SPY NEWS: 2022 — Week 49

Summary of the espionage-related news stories for the Week 49 ( December 4–10) of 2022.

1. Latvian VDD Urges the Host of “TV Rain” to Be Blacklisted

Following week 48’s story #1, on December 6th the Latvian State Security Service (VDD) announced that “during the program, the host of the program “Here and Now” Aleksejs Korostelevs repeatedly points out the difficult conditions of the Russian soldiers at the front, the insufficient supply of equipment and food. Also, what A. Korostelev said shows that the TV channel “TV Rain” has gathered information about the mentioned problems in order to help solve them. Despite the explanations given later by the representatives of the television channel, in the assessment of the VDD, it is not permissible to disseminate information in the information space of Latvia that calls on the public to support the Russian occupation forces. Targeted military attacks and violence against Ukrainian civilians by the Russian armed forces are recognised as terrorism, and the Russian Federation as a state supporting terrorism. Taking into account the mentioned circumstances, in the assessment of the VDD, the statements made in the program are directed against the interests of Latvia’s national security and create a false impression of the Russian army, encouraging public sympathy for the aggressors. On December 5, VDD sent its assessment of the statements made in the program to the National Council of Electronic Media (NEPLP). As it has already been publicly announced, NEPLP has made a decision to cancel the broadcasting license of “TV Rain”.”

2. United States: Russian Intelligence Agent Charged with Fraud and Money Laundering in Connection with Purchase and Use of Luxury Beverly Hills Real Estate

On December 7th the United States Department of Justice issued this press release saying that “a seven-count indictment was unsealed today in federal court in Brooklyn charging Andrii Derkach with conspiracy to violate the International Emergency Economic Powers Acts (IEEPA), bank fraud conspiracy, money laundering conspiracy and four counts of money laundering in connection with the purchase and maintenance of two condominiums in Beverly Hills, California. Derkach allegedly purchased the properties in violation of new U.S. sanctions imposed earlier this year and concealed his interest in the transactions. Derkach remains at large. Breon Peace, United States Attorney for the Eastern District of New York, Michael J. Driscoll, Assistant Director-in-Charge, Federal Bureau of Investigation, New York Field Office, and Andrew Adams, Director of Task Force Kleptocapture announced the charges. “The conduct of this Kremlin asset, who was sanctioned for trying to poison our democracy, has shown he is ready, willing, and capable of exploiting our banking system in order to advance his illicit goals. The U.S. will not be a safe haven where criminals, oligarchs or sanctioned entities can hide their ill-gotten gains or influence our elections,” stated United States Attorney Peace. “This Office, together with our law enforcement partners, will use every tool available to prosecute those who evade sanctions and abuse the U.S. financial system, and we will identify, freeze and seize criminal proceeds whenever and wherever possible.” “Kremlin-backed Ukrainian politician and oligarch, Andrii Derkach, was sanctioned for his efforts to influence the 2020 U.S. Presidential election on behalf of the Russian Intelligence Services. While participating in a scripted Russian disinformation campaign seeking to undermine U.S. institutions, Derkach simultaneously conspired to fraudulently benefit from a Western lifestyle for himself and his family in the United States. The FBI will continue to use all the tools at its disposal to identify Russian intelligence operations, disrupt Russian information laundering networks, and bring to justice those who seek to engage in criminal conspiracies to undermine the integrity of U.S elections and evade U.S. sanctions,” stated Assistant Director-in-Charge Driscoll.”

3. Video: The STASI’s 35mm HFK iii Secret Camera

On December 4th the Spycamerasaurus published a new video. As per its description, “developed by Pentacon in Dresden, East Germany for the STASI, the HFK (Halb Format Kamera) series was a response to the STASI’s request to develop a home grown silent motor drive camera for covert uses to replace the Berning Robot models which originated in the West. The HFK I, developed in the late 1970’s, was used for infra-red photography using 35mm film in the 24mm x 24mm format. The HFK II never went into production. The HFK III was commissioned at the start of the 1980’s. This retained the 24mm x 24mm format, but was now capable of daylight photography. It also differed from its predecessors in that it has an external exposure sensor module, connected to a control unit. This required an extra aperture to be created in any concealment the camera was used with. At times, this was an unwanted complication. As a result, from 1983, a system of TTL metering was being developed at Carl Zeiss Jena, but these lenses only became available from 1989 and in no great numbers (S.O 3.7, f4/60mm- top serial number 14609 and S.O 3.7.1, f4/32mm- top serial number 14622). HFK cameras were distinguished by the use of an external double bladed shutter, which fits over the front of the lens and is connected to the control unit by cable. The control unit adjusts aperture, shutter speed (manual 1/15–1/500, automatic 1 sec- 1/500) and film sensitivity in DIN. Production figures for the HFK I and the HFK III in 1987 amounted to 400 camera bodies. Cameras have only been found in the serial number range 5xxx-6xxx, so it is possible that only around 2000 cameras were manufactured in the entire production run, but more recent research suggests that the actual figure may be considerably less.”

4. Google TAG: Interet Explorer Vulnerability Exploited by North Korean Actor for Cyber Espionage

On December 7th the Google Threat Analysis Group (TAG) published this technical analysis stating that “to protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. This blog will describe a 0-day vulnerability, discovered by TAG in late October 2022, embedded in malicious documents and used to target users in South Korea. We attribute this activity to a group of North Korean government-backed actors known as APT37. These malicious documents exploited an Internet Explorer 0-day vulnerability in the JScript engine, CVE-2022–41128. Our policy is to quickly report vulnerabilities to vendors, and within a few hours of discovering this 0-day, we reported it to Microsoft and patches were released to protect users from these attacks. This is not the first time APT37 has used Internet Explorer 0-day exploits to target users. The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists and human rights activists.”

5. Armenian Secret Army for the Liberation of Armenia: A Situational Assessment

Grey Dynamics published this article on December 9. Its introduction says that “ASALA was an Armenian terrorist group which orchestrated bombings against Turkish and Azeri diplomats. As of 2022, ASALA is thought to be largely defunct. Nevertheless, many of its former members live openly today and it remains a sensitive subject in Azerbaijan and Turkey. There are reports of former ASALA members participating in fighting in Nagorno-Karabakh. However, there is scant evidence to suggest that ASALA has or will see a resurgence of large scale activity. Nonetheless, Armenia’s set backs in the conflict suggest that ethnonationalist terror groups might become prevalent in the next 12 months.” And among its highlights it’s also that “ASALA reportedly is heavily connected to the Armenian intelligence and security services.”

6. Podcast: Spycraft 101: The Halyard Mission: Rescuing American Airmen in Serbia with John Capello

On December 9th Spycraft 101 published a new podcast episode. As per its description, “Operation Halyard was an OSS-led mission to rescue more than 500 downed airmen behind enemy lines during World War II. Many of the stranded airmen were shot down during bombing runs on the Ploesti oil fields in Romania. The airmen evaded capture by German forces until they were taken in by Serbian families all over the region, who sheltered them. The airmen were moved around frequently to keep them out of the hands of German forces, at great personal risk to the families protecting them. Three OSS men, all immigrants from the region themselves, parachuted into the area and made contact with General Draža Mihailović, who led resistance forces. Together they built a clandestine airstrip, gathered the airmen, and arranged for dozens of flights which ferried the men out a dozen at a time. But the mission was put at risk not just by German forces, but by a Soviet spy in the British government who did everything he could to steer allied support away from General Mihailović and towards Josip Broz Tito, a Yugoslavian partisan leader who was the Soviets’ preferred choice for the future leader of Yugoslavia. For episode 49 of the Spycraft 101 podcast, I spoke with John Cappello, founder and President of the Halyard Mission Foundation. We discussed the tremendous obstacles that were overcome to spirit hundreds of downed airmen out from enemy territory, and the risks taken by OSS personnel, and ordinary Serbian citizens alike. Even decades later, the mission is still well-known in the region, and the descendants of all participants are still connected by their shared history.”

7. New Zealand Receives First P-8A Spy Plane

Janes reported on December 8th that “New Zealand has received the first of four Boeing P-8A Poseidon maritime patrol aircraft ordered in 2018. In a press statement, Boeing said that it handed over the aircraft to teh Royal New Zealand Air Force (RNZAF) at the Museum of Flight in Seattle, Washington, on 7 December. The delivery was made over eight months, after the keeling ceremony of the aircraft was announced on 16 March. “As a maritime nation, delivery of the P-8A will ensure New Zealand maintains a patrol and response capability that will protect and support law enforcement in our Exclusive Economic Zones and [the] Southern Ocean,” said Sarah Minson, acting deputy secretary, Capability Delivery of New Zealand’s Ministry of Defence (MoD).”

8. Italy: Intelligence Services Turn to Academia to Develop Their Economic Skills

On December 8th Intelligence Online reported that “the Dipartimento delle Informazioni per la Sicurezza (DIS), which coordinates the intelligence services alongside Italian Prime Minister Giorgia Meloni, has turned to the academic research sector to help it train more economic security experts. With economic security increasingly seen as the new “must-have” by the European intelligence services responsible for national security, Italy’s intelligence services have decided to weave closer links with the research sector. In recent months, according to our information, several academic researchers have been contacted with requests to study the most controversial economic security issues with the Dipartimento delle Informazioni per la Sicurezza (Department of Security Information). So far, two universities have been informally involved in the DIS project. La Sapienza has previously been called in by the intelligence services to provide a more scientific take on the contemporary geopolitical debate, while Link Campus University is the intellectual nursery of the Five Star Movement in Rome. At both these universities, academic researchers in the human and political science departments have been invited to write scientific articles and consider how to set up higher education programmes to train economic security experts from the worlds of politics and intelligence. In this way, the DIS, which oversees the internal and external intelligence services, the Agenzia Informazioni e Sicurezza Interna (AISI) and the Agenzia Informazioni e Sicurezza Esterna (AISE) respectively, hopes to set up direct channels of communication between the intelligence and academic sectors with a view to sending intelligence officers on specialist economic security courses.”

9. Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations

On December 5th the private intelligence firm Recorded Future published this technical analysis with its executive summary saying that “beginning in July 2022, Recorded Future’s Insikt Group observed the recurring use of similar infrastructure by the threat activity group TAG-53. This newly discovered infrastructure likely overlaps with other infrastructure tactics, techniques, and procedures (TTPs) previously attributed to Callisto Group, COLDRIVER, and SEABORGIUM, who have been linked to activity aligning with Russian state interests. Insikt Group has observed the recurring use of common traits by TAG-53 when curating its infrastructure, including the use of domain names employing a specific pattern construct along with Let’s Encrypt TLS certificates, the use of a specific cluster of hosting providers, and the use of a small cluster of autonomous systems. TAG-53 infrastructure was found to contain a spoofed Microsoft login page masquerading as a legitimate military weapons and hardware supplier in the United States, suggesting that some TAG-53 infrastructure has likely already been operationalized. Based on historical public reporting on overlapping TAG-53 campaigns, it is likely that this credential harvesting activity is enabled in part through phishing.”

10. AFIO Interview: Shelby Pierson, NGA DepDir, Source Ops & Mgmt Directorate, on variety of NGA Commercial Capabilities

On December 4th the US Association of Former Intelligence Officers (AFIO) published this recording. As per its description, this is an “interview of Tuesday, 11 October 2022 of Shelby Pierson, NGA Deputy Director, Source Operations & Management Directorate. Interviewer: Jennifer Daniel, former Senior NGA Officer and current AFIO Board member. Host: AFIO’s President, James Hughes, a former senior CIA Operations Officer. They discuss the NGA’s Directorate’s responsibility for commercial GEOINT discovery, assessment, and acquisition. The processing and availability of commercial imagery has grown significantly changing the landscape for satellite imagery. She describes the newest (unclassified) imagery capabilities and how they have impacted the GEOINT Team, including uncovering war crimes and assisting in natural disasters worldwide.”

11. Greek Parliament Approves Spy Operations Reforms

On December 9 Reuters reported that “Greece’s parliament on Friday passed a bill reforming the country’s intelligence service (EYP) and banning the sale of spyware as the government tries to mitigate the impact of a phone tapping scandal still under investigation. The case has turned up the heat on the conservative government that faces elections in 2023. It emerged in August when Nikos Androulakis, leader of the socialist PASOK party, Greece’s third-largest, said that EYP listened to his converstations in 2021. A few days earlier, he filed a complaint with prosecutors over an attempted bugging of his mobile phone with surveillance software. The bill criminalises the sale or possession of spyware and makes the private use of spyware a felony from a misdemeanour, punishable by up to 10 years’ imprisonment. It also sets up an academy of counter intelligence for the training of EYP staff and a unit to investigate cases of breach of duty. Only EYP and the anti-terrorism unit can request a prosecutor’s approval to monitor people over a range of crimes specified under the bill and a second prosecutor must sign the request. Politicians can only be monitored for national security reasons and the parliament’s speaker must also approve such requests. Those affected can be informed about the surveillance three years later, if prosecutors allow it.”

12. Russia Demanded That A Spy Held In Germany Be Freed In Exchange For Paul Whelan

CNN reported on December 9th that “Russia refused to release Paul Whelan alongside Brittney Griner unless a former colonel from Russia’s domestic spy organization currently in German custody was also released as part of any prisoner swap, US officials told CNN, even as the US offered up the names of several other Russian prisoners in US custody that they would be willing to trade. The US was unable to deliver on the request for the ex-colonel, Vadim Krasikov, because he is serving out a life sentence for murder in Germany.”

13. Al-Shabaab Kills Intelligence Chief in Somalia’s Gedo Region

Garowe Online reported on December 9th that “a top official from the National Intelligence and Security Agency [NISA], Somalia’s intelligence institution, was killed on Thursday evening in the Gedo region, in an attack which has since been claimed by Al-Qaida linked group, the Al-Shabaab. The Al-Shabaab is under pressure to surrender on several fronts across the country following spirited operations by the federal government of Somalia with assistance from the US Africa Command, the African Union Transition Mission in Somalia [ATMIS], and local milita such as Macawisley. Officials said Abdirahman Abdullahi Bakal Kooke, who at the time of death was the head of intelligence in the Gedo region, was killed in an explosion in his car. The car exploded between the cities of Luuq and Dolow towns also leaving the former commander of NISA in the Luuq district and 5 others injured. Before his death, Kooke was credited with helping security forces effectively fight Al-Shabaab in the Gedo region by working closely with the Kenya Defense Force [KDF], the Ethiopian National Defence Force [ENDF] and the Somali Nationa Army [SNA] are responsible for security in the region.”

14. EU Commission Silent on Greek Spyware Sale to Madagascar

On December 9 the EU Observer reported that “the EU Commission says it works closely with EU states on dual-use exports but will not comment on new revelations that Greece authorised the sale of spyware software to Madagascar. “We do not comment on individual cases or exchanges we have with member states,” a European Commission spokesperson, told reporters in Brussels on Friday (9 December). The revelation, exposed in a investigation by the New York Times on Thursday, adds to the mounting body of evidence of spyware being used by EU state actors against politicians, journalists, lawyers and others. The Greek government confirmed to the paper that it had granted the company, Intellexa, licences to sell Predator spyware to Madagascar. Amnesty International, in a report, faulted Madagascar for harassing journalists, its prison detention of children, and state-led discrimination against the LGBTI community. EU dual-export rules, which governs civilian technologies with possible military or security uses, includes provisions on cyber surveillance technologies. Those provisions are supposed to ensure their trade is legitimate and will not be used to violate human rights. National authorities are responsible for deciding on whether to grant authorisation. But the commission also says “it works in close cooperation with member states to ensure that the rules are implemented correctly.” However, when asked if this includes Intellexa’s Predator sale to Madagascar, the EU commission refused to say. A European Parliament inquiry has been probing the issue for months. Among the lead MEPs in the committee is Dutch liberal Sophie In’t Veld, tasked to draft a final report of the inquiry’s findings.”

15. Iran: Hacked Corporate Email Accounts Used to Send MSP Remote Access Tool

Bleeping Computer reported on December 8th that “MuddyWater hackers, a group associated with Iran’s Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets. The group adopted the new tactic in a campaign that might have started in September but wasn’t observed until October and combined the use of a legitimate remote administration tool. MuddyWater has used legitimate remote administration tools for its hacking activities in the past. Researchers discovered campaigns from this group in 2020 and 2021 that relied on RemoteUtilities and ScreenConnect. In another campaign in July, the hackers continued with this tactic but switched to Atera, as highlighted by Simon Kenin, a security researcher at Deep Instinct. Deep Instinct researchers caught a new MuddyWater campaign in October that used Syncro, a remote administration tool designed for managed service providers (MSPs).”

16. Amnesty International Breach Linked to Chinese Government, Investigation Finds

On December 6th The Record published this article stating that “Amnesty International’s Canadian branch suffered a data breach by a group allegedly sponsored by the Chinese government, according to a statement from the organization this week. The human rights organization said it discovered the breach on October 5 after employees detected activity they deemed “suspicious” on their IT infrastructure. The organization hired forensic investigators and cybersecurity experts from Secureworks to examine the situation. Secureworks determined that tools and techniques associated with specific advanced persistent threat (APT) groups indicated that the breach was likely conducted by “a threat group sponsored or tasked by the Chinese state.” Amnesty International Canada and Secureworks did not explain what specifically led them to this conclusion, with the human rights giant saying the assessment was based “on the nature of the targeted information as well as the observed tools and behaviors, which are consistent with those associated with Chinese cyberespionage threat groups.” “This case of cyberespionage speaks to the increasingly dangerous context which activists, journalists, and civil society alike must navigate today. Our work to investigate and denounce these acts has never been more critical and relevant,” Ketty Nivyabandi, secretary general of Amnesty International Canada, said in a statement.”

17. Videos: Cipher Brief Threat Conference 2022

On December 6th The Cipher Brief published video recordings from its Threat Conference 2022. Those include: 1) Espionage Redefined, 2) NGA’s New Approach to Intelligence Using AI/ML, 3) FBI: The Intelligence Community’s Swiss Army Knife, and 4) How Stronger Cyber Coordination Leads to Better Defence

18. The Role of Intelligence During the Malayan Emergency

Grey Dynamics published this article on December 4th. It says that “the Malayan Emergency refers to the conflict between a communist insurgency and British and Commonwealth forces in British Malaya. It lasted 12 years, from 1948–1960” and includes a summary of the known intelligence activities that happened in this conflict.

19. Ukrainian SBU Detains Russian Agent in Odessa

On December 7th Ukraine’s Security Service (SBU) announced that they “detained a Russian agent in Odessa who was “hunting” for Ukrainian anti-ship “Neptune” systems. The attacker collected intelligence about the location and movement of units of the Armed Forces in the city. Among its main tasks was the detection of possible combat positions of air defence and Ukrainian coastal missile systems “Neptune”. In addition, the enemy henchman was interested in information about the location of checkpoints, fortified areas and the specifics of protecting energy-generating facilities in the south of Ukraine. Intelligence was needed by the occupiers to prepare and carry out targeted missile strikes on the city. After “hits” over the city infrastructure, the Russian agent “reported” to his handlers about the results of the enemy shelling. The SBU officers detained the attacker for another attempt to transfer classified information to the enemy. According to the investigation, the detainee is a local resident who, at the beginning of the full-scale invasion, went to the Russian intelligence services and offered them his help in the war against Ukraine. It was established that the attacker contacted the aggressor through anonymous messengers and social networks. He also gave them information about Ukrainian sites with coordinates and a detailed description of the area.”

20. Turkey: CIA Director Warned MIT Chief About Rojava Operation

According to Kurdistan24 from December 8th, “it was claimed that William Burns, Director of the US Central Intelligence Agency (CIA), had “warned” about Turkey’s air strike campaign against Rojava by meeting with MIT Director Hakan Fidan. Speaking to Axios, US officials said that the Turkish Armed Forces (TSK) hit a target 400 meters away from the US troops in an air strike campaign last week. According to the news, Burns, who met with Fidan, gave a strong message warning that the operation endangered the US forces. Sources speaking to the newspaper noted that some of the operations that endangered the US troops were carried out by MIT using unmanned aerial vehicles. It was stated that Burns warned that American soldiers were in danger in the operation in Syria, while the CIA Director also opposed a possible ground operation. “Washington is concerned that the Turkish operation will turn into a ground operation and may endanger US troops and their Kurdish allies working together in the fight against ISIS in Syria,” the report said. Answering the questions of journalists at the daily press briefing, US State Department Spokesperson Ned Price used the following statements regarding the operation of the TAF: “We continue to express our strong opposition, both privately and publicly, to military action, including ground operations, that will further destabilise the lives of communities in Syria and jeopardise the hard achievements of the global coalition against ISIS in recent years. We think that all parties should de-escalate immediately. We don’t want to see tensions escalate along the border or inside Syria, in north-east Syria. Not only will this jeopardize the hard gains of the anti-ISIS coalition, it also has the potential to put US personnel at risk.”.”

21. Podcast: SpyCast: “Honey Trapped: Sex, Betrayal & Love” — with Henry Schlesinger

On December 6th the International Spy Museum’s SpyCast released a new podcast episode. As per its summary, “Henry Schlesinger joins Andrew to discuss two of the most mysterious and alluring forces in human history: sex and spying. He is a journalist and author proudly based out of NYC.” The intelligence topics covered are: 1) The impact of sexpionage on history, 2) Debunking common “honey trap” myths, 3) Examples of weaponised seduction and leveraged love, and 4) Cyber honey traps and digital sexpionage.

22. Russia: FSB Warned a Colombian Citizen About Actions Falling Under the Espionage Act

On December 5th Russia Today (RT) reported that “the FSB of Russia warned the Colombian Giraldo Saray Alberto Enrique, who is suspected of spreading fake news about the Russian army, that his actions fall under the article of the Criminal Code of Espionage. “The Federal Security Service of the Russian Federation has issued an official warning to Colombian citizen Giraldo Saray Alberto Enrique about the inadmissibility of actions that create conditions for the commission of a crime under Article 276 of the Criminal Code of the Russian Federation “Espionage”,” the FSB said in a statement. On December 5, the Investigative Committee completed its investigation into the case against the Colombian. From March 5 to April 9, having a residence permit in Russia, he provided technical training in exchange for money and the subsequent covert deployment of mobile devices in Moscow, from which then false messages about the Russian military army were massively sent to Russian subscribers.”

23. Israel’s NSO Bets Its Future on Netanyahu’s Comeback

The Financial Times (FT) reported on December 6th that “Pegasus spyware maker NSO Group is betting that the electoral victory of longtime ally Benjamin Netanyahu will restore its fortunes, banking on the returning Israeli premier’s desire to step up his pursuit of Gulf alliances. NSO has cut staff and reined in costs this year, as the Israeli company struggles to service more than $400mn in debt and is barred from the lucrative US intelligence market by a commerce department blacklisting. However, co-founder Shalev Hulio believes that Netanyahu’s imminent comeback will provide much-needed political cover for the beleaguered company to begin conducting deals with nations crucial to Israeli foreign policy, according to people familiar with his thinking. “Don’t worry,” he told guests at a Tel Aviv dinner party this summer over concerns NSO was failing. “Netanyahu is coming back.” Hulio was banking that Netanyahu would win a general election, a prediction that was proved correct in November. Netanyahu has moved closer to forming a rightwing ruling coalition in recent days. His return could be crucial to NSO’s future. During Netanyahu’s last 12-year tenure as prime minister, he promoted NSO’s unique technology in order to prise open security relationships with India under the leadership of Narendra Modi, recalcitrant Gulf nations and once unfriendly east African nations.”

24. United Kingdom: Red List — MI5’s Culture War

Declassified UK published this article on December 6th starting by saying that “a new book shows the extent to which MI5 and Special Branch gathered information on thousands of individuals who never remotely posed a threat to Britain’s security. In so doing, they were distracted from addressing the real threats to the public.” The four highlights of the article say that: 1) MI5 collected information on authors, historians, actors, composers, academics and activists throughout the Cold War; 2) Special Branch told MI5 that author Doris Lessing’s flat was “frequently visited by persons of various nationality” and was being used “for immoral purposes.”; 3) Blacklisting of individuals was carried out with the help of the Post Office, BBC and British Council; And 4) By sweeping up so many people considered ‘subversive’, MI5 was slower to recognise security threats in Northern Ireland and from Islamist extremists.

25. China Looks For New Recruits For Its Phantom Foreign Police Stations

On December 6th Intelligence Online reported that “the new agents sent to work in China’s undercover police stations in a number of foreign capitals will need to be specially trained to carry out international police investigations or have good contacts in a country of particular interest to the Chinese authorities.”

26. Documentary: Mossad — Secret Service of Israel

The Criminals & Crime Fighters published this documentary on December 4th. As per its description, “have you ever heard the name Mossad in your life? If not, the Israeli Secret Service Mossad has done a good job. Mossad is one of the most notorious intelligence agencies in the world. The Mossad is supposed to guarantee Israel’s existence when there are enemies. Most importantly, the Secret Service is responsible for preventing a possible Holocaust. Under threat, the Mossad takes every step or daring operation to save them from extinction. What are the most interesting secrets of the Mossad? Get an insight into the Secret Service and its secret operations in our documentary!”

27. Data-Wiping Malware Hits Russian Courts, City Halls

The Record reported on December 5th that “a new malware that masquerades as ransomware but wipes data from infected devices instead of holding it for ransom has been found targeting Russian organizations, according to new research. The malware was first detected this fall when it targeted courts and city halls in several Russian regions, local media reported last week. The victims did not elaborate on the consequences of these attacks. Researchers from Moscow-based cybersecurity firm Kaspersky, which identified CryWiper, haven’t attributed the malware to any specific group. Wipers have been increasingly common in the region since Russia invaded Ukraine. Ukraine has been hit with wipers such as WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, and DoubleZero, while Russia was targeted by a wiper called RuRansom disguised as ransomware. CryWiper is a new discovery unrelated to existing families, according to Kaspersky. It has some similar features to IsaacWiper, which hit at least one Ukrainian government organization on the day of Russia’s invasion.” The article concludes that “Wiper attacks have been conducted by government-sponsored threat actors to serve political interests, not to generate profit, according to Secureworks.”

28. Podcast: Spycraft 101: The Truth About Snowden with Anonymous

On December 5th Spycraft 101 published this podcast episode with its description saying that “today Justin sits down with anonymous source known as Sarah. Sarah is veteran member of the special operations and intelligence community, having served as an NCO with the US Air Force for more than 10 years. She has also worked as an Arabic linguist, spending much of her time in the Middle East and Africa. She is a reputable source Justin knows personally, and has requested anonymity in the episode due to privacy concerns. For the first time, we’ll really dive in to 21st century intelligence and espionage from the realities of the Snowden case to the threat of Chinese hegemony.”

29. Ukrainian SBU Detained Former Law Enforcement Officer for Assisting Russia’s FSB Establish a Local Branch in Kherson

On December 7th Ukraine’s SBU announced that they “detained in Kherson a former law enforcement officer who helped the enemy create a FSB “branch” in the city. The Security Service detained another enemy accomplice during stabilisation measures in liberated Kherson. During the occupation of the city, he helped case officers of the FSB to organise the activities of the “local” unit of the Russian intelligence service. This occupation body, called “state security service”, was supposed to fulfil Moscow’s tasks of suppressing the resistance movement and the spread of the Kremlin regime on the territory of the region. It was established that the accomplice of the aggressor was looking for “like-minded people” whom he offered to join the ranks of the “branch” of the FSB. He was also involved in the formation of the agent network of the Russian intelligence service, which was supposed to carry out reconnaissance and subversive activities in the south of Ukraine. According to the investigation, the perpetrator turned out to be a former local law enforcement officer who resigned from the authorities back in 2010. He came to the attention of the FSB before the start of a full-scale invasion. Then the enemy invited him to help in gathering intelligence about the socio-political situation in Kherson. During the temporary occupation of the regional centre, his Russian handler became an accomplice of the invaders, with whom he later coordinated his criminal activities. It was established that he used his own connections among former representatives of law enforcement agencies to select “candidates” for the ranks of the Moscow-controlled “GSB”. In exchange for cooperation, the aggressor promised the agent a managerial “position” in the pseudo-organisation of the occupiers. After the liberation of the city, he tried to “stay low” to avoid justice. However, employees of the Security Service located him and detained him.”

30. SiberAsist, Turkish Intelligence’s Cyber Tool Shopper

Intelligence Online reported on December 8th that “behind its shiny sales facade, the Turkish company SiberAsist, one of Cem Günal and Serap Günal’s many businesses, has been quietly helping the Turkish intelligence services source cyber-intelligence and forensics technologies.”

31. United States NSA Releases Series on Protecting DoD Microelectronics From Adversary Influence

On December 8th the United States NSA issued a press release stating that “the National Security Agency’s Joint Federated Assurance Center (JFAC) Hardware Assurance Lab publicly released four Cybersecurity Technical Reports today to help the Department of Defense protect field-programmable gate array (FPGA)-based systems from adversary influence. The reports below were created to help secure FPGAs — a form of programmable microelectronic components — during manufacturing, acquisition, programming, and first attachment of the devices.”

32. BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

On December 6th private cyber security and intelligence firm BitDefender announced that “Bitdefender researchers have uncovered a new cyber-espionage campaign targeting a telecommunications firm in the Middle East. While investigating a set of binaries vulnerable to sideloading attacks, we identified a cyber-espionage operation most likely carried out by Chinese threat actor BackdoorDiplomacy. APT group BackdoorDiplomacy, which has been operating at least since 2017, is known for its attacks against institutions in the Middle East and Africa as well as in the United States. This report covers another campaign against a telecom company in the Middle East. It also documents a set of new tools the group adopted in 2022.” Here is the full report titled “Cyber-Espionage in the Middle East: Investigating a New BackdoorDiplomacy Threat Actor Campaign”

33. United States: CIA Special Activities Centre: The Third Option

On December 6th Grey Dynamics published this article stating that “the Special Activities Center (SAC) is covert action and paramilitary operations division of the CIA, also known as the “Third Option”. The first option being diplomacy and second option military action.” The article concludes that “the Special Activities Center is one of the most versatile tools in the President’s toolbox. Due to the CIA’s monopoly on conducting covert action for the US government, the Special Activities Center is often the very tip of the spear. Operators from the various Branches and officers in the Political Action Group have helped achieve US foreign policy objectives across the globe. Each component has its own unique role to play. The result is a miniature combined arms force capable of deploying anywhere in the world at a moment’s notice.”

34. Turkish MIT Assassinated Female PKK/YAT Jazira Regional Officer in Syria Trained by the United States

SonDakika reported on December 7th that “Civana Heso, code-named Roj Habur, the so-called Jazire Regional Officer of the terrorist organisation PKK/YAT, was neutralised with an operation carried out by MIT. She received her special military training from the US forces in Syria and in the past, PKK/YPG Roj Habur worked as the Dilovan Academy Women’s Supervisor, where she gave assassination trainings. It was determined that she trained the cadres who would take action against Turkey. Civana Heso, who was on the MIT’s target list due to her activities, was under surveillance by agents. Civana Heso, codenamed Roj Habur, which was watched for a long time, was neutralised together with her bodyguards as a result of the operation.”

35. Israel: Shin Bet Arrests a Palestinian Worker from Gaza in Israel on Charges of Spying for Hamas

Times of Israel reported on December 8th that “Israeli security forces have arrested a Palestinian man from the Gaza Strip on suspicion of spying in Israel for Hamas, the Shin Bet security service said Thursday. Shin Bet said that Saber Mahmoud Youssef Abu Thabat (28 years old), from the city of Deir al-Balah in central Gaza, has an entry permit to Israel for work. He was arrested in early November and an indictment is expected to be filed against him at the Beersheba District Court in the coming days, prompting the Shin Bet to release information about the case. According to Shin Bet, Hamas recruited Abu Thabat “to gather intelligence and carry out missions in Israel.” The security service said he held several meetings with Hamas members on the Palestinian side of the Erez crossing before crossing into Israel for alleged spying on behalf of the group. Shin Bet accused Hamas activists of directing Abu Thabat to collect and disclose personal information about Shin Bet agents, as well as to explore strategic locations in Israel. Shin Bet said, “As part of his interrogation, and because of his activity in Hamas and the information he was exposed to, a huge amount of information was obtained about the working methods of Hamas intelligence mechanisms, including the identities of the members, the locations of the tunnels, the weapons stockpiles, and the military sites from which the organisation operates.” The security service said that Abu Thabat was aware that he was using his permit to spy for Hamas.”

36. Video: HENSOLDT Kalaetron Integral — Activity Based Intelligence

On December 7th the German HENSOLDT published a new promotional video for its latest Signals Intelligence (SIGINT) solution. As per its description, “HENSOLDT´s air SIGINT solution Kalætron Integral consists of cutting-edge sensors, antennas and algorithms. It is an on-board and software-defined installed solution, optimized to integrate with the platform of customer choice. By combining various sensors and platforms, it is capable of creating ONE intelligence picture. With its self-learning algorithms, Kalaetron Integral is also able to manage new signals and spectrum-types.”

37. ChapsVision Wins First Phase in Building French Intelligence Service’s Future Big Data Platform

Intelligence Online reported on December 9th that “the wait is over to find out more about the French General Directorate for Internal Security’s Big Data platform project, aimed at replacing Palantir’s Gotham Platform. Three firms have been retained so far.”

38. Spain: Defence Commissions a Communications Analysis Team for the Santiago System

On December 4th the Spanish Defensa reported that “the Santiago Joint Electronic Warfare Program is one of the most secret programmes of the Ministry of Defence, something understandable given its sensitive nature. A new contract suggests the adoption of a new team to the programme for the analysis of communications. Recently, the General Sub-directorate of Acquisitions of the General Directorate of Armament and Material (DGAM) of the Ministry of Defence awarded the Madrid company Siadde Soluciones the “acquisition of a COMINT signals analysis system”. Under this cryptic name, the contract valued at just over 1.5 million Euros does not offer any further information except for small details included in the available documentation, such as a really short execution period that ends on December 15. Communications Intelligence or COMINT is one of the elements of Signals Intelligence or SIGINT and is based on the use of the different communications signals available for the collection of information and its processing as intelligence. This may include communications through civilian or military equipment, between people or electronic equipment or a combination of both, using telephone, radio or the internet, to name a few examples. The scant documentation available suggests that among the users of the equipment would be the Army Transmission Regiment №32 (REW32) for which it is inferred that several remote management centres for the equipment will be established, or the Embarcable Grupo Embarcable de Apoyo Técnico (GEAT) of the Navy. The REW32 is a unit of the Army that is in charge of the operation of “very specific communication systems contributing to the joint action of the Armed Forces, in collaboration with the systems of other armies” while the Grupo Embarcable de Apoyo Técnico (GEAT) of the Navy has the task of supporting the units that require it in intelligence work.”

39. Agents of Influence: How Russia Deploys an Army of Shadow Diplomats

On December 4th the ProPublica published this article saying that “near a teeming town square along the Adriatic coast, where ancient city walls surround the ruins of bygone empires and shops and churches rise over the sea, Russia’s newly appointed representative to this tiny Balkan nation opened his consulate office. Boro Djukic, the first honorary consul named by Russia in Montenegro, was supposed to use his prestigious post to champion cultural ties and the interests of local Russian business owners and tourists — a benevolent bridge between the two countries. Instead, the middle-aged former bureaucrat took on an aggressive role in Montenegro’s politics, backing a movement that aimed to empower allies of the Kremlin and working to undermine the fragile government of a country considered a valuable U.S. ally in a turbulent region. While honorary consul from 2014 to 2018, Djukic helped found a hard-line, Kremlin-backed political party that sought to force the country’s withdrawal from NATO. When the party needed a headquarters, he went one step further, offering his family home in a posh neighborhood in Podgorica, Montenegro’s capital. A sign near the front door read: “Residence of the Honorary Consul of the Russian Federation.” Djukic was part of a faithful network of honorary consuls embedded by the Russian government around the world that has supported President Vladimir Putin amid his most contentious military and political campaigns, including the February invasion of Ukraine that has killed or injured thousands of civilians, an investigation by ProPublica and the International Consortium of Investigative Journalists found. Under Putin, Russia has become an enthusiastic supporter of the largely unregulated system of international diplomacy, which for centuries has empowered private citizens in their home countries to serve as liaisons for foreign nations.”

40. China Operating Over 100 Police Stations Across the World with the Help of Some Host Nations

Following this week’s story #25, on December 4th the CNN reported that “Beijing has set up more than 100 so-called overseas police stations across the globe to monitor, harass and in some cases repatriate Chinese citizens living in exile, using bilateral security arrangements struck with countries in Europe and Africa to gain a widespread presence internationally, a new report shared exclusively with CNN alleges. Madrid-based human rights campaigner Safeguard Defenders says it found evidence China was operating 48 additional police stations abroad since the group first revealed the existence of 54 such stations in September. Its new release — dubbed “Patrol and Persuade” — focuses on the scale of the network and examines the role that joint policing initiatives between China and several European nations, including Italy, Croatia, Serbia and Romania have played in piloting a wider expansion of Chinese overseas stations than was known until the organization’s revelations came out. Among the fresh claims leveled by the group: that a Chinese citizen was coerced into returning home by operatives working undercover in a Chinese overseas police station in a Paris suburb, expressly recruited for that purpose, in addition to an earlier disclosure that two more Chinese exiles have been forcibly returned from Europe — one in Serbia, the other in Spain.”

41. United States: CIA’s Deputy Director Marlowe Delivers a Pointed Message to a Floundering Russia

On December 8th The Washington Times reported that “Dave Marlowe has been the CIA’s deputy director of operations since June 2021, and his work is worth knowing about. Having excelled in some of the most formidable overseas and domestic assignments, Mr. Marlowe is now at the pinnacle of his career, responsible for directing the CIA’s global clandestine espionage operations. Under Mr. Marlowe’s masterful stewardship, CIA officers around the world recruit spies, steal secrets and conduct presidentially authorized covert operations. For the CIA, there is no such thing as a “denied area.” CIA clandestine operations officers, many serving under Mr. Marlowe’s command behind enemy lines, collect the most sensitive source reporting also known as human intelligence (HUMINT), on which the CIA’s all-source analysis and ultimately our nation’s security so deeply rely. CIA deputy operations directors rarely — if ever — make public appearances, observing the age-old agency mantra that “the secret of our success is the secret of our success.” They remain in the shadows focused on their hyper-demanding, risky and consequential HUMINT mission. So our allies and adversaries must have taken notice when Mr. Marlowe recently addressed George Mason University’s Hayden Center, talking openly about the world’s hottest war. Assessing the Kremlin’s failed invasion and ongoing brutal war in Ukraine, Mr. Marlowe emphasized that Russian President Vladimir Putin’s “objectives were to squeeze things out of Ukraine, to threaten NATO and affect NATO unification, and to show off to the world that Russia is powerful militarily, economically, diplomatically.” Unfortunately for the KGB-agent-in-the-Kremlin, Mr. Marlowe continued, Mr. Putin “squandered every single bit of that. And so for the directorate of operations, we’re looking around the world for Russians who are as disgusted with that as we are, because we’re open for business.” I had the honor of serving with Mr. Marlowe for decades. Known for his low-key demeanor, wry sense of humor, calm under pressure and exceptional operational acumen, Mr. Marlowe was delivering a deliberate, pointed and very public message to Russian officials.”

42. First Female Chief for Australia’s Foreign Spy Agency

On December 9th the Financial Review reported that “a former senior public servant who most recently was overseeing the reform of Parliament’s workplace culture has been named the new head of Australia’s foreign spy agency. Kerri Hartland will become the first female director-general of the Australian Secret Intelligence Service (ASIS) in February, in the Albanese government’s first appointment of a chief to one of the major intelligence services. Ms Hartland, who replaces Paul Symon, takes the post at a time when the government has warned Australia confronts the most challenging security outlook since World War II, with an increasingly assertive China and Russia’s invasion of Ukraine threatening the rules-based world order. “With an increasingly complex geostrategic landscape, intelligence will continue to be critical to securing Australia’s safety, prosperity and sovereignty,” Ms Hartland said.”

43. Resident of Abkhazia Accused of Spying for Georgia

Following week 40, story #40, the Caucasian Knot reported on December 8th that “the case of Kristina Takalandze, a resident of the Gali district, accused of spying for Georgia, has been submitted to court, the military prosecutor’s office of Abkhazia said today. The “ Caucasian Knot “ has reported that Georgian citizen Kristine Takalandze, who lives in the village of Nabakevi, Gali district, has been detained on charges of espionage. The State Security Service of Georgia stated that she collected intelligence related to state and military secrets for the Georgian intelligence services. International mechanisms are involved in the release of Takalandze, the State Security Service of Georgia reported on July 26. On July 27, Takalandze was arrested for two months; in September, the court extended the arrest.” The report continues that “according to the investigation and the prosecution, on July 20, Takalandze met with an operational officer of the State Security Service of the Republic of Abkhazia in the city of Gal. The security officer was involved in the investigation against the girl, but she did not know about it. She got into his car, and when she was left alone in it, she took off “allegedly classified secret documents” on her phone, which she later forwarded to an operational officer of the State Security Service of Georgia, on December 7, the version of the investigation was cited by the Abkhazia Intelligence agency.”

44. Video: How China Stole the Technology from the West to Build their COMAC c919 in a 5 Year Hacking Operation

Maximus Aviation published this 12-minute long video on December 7th. As per its description, “experience the most amazing TRUE crime, hacking, and spy story that helped China build its COMAC aircraft by hacking proprietary technology from basically every aviation manufacturing company on the planet! But the Twist ending? Will Blow your mind!”

45. Cubic Digital Intelligence Wins the Trust of Australian Army Special Operations

Intelligence Online reported on December 6th that “the US cyber conglomerate Cubic Corp’s GEOINT subsidiary has already won a string of military contracts with the special forces in the country just months after opening its Australian branch.”

46. Lebanese Security Warns of Digital Applications Spying for Israel

On December 6th the Lebanese Dar El Hilal reported that “the General Directorate of the Lebanese Security Forces warned citizens of what it named as “suspicious digital applications” that were used for espionage in favour of Israel. According to a statement reported by the Lebanese “Al-Nashra” website, the investigations of the Lebanese security forces confirmed the existence of digital applications that use user data for espionage operations for Israel. The statement said: “Within the framework of combating espionage operations of the Israeli enemy, and by following up on applications, websites and accounts via the internet, and as a result of technical follow-up, the Intelligence Division of the Internal Security Forces suspended an account through the Facebook application under the name “Amine Amine”. The statement indicated that this account, “its operator — whose identity is unknown due to its adoption of an impenetrable protection system — publishes an advertisement for job and residence opportunities outside Lebanon with a monthly salary of 1080 Euros, on several Lebanese websites related with offering job opportunities and securing jobs for young men.” The statement of the General Directorate of the Lebanese Security Forces also warned of another application that it said was suspected, which is the “Facetune 2” application that is included in the list of the “PlayStore” and “AppStore”, noting that “it was developed by an Israeli company in 2013, and it turned out that after downloading the application, it requests and obtains approval to access the data and images inside the phone, and it is feared that it contains a loophole with Israeli espionage objectives,” according to the statement.”

47. Ukrainian SBU Detains Couple of Russian GRU Spies in Odessa

On December 8th Ukraine’s Security Service (SBU) announced that they “detained a couple of Russian spies in Odessa who were preparing a missile attack on air defence forces and artillery depots of the Armed Forces of Ukraine. The attackers gathered intelligence about possible locations and movements of air defence units of the Armed Forces of Ukraine in the region. However, the officers of the Security Service timely exposed the Russian agency and established control over it even at the initial stage of subversive activities. Both of the detainees — a man (born in Odessa, but later served in the Russian army and participated in hostilities on the territory of Chechnya) and his wife — citizens of the Russian Federation. They were sent to Ukraine early in 2018 and received a residence permit. In this way, Russian military intelligence planned to create its own intelligence apparatus in the south of Ukraine. Before the full-scale invasion, the family of agents collected intelligence on the socio-political situation in the region and expanded their circle of acquaintances, preparing for the main tasks. And after February 24, first of all, they tried to identify the combat positions of the “Crotale” anti-aircraft missile systems and the location of field artillery depots with ammunition for SAMs. Intelligence was needed by the occupiers to carry out airstrikes with Kalibr or Kinzhal missiles against Ukrainian military facilities. Therefore, the attackers began actively gathering intelligence about units of the Defence Forces in the Kherson area. The agents sent the collected intelligence to a “liaison” — a resident of Sevastopol, a former Russian special forces officer who secretly cooperates with the GRU, and uses the position of the head of a charity fund as a “cover”. He passed the intelligence to his supervisor, a staff member of the Russian military intelligence.”

48. Vietnamese Cyber Espionage Operation Uncovered

On December 7th cyber threat intelligence expert ThreatBook published technical indicators of an active cyber espionage operation attributed to an actor dubbed as APT32 or OCEAN LOTUS, previously associated with the intelligence service of Vietnam. The operation involved a custom cyber espionage software implant but its target(s) is/are unknown.

49. Iranian Espionage Campaign Targets Journalists, Diplomats, Activists, Says Human Rights Watch

The Record reported on December 5th that “a well-resourced and ongoing international cyber espionage campaign targeting human rights activists, journalists, diplomats and politicians working in the Middle East has been uncovered by Human Rights Watch (HRW), the NGO said on Monday. The advocacy organization’s joint technical analysis, conducted alongside Amnesty International’s Security Lab, attributed the campaign with high confidence to a hacking group that numerous specialist companies including Google, Mandiant, Recorded Future and Proofpoint, have said is sponsored by the Iranian government. After identifying and contacting more than a dozen victims who were unaware their accounts had been compromised, HRW has called for Google to strengthen the security protections it provides for Gmail users, whose log-in credentials were stolen as part of the social engineering and phishing campaign. The NGO complained that the lack of any permanent security notifications that attackers can’t delete is leaving victims in the dark, even though Google’s security features do allow informed users to identify who had been logging in to their accounts — one example in this campaign involved someone using an IP address in Tehran.”

50. Video: The Rarest And Strangest Secret Government Numbers Stations

On December 9 Ringway Manchester published a new video on government-operated number stations for covert communications. The stations covered are: 1) the likely Bulgarian S01 (S1A); 2) the likely CIA operated E21 “4F Counting”; 3) the CIA operated E05 “Cynthia” Jammer; And 4) the likely Russian XW “The Workshop.”

51. Kyrgyzstan Spymaster Kamchybek Tashiev Manoeuvres in Politics Behind the Scenes

On December 9th Intelligence Online reported that “spymaster Kamchybek Tachiev, the head of Kyrgyzstan’s only intelligence service, the GKNB, has President Sadyr Japarov’s total trust, his influence extending well beyond security into political decision-making.”

52. Greece: This is the New List of Those Under Surveillance by the EYP

On December 5th the Greek Kouti Pandoras reported that “in the new surveillance list of the EYP published today by Documento, the presence of two institutional actors, the head of Hellenic National Defence General Staff and the head of Hellenic Army General Staff, causes, naturally, an impression. The event overshadows the presence of nine other people with key positions, which the common orchestrator estimates they have in government positions, as well as MEPs, business executives and journalists.” The full list leaked includes: 1) Head of the Hellenic National Defence General Staff Konstantinos Floros; 2) Head of the Hellenic Army General Staff Charalambos Lalousis; 3) Former Director of the General Directorate of Defense Equipment and Investments Thodoris Laios; 4) MEP of PASOK-KINAL and European Parliament VP Eva Kaili; 5) President of the Hellenic Recycling Utilisation Association Michalis Economakis; 6) Executive member of the Mytilineos group for the Energy Sector Panagiotis Kanellopoulos; 7) CEO of Enterprise Greece George Filiopoulos; 8) Journalist Aris Spinos; 9) Journalist and publisher George Tragas; 9) Previous Prime Minister advisor Yannis Zervakis; And 10) Former MEP George Kyrtsos.

53. Mozambique Ex-president’s Son, Ex-spy Bosses Jailed for 12 Years for Graft

Barron’s reported on December 7th that “a Mozambican court on Wednesday sentenced two ex-spy bosses and the son of a former president to 12 years each for their part in a corruption scandal in which the government concealed huge debts, triggering financial havoc. Among 19 defendants accused in the country’s biggest graft scandal were ex-president Armando Guebuza’s son, Ndambi Guebuza; former head of security and intelligence, Gregorio Leao; and an ex-economic intelligence chief who headed three state-owned firms that illicitly borrowed billions, Antonio do Rosario. Eight defendants were acquitted while the rest were handed terms ranging between 10 and 12 years. “The crimes committed have brought consequences whose effects will last for generations,” said Judge Efigenio Baptista, addressing a packed courtroom in the grounds of a high-security jail in the capital Maputo. The scandal arose after state-owned companies in the impoverished country illicitly borrowed $2 billion (1.9 billion euros) in 2013 and 2014 from international banks to buy a tuna-fishing fleet and surveillance vessels.”

54. Notorious Bangladesh Police Unit Received Spy Training in the UK

Al Jazeera reported on December 7th that “several members of a Bangladesh anti-crime unit accused of human rights abuses travelled to the United Kingdom in 2022 to receive security training, Al Jazeera’s Investigative Unit (I-Unit) reports. Members of the Rapid Action Battalion (RAB), a law enforcement unit dubbed a “death squad” by human rights organisations, went to the UK in May and October 2022 for a cybersecurity course and training on the use of mass surveillance equipment. The instruction by British law enforcement experts happened despite the RAB being sanctioned by the United States for its alleged involvement in human rights abuses such as extrajudicial killings and forced disappearances. News of the RAB’s UK training led Al Jazeera’s I-Unit to discover that the UK had reversed a decision to join the US in imposing sanctions on the police unit in 2021. It is unclear why the UK government decided not to sanction the RAB. If it had, the 2022 training trips would likely have not happened, but the sanctions were inexplicably not implemented by the UK despite the US doing so. “RAB is turning to US partner countries to get the kind of training and tools and resources that they need to be a more ‘effective’ force back at home in Bangladesh. And by effective, I mean that they’re going to further engage in repression in Bangladesh,” said Amanda Strayer, supervising staff lawyer for accountability at human rights NGO Human Rights First. The I-Unit approached the UK Foreign, Commonwealth and Development Office to ask about its knowledge of these trainings, presenting a document that the FCDO responded had “never been shared with the High Commission and the UK Government was not aware of it”. According to the document reviewed by Al Jazeera and presented to the FCDO, the British High Commission in Dhaka was informed of the RAB members’ trips by way of communication from the Bangladeshi foreign ministry.”

55. New Influx in Far-Right ‘Reichsbuerger’ Scene — German Domestic Spy Agency Chief

Reuters reported on December 7th that “the far-right “Reichsbuerger” movement that denies the existence of the modern German state has seen a considerable influx in the past year and presents a persistently high level of danger, said the head of Germany’s domestic intelligence agency on Wednesday. The group arrested in raids early Wednesday are a prime example of a new scene where Reichsbuerger ideologies, conspiracy theories and extreme right-wing narratives flow together, said Thomas Haldenwang. “Above all, the propaganda surrounding an imminent “Day X” can generate considerable pressure to act in such clandestine groups and ultimately be the trigger for serious acts of violence,” he said in an emailed statement, adding security agencies maintain a close eye on the scene.”

56. Iranian Security Announces the Dismantling of a Foreign Spy Network in the Centre of the Country

On December 6th Al-Mayadeen reported that “Iranian security announced the dismantling of a foreign spy network consisting of 12 members in Markazi province, in the centre of the country, indicating that the network was planning to carry out sabotage operations through the possession of military weapons in order to destabilise the country’s security. Iranian television said today, Tuesday, that “the agent network was run by enemies of the Islamic Revolution residing in Germany and the Netherlands.” In the same context, the Iranian judiciary announced last Sunday the execution of 4 people convicted of collaborating with Israel, in addition to the recent dismantling of several spy networks.”

57. Previously Unknown Cyber Espionage Group Targeting Russia, Belarus, Azerbaijan, Turkey and Slovenia

On December 9th the cyber security and intelligence firm Positive Technologies (PT) published a technical analysis for a previously unknown actor dubbed as CLOUD ATLAS. As per the report, “specialists at the PT Expert Security Center have been monitoring the Cloud Atlas group since May 2019. According to our data, its attacks have been targeting the government sector of the following countries: Russia, Belarus, Azerbaijan, Turkey and Slovenia. The goals of the group are espionage and theft of confidential information. The group typically uses phishing emails with malicious attachments as the initial vector for their attacks. In the third quarter of 2022, during our investigation we identified a phishing campaign targeting employees of Russian government agencies. The attackers used targeted mailing based on the professional field of the recipients, even though we found no publicly available information about them.”

58. France: Post-Quantum Cryptography: What is Emmanuel Macron Talking About?

On December 4th the French Le Monde reported that “the President of the Republic announced the sending of the ‘first diplomatic telegram encrypted using post-quantum cryptography’ to the French embassy in Washington. We explain its importance for the future of confidential communications. “This tweet may sound technical — it is!” On Thursday, December 1, by announcing on Twitter that the first telegram encrypted using post-quantum technology had been sent, French President Emmanuel Macron was well aware that he would be referencing a topic unfamiliar to the general public. However, the development of post-quantum cryptography is of great importance to the world of cryptography, to confidential communications and, by extension, to the internet.”

59. United Kingdom: The Secret Lives of MI6’s Top Female Spies

On December 8th the Financial Times (FT) reported that “my journey to the school for spies starts in the half-light of a waking city. I do not know where I am going and have only been instructed to meet my contact at a central London landmark. We travel by car, boat and train to a place where officers of Britain’s Secret Intelligence Service, the overseas espionage agency known as SIS, learn their craft. I am not allowed to describe it to you, but I can tell you this: it is giant and austere and the slicing wind makes my eyes water. At the door, I am met by a small, cheerful woman with short, wavy blonde hair whose beaming welcome is at odds with the sterile eeriness of this place. Kathy, who is in charge of all intelligence operations by SIS officers and their agents around the world, ushers me over to a bank of armchairs next to a large window overlooking a paved landscape. She jokes that when she was first offered a job at the agency, also known as MI6, her mother questioned whether she wanted to commit herself to something so “wacky and unfamiliar”. “My dad just said, ‘Go for it.’” This self-effacing northerner says she is “not particularly brave”. But she is one of the most powerful spies in Britain. Kathy is one of four directors-general at SIS, each of whom reports to the chief, known as “C”. For the first time, three of them are women. They work in the most important and rapidly evolving areas of spycraft. Kathy is director of operations. Rebecca is the chief’s deputy, who oversees strategy. The most storied MI6 job of all belongs to Ada, who is the head of technology, known as “Q” after James Bond’s mastermind gadgeteer. I have spent six months interviewing them about how they reached the top in a traditionally male career and trying to understand what the life of a female spy is really like. Since the chief of MI6 is the only member of the agency who is named or permitted to speak in public, and because all of them have been men, this is the first time that female SIS officers have ever spoken on the record. I have agreed to change their names and omit certain details to protect them and the sources they work with. They agreed to speak to encourage women applicants and correct the perception of espionage as a man’s game.”

60. Lebanon Has Arrested 185 Israeli ‘Spy Suspects’ Since Collapse

The Jewish News Syndicate (JNS) reported on December 8th that “Lebanese authorities have arrested hundreds of people accused of working with Israel. Many observers say Beirut uses suspects as scapegoats and blames their actions for the country’s financial problems. Since the country’s economic collapse three years ago, which plunged 80% of Lebanese into poverty, 185 people have been detained on suspicion of working with Israel, according to two security sources, reported AFP. That figure is up from a previous average of four or five arrests per year, according to one of the sources. “This is the first time that so many people have been arrested on charges of collaborating with Israel, and it’s because of the crisis,” said the other security source. Since 2019, Lebanon’s national currency has plummeted in value, banks have frozen accounts and most people have struggled to make ends meet. “This was a boon for the Israelis, who targeted Lebanese on social media with job advertisements for phony companies,” the second source said. The applicants would then be contacted by a recruiter. Some of them had no idea an Israeli intelligence organization had contacted them. One of the sources said that only three of those detained since 2019 were allegedly working with Israel before the crisis. So far, 165 of the 185 have been prosecuted, with 25 convicted and sentenced. Two suspects had contacted Israel’s Mossad intelligence agency directly through its website in search of work, according to the report. One source claimed that some detainees who believed Israeli intelligence had contacted them “went on nevertheless since they did not have a problem with Israel and detested Hezbollah,” the Iranian-backed terrorist organization that is the most powerful force in Lebanon.”

61. United States: Move to Ban TikTok — Could New Jersey Join Them?

The NJ 101.5 reported on December 7th that “while a handful of states have moved to ban TikTok from their employees’ computers and phones, New Jersey officials haven’t made a similar move but have had discussions about apps that pose potential security risks. Policies for the security of mobile devices for the state’s executive branch are set by the Office of Homeland Security and Preparedness and its Cybersecurity and Communications Integration Cell Division. Communications director Maria Prato said any outright ban of hardware or software products would first be discussed with the agencies that would be affected. “The decision to ban or restrict the use of a particular app or website can depend on a variety of factors, including the potential risks and benefits of using the app or website, the policies and practices of the developers, and the overall security and privacy landscape,” Prato said. “NJCCIC continues to have ongoing discussions with other state departments regarding sites and applications that represent security risks and is prepared to provide the appropriate guidance needed,” she said. On Tuesday, Maryland Gov. Larry Hogan banned the use of TikTok and certain China and Russia-based platforms in the state’s executive branch of government, citing an unacceptable cybersecurity risk to the state. The Republican, who is considering running for president, announced an emergency cybersecurity directive to prohibit the use of the platforms, saying they may be involved in cyber-espionage, surveillance of government entities and inappropriate collection of sensitive personal information.”

62. How the Global Spyware Industry Spiraled Out of Control

This was referenced in story #14 too. On December 8th the New York Times published this article stating that “the market for commercial spyware — which allows governments to invade mobile phones and vacuum up data — is booming. Even the U.S. government is using it.” It says that “the Biden administration took a public stand last year against the abuse of spyware to target human rights activists, dissidents and journalists: It blacklisted the most notorious maker of the hacking tools, the Israeli firm NSO Group. But the global industry for commercial spyware — which allows governments to invade mobile phones and vacuum up data — continues to boom. Even the U.S. government is using it. The Drug Enforcement Administration is secretly deploying spyware from a different Israeli firm, according to five people familiar with the agency’s operations, in the first confirmed use of commercial spyware by the federal government. At the same time, the use of spyware continues to proliferate around the world, with new firms — which employ former Israeli cyberintelligence veterans, some of whom worked for NSO — stepping in to fill the void left by the blacklisting. With this next generation of firms, technology that once was in the hands of a small number of nations is now ubiquitous — transforming the landscape of government spying. One firm, selling a hacking tool called Predator and run by a former Israeli general from offices in Greece, is at the center of a political scandal in Athens over the spyware’s use against politicians and journalists. After questions from The New York Times, the Greek government admitted that it gave the company, Intellexa, licenses to sell Predator to at least one country with a history of repression, Madagascar. The Times has also obtained a business proposal that Intellexa made to sell its products to Ukraine, which turned down the sales pitch.”

63. Russian FSB Detains 2 SBU Agents in Sevastopol on Espionage Charges

As it was reported by Riamo on December 8th, “Russian FSB officers have detained two Russians who are suspected of spying for the Ukrainian intelligence services, according to the Federal News Agency. According to security officials, a resident of Sevastopol was recruited by the SBU in 2016. After the start of the special operation, he shared with the Ukrainian intelligence service information about the location of sites of the Russian Ministry of Defence. In addition, he attracted another man to treason, who also spied in the interests of Ukraine. Both citizens are now facing criminal charges.”

64. Podcast: Trendifier: CIA Nuclear Spy — Jim “Mad Dog” Lawler

On December 10th the Trendifier published a new podcast episode with its description being: “Jim “Mad Dog” Lawler is a spy, nuclear weapons expert, and author. Mad Dog was a 25-year Covert CIA Nuclear Spy who carried out missions around the world and became one of the agency’s most decorated senior officers. He is allegedly no longer in the CIA and has become a prolific author in his “retirement.” Mad Dog Lawler’s books are fictional spy thrillers “based on” his personal experiences at the CIA.”

65. Spy Way of Life: National Tailors in Dubai, UAE

This week’s selection for the Intelligence Online’s Spy Way of Life was the “National Tailors, the Dubai ruling family’s bespoke garment-maker.” As per the article, “this week, Intelligence Online steps into the world of the Al Madani family’s National Tailors in Dubai. The small boutique creates kanduras, the traditional United Arab Emirates dress for men, for the emirate’s ruling Al Maktoum family and any prince, businessman or prominent figure close to the country’s leadership.”

66. EU Vice-President and Greek Socialist MEP Eva Kaili is Arrested by Belgian Police in ‘Qatar Lobbying Scandal’

The Daily Mail reported on December 9th that “Vice-president of the EU Parliament Eva Kaili was suspended from her party and Parliament group after being arrested in Brussels on Friday by police investigating alleged lobbying by World Cup hosts Qatar. Greek socialist MEP Eva Kaili, 44, is being questioned after the arrests of four other people as officers searched 16 properties earlier on Friday. This is said to include Ms Kaili’s partner as well as Luca Visentini, 53, who is the current General Secretary of the International Trade Union Confederation, ITUC. The ITUC said it was ‘aware’ of the media reports, but had no further comment to make at present. It is understood all four of those originally arrested are Italian citizens or of Italian origin. Kaili is the partner of one of the four, a parliamentary assistant with the European Parliament’s Socialists and Democrats group, said a source close to the investigation. Belgium’s federal prosecutor announced the earlier arrests after 600,000 euros in cash was discovered when police raided 16 addresses raids in the capital Brussels. The prosecutors did not specify the identities of the suspects or name the country involved, saying only that it was a ‘Gulf’ state. But a source close to the case confirmed press reports that it was focused on suspected attempts by Qatar to corrupt an Italian Socialist. Prosecutors had said a former MEP was among those arrested did not identify any of those concerned. Belgian press reports said the country concerned was Qatar, and named the former MEP as Italy’s Pier-Antonio Panzeri, who served as a socialist in the parliament between 2004 and 2019. Panzeri, 67, currently heads a Brussels-based human rights organisation called Fight Impunity. A statement from Belgium prosecutors said: ‘Today’s searches have enabled investigators to recover about 600,000 euros in cash.’ ‘Computer equipment and mobile phones were also seized. These elements will be analysed as part of the investigations.’ Investigators ‘suspected a Gulf country (of influencing) the economic and political decisions of the European parliament’, the statement added.”

67. Virtual Event: What is the future of US Counterintelligence & the National Counterintelligence and Security Centre?

On December 9th the Federal Society published the recording of a virtual event. As per its description, “the Senate Select Committee on Intelligence released a detailed report in September 2022 on the state of the U.S. Counterintelligence (CI) mission. Among other things, the report noted that the National Counterintelligence and Security Center (NCSC), the nation’s head agency for CI, does not have a clear mission and is limited in its authorities. The Committee further warned that NCSC’s work is being hampered by bureaucracy and funding issues. The report also noted that foreign intelligence entities pose a more harmful threat to U.S. interests now than they have at any point in the past. We discussed the report, its fallout, and the potential solutions to the problem with the former Director of NCSC, The Honorable William Evanina.”

68. Germany Arrests 25 Suspected of Far-Right Plot to Overthrow State

The Japan Times reported on December 7th that “German authorities on Wednesday detained 25 members and supporters of a far-right group that the prosecutor’s office said were preparing a violent overthrow of the state, with some members suspected of plotting an armed attack on the parliament. One active soldier and several reservists are among those being investigated, a spokesperson for the military intelligence service said. The active soldier is a member of the Special Forces Command, it said.”

69. Will Chinese Intelligence Learn from Russian Mistakes in Ukraine?

The Washington Examiner published this article on December 7th saying that “a big question for the U.S. intelligence community. Has China learned lessons from Russia’s debacle in Ukraine? Has China learned from Russia’s experience in order to improve its own intelligence game in anticipation of a future military move on Taiwan? Certainly, the war in Ukraine has been an abject failure for Russian intelligence. The foreign policy community once considered the CIA’s call in 2002 that Iraq possessed weapons of mass destruction as one of the most significant intelligence failures in modern history. Russia’s intelligence community took this failure and surpassed it in leaps and bounds. Chock full of hubris, corruption, and incompetence, the domestic FSB service, in particular, committed the cardinal sin in the intelligence world: reinforcing what Russian President Vladimir Putin always wanted, which was to invade Ukraine on a cost-free basis. One wonders how the FSB, GRU military intelligence and SVR foreign intelligence chiefs have kept their jobs. China has more to learn. After all, even after the invasion began and Ukraine showed great resilience, Russian intelligence has continued to perform poorly. Western intelligence services have gone on the offensive, expelling over 400 Russian officials serving in their countries. This campaign clearly damaged the SVR and GRU overseas presence, severely degrading their ability to recruit and handle agents and conduct active measures campaigns in the West. No, Russian intelligence is not totally defeated. But, their reputation is in tatters; they must no longer be considered a first-rate intelligence service. There was always a perception that Russian intelligence was not only competent, but some thought even “10 feet tall.” No longer. So, as China eyes Taiwan, Beijing must consider three fundamental missteps on the part of its Russian intelligence friends.”

70. United States: 304th MI BN Completes STX with BOLC Students to Enable Intelligence Collection, Maneuver Operations

The US Army reported on December 9th that “students in Military Intelligence Basic Officer Leader Course (MIBOLC) with Charlie Company, 304th Military Intelligence Battalion, completed a situational training exercise, or STX, at Urban Ops Site-South, Dec. 7. “These MIBOLC STX lanes were a great opportunity for our lieutenants to get out of the classroom and into the field and experience the application of the intelligence process driving operations — in this case employing small unit tactics,” said Col. Brendon Dever, 111th Military Intelligence Brigade commander. “It was also good for our future intelligence leaders to see creative ways to plan and execute tough, realistic training using resources that will be available to them at the company and battalion level — something I hope they will take with them as they head to their first unit of assignment.” For military intelligence officers, this is integral training as the intelligence they provide in future operational environments will drive maneuver operations.”

71. Israeli Intelligence Chiefs See Tehran Surviving Protests, For Now

Reuters reported on December 5th that “Iran’s clerical rulers are likely to survive protests sweeping the country and could stay in power for years, the chief analyst for Israeli military intelligence said on Monday, prompting his commander to predict the enemy regime would eventually fall. Locked in a Cold War-style conflict with Iran, Israel has closely monitored the unusually protracted and violent unrest and offered some statements of support for the protesters. But Israeli officials, their focus on Iranian nuclear projects and regional guerrilla allies, have been circumspect about any prospects for Tehran being topped by a popular uprising. “The repressive Iranian regime will, it seems, manage to survive these protests,” Brigadier-General Amit Saar, who as head of research for Israel’s military intelligence is responsible for national strategic forecasts, said in a speech.”

72. Former CIA Officer Jason Hanson Publishes 3 New Videos

This week former United States Central Intelligence Agency (CIA) officer Jason Hanson published the following 3 videos: 1) Use this Secret Spy Hack to Protect your Privacy; 2) Survival Tip: Why You Need A Solar-Powered Generator; And 3) How to Properly Disassemble and Oil a Gun.

73. Pakistan Fools the Western World by Playing Double-Standard in Afghanistan

The Organiser reported on December 7th that “Pakistan has been playing double-standard in Afghanistan through its infamous spy agency Inter-Service Intelligence (ISI). In February 2020, just days before the US-Taliban reached into Doha Agreement, the intelligence community and military intelligence leaders from South and Central Asia gathered at a US Central Command conference in Tampa, Florida, where the topic was unconventional warfare. One of the most electric moments was when a panelist described how the Pakistani security service had failed twice to get their puppet regimes in Kabul recognized by the United Nations. The two Pakistani Inter-Services Intelligence (ISI) generals present were at first angered that someone was exposing their campaign to control the Afghan government through proxy fighters. Later, one of the ISI leaders admitted that elements of Pakistan’s ruling powers had indeed backed the failed efforts of Gulbuddin Hekmatyar in the Afghan civil war and the Taliban militia in the 1990s and 2000s to gain UN regonition as the government of Afghanistan. He further admitted to the panelists and a US Army general that Pakistan continues to back the Taliban-Haqqani campaign to retake Afghanistan.”

75. United States: DOJ: Barrack, Wynn Losses Won’t Derail Foreign Influence Crackdown

On December 8th the Politico reported that “the head of the Justice Department’s counterintelligence division vowed Thursday that the department would not be deterred by a string of recent legal setbacks in its attempts to crackdown on foreign influence efforts in the United States. “We will continue to bring hard cases,” Jay Bratt said at a conference for Foreign Agents Registration Act lawyers. Bratt was pushing back on the suggestion by some FARA practitioners that the high-profile acquittal of longtime Trump fundraiser Tom Barrack on charges of illegal foreign lobbying last month could trigger a retrenchment by the department. In his first public comments on the cases of Barrack and Steve Wynn, the casino magnate and GOP megadonor who recently won the dismissal of a DOJ lawsuit to compel him to register as a foreign agent, Bratt said that the string of public defeats “doesn’t deter us in making those tough choices.” Bratt said such speculation reflected “a fundamental misunderstanding of how we do business.” To underscore his point, he pointed to the recent indictment, revealed earlier this week, of former Rep. David Rivera (R-Fla.) for allegedly failing to register as a foreign agent of the Venezuelan government. But bringing indictments is not the same as winning convictions. And on the latter front, the department Bratt leads has had a tough recent run.”

76. Podcast: ARK Invest: Military Defence and Intelligence with Chip Walter from Marlinspike

On December 6th the ARK Invest released a new podcast episode. As per its description, “today’s guest Chip Walter is a Navy veteran and Managing Director of Marlinspike Partners, a company working to solve the technological needs in space, cybersecurity, and artificial intelligence (AI) through investment. Tune in to hear about Chip’s background in the Navy, how he ended up at Marlinspike, and his experience flying a P-3 plane. We discuss the roles of the Prime contractors in defense and intelligence, the process of trying to sell weapons to the Department of Defense, and a common mistake startups should avoid. The timeline of the growth of space technology is increasing at a rapid rate. In this episode, Chip tells us why he feels the USA needs to match the presence of other dominant countries in space in order to defend itself before he explains how cyber fits into war-fighting as the fifth domain.”

77. Canada: ‘Alarming Escalation’ of Espionage, Foreign Interference in Canada Since Pandemic: CSIS

The National Post reported on December 6th that “Canada’s spy agency has noted an “alarming escalation” of espionage and foreign interference since the beginning of the pandemic, with countries like China threatening or intimidating people in Canada into namely supporting a specific electoral candidate. “These activities are real, they’re persistent, they’re increasing, and it’s not hypothetical, we see it everyday in our work. And these activities will be targeting all level of governments, whether it’s federal, municipal, provincial,” veteran CSIS intelligence analyst Noura Hayek told attendees of the Council on Governmental Ethics Laws conference Monday.”

78. United States: CIA Comrades Honor Mike Spann By Rescuing Afghan Allies

RealClear Politics published this article on December 10th concluding that “to mark the 20th anniversary of Mike Spann’s death, a group of his CIA comrades and their families and friends visited Arlington National Cemetery. Five members of Team Alpha stood amid the fall leaves, their heads bowed, before grave 2359 in Section 34. Each one spoke of his memories of Mike. “He wanted to see the enemy, he wanted to know the enemy, and to understand the enemy,” said David Tyson. “That’s what led him to be with me at the fort on November 25, 2001. It was his will to be there, and the rest is history.” Present at the graveside that day was one Afghan whom Team Alpha members had helped evacuate from Mazar-i Sharif to Doha and eventually to Fort Dix, New Jersey, the start of a new life in America. But there were many more Afghans to assist and for now the recriminations and shame of the end of America’s war in Afghanistan had been put to one side. Instead, just as they had two decades earlier, David Tyson and others were focused on an improvised plan that required flexibility and almost constant adaptation. This time, the mission was to get Afghans out of the country rather than U.S. forces in. America had been united in 2001. Now, it was bitterly divided. Rescuing the Afghans, however, was something almost every American could support. Once again, it was the likes of Team Alpha who took it upon themselves to get the job done.”

79. Podcast: Team House: Tactical Signals Intelligence with SOT-A — Clayton Jensen

On December 10th the Team House published a new podcast episode. As per its description, “Clayton Jensen completed six combat rotations as a SOT-A in Afghanistan and Iraq where he did tactical signals intelligence operations.”

80. Grey Dynamics Article and Podcast on Becoming an Intelligence Analyst

This week Grey Dynamics published the article “So, You Want to Be An Intelligence Analyst?” as well as the podcast episode “Expert advice for getting into intelligence” with intelligence experts covering numerous subjects for people interested in becoming intelligence analysts.

81. US Intelligence Lays Out Assange Attack

The Consortium News published this article on December 9th saying that “a week after five major newspapers called on the Biden administration to drop its charges against Julian Assange, the Michael V. Hayden Center for Intelligence, Policy, and International Security countered with an event on Monday intended to push the “intelligence community’s” disinformation about the Assange case. After it was slammed on Twitter, the program’s initial title, “Julian Assange: Journalist or Techno-Spy?” was changed to the mundane, “The Case of Julian Assange.” It was presented as a debate in the ballroom of the National Press Club in Washington, but the panel seemed stacked against Assange lawyer Barry Pollack. Larry Pfeiffer, the Hayden Center director and a former Central Intelligence Agency chief of staff, introduced the panelists, asking about the “line between journalism and espionage and when does the line get crossed?” Though the title was changed the purpose was the same, to present Assange as a spy, giving Assange’s U.S. lawyer a chance to respond. Pfeiffer said the center’s “goal is to have discussions like this that talk about intelligence and the role intelligence plays in our society, in our government, how it informs policy, how it sometimes screws up policy and what do we do then if we need to fix it.” In other words, trust the intelligence agencies because they have only the best intentions at heart and they fix their “mistakes,” “mistakes” that cost hundreds of thousands of lives, such as in Iraq, and that plotted to take Assange’s life.”

82. Politicians and Journalists Targeted by Spyware to Testify at Council of Europe Parliamentary Hearing in Paris

With a formal announcement the Council of Europe stated on December 5th that “Politicians and journalists from Poland, Spain and Greece who have been targeted by the Pegasus or similar spyware are to give testimony at a public hearing of the Parliamentary Assembly of the Council of Europe (PACE) in Paris on 12 December 2022, to be live-streamed in English. The hearing, organised by PACE’s Committee on Legal Affairs and Human Rights, will focus on the role played by spyware in secret state surveillance, as part of a report on this topic being prepared for the Assembly by Pieter Omtzigt (Netherlands, EPP/CD). Participants include: Krzysztof Brejza, a member of the Polish Sejm from the opposition Civic Platform party, and a former member of PACE (accompanied by his lawyer, Dorota Brejza). Diana Riba, a Spanish member of the European Parliament from Catalonia’s Republican Left Party, and Vice-Chair of the European Parliament’s committee of inquiry which is also currently investigating the use of Pegasus and similar spyware. Thanasis Koukakis, an investigative journalist from Greece specialising in financial affairs, who has reported on corruption and money laundering (via teleconference). In two earlier hearings, the committee heard from journalists who first revealed the spyware surveillance, as well as data protection and legal experts, and the UN High Commissioner for Human Rights.”

83. Ukrainian Spy Drone Recorded Inside Belarusian Territory

According to video footage and details published by the International Radio “Belarus” on December 6th, “another Ukrainian spy drone was forcibly landed on the Belarusian-Ukrainian border. The drone, which was making video recordings and trying to remain undetected, was heading deep into Belarusian territory. Our border guards and the military worked in concert: the drone was carefully landed with the help of radio-electronic weapons. Now we have the contents of the drone’s datacard. As a rule, there is irrefutable evidence of where the flying device was launched from and by whom.”

84. Paul Whelan, Ex-U.S. Marine Jailed in Russia on Spying Charges

On December 8th Reuters published this article stating that “Paul Whelan, a former U.S. Marine serving a 16-year sentence in a Russian penal colony on espionage charges, did not figure in a prisoner exchange on Thursday involving U.S. basketball star Brittney Griner, despite months of speculation that he would be included. Here are some facts about Whelan: 1) Whelan was detained by agents from Russia’s Federal Security Service (FSB) in a room in Moscow’s Metropol Hotel, near the Kremlin, on Dec. 28, 2018. 2) Investigators said he was a spy for military intelligence with a rank of colonel or higher, and had been caught red-handed with a computer flash drive containing classified information. 3) Whelan said he had been in Russia for a friend’s wedding and had been given the drive in a sting by a Russian friend. He said he had thought it contained holiday photos. 4) After a trial held entirely behind closed doors that U.S. diplomats said was unfair and opaque, Whelan, now 52, was convicted of spying in 2020, and sentenced to 16 years in a maximum security jail. He is currently being held in the IK-17 penal colony in the Mordovia region, east of Moscow. 5) Born in Ottawa, Canada, to British parents of Irish origin, Whelan later moved to Novi, Michigan, and is a national of all four countries. 6) Whelan served with the Marine Corps Reserve from 2003–2008, much of the time as an administrative clerk in Iraq. At the end of that period, he was dishonourably discharged for larceny and other lesser offences, after being found to have tried to steal $10,000. 7) At the time of his arrest, Whelan was head of global security for BorgWarner, a Michigan car parts supplier. 8) Last November, a Russian court rejected his request to be allowed to serve his sentence in the United States.”

85. Nelson Rauda Zablah: Pegasus Spyware Was Used to Hack Reporters’ Phones. I’m Suing its Creators

On December 5th The Guardian published this article saying that “I was warned in August 2020. A source told me to meet him at six o’clock at night in an empty parking lot in San Salvador. He had my number, but he contacted me through a mutual acquaintance instead; he didn’t want to leave a trace. When I arrived, he told me to leave my phone in the car. As we walked, he warned me that my colleagues at El Faro, the Salvadoran news organization, were being followed because of a story they were pursuing about negotiations between the president of El Salvador and the notorious MS-13 gang. This may read like an eerie movie scene, but there are many Central American journalists who have lived it for real. The suspicion you’re being followed, ditching your phone before meetings, using encrypted messaging and email apps, speaking in code, never publishing your live location — these are ordinary routines for many in my profession. I wouldn’t know until more than a year later what my source really meant. My colleagues weren’t just being trailed as they investigated that story. They, and at least 18 other members of El Faro — including me — had been the repeated targets of a weapons-grade espionage software called Pegasus. Pegasus is the gleaming toy of the Israel-based spyware firm NSO Group. Forensic analysis by the Citizen Lab and others found that Pegasus attacks in El Salvador started in June 2020 and continued until November 2021. In all, 35 journalists and members of civil society were spied on with this tool. When you’re infected by Pegasus, spies effectively hold a clone of your phone. They can see everything, from your personal pictures and texts to your purchases and your selection and use of apps. When the spying was discovered I had to take measures that included exiting my family group chat and deleting my banking apps. For journalists, this means spies can see every chat and phone call with our sources. I was hacked while I pursued and published private videos of two brothers of President Nayib Bukele negotiating over El Salvador’s Bitcoin Law with foreign businessmen before it came into effect. My colleagues Gabriela Cáceres and Carlos Martínez were hacked as they continued to reveal more details about the government’s dealing with gangs and a thwarted criminal investigation about it. I could go on and on.”

86. Podcast: My life as a Spy — CIA Agent Andrew Bustamante Tells His Story

On December 4th the “Anything Goes with James English” published a new podcast episode with former CIA clandestine service operative Andrew Bustamante.

87. Alleged Russia Spy Believed to Have Accessed Polish Intelligence Data

EUractiv reported on December 9th that “Tomasz L., who was detained in the spring, was a member of the commission for the liquidation of the Military Information Services in 2006, which was overseen by then-deputy minister of national defence Antoni Macierewicz — one of the most influential people in the Law and Justice Party –, journalists at TVN24 discovered. L., accused of espionage, was arrested and charged with spying for Russia shortly after that country’s invasion of Ukraine began. When Law and Justice ruled Poland between 2005 and 2007, he was also part of the liquidation committee of the military intelligence organisation, the Military Information Services, and he was supposed to have access to all their data. The liquidation of the WSI occurred as a result of the reforms taking place in the country and the coalition arrangements of the then government. The organisation was replaced by two separate military intelligence and counterintelligence services. According to information provided by the Polish services in March 2022, Tomasz L. was said to have copied and transferred operationally valuable data to the Foreign Intelligence Service of the Russian Federation. The man had access to the collections of the Archive of the Civil Status Office and the collections of the Central Archives of Historical Records and the State Archives of the City of Warsaw. The author of the TVN24 report, Piotr Świerczek, revealed that documents of exceptional importance, intended only for the eyes of Polish officers, could have fallen into the hands of the spy. However, it is not known whether L. was already a spy in 2006. “Tomasz L. had access to everything that the Military Information Service had accumulated in its resources,” Świerczek said.”

88. Podcast: SpyScape: Aldrich Ames — The Ultimate Double Agent, Part 1/2: Selling Secrets

SpyScape’s True Spies series released the first part of a two-part podcast on December 6th. As per its description, “the CIA is only as strong as it’s weakest link. And in the waning years of the Cold War, weak links were in ready supply. A number of trusted Agency officers were caught selling secrets to the Russian regime. And the most notorious traitor? Aldrich Hazen Ames. In the first episode of a 2-part True Spies story, Sophia Di Martino joins journalist and spy chronicler Bryan Denson to uncover the inglorious origins of Ames’ betrayal — and the beginnings of his downfall. From SPYSCAPE, the home of secrets. A Cup And Nuzzle production. Series producers: Gemma Newby, Joe Foley. Produced by Max Bower. Music by Nick Ryan.”

89. Monaco Spy Story: Columbus Group

The Santa Barbara News-Press published this article on December 10th stating that “during one of my briefings with Prince Albert of Monaco as his intelligence chief, I proposed my vision to engage the intelligence services of micro-Europe — Monaco, Luxembourg, Liechtenstein, Andorra, San Marino, and Malta — into an intelligence club, an association of services that would share information on bad actors and create a cooperative/ combined shield. The prince already held a soft spot in his heart for micro-European countries evidenced by the high regard and courtesy he extended them during his investiture in July 2005. They were treated with the same dignity as large powerful countries. So it was no surprise that Albert gave this idea his full backing and authorized me to proceed. I brought this up with senior Italian intelligence officials because I hoped they would help organize introductions to their counterparts in San Marino and the Vatican. Foreign intelligence chief Albert Manenti was not only supportive but offered to personally introduce me to the director of the Vatican’s intelligence unit. He thought Liechtenstein would be the most difficult to crack, but I’d already made a breakthrough with that principality tucked between Switzerland and Austria. Indeed, when I had the opportunity to meet Rene Brulhart, director of Liechtenstein’s Financial Intelligence Unit, Rene wholeheartedly welcomed this idea. Liechtenstein, he told me, had no meaningful contact with Monaco so he was happy just to be in contact with us. It would be amazing, he agreed, if we could extend this concept to the other microstates.”

90. CIA Officer Who Killed British Teen Receives Sentence — But She Won’t Serve a Day in Jail

The Canary Workers’ Co-op reported on December 9th that “Central Intelligence Agency (CIA) officer Anne Sacoolas has been sentenced for killing British teenager Harry Dunn. The American was given an eight-month suspended sentence. In August 2019 she hit Dunn, who was on a moped, outside the US spy base at Royal Air Force (RAF) Croughton in Northamptonshire. Sacoolas had been driving on the wrong side of the road. For three years, Dunn’s family fought for justice. Sacoolas left the UK quickly after the death and, despite the judge’s request, did not attend the sentencing in person. The case has led to questions over the nature of the US-UK extradition treaty. According to some, the Sacoolas trial also has implications for the case of jailed Wikileaks editor Julian Assange.”

91. Podcast: Interview with Former CIA & Current AZ CISO/Director of Homeland Security

On December 7th the RealTime Cyber Awareness released a new episode. As per its description, “Tim Roemer opens up about cyber threats facing the state and country, managing to border crisis in Arizona, cyber war, Anonymous, how he’s created a cyber security culture, his time at the White House and CIA, among a bunch of other topics.”

92. Algeria Arrests Journalist on Suspicion of Espionage for Morocco

On December 10th the Agadir24 reported that “the Algerian newspaper An-Nahar revealed that the country’s authorities had arrested a former journalist for the Algerian News Agency, on suspicion of “espionage for the Kingdom of Morocco.” According to what the same report, the aforementioned journalist was involved in the case of “communicating in favour of Morocco and leaking confidential information, as well as sending reports on the security, political and even economic conditions of the country to authorities in Morocco.” The same source revealed that the journalist in question “was in contact with Moroccan personalities belonging to political parties, associations and journalists, in addition to foreigners,” noting that “he had established contact with them during his assignment as a press reporter for the agency in 2010.” The same source stated that “the journalist was arrested along with other suspects, after subjecting his personal phone and computer to a careful test, to determine the existence of suspicious contacts through his e-mail with people in Morocco.” In addition, the newspaper revealed that “police officers have come across other messages containing false and erroneous news about former and current Algerian officials planning to assassinate activist Jamal Ben Ismail, following the fires in the Tizi Ouzou region.”

93. Defence Spending Bill Recognizes CIA’s Predecessor — The Basis for a Future National North Virginia Museum

The OSS Society tweeted this on December 10th saying that “Defense spending bill recognizes CIA’s predecessor — the basis for a future national N. Va. museum [National Museum of Intelligence and Special Operations].” And linking this DropBox document containing all the details.