbed as LAZARUS, previously associated with the government of North Korea. The operation involved a lure job application document impersonating the Sumitomo Mitsui Baking Corporation (SMBC) of Japan. If opened, it was covertly installing a custom cyber espionage software implant.
21. More Details Emerge About Tehran’s Plot Against Iran International
On November 23rd Iran International published this story stating that “the Israeli Mossad alerted UK authorities about an impending Iranian plot to carry out terrorist attacks against Iran International’s journalists based in London. Israel’s Channel 11 reported Monday, November 21, that Mossad informed Britain’s spy agency about the threats facing two journalists working for the London-based channel. According to further information obtained by Iran International, threats against its journalists, revealed by the Metropolitan Police earlier this month, came from the same team that sought to target Israel’s former consul general in Istanbul, Yosef Levi Sfari, who was rescued by authorities and sent back to Israel. In June, Israeli and Turkish media reported that a terror cell sent to Turkey by the Islamic Republic was busted, and its eight members who had entered the country with fake Tajik and Italian passports were arrested. The agents were staying at the same hotel in which Levi Sfari and his partner Roni Goldberg were staying for their vacation, with reports alleging that their other targets were Israeli tourists. “The Iranian squad was caught red-handed at the last minute,” the reports added. According to Turkey’s National Intelligence Organization (MIT), the eight were arrested in raids on three houses in Istanbul’s Beyoglu district. The mastermind of the plot was Rouhollah Bazghandi, the deputy head of IRGC’s counterintelligence (Unit 1500). A former senior IRGC official had earlier told Iran International that by using amateur agents to carry out the attacks against Israeli targets in Istanbul, Bazghandi dealt a heavy blow to IRGC Intelligence Organization. He was also in charge of thwarting plots against Iran’s security officials inside Iran; however, his involvement in the Turkey plot, and apparently his absence, among other reasons, turned Iran into a safe haven for Israeli Mossad agents who launched several sabotage operations and assassinations. An intelligence source told Iran International that Bazghandi is the man who was in charge of the failed attack against its journalists.”
22. Podcast: Spy Chat with Chris Costa — Guest: LTG (R) Michael K. Nagata
The International Spy Museum released this virtual chat recording on November 22nd. As per its description, “join us for an online discussion of the latest intelligence, national security, and terrorism issues in the news. Spy Museum Executive Director Chris Costa will lead the briefing. Costa, a former intelligence officer of 34 years with 25 of those in active duty in hot spots such as Panama, Bosnia, Afghanistan, and Iraq is also a past Special Assistant to the President and Senior Director for Counterterrorism on the National Security Council. He will be joined by LTG (R) Michael K. Nagata, former Director of Strategic Operational Planning for the National Counterterrorism Center. Nagata is a Senior Vice President and Strategic Advisor for CACI International, which he joined after retiring from the US Army in 2019. He served 38 years of Active Duty, with 34 years in US Special Operations. Early in his military career in 1990, he was selected for a Special Mission Unit, and deployed extensively over several assignments there on contingency and combat operations. From 1999 to 2000, he commanded the Army’s Special Forces Qualification Course. In 2000, he returned to a Special Mission Unit as a Squadron Commander and was involved in the initial combat deployments after the 9/11 attacks. After graduating from the National War College in 2003, he served in the Office of the Undersecretary of Defense for Intelligence. From 2005 to 2008, as a Special Mission Unit commander, he led multiple Joint Special Operations Forces task forces across more than a dozen countries in Africa, the Middle East, and Southeast Asia. He then served within the US Intelligence Community in Washington, DC as a Military Deputy for Counterterrorism until 2009. Nagata then deployed again until late 2011 to Pakistan as the Deputy Chief, Office of the Defense Representative at the US Embassy. Upon returning to the US, he served on the Joint Staff as the Deputy Director for Special Operations and Counterterrorism until 2013. From 2013 to 2015 he commanded US Special Operations Command-Central, was responsible for Special Operations across the Central Command, and was heavily involved in the first two years of combat against the Islamic State.”
23. Chinese Agent Bribed Taiwan Colonel to Surrender if War Began, Prosecutors Claim
CNN reported on November 22nd that “prosecutors in Taiwan said on Tuesday they had charged a senior military officer with corruption and harming state security after they said he took bribes from a Chinese agent to act as a spy and even signed a letter promising to surrender to China. Taiwan has long battled against what it says is a sustained espionage campaign run by Beijing to undermine Taiwan’s armed forces and sow dissent in the ranks. China views Taiwan as a “sacred” part of its territory and has never renounced the use of force to bring the island under its control. The prosecutors’ office in southern Taiwan’s Kaohsiung city said they were seeking a 12-year sentence for an army colonel who had over the last four years received T$560,000 (about $18,000) in bribes from a Chinese agent who was also a retired Taiwanese officer. The retired officer persuaded the colonel, who had been thinking of leaving the armed forces, to stay in service so he could gradually rise up the ranks and act as a spy, it said. The colonel signed a letter to promise that he would surrender in the event of war with China, the office added. The prosecutors identified the colonel as Hsiang Te-en. China’s Taiwan Affairs Office did not respond to a request for comment. Taiwan’s Defense Ministry said that the officer was suspected of violating national security and anti-corruption laws and that it would continue to cooperate with the investigation. “This case highlights that the Chinese communists have become a serious threat against us when it comes to infiltrating, recruitment, collection of intelligence and theft of secrets,” the ministry said. The ministry will continue to strengthen counter-intelligence education for officers and soldiers and deepen security investigations, it added.”
24. Azerbaijan’s Intelligence Services Keep Watchful Eye on Pasdaran in Nakhchivan Enclave
On November 23rd Intelligence Online reported that “with mutual accusations flying between Iran and Azerbaijan’s intelligence services, Baku’s security apparatus has swung into action.”
25. The Secretive US Embassy-backed Group Cultivating the British Left
Declassified UK released this story on November 24th. Its summary says that “the British-American Project (BAP), set up in the 1980s with US embassy funding amid CIA concern about ‘anti-American’ drift in the Labour Party, recently added senior Labour politicians to its secret membership rolls, Declassified can reveal.” The highlights noted are: 1) BAP cultivates pro-American political positions among the British left and includes numerous figures critical of Jeremy Corbyn’s leadership; 2) Labour MP Rushanara Ali sits on group’s advisory board alongside former MI6 chief Sir John Sawers; 3) US embassy hosts new fellows at an annual event that has been attended by ex-CIA director; 4) Former Labour MP tells Declassified someone “working with the CIA” tried to recruit her to BAP; 5) Benjamin Zephaniah says he was “duped” by group after being recruited at Hay Literary Festival; 6) Many senior UK military officers have been members of BAP, with two joining this year without the knowledge of Ministry of Defence; and 7) Group’s funders have included BAE Systems and BP.
26. Polish Minster Coordinator Met with the US Chief of Intelligence
The Polish government issued a press statement on November 23rd saying that “Mariusz Kamiński, Minister Coordinator of Intelligence Services, met on November 17 this year in Warsaw with US Director of National Intelligence Avril Haines to discuss the security situation in connection with Russian aggression against Ukraine. During the meeting, topics related to current challenges and threats in the international arena were discussed, especially on NATO’s eastern flank. The importance of close allied relations in ensuring security in Europe and in the world was also emphasised. During her visit to Warsaw, Avril Haines also held a series of meetings with representatives of the intelligence services to talk with them about Polish-American cooperation. This is another visit of the US Director of National Intelligence to Poland, which shows Poland’s close cooperation with American partners to build lasting security in our region. During her stay in Warsaw, Avril Haines also met with Prime Minister Mateusz Morawiecki.”
27. Webinar: Everything You Should Know About Secret Numbers Stations & How To Listen
On November 21st the Ringway Manchester YouTube channel published this 20-minute long webinar covering a wide variety of subjects relating to number stations.
28. Podcast: State Secrets: The Mission to Give Back
On November 22nd the Cipher Brief’s State Secrets podcast released a new episode. As per its description, “this week we’re talking about the mission to give back and we’re highlighting three organizations that are doing just that. Suzanne is joined by Brad for three conversations with charities that are making an impact. First up is the Special Operations Care Fund known as SOC-F. SOC-F really targets their giving efforts to the special operations community in ways that you wouldn’t normally think of. They support things like treatments for traumatic brain injury but they also focus on providing therapy sessions to save marriages that are often strained by the multiple deployments that affect families. They also provide therapeutic and restorative experiences for gold star kids. We spoke with Co-Founder David Kramer and new Executive Director of SOF-F Jeremy Morton. Next up we spoke with CSM (Ret) Mike Hall, Executive Director of Three Rangers Foundation an organization that serves the Ranger community. Three Rangers manages a significant network of former Rangers who mentor new veterans as they are transitioning, and beyond and offers some pretty impressive ways to build professional networks in the civilian world. Last but not least we spoke with the Executive Director of the CIA Officer’s Memorial Foundation John Edwards. John is a retired senior executive with CIA and now leads the organization that was created following the death of Mike Spann in 2001. Spann was the first American killed in Afghanistan, and was a CIA officer and it became clear very soon after that CIA needed a new type of way to support fallen officers. We talked with John about how the foundation works to provide scholarships and support for the children and spouses of fallen CIA officers.”
29. Tiny Kox: Russian Spy in Strasbourg was ‘no James Bond’
The EU Observer reported on November 22nd that ““He was sometimes there, he was smiling,” said Tiny Kox, a Dutch politician, speaking of a Russian spy he used to see around in the corridors of the Council of Europe building in Strasbourg, France. “He was no James Bond,” Kox added, referring to a British spy-movie icon. “He was there, but not saying or doing anything. I’m not sure if that’s part of the behaviour of spies,” Kox said. “I never speak with secretaries but they always accompany their delegations,” he added. Kox is currently president of the Parliamentary Assembly of the Council of Europe (PACE). The low-key Russian was Valery Levitsky, who used to be secretary general of Russia’s 80-strong delegation in Strasbourg, as well as an officer in Russia’s GRU military-intelligence service. France expelled him in 2018 on grounds of espionage. Levitsky described Kox as a friend of Russia in internal Russian documents revealed in September this year by Dossier Center, a London-based NGO, prompting suspicion. But Kox denied having known him or having ever had pro-Russian leanings. “There was no relationship between me and whatever spy Russia might have sent to the Council of Europe,” Kox said. “I’ve been involved in quite a lot of romances, although I’m now 45 years with my wife, but a romance with Russia I was never engaged in,” the Dutch socialist also said. Russia was expelled from the Council of Europe shortly after its invasion of Ukraine in February, in a move Kox endorsed. “If you cross the borders of a neighbouring state with your army then you cross the borders of the Council of Europe, then you’re out,” he told EUobserver. And if Moscow had been counting on him for friendly ties as PACE president, then its support “boomeranged”, Kox said. PACE, on his watch, also named the Russian regime a “terrorist” entity and called to create a special tribunal to try Russian president Vladimir Putin for the crime of “aggression” against Ukraine, Kox noted.”
30. Spy Way of Life: Teddy Picker’s Cafe — Canberra, Australia
This week’s selection for Intelligence Online’s Spy Way of Life was the “Teddy Picker’s, the lavish Canberra cafe serving all day “brekky” loved by Australian spies.” As per the article, “this week, Intelligence Online pushes open Teddy Picker’s door, a unique yet typical cafe in Canberra where Australian intelligence officers like to feast on tasty local fare with their sources.”
31. Ukrainian SBU Submitted the Case of Russian Agents Who Worked for Strelkov
On November 21st Ukraine’s SBU issued a press release saying that they “submitted to the court the case of a Russian agent who worked for the terrorist Strelkov. The Security Service completed pre-trial investigations and submitted to the court the materials of criminal proceedings against two Russian agents. They collected intelligence on the deployment and movement of units of the Defence Forces in the eastern direction. Both criminals were detained during special operations of the SBU in the Donetsk region. Among those detained is the personal informant of the Russian terrorist Strelkov-Ghirkin. The former “Minister of Defence of the DNR” was targeted via the banned social network “Odnoklassniki” after the start of a full-scale invasion. There he offered Strelkov his “help” in the war against Ukraine. According to the instructions of the Russian terrorist, his agent collected intelligence about the places of temporary bases and the routes of movement of units of the Armed Forces of Ukraine in the territory of Sloviansk. It was established that the transfer of classified information was carried out by the enemy agent from his own account in the form of labels on digital maps with a detailed description of the surrounding area. Officers of the Security Service timely exposed the intruder, documented his criminal actions and detained him while trying to transfer defense information to the aggressor. Another accomplice of the occupiers turned out to be a resident of the village of Kleban-Bik, who was recruited by a representative of the FSB after the start of the full-scale aggression. On the assignment of the Russian intelligence service, he carried out reconnaissance and subversive activities in the Kramatorsk district. First of all, the enemy agent tried to detect convoys of Ukrainian military equipment and transmit their geolocation to the Russian Federation through an anonymous messenger.”
32. CIA Vampires: US Meddling in the Philippines
Grey Dynamics published this article on November 23rd. It starts by saying that “in the shadowy war against communism led by the United States, the Philippines was subjected to a disturbing branch of psychological warfare by the CIA. Lt. Col Edward G. Lansdale was sent to end the guerilla Hukbalahap (or the “People’s Army Against Japan” in Tagalog) insurgency against the government. This group remained from World War II in hopes of social and agricultural reform in the Philippines. During his time there he used local mythology and folklore to strike fear and coercion into the Huk rebels and the surrounding population among other methods to pioneer to burgeoning fields of psychological warfare. After the conclusion of his psychological warfare campaign, Lansdale shifted to a political advisory role, and implemented the process for the CIA to control the political landscape of the country.”
33. Video: Spycameras — The World War Two Eastman Kodak Matchbox Camera
The Spycamerasaurus published a new video on November 20th. As per its description, “an increased demand for photo intelligence from Europe during the Second World War and a lack of suitable equipment to obtain it led to the development of the Kodak Matchbox Camera. The Riga Minox camera was already being manufactured at the start of the war, but models were in short supply, being bought up by intelligence agencies at premium prices. This, coupled with the fact that its 9.5mm film format was not compatible with existing processing and enlargement equipment in the United States began a search for an alternative camera. There were also concerns that the shiny stainless steel Minox was not covert, and potentially put agents at risk when the camera was being used in clandestine situations. To address these concerns, this camera was developed by the Office of Strategic Services (the forerunner of the CIA). Tasked with designing the camera, OSS employee Frank Bobb spoke with an intelligence officer recently returned from Europe and conceived the idea of a camera disguised as a small wooden matchbox, which at the time were more common in Europe than in the US. Officially known as the ‘Eastman MB’ or more commonly as ‘Camera X’, the first model was produced in 1944 by Kodak in a batch of 500 cameras. This version used rolls of 16mm film, but this was prone to jamming. The second model, introduced in 1945 used films on spools, which resolved this problem. A further 500 cameras were manufactured with this advance. A two foot strip of 16mm film produced up to 34 images that were 14x 14mm in size. The first model, like this one, is distinguished by having three indentations 120 degrees apart in the top of the film winding dial. The later version had two, 180 degrees apart. Both versions consisted of an inner Bakelite body which was then covered with a sliding metal casing. The camera lens was a fixed focus 25mm covering between 8 feet and infinity with an angle of view of 45 degrees. A small pin on the side of the camera allowed the aperture to be adjusted between f5 and f11. On one side of the casing was the shutter release button providing an ‘instantaneous’ exposure of around 1/50 second while, on the opposite side of the casing, there was a small pin which allowed the shutter to be held open as with a ‘bulb’ setting. According to the issued instructions, the camera was suitable for both general and documentary photography. The camera could be supplied with a developing kit and a close up lens and copying stand for document photography. It could also be supplied with suitable matchbox labels to disguise the casing, dependant on the country in which it was to be used, or failing that, the operator could provide their own. Due to the relatively late introduction of the camera, it is likely that Camera X was used more extensively in the early years of the Cold War, rather than World War Two.”
34. Turkey’s Paramilitary SADAT Meeting discussed deploying foreign fighters to Kashmir, Palestine
The Nordic Monitor published this article on November 24th. It starts by saying that “the idea of sending foreign fighters to Kashmir and Palestine against the backdrop of the Russian-Ukrainian conflict was raised during a meeting in Turkey that was organized by Turkish President Recep Tayyip Erdoğan’s secretive paramilitary group SADAT. “Not only NATO but all the world powers, they said any volunteer, including Americans, you can go to Ukraine, you can fight shoulder-to-shoulder with the Ukrainian army, and they are called heroes. I endorse that. But my only point is: Are these volunteers going to be allowed to go to Palestine, to go to Kashmir?” said Syed Ghulam Nabi Fai, a Kashmiri-born convicted felon who served time in US federal prison. “Can we ask the world powers why don’t you feel that pain and suffering when it comes from the streets of Palestine or Kashmir?” he added. Fai’s remarks were hailed by other participants in the meeting that was held by SADAT’s front organization, the Association of Justice Defenders Strategic Studies Center (ASSAM), on November 12, 2022. Fai’s US-based organization, the Kashmiri American Council (KAC), an outfit that is funded by Pakistan’s Inter-Services Intelligence (ISI), has long been a partner of SADAT and its affiliated organizations.”
35. From Coercion to Invasion: The Theory and Execution of China’s Cyber Activity in Cross-Strait Relations
The private intelligence firm Recorded Future released this intelligence product on November 23rd. As per its summary, “this report examines how China conceptualizes and executes cyber coercion and cyber warfare, with a focus on Taiwan. It will be of most interest to Taiwan’s government and military, governments and militaries active in the Indo-Pacific region, as well as researchers who focus on China’s military and cyber activities. The report’s authors, Devin Thorne and Zoe Haver, thank Jessica Drun and Joe McReynolds for their generous reviews and support. Information about the authors can be found at the end of the report.”
36. Ukrainian SBU Detained Russian Agent in Kyiv Preparing Sabotage Operation
On November 25th Ukraine’s SBU announced that they “detained a Russian agent in Kyiv who had come from Crimea to prepare sabotage. The attacker was transferred from the temporarily occupied Crimea to Kyiv a month before the full-scale invasion. Under the guise of visiting relatives, he was in “sleep mode” for some time, and when he received an order to act, he was detained by the SBU. The intruder was carrying out the task of the Russian intelligence service to collect intelligence on the locations and routes of the movement of the Defence Forces in the capital region. According to the investigation, the enemy accomplice turned out to be a former employee of the disbanded militia, who remained in Sevastopol after his dismissal from the ranks of the Ministry of Internal Affairs in 2014. After the capture of the peninsula, the attacker went over to the side of the invaders, for which he received from them an appointment to the local “police department of the Russian Federation” created by the occupiers. It was established that the enemy agent underwent operational combat training at one of the training centres of the Russian special service and expected to be transferred to the territory under the control of the Ukrainian authorities. He received this “command” from the aggressor almost a month before the start of the full-scale invasion. To carry out enemy tasks, the traitor tried to form an extensive network of informants. For this, he used his connections among former law enforcement officers and representatives of criminal circles. However, he failed to realise his criminal intentions. SBU employees exposed him in a timely manner, documented illegal actions and detained him as a result of a multi-stage special operation. During the search, law enforcement officers found: ▪️an internal passport of a citizen of the Russian Federation and a Russian passport for traveling abroad; ▪️a mobile phone with evidence of conspiratorial correspondence with the FSB through an anonymous Telegram channel; ▪️materials confirming the completion of a “special course” in the territory of temporarily occupied Crimea.”
37. From Mata Hari to Markus Wolf: A Look at How Honey Traps Are Used in Espionage
On November 20th the FirstPost published this article starting by saying that “on Friday, the Delhi Police arrested a driver working with the Ministry of External Affairs in connection with an alleged espionage case. The driver reportedly was ‘honey trapped’ and is said to have passed on confidential information to the other accused involved in the matter. The arrest comes after security agencies alerted the police that the driver was passing information to someone in Pakistan. The driver is currently being interrogated and further investigation is on. The use of a romantic relationship or sex for espionage is one of the oldest tactics used to elicit sensitive information. The information can be used to achieve political aims or monetary advancement and sometimes to blackmail the person or extortion.”
38. Video: The Spy Network — Meet The Elite Unit Within The Army’s Rangers — ‘Task Force Red’
On November 25th The Spy Network released a new video about a United States military unit focusing on intelligence and reconnaissance operations. As per its description, “meet The Elite Unit Within The Army’s Rangers — ‘Task Force Red’. Army rangers have a tier one unit so elite that only a few hundred rangers are in it. It is 1 of the 5 Tier One SMU’s, and probably one of the least known. Perhaps one of the most strategically, operationally, and tactically significant parts of a conflict that an army must deal with is intelligence. The Regimental Reconnaissance Company (RRC) satisfies the intelligence requirements of the 75th Ranger Regiment quite successfully.”
39. Turkish MIT Kidnaps 4 Citizens of Occupied Afrin, Syria
The ANHA reported this week that “ANHA’s correspondent quoted sources from inside Janders district in the occupied canton of Afrin, that Turkish intelligence had kidnapped 4 citizens of Deir Ballut village of the district. This comes within a series of kidnappings carried out by the Turkish occupation and its mercenaries in occupied Afrin. The sources mentioned the names of the four kidnapped people: “Hassan Ezzat Hussein, 44 years old, Muhammad Ahmad Suleiman, 29 years old, Ibrahim Ezz al-Din Haider, 38 years old, and Ali Mustafa Issa Arouda, 30 years old.” While the sources did not indicate any information about the fate of the kidnapped, and the destination to which they were taken.”
40. Moldovan Intelligence Ups Its Game in the Face of Russian Infiltration
On November 22nd Intelligence Online reported that “with the Russia-Ukraine war unfolding on its doorstep, the small ex-Soviet state, which has just applied for EU membership, is bracing for disruption. Its security services are stepping up anti-corruption and anti-disinformation efforts against Russian infiltration in the country.”
41. Russian FSB Cyber Espionage Operation Targeting Poland
On November 24th cyber threat intelligence researcher Jazi discovered and disclosed an active cyber espionage operation attributed to an actor dubbed as GAMAREDON, previously associated with Russia’s FSB. The operation involved a lure document impersonating a request for a person to be allowed to cross the Polish border. If opened, the document was covertly installing a custom cyber espionage software implant.
42. New Research on Previously Unidentified Cyber Espionage Actor
This week ESET cyber security and intelligence firm released two articles for a previously unidentified cyber actor dubbed as BAHAMUT. The first article, released on November 23rd, describes the actor as an actor that “typically targets entities and individuals in the Middle East and South Asia with spearphishing messages and fake applications as the initial attack vector. Bahamut specializes in cyberespionage, and we believe that its goal is to steal sensitive information from its victims. Bahamut is also referred to as a mercenary group offering hack-for-hire services to a wide range of clients. The name was given to this threat actor, which appears to be a master in phishing, by the Bellingcat investigative journalism group. Bellingcat named the group after the enormous fish floating in the vast Arabian Sea mentioned in the Book of Imaginary Beings written by Jorge Luis Borges. Bahamut is frequently described in Arabic mythology as an unimaginably enormous fish.” This research discovered that this actor had “an active campaign targeting Android users, conducted by the Bahamut APT group. This campaign has been active since January 2022 and malicious apps are distributed through a fake SecureVPN website that provides only Android apps to download.” The second publication came on November 25th by ESET and its a video presentation of the same topic.
43. The Brush Pass: Alex Joske on China’s Influence Operations Abroad
On November 21st Zach Dorfman’s Brush Pass released this article starting by saying that “most national security analysts in the United States will tell you that China presents a unique challenge to the U.S.-based order. What U.S. officials refer to as the “scope and scale” of the threat from Beijing outstrips that posed by other Western adversaries, even Russia, these officials say. Yet the structure of China’s intelligence apparatus remains relatively opaque. During the Cold War, the U.S. and its allies developed a granular understanding of the KGB, the Soviet Union’s main civilian intelligence agency, and the GRU, its military counterpart. It’s not that the CIA or the wider U.S. intelligence community had perfect insight into its main rival — far from it. But U.S. officials did have a clear sense of how the KGB functioned. Not so with China, which remained cut off from the outside world for decades, and whose security services evolved in an isolated ideological hothouse. As China shed its isolationism and emerged as a world power, its intelligence operatives also fanned out across the globe. But Western intelligence analysts were still looking through a glass, darkly, when it came to Beijing’s espionage abroad. That’s a gap that Alex Joske’s important new book, Spies and Lies: How China’s Greatest Covert Operations Fooled the World, tries to fill. Joske, a former analyst with the Australian Strategic Policy Institute, traces the evolution of the Ministry of State Security (MSS), China’s premier civilian intelligence agency, focusing on the MSS’s ubiquitous — and largely unknown — role in directing and executing Beijing’s influence operations abroad. Joske’s work challenges the consensus that these influence schemes are largely run through other arms of the Chinese government. He shows the hidden hand of the MSS in such operations for decades. I recently spoke with Joske. Here’s a transcript of our conversation, condensed and edited for clarity.”
44. Coordination Between Russia’s SVR and Kyrgyzstan’s Intelligence Agencies
The Russian Foreign Intelligence Service (SVR) issued an announcement on November 22nd stating that “the interaction of the intelligence services of Kyrgyzstan and Russia contributes to the strengthening of security in the region. This was stated on Tuesday in Bishkek during a meeting with the director of the Russian Foreign Intelligence Service (SVR) of the Russian Federation, Sergei Naryshkin, the head of the Kyrgyz state, Sadyr Japarov, his press service reported. “President of the Kyrgyz Republic Sadyr Japarov today, November 22, received the Director of the Foreign Intelligence Service of the Russian Federation Sergey Naryshkin. Sadyr Japarov noted that cooperation between national security agencies plays an important role in maintaining a high level of partnership between the two countries, which allows for the exchange of experience, relevant information and, most importantly, contributes to the coordination of joint actions and efforts to ensure security and stability in the region. The President of Kyrgyzstan also expressed confidence that Naryshkin’s visit to Bishkek “will be fruitful”, and the agreements reached between the competent authorities of the two countries “contribute to the further strengthening of Kyrgyz-Russian relations, which have always been distinguished by a strategic nature, special mutual understanding and complete trust.” The director of the Foreign Intelligence Service of the Russian Federation, in turn, conveyed to the head of the Kyrgyz state “greetings and good wishes from Russian President Vladimir Putin.” “Noting that the two countries are reliable and trusting partners, the head of the Foreign Intelligence Service of the Russian Federation added that stability and security in the Central Asian region and the Eurasian space depend on the common position of the two states,” the press service emphasises.”
45. Ground Zero: The Evacuation of the CIA’s Afghan Proxies Has Opened One of the War’s Blackest Boxes
On November 20th The Intercept released this story starting by stating that “on a rainy Saturday morning in May, Hayanuddin Afghan, a former member of a CIA-backed militia that was once his country’s most brutal and effective anti-Taliban force, welcomed me to his new home in a hilly neighborhood of Pittsburgh. He invited me in through the kitchen, where his wife, who was pregnant with their fourth child, was baking traditional Afghan bread with flour from Aldi’s. The trip downtown to buy groceries was among the greatest challenges of Hayanuddin’s new life in Pittsburgh. It involved hauling heavy bags back home on foot and in multiple city buses, whose schedules were unknowable since he didn’t speak English and had not downloaded the relevant app. “It is difficult to descend from a very strong position to a very weak position,” Hayanuddin told me. In Afghanistan, “we had value. It was our country, and we were making sense for that country. But now, even our generals and commanders, everyone is in the same position.” In Afghanistan, it was impossible to talk at any length to members of the secretive commando forces known as the Zero Units. They hunted the Taliban in night raids and were widely accused of killing civilians, including children. But last September, Hayanuddin and his Zero Unit comrades were the beneficiaries of the most successful aspect of the Biden administration’s chaotic withdrawal from Afghanistan: the CIA’s rescue of its allied militias. Their arrival in the U.S. over the last year has cracked open one of the war’s blackest boxes. My conversations with Hayanuddin and several other militia members yielded new details about the command structure, operations, and final days of shadowy units that were nominally overseen by the Afghan intelligence service but were in fact built, trained, and in many cases fully controlled by the CIA. Their fighters hold clues to many of the war’s mysteries, including how U.S. intelligence engineered and oversaw years of deadly night raids that contributed to the Taliban’s ultimate victory, and how a secret deal between longtime enemies may have hastened the lightning collapse of the Afghan security forces last August.”
46. Leaked Document Reveals Turkey Spied on Erdoğan Critics Abroad for Use Against Finland in NATO Talks
On November 25th the Nordic Monitor reported that “an intelligence document obtained by Nordic Monitor shows that the Turkish Embassy in Helsinki profiled and gathered intelligence about persons believed to be affiliated with the Gülen/Hizmet movement, a group critical of Turkish President Recep Tayyip Erdoğan, to help forge new extradition cases while Turkey and Finland continue negotiations for the latter’s NATO membership. The leaked information note dated July 19, 2022 was prepared by the interior ministry counselor at the Turkish Embassy, a new position for Turkish diplomatic missions whose personnel are from the Interior Ministry. The position was designed to carry out coordinated work with the Turkish police and judiciary in 2017 after it was revealed that Turkish diplomats were spying on Erdoğan’s opponents in 2016, a clear violation of the Vienna Convention on Diplomatic Relations and Consular Affairs. Nordic Monitor previously reported that senior ambassadors repeatedly expressed their discomfort at the annual Turkish ambassadors meetings, claiming that intelligence-related duties put them in a difficult situation in the countries where they serve. The first part of the profiling document includes five persons for whom extradition requests were previously rejected as well as the reasons given by the Finnish authorities.”
47. Ukrainian SBU Detained FSB Agent in Kherson
The SBU issued an announcement on November 24th that they “detained an enemy accomplice in Kherson who helped the FSB escape on boats to the left bank of the Dnieper. The Security Service exposed another accomplice of the occupiers during stabilisation measures in liberated Kherson. He turned out to be the owner of the local recreation boat station, who was helping the invaders escape from the counterattack of the Defence Forces in the southern direction. For this, he voluntarily handed over 6 watercraft, each of which is designed for 30 passenger seats, at the disposal of the aggressor. It was on these boats that personnel of the FSB and several units of the occupation groups of the Russian Federation were “evacuated” to the left bank of the Dnieper. In addition, the enemy engaged watercraft to forcibly evacuate some of the local residents to the temporarily occupied areas of the Kherson region. According to the investigation, before the large-scale invasion, this man arranged sea excursions in the Iron Port area. After the temporary capture of the region, he “re-registered” his own business in favour of the aggressor country and concluded a corresponding “agreement” with the occupation administration. After the liberation of the regional centre, the perpetrator tried to hide in the city. However, SBU officers located him and detained him.”
48. Indian Hackers-for-Hire Gang War Brings to Surface Role of Qatar and Private Investigators
Intelligence Online published this story on November 24th saying that “since 2018, Indian cyber criminals have increased attacks on targets in London, New York, Geneva, Paris, the Emirates, etc.” and continuing that “a raft of recent lawsuits around the world involving hackers has revealed a vast and complex web of influence warfare operations that these cyber mercenaries were contracted to wage, especially on behalf of the Gulf. Securing digital evidence in such legal cases, where both sides are manipulation experts, is proving to be a huge challenge.”
49. United States: Review of NSA, Cyber Command Leadership Structure Ends Without Official Recommendation
The Record reported on November 23rd that “the Biden administration’s evaluation of the leadership structure ruling U.S. Cyber Command and the National Security Agency finished late last month and did not make a formal recommendation about whether or not to end the long-standing arrangement, three sources familiar with the review told The Record. The findings by the small study group — led by former Joint Chiefs of Staff Chairman Joseph F. Dunford Jr. — have been shared with Secretary of Defense Lloyd Austin and Director of National Intelligence Avril Haines, according to the sources, who spoke on the condition of anonymity. One source said that while the four-member group didn’t stake out a position for or against splitting the so-called “dual-hat,” which has existed since Cyber Command was created in 2009 to help the then-nascent command’s development, its assessment makes clear that keeping the arrangement intact creates benefits for U.S. national security. The outcome of the weeks-long study likely means that there will not be a new debate about whether to break up the posts of NSA director and Cyber Command chief any time soon. The relationship was almost severed near the end of the Obama administration and twice while Donald Trump was in the White House, the second being an 11th hour push by a small group of Pentagon political appointees.”
50. Head of Russia’s SVR Met with Tajik President for Cooperation
On November 22nd Russia’s SVR issued a press statement saying that “the head of the Foreign Intelligence Service (SVR) of Russia, Sergei Naryshkin, said that he had discussed security issues with Tajik President Emomali Rahmon “within the framework of our strategic partnership.” “There is a benevolent and professional dialogue between us, we are allies, our presidents are in constant contact on regional and other international issues,” he said in an interview with the press during his visit to Dushanbe. “We stressed the importance of further strengthening cooperation in the fight against terrorism, extremism and transnational organised crime, especially drug and weapons trafficking, cybercrime and other types of threats to national security,” the head of the Foreign Intelligence Service listed. According to him, the State Committee for National Security of Tajikistan and the Russian Foreign Intelligence Service have reliable, partnership relations and “we are constantly expanding the volume of intelligence information.” “The intelligence services of Russia and Tajikistan are closely following the development of the difficult situation in Afghanistan, including within the framework of the international agenda in connection with Afghanistan and around it,” he said. According to him, the situation in Afghanistan depends on how quickly the Taliban (which is under UN sanctions for terrorist activities) finds a consensus between various segments of the population and groups, and this will be the reason for the participation of the world community in the future of the country. “We expressed the need to further strengthen regional security measures, and we will discuss with our colleagues from the State Committee for National Security the intensification of the exchange of intelligence information and the fight against international terrorism,” Naryshkin said.”
51. Podcast: Spycraft 101: The Assassins Immortalized on Russia’s Stamps with Mark Pruett
Following this week’s story #10, on November 24th Spycraft 101 released a new episode. As per its description, “Grigori Syroezhkin has been called “The Human Plague”, and is the Soviet agent who in 1925 executed British intelligence officer Sidney Reilly, arguably the greatest spy in history. Syroezhkin joined the All-Russia Extraordinary Commission for Combating Counter-Revolution, known as the Cheka at age 18. He was more than just a strong young man. Something inside him made him uniquely qualified in the use of violence and terror. He quickly became one of the Cheka’s most prolific killers. From 1918 until 1938 he went wherever he was needed to crush rebellions (real or imagined) and to terrorize and subjugate the population into accepting Bolshevik rule. In his early 20s he helped crush the Tambov rebellion, and destroyed gangs mostly comprised of hungry citizens. He received a gold watch from the Cheka as a reward for his brutal work in Belarus in 1924. The following year he shot Sidney Reilly in the chest in a forest outside Moscow (picture 2). Afterwards he went on to hunt down bandits and rebels in Chechnya and Yakutia. By his late 20s he was operating in Mongolia and even pursuing Russian refugees into China. In 1935 he was in Spain ahead of the Spanish Civil War, where he and other Cheka men shipped 500 tons of Spanish gold to Moscow for “safekeeping”. But even years of brutal enforcement of Soviet authority wasn’t enough to keep him above suspicion. Like so many of his Cheka colleagues, Syroezhkin was eventually recalled to Moscow, accused of being a spy, and purged from the ranks with a bullet to the head and a burial in a marked grave. Decades later, Syroezhkin’s image was rehabilitated when he was featured on a 2002 set of commemorative postage stamps, featuring heroic intelligence officers of the past. His official biography hardly tells the true story of his two decades of terror and brutality. For episode 43 of the Spycraft 101 podcast, I spoke with Dr. Mark Pruett, author of Putin’s Boys: The Stamp Men about the true history of the early Cheka men, and how their stories have been twisted into something almost unrecognizable in order to fit the needs of the modern Russian government.”
52. Chinese Cyber Espionage Operation Targeting Myanmar Armed Forces
On November 21st cyber threat intelligence researcher Jazi discovered and disclosed technical indicators of a cyber espionage operation attributed to an actor dubbed as MUSTANG PANDA, previously associated with the Chinese intelligence services. The operation involved a lure document impersonating a classified Myanmar military daily report. If opened it was covertly installing a cyber espionage software implant utilised by the Chinese intelligence services and dubbed as PLUGX.
53. Canadian Spy Agency Probes Death Threats by Iran, UK Deploys Armoured Vehicles Outside News Studio
The WIONews reported on November 20th that “amid the ongoing protests in Iran following the death of Mahsa Amini, a woman who allegedly died after being detained by Tehran’s morality police, reports suggest that the middle eastern nation has given death threats to citizens in Canada and the United Kingdom who have been vocal about the incident. On Friday, Canada’s spy agency the, Canadian Security Intelligence Service (CSIS), in a statement said that they are investigating reports of people who have received “credible” death threats from Iran which are “designed to silence those who speak out publicly” against them. “CSIS is actively investigating several threats to life emanating from the Islamic Republic of Iran based on credible intelligence,” it said. The statement which was first reported by CBC said that the agency is also working closely with Iranian-Canadian communities which are allegedly being “disproportionately” targeted. Notably, Canada has imposed several sanctions against Tehran over alleged human rights abuses, including the death of Mahsa Amini. Meanwhile, in the UK, at least seven armed vehicles have been deployed outside Iran International television studios in west London after two of its UK-based journalists were threatened by Tehran. Reportedly, they received “severe and credible” threats for their coverage of the ongoing protests on the UK-based Persian language media company. The channel has been dubbed as a “terrorist” organisation by the regime, said a report by AFP.” The latter is also related to this week’s story #21.
54. Podcast: Spycraft 101: Tracking Down an Iraqi Bioweapons Expert with Stephen Monteiro
On November 21st Spycraft 101 released a new podcast episode. As per its description, “this week Justin sits down with former police officer, Navy officer, and US Secret Service special agent Stephen Monteiro. Steve spent 20 years in the Secret Service, where he was a member of the Presidential Protective Division at the Clinton White House, among other assignments. After retiring from federal service and continuing on as a contractor, Steve was tasked with a mysterious case that would become a year’s long journey to track down and retrieve a Iraqi microbiologist and anthrax expert Thamer Abdul Rahman Imran. Thamer was skittish, having been burned by the US once before, and located in one of the most dangerous places in the world, but his knowledge had the potential to help prevent future biological weapons attacks on the United States.”
55. Anti-corruption Chief at China Spy Agency Pleads Guilty to Bribery Charge
On November 21st the ANI News reported that “Liu Yanping, a former top graft buster at China’s ministry for intelligence and counterintelligence, has pleaded guilty to corruption charges, state media reported. Liu last month was indicted on bribery charges before the 20th National Congress. According to Xinhua news agency, Liu was formerly head of the discipline inspection and supervision team sent to the Ministry of State Security by the Communist Party of China Central Commission for Discipline Inspection and the National Commission of Supervision. Liu was accussed of taking advantage of his various positions between 2001 and 2022 to help others in business operations, the handling of cases, job arrangements and the acquiring of license plates. In return, the anti-corruption chief illegally accepted money and gifts worth a total of more than 234 million yuan, which is about USD 33.12 million.”
56. United States NSA: Cybersecurity Speaker Series: 5G Security Impacts National Security
On November 21st the US National Security Agency (NSA) released this 8-minute long video as part of its Speaker Series. As per its description, “watch the latest video in the NSA’s Cybersecurity Speaker Series, focusing on how 5G security factors into national security. NSA’s Cybersecurity Technical Fellow Dr. Josiah Dykstra sat down with NSA’s Enduring Security Framework (ESF) Chief Natalie Pittore and NSA’s lead for 5G Developing Standards Martin Goldberg.”
57. UK: Russians Send Ship to Spy on Royal Navy’s Drone Missile Launcher Off Scottish Coast
The Scottish Daily Express reported on November 20th that “a Russian surveillance ship has attempted to spy on the Royal Navy’s latest autonomous vessels, sources said. It comes with Moscow still reeling from a Ukrainian attack using this type of sea drone on Sevastopol last month. The Kremlin ship Admiral Vladimirskiy began a six-day surveillance mission off eastern Scotland on November 10, sources said. The North Sea is where critical underwater energy infrastructure is located and serviced by a fleet of off-shore supply vessels. Ostensibly a scientific research vessel, in reality the 6,600-ton ship can also conduct covert reconnaissance. UK intelligence services warned last month of a potential increase in activity by the Kremlin to identify cables as part of a wider “targeting” exercise — in preparation to strike at Europe’s hi-tech infrastructure. And Defence Secretary Ben Wallace announced an order for two new ships to protect the network, confirming that “our internet and energy are highly reliant on pipelines and cables”. Sources say the Admiral Vladimirskiy was dispatched to carry out Navy surveillance.”
58. Hungary: Sandor Pinter, the Immovable Warden of Hungarian Intelligence
On November 25th Intelligence Online reported that “while Victor Orban’s chief of staff Antal Rogan has been extending his control of the country’s intelligence, the true curator of the sector remains the long-serving interior minister and political heavyweight, Sandor Pinter.”
59. Russian FSB Reports Stopping Ukrainian Sabotage Attempt at Military and Energy Facilities in the Voronezh Region
Through an official announcement, the Russian Federal Service Service (FSB) stated on November 23rd that “as a result of a complex of operational-search activities on the territory of the Voronezh region, FSB thwarted an attempt to commit sabotage at military and energy facilities in the region by members of a clandestine cell of supporters of the Ukrainian nationalist ideology. When they tried to detain the ringleader and his two accomplices, at the moment they were extracting the means of terror from a hiding place previously equipped on the outskirts of Voronezh, the latter offered armed resistance to the Russian FSB officers and were destroyed by retaliatory actions. There were no casualties among the civilian population and law enforcement officers. As a result of the searches at the addresses of the terrorists and the inspection of the scene, the following were found and confiscated: two ready-to-use improvised explosive devices and components for their manufacture, weapons and firearms, ammunition of various calibers, as well as means of secret communications.” According to military history author and researcher Chris O. those were airsoft enthusiasts engaged in live-action roleplay video games.
60. IRGC Quds Force Dead Drop, Meeting Venue in Turkey was Reactivated
On November 21st the Nordic Monitor reported that “a company office used as a dead drop and a meeting place for operatives of the Islamic Revolutionary Guard Corps (IRGC) Quds Force in Istanbul has resumed its activities after laying low for a while, a Nordic Monitor investigation has found. Alban Yapı Ürünleri Tekstil Sanayi ve Dış Ticaret Ltd. Şti, a company that is licensed to operate in the import-export business and the sale of textile goods and construction materials, was identified by investigators in 2012 as a secret meeting place of Quds Force assets in Turkey. When the confidential investigation into the Quds Force was made public in February 2014 with the intervention of then-prime minister and now president Recep Tayyip Erdoğan to derail and kill the probe, the company was exposed and forced to lie dormant for several years. However Nordic Monitor has learned that the company was reactivated in 2020 with a new location in Istanbul, resuming operations on behalf of Iranian agents. The company is owned Cemalettin Yılmaz Alban, who bought it in March 2004 from its original owners — Hasan Acin, Huseyin Acin and Mustafa Acin — who set it up as a printing and graphic design firm under the name Aycan Grafik Matbaa Sanayi ve Ticaret Ltd. Şti in January 1995. After the purchase, Yılmaz moved its location to the Zeytinburnu district of Istanbul and changed its name. Every two years since then, Alban has moved the firm to a new location to prevent it from being exposed and to make it difficult for investigators to identify Quds Force operations in the event they are compromised. This is a classic pattern that is often observed with Iran’s shell and front companies in Turkey.”
61. An In-Depth Look at the North Korean Threat Actor ZINC
Private cyber security and intelligence firm Avertium published a technical analysis on November 22nd. As per its executive summary, “since 2009, the North Korean threat actor ZINC (also known as Hidden Cobra by the U.S. government) has attacked organizations and individuals by way of highly sophisticated and evolving malware. The threat actor is a destructive, nation-state activity group that gained notoriety in 2014 when they attacked Sony Pictures Entertainment. The attack was in retaliation for the controversial film “The Interview”. The film was a satirical comedy about North Korean leader, Kim Jong Un. ZINC is known for targeting security researchers, pen testers, and employees at security technology companies. In September 2022, Microsoft observed the threat actors targeting individuals from the Infosec community on social media platforms such as LinkedIn and Twitter. The threat actors spend months on social media platforms building their reputation before pulling the trigger on their targets. Let’s take a look at ZINC, their tactics and techniques, and how social engineering can fool those who were trained to recognize phishing attempts.”
62. Ukrainian SBU Detained Ukrainian National Who Attempted to Provide Details of SBU, Armed Forces and Azov Battalion Personnel to Russia
On November 25th the Ukrainian SBU issued a press release stating that they “detained a traitor who wanted to hand over to the Russians a flash drive with data on employees of the Security Service, the Armed Forces, the State Security Service and Azov. In order to show his “usefulness” to the Russians, he collected classified information about the management and personnel of the law enforcement agencies of Ukraine. The man planned to personally transfer the data to the Russian embassy in Budapest on a flash drive. However, SBU officers detained him at the checkpoint while trying to cross the state border. With the beginning of the full-scale aggression, the traitor lived on the territory of Bila Tserkva, was an active supporter of the “Russian world”, but was guided not only by ideological motives. In particular, he expected to become the “chief policeman” of the capital and the Kyiv region in the event of the capture of the region. This person was in direct contact with the Russian saboteur Igor Bezler, and also maintained friendly relations with other representatives of the so-called “DNR militia”. It was on their “tip-off” that the detainee began to collect classified data about employees of the Security Service of Ukraine, State Security Service, leaders of the “Azov” movement, as well as servicemen of the 72nd separate mechanized brigade of the Armed Forces of Ukraine. It was established that, in addition to the files of the Ukrainian “security forces”, he also collected information about important sites of the Armed Forces: bases, warehouses, arsenals, and their locations. During the searches, a Makarov pistol, symbols of the terrorist organisation “DNR” and the communist party banned in Ukraine, were found in the possession of the person involved in the criminal case. All seized materials have been sent for examination.”
63. Austria: Russia’s Satellite Spy Station in Vienna with Technology from NATO Suppliers
On November 20th the FM4 of Austria published this article stating that “all components of the four large dishes come either from the Canadian Norsat or from Swedish Microwave (SMW). Norsat is a contract company of NATO and the Pentagon, SMW also primarily supplies the military.” The article starts by saying that “an analysis of high-resolution photos of the antennas on the roof of Russia’s UN embassy in Vienna’s 22nd district has revealed astonishing results. Most of the receiver modules for the most powerful antennas come from the Canadian company Norsat, a contract company of NATO and the Pentagon, which according to its own statements supplies all branches of the US military. Other modules come from the Swedish company SMW, which, like all Western companies in this sector, also serves the military in addition to commercial satellite services. Since it is questionable whether these companies are even aware that the Russian Ministry of Foreign Affairs is one of their customers, inquiries were sent to both companies.”
64. United States: The NSA’s Supercomputer Buildings
On November 22nd Electrospaces created a Twitter thread covering details of NSA’s Tordella Supercomputer Building (TSCB), built in 1996 as well as NSA’s High Performance Computing Centre-2 (HPCC2), opened in 2017. Both of them located in Fort Meade, Maryland.
65. Pakistan: Imran Khan Employs Ex-CIA Agent to Liaise with Washington
Intelligence Online reported on November 23rd that Pakistani “former prime minister Imran Khan, who is campaigning to regain the power he lost in April 2022, continues to get US support US with the help of Robert Grenier, the CIA’s former Islamabad bureau chief who is now a multitask consultant.”
66. Ukrainian GUR Conducted Space Reconnaissance of Enemy Sites
On November 25th the Ukrainian Military Intelligence (GUR) issued an announcement saying that “the GUR of the Ministry of Defence conducted a space radar reconnaissance of about 150 areas of the enemy’s location, both in the temporarily occupied territories of Ukraine and in the territory of the occupier and its allies. This became possible thanks to cooperation with the Serhiy Prytula Charitable Foundation, which put the ICEYE satellite at the disposal of Ukrainian spies, as well as contractual access to the database of the SAR satellite constellation. In general, thanks to the project in which a large number of patriots of Ukraine took part, about 2,600 pieces of military equipment were discovered and confirmed. In particular: tanks, self-propelled guns, anti-aircraft missiles, helicopters, Iskander OTRK, S-300 anti-aircraft missile system, Pantsir-S1 anti-aircraft missile system, enemy radars, pontoon crossings, boats and tents in the locations of enemy units. The data obtained with the help of a satellite made it possible to effectively determine the hidden location of the enemy in forest plantations, in any weather and at night. In addition, identify antenna systems and positions of anti-aircraft weapons for further fire damage.”
67. Israel Spy Chief: Iran Protests Akin to a Revolution, But Regime Not in Danger
The Middle East Monitor reported on November 22nd that “Israel’s military intelligence chief said yesterday that protests rocking Iran were beginning to resemble a popular uprising, but he sees “no real danger” to the survival of the regime at this time, Reuters reported. The nationwide protests, which were sparked by the death of 22-year-old Mahsa Amini in September while in police custody, have been at their most intense in the areas where the majority of Iran’s 10 million Kurds live. Israel, which is locked in a decades-old Cold War-like conflict with Iran, has been watching developments even as it seeks to persuade world powers to toughen up diplomacy meant to curb its arch-enemy’s disputed nuclear programme. “I think the protests have already shifted, to a degree, to the realm of a popular uprising,” Major-General Aharon Haliva, chief of Israeli military intelligence, told Tel Aviv University’s Institute for National Security Studies. “When you look at some of the incidents, even the hours at which they are taking place, the damage to national institutions, to symbols of the state, at the number of fatalities, there is something different happening here that is greatly troubling the regime.” “At this point in time I see no real danger to the regime,” he added, but cautioned that “prophecy, in the context of the conduct of societies, is not something that is up to the chief of military intelligence, good though he might be.”.”
68. Estonia’s Former Spy Chief: Too Soon to Count Russia Out
Foreign Policy reported on November 21st that “since Russia invaded Ukraine in February, Estonia has been one of the most steadfast supporters of Kyiv — and one of the most uncompromising when it comes to Russia. Having been at the sharp end of Russian disinformation and cyberattacks in recent years as well as Soviet occupation and deportation before that, Estonians have few illusions about the capabilities of their neighbor to the east. This experience has given the country’s foreign intelligence service, the Valisluureamet, detailed first-hand insight into how Moscow operates — and its weaknesses, Mikk Marran was chief of the Estonian Foreign Intelligence Service for almost seven years until he stepped down at the end of October to take up a new post as CEO of the country’s State Forest Management Centre. Foreign Policy spoke with Marran about Russia’s intelligence blunders, cyberwar, and why it’s too soon to count Russia out.”
69. Asim Munir: Pakistan’s Former Spy Chief Named as Army Head
BBC reported on November 24th that “Pakistan’s government has named a new army chief ending months of speculation over who would land what many see as the country’s most powerful job. General Asim Munir, a former spy chief, replaces General Qamar Javed Bajwa, who retires on 29 November. Gen Munir, the army’s most senior general, is considered a close ally. The appointment comes at a precarious time for a country where the military has always wielded great influence in politics and foreign policy. Former Prime Minister Imran Khan, who was ousted by his opponents in April, has been at loggerheads with the new government and the military over the appointment of the army chief. Pakistan is also facing an economic crisis: exports are falling, while the cost of food is soaring. It’s also trying to recover from devastating floods earlier this year. When Lt Gen Munir takes up his position at the end of the month, he will direct future relations with nuclear-armed rival India on one side, and the new Taliban government in Afghanistan on the other.”
70. Supo: Cases of Espionage are Bubbling Up in the Nordic Countries — Is Something Similar Happening in Finland?
The Finnish intelligence agency (Supo) published this article on November 23rd. It starts by saying that: “the espionage cases that have come to light in Sweden and Norway show that the Nordic countries are actively and long-term being scouted and spied on. Even in Finland, similar cases cannot be completely ruled out, writes the Assistant Chief of the Security Service, Teemu Turunen. In recent weeks, the news has reported several extraordinary suspicions of espionage in the Nordic countries. A person posing as a Brazilian researcher was arrested in Norway, who is suspected of being a Russian illegal in reality. Illegals in traditional deep cover are intelligence officers who have received a long and thorough training, for whom a complete identity of a foreign person has been created. In Sweden, on the other hand, in October charges were brought against two brothers who are suspected of spying for the Russian military intelligence GRU. One of them has worked in the Swedish security service Säpo and in military intelligence. The latest espionage news came on Tuesday, when Sweden arrested two people on suspicion of espionage crimes. The cases have been connected in many people’s minds to the tense global political situation and Russia’s war of aggression in Ukraine. Has espionage suddenly increased dramatically in the Nordic countries? The simple answer is no. Although the cases have been in the public eye at the same time, their time span is long. In the arrest announced yesterday in Sweden, the crimes are suspected to have started in 2013. The brothers, who were charged in October, are suspected of leaking information to the GRU for years. They were arrested already in 2021, which means that the investigation has already lasted a long time.”
71. French Military Consulting Firm DCI’s Failed ISR Ambitions Return to Haunt it in Court Case
Intelligence Online reported on November 24th that “DCI has not finished paying the price for its thwarted ISR ambitions, while even bigger issues about its future hang in the balance.”
72. North Korean Cyber Espionage Activity Targeting South Korea
On November 20th cyber threat intelligence researcher Zhixiang Hao discovered and disclosed technical indicators associated with a cyber espionage operation attributed to an actor dubbed as KIMSUKY, previously associated with the government of North Korea. The operation involved a lure document titled “Ministry of Government Legislation National Law Information Centre” in Korean which, if opened, was covertly installing a custom cyber espionage software implant. The target was specific individuals in South Korea.
73. Situation Report from Ukrainian GUR on Rumours of Upcoming Russian/Belarusian Attack
On November 25th the Ukrainian GUR issued an announcement saying that “in recent days, information has been spreading in the Ukrainian information space about the enemy’s alleged plans to attack Ukraine by a strike group of the Russian Federation and the Republic of Belarus from the northern borders of Ukraine at the end of November. This information is reinforced by anonymous “drops” about a massive missile-aircraft attack that will precede such an invasion. The Main Directorate of Intelligence of the Ministry of Defence of Ukraine reports that such information does not correspond to reality. The purpose of such a special information operation is to provoke Ukraine to transfer a significant part of its troops to the border with Belarus in order to weaken the offensive potential of the Armed Forces in the east and south of Ukraine, and at the same time to show Belarusians the alleged intentions of our state to attack the territory of Belarus, thereby provoking Belarusians to enter the war. In addition, such messages are intended to sow panic among Ukrainian society and are part of hostile information and psychological special operations. This is also indicated by the fact that at first similar messages indicated the date of a possible “invasion” of November 25–28, and after a few hours the date of the “invasion” shifted to November 28–29. We urge citizens not to succumb to hostile provocations and trust only official sources of information. We emphasize that the Defence Forces of Ukraine provide reliable protection of our northern borders and are ready to repel an enemy attack at any moment. In addition, we inform you that according to intelligence data, there is currently no strike group on the territory of Belarus that can perform similar tasks. Let’s keep calm and believe in the Defence Forces.”
74. United FCC Bans U.S. Sales of Huawei and ZTE Equipment Over National Security Concerns
According to Axios from November 25th “the Federal Communications Commission on Friday announced it adopted new rules banning U.S. sales and imports of new Huawei and ZTE telecommunications devices out of national security concerns. Why it matters: The ban is the latest escalation in U.S. policy toward Chinese telecom equipment makers, which began during the Obama administration and accelerated during the Trump administration.”
75. Russia: SVR Premiere of Documentary about the Head of the Soviet Foreign Intelligence Fitin
On November 24th the Russian SVR issued a press statement saying that “the premiere of the documentary “Destination — Rome” from the series of documentaries “Eustace — Fitin”, dedicated to the legendary head of the Soviet foreign intelligence during the Great Patriotic War, Pavel Fitin, was held on Thursday in Moscow, RIA Novosti correspondent reports. The peculiarity of the film is that in it the personality of Fitin is shown through the prism of the outstanding achievements of Soviet intelligence and the specific people who provided them and who were selected by Fitin. The name of the tape refers to the identity of the Soviet illegal intelligence officer Colonel Giovanni Bertoni (1906–1964), the operational pseudonym “Marco”, who in 1944, on the instructions of Fitin personally, was sent to Rome in order to collect information about the situation at the front and especially to reveal the fact of possible separate Nazi negotiations with the West. This has not been widely discussed before. The film was shot by the film company “Tsar Pictures”, directed by Anatoly Panikov. “Pavel Mikhailovich Fitin possessed truly unique personal qualities, such as outstanding organizational skills. He understood people very well, knew how to find an employee for every place, for every position, and was very able to captivate employees, ignite them with a big idea and big and very complex tasks” , — said the director of the Russian Foreign Intelligence Service Sergey Naryshkin in his commentary in the film. “Of course, he relied on employees who had significant experience in operational work, but he was able to attract young people to solve big problems. The combination of several important circumstances — both natural qualities and natural determination, a strong, iron character and iron will, allowed him to achieve results and consistently solve the global tasks that he set both for himself and for the Soviet foreign intelligence,” the director of the SVR added.”
76. United States: ODNI Video on Programme RESILIENCE
On November 25th the United States Office of the Director of National Intelligence (ODNI) published this sort video with its description saying that “recently, Intelligence Advanced Research Projects Activity Director Dr. Catherine Marsh and Program Manager Dr. Dawson Cagle visited CAMX Power, the only lithium ion cathode manufacturer in the country! Dr. Cagle is currently working on a program called RESILIENCE, or Robust Energy Sources for Intelligence Logistics In Extreme Novel and Challenging Environments. The four-year program’s efforts focus on developing reliable power solutions to enable increased mission run-times for electronics used by the Intelligence Community.”
77. Israel Steps Up Security for Current, Ex-Mossad Officials Amid Iran Threats
The Times of Israel reported on November 25th that “Israel has stepped up its protection of current and former senior security personnel, particularly when they are overseas, the Kan public broadcaster reported Thursday. The move came amid increased tensions with Iran, which has repeatedly warned it would seek retaliation against a series of actions reportedly carried out by the Mossad in recent years. According to the report, a major focus of the increased protective measures is former senior Mossad members currently abroad. The report did not mention any specific former agent who might be a target. The Prime Minister’s Office declined to comment on the report. Recent attempts by Iran to target Israelis abroad have included the attempted killing of an Israeli-Georgian businessman engaged in pro-Israel activity in Eastern Europe and a plot to target Israeli citizens in Istanbul, Turkey. A shadow war that has been playing out between Iran and Israel for several years appears to have stepped up its pace.”
78. Russian FSB Cyber Espionage Operation Targeting Ukraine
Cyber threat intelligence researcher Jazi discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as GAMAREDON, previously associated with Russia’s FSB. The operation involved a lure document written in Russian impersonating Ministry of Defence to Ministry of Industry & Trade correspondance, which, if opened, was covertly installing a custom cyber espionage software implant.
79. Podcast: Spybrary: The Liar: How a Double Agent in the CIA Became the Cold War’s Last Honest Man
On November 21st Spybrary released a new podcast episode. As per its description, “this week we welcome Benjamin Cunningham to the show. Cunningham wrote the recently released book The Liar: How a Double Agent in the CIA Became the Cold War’s Last Honest Man a book that the publisher calls “the Cold War meets Mad Men in the form of Karel Koecher, a double agent whose shifting loyalties and over-the-top hedonism reverberated from New York to Moscow.” It’s a wild story of swapping secrets, wife swapping and spy swaps. We talk about the Prague Spring, declassified documents, and interviewing difficult subjects. All that and more in this episode with Spybrary host Jeff Quest.”
80. Turkey: Diyanet and MIT’s Budget Announced
On November 26th Cumhuriyet reported that “Vice President Fuat Oktay spoke at the Parliament on the budget of the Presidency and its affiliated institutions. In his speech, Fuat Oktay said that Diyanet’s 2023 budget, which had a budget of 13 billion liras in 2021, increased to 35 billion 910 million liras . Oktay said, “ The final account expenditure of the Presidency for 2021 is 13 billion 39 million 381 thousand liras. The appropriation for 2022 is 22 billion 926 million 786 thousand liras, and the appropriation amount proposed for the 2023 budget is 35 billion 910 million 653 thousand with an increase of 56.6 percent. It is envisaged in lira, “ he said.” Later on the article states that “Fuat Oktay said the following about the MIT’s budget: In 2021, a total of 3 billion 115 million 407 thousand lira appropriation was allocated to the Presidency of the National Intelligence Organisation, and 3 billion 115 million 14 thousand liras, corresponding to 99.98 percent of the said appropriation, was used. 53 percent of final account expenses are personnel expenses, while the rest consists of capital expenses and purchases of goods and services. The appropriation of the Presidency of the National Intelligence Organisation for the year 2022 is 5 billion 176 million 92 thousand TL, and an appropriation of 7 billion 729 million 120 thousand TL was envisaged in the 2023 Budget Law Proposal.”
81. Greece: Former EYP Officer in Criminal Ring for Drivers’ Licenses
On November 26th NewsAuto reported that “one of the four arrested employees of the Ministry of Transportation had worked in the National Intelligence Service in the past — the ring charged prospective drivers 2,000 euros for the license. Micro-cameras , audio “bugs”, fake documents and anything else that can be imagined were used by the members of the criminal ring who, for a fee, gave private or professional driving licenses to Greeks or foreigners without knowing how to drive or speaking Greek respectively. The above may seem like an image from a spy film, however, according to exclusive information from Newsauto.gr, one of the arrested employees of the Ministry of Transportation of the central sector of the Attica Region used to work in the National Intelligence Service (EYP) before being transferred to the Ministry of Transportation in Holargo! So the use of high technology was something that this particular former EYP officer probably knew very well.”
82. “Come Back Alive” Fund Hands Over 15 Sets of SIGINT Equipment to Ukraine’s Army
On November 26th it was reported by UkrinForm that “taking into account the importance of information Ukrainian forces obtain on the enemy with the help of signals intelligence (SIGINT), the “Come Back Alive Charity Fund, together with the Infozakhyst research and production center is handing over 15 sets of SIGINT equipment to the Army. The press service of the Main Intelligence Directorate of the Ministry of Defense reported this on Telegram, according to Ukrinform. “With the help of these kits, Ukrainian soldiers will be able to improve the processes of gathering and processing intelligence regarding the enemy,” the statement reads.” Here is the GUR announcement.
83. Iranian Ministry of Intelligence
Grey Dynamics released this article on November 24th with its introduction saying that “the Ministry of Intelligence of the Islamic Republic of Iran is the primary intelligence agency of the Islamic Republic of Iran. As a result, it is the primary member of the Iran Council for Intelligence Coordination (CIC) which comprises all 16 intelligence organisations in Iran. Information on the organisation is scarce, but there is a notable strong rivalry between the Iranian Ministry of Intelligence and Security (MOIS) and the intelligence wing of the Iranian Revolutionary Guard Corps (IRGC).”
84. More Than 100 People Abducted Thanks to ‘Intelligence Diplomacy’: Turkey’s Vice President
The Stockholm Centre for Freedom reported on November 25th that “Vice President Fuat Oktay said in a speech in parliament that more than 100 people with alleged links to the faith-based Gülen movement, have been forcibly returned to Turkey by the country’s National Intelligence Organization (MİT) thanks to “intelligence diplomacy,” Bold Medya reported. According to Oktay, Turkish agents have conducted “diplomacy” with their counterparts in countries where Turkish nationals were abducted. Since the coup attempt in July 2016 the government of President Recep Tayyip Erdoğan has employed extralegal methods to secure the return of its critics after its official extradition requests have been denied. Turkey’s efforts at transnational repression against critics abroad do not seem to be winding down. Most recently, Uğur Demirok, a Turkish businessman who went missing in Azerbaijan on September 6, was abducted and illegally brought to Turkey by MİT.”
85. Crypto Museum: AEG-Telefunken Covert Listening Devices (1980)
This week the Crypto Museum added a new entry including a catalogue from April 1980. As per its description, “it is little known that AEG-Telefunken also produced a range of covert listening devices (bugs) and hybrid components for such devices, for use by intelligence agencies and law enforcement services. Some of these are listed in a confidential catalogue of April 1980.”
86. Ukraine’s Security Service Conducts ‘Counterintelligence’ Raid At Historic Kyiv Monastery
RFERL reported on November 22nd that “security agents in Ukraine have conducted a “counterintelligence” operation at Kyiv’s historic Pechersk Lavra and other facilities of the Ukrainian Orthodox Church (UOC) as part of a probe into suspected pro-Russia activity. The 11th-century monastery and UNESCO World Heritage site — which is also known as the Monastery of the Caves — is the seat of the UOC, a branch of Ukraine’s Orthodox Church that was formerly under the jurisdiction of the Russian Orthodox Patriarch in Moscow. The UOC cut ties with Moscow in May over Russia’s unprovoked invasion of Ukraine on February 24. In a post on Telegram on November 22, Ukraine’s SBU security agency said it was conducting “counterintelligence measures” aimed at countering “the subversive activities of the Russian security services in Ukraine.” A short while later, the SBU’s regional office in the Rivne region said similar operations had been undertaken at the Korets Monastery in Korets and several other UOC facilities in the region. The SBU said the operations were aimed at preventing the use of the facilities as a “center for the Russian World” and to search them for sabotage groups, foreign citizens, or illegal weapons. “Russian World” is a term at the heart of the Kremlin’s foreign policy doctrine aimed at promoting the Russian language, culture, and religion around the world. A spokesman for the Russian Orthodox Church in Moscow condemned the SBU raids as “an act of intimidation of believers.” Russian Orthodox Patriarch Kirill has been a vocal supporter of Russia’s war against Ukraine.”
