SPY NEWS: 2023 — Week 13
Summary of the espionage-related news stories for the Week 13 (26 March-1 April) of 2023.
1. China Says Detained Employee of Japan Firm Suspected of Espionage Activities
Following last week’s story #68, on March 27th Reuters added more details to story saying that “the Chinese foreign minsitry said on Monday that an employee of Japanese firm Astellas Pharma who was detained was suspected of engaging in espionage activities. The relevant Chinese authorities earlier this month adopted compulsory measures in accordance with criminal law against the individual for case examination, spokesperson Mao Ning said at a regular news briefing . “This Japanese citizen is suspected of engaging in espionage activities,” Mao said.” Following this, AA reported on March 27th that “Japan on Monday urged China to release its national who, Beijing says, was “held on suspicion of spying.” “The Japanese national has been captured by Chinese authorities,” Japanese Chief Cabinet Secretary Hirokazu Matsuno told a news conference in Tokyo. Beijing said it notified the Japanese Embassy about the arrest “in accordance with the Vienna Convention and China-Japan consular relations.” Earlier this month, Chinese authorities notified the Japanese Embassy in Beijing that a Japanese national in his 50s was detained. He is a pharmaceutical employee and “seems to have violated the spy act,” Matsuno said. “We urge China to release this man … we need to protect this Japanese national,” he added.”
2. Ukrainian SBU Dismantled Russian FSB Agent Network of 8
On March 27th Ukraine’s Security Service (SBU) announced that they “neutralised the FSB agent group, which was preparing missile attacks on Ukrainian Railways facilities and recruiting personnel in the administration of the occupiers. The group included eight local residents. One of them used the status of an assistant to an acting People’s Deputy of Ukraine and a journalist’s license as a cover. The perpetrators collected intelligence on the locations and movements of the Defence Forces in the regions. In the “zone of special attention” of the enemy were the routes of movement of military echelons and the location of railway stations where weapons of the Armed Forces of Ukraine are unloaded. The agents also scouted the locations of ammunition warehouses, firing positions, checkpoints and fortifications of the Ukrainian troops in the front-line areas of eastern Ukraine and the Dnipropetrovsk region. Also, during the temporary occupation of Izyum and Balaklei, those involved selected candidates for the composition of local occupation administrations. SBU counter-intelligence officers gradually documented the criminal actions of Russian agents and detained four members of the enemy network. Another four are in the territory of the aggressor country. Comprehensive measures are being taken to bring them to justice. According to the investigation, the spy network was formed by two case officers of the FSB before the start of the full-scale invasion. It included an agent who had previously been recruited by the honorary consul of the Russian Federation in Kharkiv. After February 24 last year, the FSB “activated” its agents to carry out intelligence and subversive activities against Ukraine. Russian symbols and pro-Kremlin literature were also found in their homes.”
3. US’s Intel 471, Supplier to the Australian Signals Directorate, Forced to Tighten Belt
Intelligence Online reported on March 27th that “a victim of the economic crisis and last year’s crypto collapse, US private equity firm Thoma Bravo’s losses have hit the cyber threat intelligence outfit Intel 471 and other firms in its cyber portfolio, under orders to slash costs.”
4. Bat-bombs, Mind Control and Umbrella Guns: This Over-the-top Spy Agency Was the Forerunner of the CIA
The New York Post published this article on March 26th saying that “as President Franklin Delano Roosevelt sat in his wheelchair in the Oval Office, dictating a letter to his secretary, in sneaked William Donovan, the head of the Office of Strategic Services, armed with a loaded pistol. At Donovan’s feet was a bag of sand. As the president continued working, oblivious to Donovan’s presence, the OSS chief quickly fired 10 bullets into the sand — and still Roosevelt knew nothing, only turning round when he could smell burnt gun powder in the air. “He looked up with wide eyes and saw Donovan standing behind him with a smoking gun in his hand,” writes John Lisle in “The Dirty Tricks Department: Stanley Lovell, the OSS and the Masterminds of World War II Secret Warfare” (St. Martin’s Press). Donovan wrapped the pistol in a handkerchief and gave it to the president, introducing it as the OSS’s new firearm, silent and flashless. A forerunner to the Central Intelligence Agency, the OSS was formed in June 1942 to coordinate the espionage activities of the country’s armed forces during World War II.”
5. Spy Collection: Israeli Mossad Spy Gadgets Captured in Lebanon (2009)
On March 27th we published this video in our archived content/footage playlist. As per its description, “in May 2009 the Lebanese Internal Security Forces (ISF) allowed the press to film some of the spy gadgets they had recently confiscated from a dismantled espionage network of five Lebanese citizens who were operating as Israeli Mossad agents. According to ISF, Mossad had also recruited an official from Lebanon’s General Security organisation, and some of the displayed items were given to him by his Mossad case officer (handler) to assist in his espionage activity.”
6. United States Indicts Alleged Russian Spy Who Tried to Infiltrate ICC in the Hague
Following 2022 week 24 story #2, 2022 week 45 story #76, and last week’s story #70, on March 26th The Guardian reported that “US authorities have released new details about an alleged Russian spy who attempted to penetrate the international criminal court in The Hague, using a false identity developed over a decade. An indictment made public on Saturday accuses Sergey Cherkasov, who US intelligence believes is an elite “illegal” operative of Russia’s GRU military intelligence agency. Cherkasov posed as Brazilian citizen Victor Muller Ferreira over many years. Cherkasov, in his cover identity, took a masters at Johns Hopkins University in US foreign policy and won an internship at the ICC. He was detained on arrival in the Netherlands last April when he presented his Ferreira passport. Dutch intelligence later released his real name and some details of his cover story, but did not arrest him, instead deporting him back to Brazil. Last July, he was convicted there on charges of falsely obtaining and using Brazilian documents, and jailed for 15 years. His attempted infiltration of the ICC has gained added significance after the court’s decision earlier this month to issue a war crimes indictment against the Russian president, Vladimir Putin. Had Cherkasov succeeded in working at the court, he would potentially have been able to access the court’s email systems and other sensitive information. Following his arrest in Brazil, Russia swiftly launched an extradition request, admitting the man in question was Sergey Cherkasov, but insisting he was a criminal fleeing drug charges in Russia, rather than a GRU operative. Trying to extradite operatives or assets on concocted criminal charges is a tactic that has been employed by Russian authorities before.”
7. New Zealand: GCSB Helped Prevent Three Potential Domestic Terror Attacks
RNZ reported on March 27th that “the head of one of New Zealand’s spy agencies has revealed it helped prevent three recent possible domestic terror attacks. Government Communications Security Bureau (GCSB) director-general Andrew Hampton and Security Intelligence Service (NZSIS) acting director-general Phil McKee appeared before Parliament’s Intelligence and Security committee this morning. Hampton told MPs about three recent domestic counter-terrorism operations the GCSB had been involved in. One operation involved an individual motivated by extremist ideologies who was making bomb threats; a second targeted a violent white supremacist who was “displaying behaviour of increasing concern online”; and the third involved a person claiming to be a white supremacist who was threatening to use guns and explosives at a public event. “In all three operations, the GCSB was able to combine lead information with our unique technical capabilities to help identify the individuals, who had each taken great care to anonymise themselves online,” he said. “We were able to work with Police and NZSIS to develop a clearer picture of the real-world threat they posed, and in the case of the third operation — the gun and bomb threat to a public event — we were able to provide information that supported the appropriate action to be taken by police.” Speaking to reporters afterwards, Hampton said in all three operations, the lead information came from other domestic agencies. “We were able to use our technical capabilities to help round out the picture of those individuals because these were people who were trying to obscure who they were online and that’s where we can help out.”.”
8. New Zealand: Statement to Intelligence and Security Committee by Andrew Hampton, Director-General GCSB
Following this week’s story #7, here is the official GCSB announcement published on March 27th. It’s a transcript of the complete speech that Andrew Hampton, Director-General GCSB gave to the Intelligence and Security Committee of New Zealand.
9. Podcast: London Real: Mike Baker — Company Rules: Everything I Know About Business I Learned From The CIA | Part 1 Of 2
On March 26th the London Real published this podcast episode. As per its description, “today’s guest fits into that exact category, a real life James Bond, who spent over fifteen years working in the shadows as a Central Intelligence Agency officer. I am of course speaking about security expert, TV host and author, Mike Baker. Mike was recruited by the CIA, going on to spend over fifteen years working as a covert field officer specialising in counterterrorism, counternarcotics and counterinsurgency operations.”
10. Afghan Forces Raid IS Hideouts in Mazar-i-sharif, Kill Several Insurgents
China.org.cn reported on March 27th that “Afghan forces raided the hideouts of the Islamic State (IS) outfit in Afghanistan’s Balkh province Sunday, killing several insurgents, said a statement of counter-intelligence agency released here Monday. Personnel of the General Directorate of Intelligence attacked the hideouts of the IS group in Police Districts 5, 8 and 10 in Mazar-i-Sharif city, killing several insurgents, the statement added. The statement also noted that several IS militants who were involved in organizing terror attacks in Kabul, Faryab and Balkh provinces and killing the Balkh governor weeks ago have been arrested. This is the fourth operation launched by Afghan forces against IS hideouts in the national capital Kabul and northern Mazar-i-Sharif city over the past weeks, killing several IS-affiliated insurgents. The rival armed group has yet to comment.”
11. Ukraine’s SBU Detains Russian Female Agent in Lviv
On March 27th Ukraine’s SBU announced that they “detained an enemy informer in Lviv, who, under the guise of a resettled person, was gathering data about the Armed Forces of Ukraine. She was remotely involved in cooperation in October of last year. Counter-intelligence officers of the Security Service documented that the suspect was gathering intelligence about the bases and movements of the Defence Forces in Lviv. In order to disguise her intelligence activities, the woman pretended to be a migrant from the front-line regions of southern Ukraine. According to the investigation, the informant often visited the territory near the locations of deployment of military formations and made marks on electronic maps. Later, she tried to transfer the collected data to the Russian Federation via messenger. However, SBU counter-intelligence officers worked ahead of time — timely exposed the perpetrator, documented the criminal actions and detained her while trying to pass intelligence information to the aggressor. During the search, computer equipment and seven mobile phones were seized from the detainee. One of them contained evidence of criminal activity.”
12. United States: Northrop Grumman Sees Bright Future for MQ-8 Despite US Navy Divestments
Janes reported on March 27th that “despite the US Navy’s (USN’s) recent cuts, entirely divesting the MQ-8B and cutting the follow-on MQ-8C fleet to eight operational helicopters, Northrop Grumman anticipates a bright future for the Fire Scout unmanned aerial vehicle (UAV). Both Northrop Grumman and the USN are focused on expanding the MQ-8’s role. The helicopter was built to give Littoral Combat Ships (LCSs) an intelligence, surveillance, and reconnaissance (ISR) capability, using its Forward Looking InfraRed (FLIR) Systems Brite Star II electro-optical payload and Leonardo Aperture radar to remotely detect targets and threats. The data from these sensors is sent back to the ship and distributed from there, but the USN has of late stressed on feeding data into a digital cloud and distributing it immediately and widely to provide a common operation picture for any forces in the region. “We are constantly making improvements to the system,” Lance Eischeid, Northrop Grumman’s MQ-8 programme manager, told Janes.”
13. Poland Detains Man for Spying for Russia
The DailyMail reported on March 27th that “Poland has detained a foreign citizen on charges of spying for Russia, prosecutors said on Monday, as the largest country on NATO’s eastern flank finds itself increasingly targeted by Moscow’s intelligence services. The war in Ukraine has plunged what were already strained relations between Poland and Russia to new lows, with Warsaw saying it is frequently the subject of Russian espionage and disinformation. Prosecutors in the northern Polish city of Gdansk said in a statement that the suspect had been detained on March 21. “The findings made in the case show that the suspect acted for the benefit of Russian intelligence by obtaining and collecting information… on critical infrastructure in the Pomeranian and Kuyavian-Pomeranian Regions and on the activities of services and bodies responsible for security,” they said. “The information obtained was passed on to the Russian intelligence service,” the statement added. The arrest comes after Poland dismantled a Russian espionage network that had been preparing acts of sabotage and monitoring rail routes to Ukraine. If found guilty the suspect could face up to 10 years in prison.” Here’s the official Polish government announcement.
14. Interview: North Korean Spy Reveals the Truth Behind Otto Warmbier’s Death
On March 27th the Asian Boss’ “The UNCUT Interview” published this new episode. As per its description, “we spoke to a Chul-eun Lee, a a former high-ranking North Korean government official who defected to South Korea in 2016. If you are curious about the inner workings of the North Korean spy agency at the highest level, make sure to watch the video til the end.”
15. French External Intelligence Agency Wants its South East Asia Team in Shipshape
Intelligence Online reported on March 27th that “Marc P.’s arrival in Singapore after six years serving as head of the DGSE’s intelligence department should allow the service to ramp up its action in a highly strategic zone, one that it had largely ignored for years, as China places its pawns in South East Asia.”
16. Russian XakNet Tries to Recruit Citizens in Ukraine for Espionage
The Difesa & Sicurezza reported on March 27th that “pro-Russia hacker group XakNet seeks to recruit Ukrainians to spy on their military. The formation claimed on its Telegram channel that it had acquired the personal data of around eight million citizens of the European country. Following this, he sent all of them a proposal: give us information about the activities of the Kyiv Armed Forces in exchange for rewards from 15 to 5,000 dollars. In particular coordinates, photos, videos and software are required. In addition, they promise untraceable or cryptocurrency transactions and complete anonymity for anyone who spies for Moscow. A secure communication systems will be created for the transfer of information. The XakNet recruitment operation is part of the “Active Measures”, Aktivnye Meropriyatiya, adopted by the Soviet Union since the 1920s and developed since the 1950s by the KGB. Today they are mainly managed by the GRU, the military intelligence service. They are a set of offensive operations of various types (propaganda, espionage, sabotage, political assassinations, media manipulation, etc.), the objective of which is to guarantee Russia advantages over the targets. In this case Ukraine.”
17. Podcast: Shawn Ryan Show: Andrew Bustamante — CIA Spy / World War 3, Money Laundering, and The Next Superpower (Part 1)
On March 27th the Shawn Ryan Show published a new podcast episode. As per its description, “Andrew Bustamante is a former Air Force Combat Veteran and CIA Intelligence Officer specializing in covert action and clandestine operations, a.k.a, your everyday Spy. In Part 1 of this two-part series, Bustamante takes us through his recruitment into the Agency and how he met his wife in the field — a true “Mr. & Mrs. Smith” moment. Bustamante & Shawn get honest with unfiltered opinions on COVID and American foreign policy with China, Russia, and Ukraine. Bustamante discusses proxy wars and the United States’ interests in the current conflict in Eastern Europe and how that affects us here at home. Bustamante level sets with us on media & propaganda, declining US influence, and whether or not our politicians have something to hide. Strap in. This episode is all about the world underneath, through the eyes of a Spy.”
18. New Indian Cyber Espionage Operation
On March 27th cyber security researcher Kimberly discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as BITTER, previously associated with the government of India. The operation involved a lure file titled “Ticktes12.zip” which, if opened, was covertly installing a cyber espionage software implant.
19. United States: Intelligence Community Hiring Looks to Hit Untapped Talent Markets
The ClearanceJobs published this article on March 27th saying that “the Brookings Institution’s Strobe Talbott Center for Security, Strategy, and Technology resumed its annual forum today, with a focus on the future of recruitment, retention, and education in the military and national security communities. The first panel focused on recruiting, retaining, and engaging the Intelligence Community (IC) workforce. Moderator, Scott Englund, Assistant Dean at the College of Strategic Intelligence and Federal Executive Fellow for Foreign Policy, Strobe Talbott Center for Security, Strategy, and Technology, walked panelists through challenges specific to the IC’s efforts to attract a broader swath of talent — and a broader base of skillsets.”
20. United States: Biden Bans Government Use of Spyware that Poses Risk to National Security
AA reported on March 28th that “US President Joe Biden issued an executive order Monday banning government agencies from using commercial spyware that poses a risk to national security. In his order, Biden said the US must establish procedures to ensure the responsible use of commercial spyware, protecting its interests, information systems, and not contributing to its misuse by foreign governments. “Therefore, I hereby establish as the policy of the United States Government that it shall not make operational use of commercial spyware that poses significant counterintelligence or security risks to the United States Government or significant risks of improper use by a foreign government or foreign person,” he said. The order requires federal departments and agencies to not make operational use of commercial spyware where they determine that such use poses significant counterintelligence or security risks to the government. The White House said commercial spyware has proliferated in recent years with few controls and a high risk of abuse. It said a growing number of foreign governments around the world have deployed this technology to facilitate repression and enable human rights abuses. “Misuse of these powerful surveillance tools has not been limited to authoritarian regimes. Democratic governments also have confronted revelations that actors within their systems have used commercial spyware to target their citizens without proper legal authorization, safeguards and oversight,” it added.” Here is the official Executive Order titled “President Biden Signs Executive Order to Prohibit U.S. Government Use of Commercial Spyware that Poses Risks to National Security.”
21. Operation Rubicon: How the CIA and BND Spied on the World
Grey Dynamics published this article on March 27th. As per its introduction, “Operation Rubicon was a joint covert operation carried out by the United States Central Intelligence Agency (CIA) and the West German Federal Intelligence Service (BND) during the Cold War. The operation involved the acquisition and operation of a Swiss company called Crypto AG, which was a leading manufacturer of encryption machines used by governments, militaries, and intelligence agencies around the world. Under Operation Rubicon, the CIA and BND secretly purchased Crypto AG and then modified the encryption machines to allow the intelligence agencies to eavesdrop on the communications of foreign governments and intelligence services that used the machines. The operation reportedly began in the 1950s and continued until the early 2000s. The operation was considered one of the most successful and longest-running espionage operations of the Cold War, allowing the CIA and BND to intercept and decipher sensitive communications from numerous countries, including Iran, Argentina, and Libya. However, the operation was eventually exposed in 2020 through investigative reporting by several news organizations, leading to widespread criticism of the intelligence agencies involved and calls for greater transparency and accountability in intelligence operations.”
22. Video: Chinese Spy Balloon Recovery Operation by U.S. Navy
On March 30th the US Naval Institute published this video recording. As per its description, “Rear Admiral Brad Andros, U.S. Navy, who led the operation to recover the Chinese spy balloon, talks about the operation and the sailors and capabilities brought to bear to find and recover it.”
23. Ukraine Charges FSB Agent Detained in May 2022 to 15 Years in Prison
On March 27th Ukraine’s Security Service (SBU) announced that “a traitor who passed intelligence on military and infrastructure facilities in Dnipropetrovsk region to the FSB will spend 15 years behind bars. His intelligence was handed over to the Russian occupiers just when the Kryvyi Rih airfield suffered from enemy missile attacks. He also sent the aggressor the coordinates of road and transport infrastructure facilities and social institutions, including schools and colleges. The invaders needed this information to prepare new air attacks on the Ukrainian city. SBU officers detained an enemy accomplice during counter-subversive measures in the front-line areas in the south of Ukraine. According to the materials of the Ukrainian intelligence service, the court sentenced him to 15 years in prison with confiscation of property. According to the investigation, the perpetrator is a local resident, a former employee of one of the most powerful industrial giants in the region. In May of last year, the officers of the 5th Service of the FSB remotely involved him in secret cooperation. For recruitment, the enemy used one of the pro-Kremlin Telegram channels, where the figure actively spoke in support of the armed aggression of the Russian Federation. To carry out enemy tasks, the traitor went around the city and carried out covert photography of the infrastructure. Then he sent a “report” to the FSB in the form of notes on electronic maps, media files with a link to the area and a detailed description of objects in the surrounding area. During the search, a mobile phone with evidence of his correspondence with the aggressor was seized.”
24. Has the U.S. Lost Track of the Spies in Our Midst?
On March 27th The New Republic published this article saying in its introduction that “Richard Helms, who ran the Central Intelligence Agency under Presidents Johnson and Nixon, and remained the gray eminence of American spies until his death in 2002, offered a pithy piece of advice to his successors: “Never go home at night without wondering where the mole is.” This warning is the heart of counterintelligence, broadly defined as protecting the nation’s secrets and intelligence officers from betrayal, exposing enemy spies and double agents, and guarding against subterfuges aimed at deceiving and damaging the United States. “The business,” wrote Helms’s biographer, Thomas Powers, “is a Dantean hell with ninety-nine circles,” and it demands rare qualities, among them “a prodigious memory, patience, great psychological sensitivity, and the capacity to live with uncertainty forever.” Counterintelligence cases can go on for many years, haunted by unresolved suspicions and false leads. The work is not for the faint of heart. During the first 25 years of the Cold War, U.S. counterintelligence was in the hands of two men: the FBI’s J. Edgar Hoover and the CIA’s James J. Angleton. Hoover was slow to see that the Kremlin’s spies had run rampant in the United States since the early 1930s. By World War II, they had infiltrated the State Department, the Justice Department, the Treasury Department, the OSS (the CIA’s predecessor), and the Manhattan Project to build the atomic bomb; Representative Samuel Dickstein, who represented the Lower East Side for 22 years, served the Kremlin as a paid agent in Congress from 1937 to 1940, informing on anti-communist and pro-fascist Americans for the Soviet Embassy. After the war, the FBI picked up the scent of Soviet spies in the United States. By 1951, with the Red Scare in full roar after the convictions of the atomic spies and leaders of the Communist Party of the United States, whose underground had supported the Kremlin’s agents, the Soviets laid low. But not for long.”
25. United States: Statement by CIA Director William J. Burns on the Passing of Vaughn Bishop
On March 27th the Central Intelligence Agency (CIA) of the US issued this press statement saying that “CIA mourns the passing of former Deputy Director Vaughn Bishop. Vaughn personified what it means to be a CIA officer during his long and storied career. He cared deeply about the CIA and even more so about the women and men who serve in it. He inspired countless officers and was known for his always approachable demeanor, good humor, and willingness to listen to and learn from others — from the most junior officer to the most senior. Our Agency and our country have lost a true patriot. He will be deeply missed and always remembered.”
26. US Resident and Lobbyist Who Works for Turkish Government Flagged in IRGC Quds Force Probe in Turkey
On March 30th the Nordic Monitor reported that “a lobbyist who works in Washington, D.C., to promote the Islamist government of President Recep Tayyip Erdoğan was flagged during a confidential probe conducted by prosecutors into Islamic Revolutionary Guard Corps (IRGC) Quds Force cells in Turkey. According to documents from the investigation obtained by Nordic Monitor, the phone conversations of Hakan Çopur, a resident of Arlington, Virginia, were intercepted during the monitoring of Quds Force suspects by police between 2011 and 2014. The investigation unmasked dozens of Quds Force operatives from Turkey and Iran, some working undercover as diplomats attached to the Iranian Embassy in Ankara and Consulate General in Istanbul and some working within the inner circle of President Erdoğan. Çopur’s name came up after police secured wiretap authorizations to run surveillance on suspects and track their phone and email communications. According to a secret document, Çopur was caught on November 28, 2013 talking to a target who was suspected of working for the Quds Force. The wiretaps were incorporated into the investigation to build a case against the Quds Force. The court documents further revealed that Çopur was linked to the Foundation for Human Rights and Freedoms and Humanitarian Relief (İnsan Hak ve Hürriyetleri ve İnsani Yardım Vakfı, or IHH), described as the logistics supplier for al-Qaeda’s global operations. In documents sent to the prosecutor’s office, the IHH acknowledged the work of Çopur, whom it said contributed to the organization as a volunteer.”
27. United Kingdom: Britain’s Intelligence Agency Raises Terror Threat Level in Northern Ireland
WION reported on March 29th that “the British government on Tuesday (March 28) increased its terrorism threat level in Northern Ireland from “substantial” to “severe” after a risk assessment by the spy agency MI5. Northern Ireland Secretary Chris Heaton-Harris noted that the analysis by the intelligence agency means that an incident is judged “highly likely”. The public should “remain vigilant” but not be “alarmed”, said Heaton-Harris in a written statement to the members of the parliament after the risk assessment. “Over the last 25 years, Northern Ireland has transformed into a peaceful society. The Belfast (Good Friday) agreement demonstrates how peaceful and democratic politics improve society,” Heaton-Harris said in his statement. “However, a small number of people remain determined to cause harm to our communities through acts of politically motivated violence.” The threat level has been increased by the intelligence agency in the aftermath of the Omagh police shooting when a senior police officer John Caldwell was shot by masked gunmen in County Tyrone. UK-based media reports have claimed that the detective chief inspector is in hospital and is believed to be in a critical but stable condition.”
28. Lebanese Security Forces Arrest Man Suspected of Spying for Israel’s Mossad
On March 29th PressTV reported that “Lebanon’s security forces have arrested a Lebanese man suspected of spying for Israel’s Mossad spy agency and collaborating with the regime’s authorities through collecting sensitive information and taking pictures of important centers in the Arab country. According to a report published by the Arabic-language Rai al-Youm newspaper, the man, whose identity was not immediately known, was detained by members of the General Security Directorate. The report added that the suspected Mossad spy had been in contact with Israel’s spy agency for a while. Rai al-Youm noted that Lebanese security forces initially raided the suspect’s home in Aramoun village, but could capture him in Choueifat city southeast of the capital Beirut.”
29. Ukraine’s SBU Discovered that the President of Motor Sich Blocked the Delivery of Combat Helicopter to Ukraine’s Military Intelligence (GUR)
On March 28th the SBU of Ukraine announced that they “established that the president of Motor Sich blocked the delivery of a combat helicopter for the GUR of the Ministry of Defence in April 2022. Counter-intelligence and investigators of the Security Service uncovered new facts of the criminal activities of the president of Motor Sich JSC, who is suspected of working for the aggressor. During the investigation, it was established that the high-ranking official was involved in obstructing the legitimate activities of the Defence Forces in favour of the aggressor country. According to the investigation, in April of last year he received an order from representatives of the Ministry of Defence of the Ministry of Internal Affairs regarding the paid transfer of an MI-2 helicopter to the department for combat missions at the front. However, the head of the industrial giant deliberately blocked the execution of the corresponding state order. For this, he instructed his subordinates to disassemble the aircraft into parts and hide the operating documentation for it. Following the orders of the high-ranking official, the plant workers removed the blades and disabled the helicopter’s mechanisms, which are responsible for the operation of the main rotor.”
30. ‘This is Like a Movie’: Ukraine’s Secret Plan to Convince 3 Russian Pilots to Defect with Their Planes
Following 2022 week 22 story #33, Yahoo! News reported on March 30th that “at first, the Russian pilots all thought it was a scam. But they agreed to go along with it anyway, especially after the initial payments came through. Last summer, a group of Ukrainian volunteers, working closely with their country’s intelligence service, apparently came close to persuading three Russian aviators who were in the midst of bombing Ukraine to defect with their warplanes in exchange for $1 million a piece. It was a bold, months-long operation, “like a movie,” in the words of one of the Russian marks, a trio of exceptionally well-trained airmen who seemed amenable to betraying their motherland for a sum of money they’d otherwise never see in their lifetimes. What looked like a legitimate plan to switch sides proved anything but. None of the pilots defected in the end. There is strong evidence that most if not all of them were found out by Russia’s Federal Security Service (FSB), one of the successor agencies to the Soviet KGB. Russian propaganda says the whole saga was in fact orchestrated by the FSB from the start. The Ukrainians insist the FSB only got involved late in the negotiations, after sincere commitments were made by each pilot. Kyiv also maintains its failure to acquire Russian warplanes was nonetheless a mitigated success: It gleaned valuable technical information about Russia’s air force and compromised three military officers, at least one of whom has not flown combat missions since. A complex intelligence operation thus devolved into a remote game of dueling counterintelligence narratives with both sides claiming victory.”
31. Webinar: Introduction to MASINT with Peter Humphrey
On March 29th the International Spy Museum published this video recording. As per its description, “Birds do it, bees do it — even educated slugs do it! But you can’t do it…that is smell certain chemicals, feel an earthquake before it hits, or sense changes in the atmosphere. That’s why spy agencies have invented super sensors to collect invisible intelligence — chemical traces, nuclear particles, vibrations, and wave-lengths — that can be used to identify and track targets. Sound like magic? Join us for an introduction to the too little-known field of Measurement and Signature Intelligence (MASINT) from Peter Humphrey. Humphrey is an all-source analyst: a researcher and writer with some 50 publications in the fields of intelligence, international affairs, and geophysics. He has worked as a diplomat, intelligence analyst, and international affairs professor, teaching at DIA’s National Intelligence University and DOD’s National Defense University. Humphrey is a former Foreign Service Officer, who served as consular officer and Science Attaché at the US Embassy in Mexico City, then returned to the State Department to liaise with UN agencies in Rome. While serving as State/INR’s intelligence analyst for Iraq and Iran, he attended DIA’s National Intelligence University, where he later taught international strategic affairs. He worked as senior all-source intelligence analyst in Battelle’s Special Program’s Office, specializing in ‘open source’ augmentation of classified biological warfare, terrorism, and arms trafficking leads. Humphrey will use examples from the past as well as current examples drawn from open source to demystify MASINT.”
32. Israel Launches New Spy Satellite Overseen by Fired Defence Minister
The New York Post published this story on March 29th saying that “Israel put a new version of its spy satellite into orbit Wednesday under the oversight of fired Defense Minister Yoav Gallant — with the hope of supplying its military with better-quality images. Gallant’s supervision of the Ofek-13 satellite launch, which was planned months in advance, indicates he will remain in office even after breaking ranks with and speaking out against Prime Minister Benjamin Netanyahu’s controversial judicial overhaul plan. As Netanyahu put the plan on hold for at least a month to “avoid a civil war,” Gallant has continued to fulfill his duties as defense minister, even attending a security-related meeting Tuesday alongside the PM. The Ofek-13 launch took place at a test site in central Israel using a Shavit launch vehicle and was shot over the Mediterranean Sea, the Ministry of Defense said in a release. Gallant hailed the launch as “yet another important example of the Israeli defense establishment’s groundbreaking innovation.” “Israel has already proved its diverse space capabilities many times and is one of very few countries to possess such capabilities, capabilities that we continue to develop and strengthen,” he said.”
33. Podcast: CIA’s Langley Files: CIA’s Analytic Chief on the Tradecraft Behind the Agency’s Assessments
On March 28th the United States CIA published a new podcast episode. As per its description, “in this episode of The Langley Files, Deputy Director of CIA for Analysis, Linda Weissgold, joins Dee and Walter to discuss what makes a good CIA analyst, the unusual working hours required to be the President’s briefer, and the importance of the Agency’s apolitical assessments. Along the way, she shares lessons from her decades-long career with CIA — and what it’s like delivering bad news to the most powerful person on the planet.”
34. Vietnam: Not Over for Lockheed Martin on Spy Satellite Tender
Intelligence Online reported on March 30th that “the US defence giant Lockheed Martin is back in the running for a contract to provide Vietnam with an observation satellite. With the US willing to evoke ITAR to block the initial winner of the contract, Israel Aerospace Industries, and Airbus seeming to have fallen behind, its chances of taking the lead have increased.”
35. United States: Here is the FBI’s Contract to Buy Mass Internet Data
Vice released this article on March 27th saying that “the Federal Bureau of Investigation paid tens of thousands of dollars on internet data, known as “netflow” data, collected in bulk by a private company, according to internal FBI documents obtained by Motherboard. The documents provide more insight into the often overlooked trade of internet data. Motherboard has previously reported the U.S. Army’s and FBI’s purchase of such data. These new documents show the purchase was for the FBI’s Cyber Division, which investigates hackers in the worlds of cybercrime and national security. “Commercially provided net flow information/data — 2 months of service,” the internal document reads. Motherboard obtained the file through a Freedom of Information Act (FOIA) request with the FBI. Netflow data creates a picture of traffic volume and flow across a network. This can include which server communicated with another, information that is ordinarily only available to the owner of the server or to the internet service provider (ISP) carrying the traffic. Team Cymru, the company ultimately selling this data to the FBI, obtains it from deals with ISPs by offering them threat intelligence in return. These deals are likely conducted without the informed consent of ISPs’ users. Team Cymru explicitly markets its product’s capability of being able to track traffic through virtual private networks, and show which server traffic is originating from. Multiple sources previously told Motherboard that netflow data can be used to identify infrastructure used by hackers.”
36. Ukrainian SBU Detained Border Guard Acting as FSB Agent
On March 28th Ukraine’s SBU announced that they “detained a border guard who tried to leak information to the FSB about the protection of the northern borders of Ukraine. The agent was an inspector of the Chernihiv border detachment. Even before the start of the full-scale invasion, the official was recruited by a case officer of the FSB. After February 24 last year, the enemy “activated” his accomplice to carry out reconnaissance and subversive activities against Ukraine in wartime conditions. First of all, the aggressor was interested in combat orders and a plan of measures regarding the engineering and technical arrangement of the state border within the Chernihiv region. It was this secret information that the Russian agent had to find, photograph, and then transfer to his “handler” from the FSB through the Telegram messenger. Intelligence was needed by the occupiers to prepare and carry out a series of sabotage in the border areas in the north of Ukraine. However, the SBU officers worked ahead of time — they exposed the traitor in a timely manner and detained him while trying to transmit information with limited access to the aggressor.”
37. Saudi Arabia: Ex-Saudi Spy Chief Says Kingdom Took Strict Position Towards Israel
The Middle East Monitor reported on March 29th that “Prince Turki Al Faisal Bin Abdulaziz Al Saud, the former Saudi intelligence chief, said the kingdom took a strict stance towards Israel decades ago, Al Resalah newspaper reported. “King Faisal Bin Abdulaziz offered the needed support for Egypt, Syria and Jordan after the 1967 war, when Israel conquered parts of these countries,” he said. He added: “That support aimed at helping those countries in order not to surrender to the fait accompli situation. The support also aimed at reinforcing the resilience of those countries to deter the Israeli aggression on Arab countries.” Relations between Saudi Arabia and each of these countries witnessed much action during the life of King Faisal, who visited the capitals of the three countries. Saudi Arabia has several times said it will not normalise ties with Israel before a solution is reached to the Palestinian-Israeli conflict. However, secret meetings between senior officials from both countries have been reported.”
38. Report: North Korean Group Uses Cybercrime to Fund Espionage Operations
Cyber security and intelligence firm Mandiant published this intelligence product on March 28th stating that “today we are releasing a report on APT43, a prolific threat actor operating on behalf of the North Korean regime that we have observed engaging in cybercrime as a way to fund their espionage operations. Mandiant tracks tons of activity throughout the year, but we don’t always have enough evidence to attribute it to a specific group. However, as we continue to observe more activity over time and our knowledge of related threat clusters matures, we may graduate it to a named threat actor. Such is the case with APT43. This report represents the culmination of endless hours of research and connecting the dots across numerous Mandiant groups, and highlights collaboration with our new colleagues at Google Cloud as well. It also marks our first official graduation since Mandiant announced APT42 in September 2022. Dive into the report now for in-depth analysis on APT43 targeting and TTPs, examples of their campaigns and operations, and an annex of malware and indicators.”
39. Pope’s Would-be Assassin in Turkey Sponsored by a Secret Donor in Europe
The Nordic Monitor published this article on March 22nd saying that “Turkish ultranationalist Mehmet Ali Ağca, convicted of the murder of journalist Abdi İpekçi and the attempted assassination of Pope John Paul II, has recently revealed that he was sponsored by an unidentified donor in Europe for his anti-Vatican activities and views. “In Europe, there’s a ‘gavur’ [infidel] who sees all the evils of the Vatican and hates the Vatican. There are records of this, there are bank records. … It was a very good donation that will be enough for the next 20 years,” he said without disclosing the identity of the donor or in what country in Europe he or she is located. The revelation was made on March 13 during an interview with Oda-TV, a conspiracy-peddling, propagandist media outlet under the control of Turkish intelligence agency MIT. Asked how he supports himself financially, Ağca said a donor in Europe, a non-Turk, had made a huge lump sum deposit to his account in Turkey that would cover his expenses for the next two decades. He said the money was sent because the donor admired his work and shares a similar anti-Vatican perspective. The Turkish state knows all about the funds, he emphasized. The convicted killer also disclosed that he was about to make more money on a planned TV series which he claimed would expose how the US, NATO and the CIA plotted to topple the Soviet Union with lies and smears. He named Netflix as the platform that would broadcast the series if and when the project becomes reality.”
40. Three More People Involved in Espionage Detained in Poland
Svidomi reported on March 28th that “Poland’s Internal Security Agency has detained three more people suspected of spying for Russia. They may be involved in an agent network exposed by Polish intelligence services on March 16. Among the tasks of this network were monitoring and documenting the transport of weapons to Ukraine. At that time, Polish law enforcement officers seized cameras, electronic equipment, and GPS transmitters to be installed on vehicles transporting weapons to Ukraine. Currently, the number of detained Russian spies in Poland is 12.”
41. Australia: ASIO to Take Over Issuing High-level Security Clearances Due to ‘Unprecedented’ Espionage Threat
The Guardian reported on March 29th that “the spy agency Asio will take over issuing the highest level security clearances in Australia in response to what the government calls “the unprecedented threat from espionage and foreign interference”. The government revealed the plans in a bill introduced to parliament on Wednesday, saying the new process would “reduce the risk of compromise of trusted insiders”. While the Aukus nuclear-powered submarine plans were not specifically mentioned, the government’s notes to parliament said that the measures would help “ensure the ongoing confidence of our most trusted allies”. The legislation will make the Australian Security Intelligence Organisation (Asio) responsible for issuing, maintaining and revoking Australia’s highest level of security clearance, known as “positive vetting”. This will replace the function currently performed by a range of agencies, including the Australian Government Security Vetting Agency, the Australian Secret Intelligence Service, the Australian federal police and the Office of National Intelligence (ONI). The laws governing Asio will be updated to allow the agency to make security clearance decisions “for Asio and non-Asio personnel alike” and to conduct security vetting and assessment on an ongoing basis. Asio will be allowed to communicate with other agencies that sponsor security clearances, as part of attempts to prevent the risk of “trusted insiders” going rogue. The government’s explanatory notes said the changes were “critical to enabling the ongoing, rather than point-in-time, validation of an individual’s suitability for a security clearance”.”
42. UN Report Calls for Sanctioning North Korean Spy Chief to Counter Cybercrime
The NK News reported on March 29th that “the U.N. Security Council should sanction the head of North Korea’s intelligence agency to counter cyberattacks and cut off a key source of funding for its nuclear and weapons programs, a forthcoming U.N. report recommends. But one expert says the latest Panel of Experts report is mostly scant on specifics and repeats known information and existing countermeasures, leaving a gap that countries like the U.S. must fill to ensure global cooperation against this threat.”
43. Ukrainian SBU Detained FSB Agent Near Avdiyivka
Ukraine’s SBU announced on March 29th that they “detained a Russian agent who was “hunting” for ammunition warehouses of the Defence Forces near Avdiyivka. The Security Service exposed another FSB agent during counter-subversive measures in the front-line areas of Donetsk region. He turned out to be a local resident who, even before the start of the full-scale invasion, maintained friendly relations with a case officer of the Russian intelligence service. After February 24, the enemy remotely recruited his friend and assigned him the task of carrying out reconnaissance and subversive activities in the region. First of all, the aggressor was interested in information about the locations of ammunition depots and bases of military equipment of the Defence Forces in the Avdiiv region. To collect Russian intelligence, the agent traveled around the area and tried to covertly film Ukrainian sites. He had to transmit the collected information to the FSB through an anonymous messenger in the form of electronic coordinates, as well as media files with a link to the area and a detailed description. Intelligence was needed by the occupiers to plan tactical operations against the Defence Forces on the eastern front. However, the SBU officers worked ahead of time — promptly exposed, documented and detained the intruder during his intelligence mission.”
44. Kurdistan (Northern Iraq): Increased Reconnaissance Flights over Maxmur Refugee Camp
The ANF News reported on March 24th that “according to reports from the ground, there have been frequent reconnaissance flights since March 3 over the Maxmur refugee camp in southern Kurdistan (northern Iraq). RojNews reported that reconnaissance aircraft have frequently flown over the camp after Iraqi Defence Minister Sabit Muhammed Said met Turkish intelligence service (MIT) head Hakan Fidan during a visit to Turkey on March 3. It is further reported that reconnaissance aircraft conducted low level flights over the camp at around 13:40 local time. It is not known to which country the aircraft belongs. In recent years, the Martyr Rüstem Cudi Refugee Camp has been targeted multiple times by the invading Turkish state’s armed drones. The last drone attack targeted a house inside the camp on August 29, 2022, killing a citizen named Ebuzêd Dêrhini, the father of 6 children.”
45. Russian Spies More Effective Than Army, Say Experts
BBC published this article on March 29th stating that “Russia’s security and intelligence services have achieved greater success in Ukraine than its army, says a leading UK defence think tank. Russian spy agencies began preparing for the invasion of Ukraine as far back as June 2021, says a report by the Royal United Services Institute (Rusi). The Federal Security Service (FSB) has quickly dominated populations in occupied areas of Ukraine, Rusi adds. The report was compiled using sources including captured documents, it says. Ukrainian intelligence officials, intercepted communications and on-the-ground research also contributed. Researchers say the FSB has been able to download government computer hard drives to identify pro-Kyiv individuals that its agents want to arrest and interrogate. Electronic warfare units have been deployed to cut off occupied parts of Ukraine from the outside world to help them enforce control, Rusi says. According to the think tank, the head of Russian foreign intelligence, the SVR, told President Vladimir Putin they needed more time to prepare and asked for the invasion to be delayed. His request was denied.”
46. Google TAG: Spyware Vendors Use 0-days and N-days Against Popular Platforms
The Google Threat Analysis Group (TAG) published this report on March 29th saying that “for years, TAG has been tracking the activities of commercial spyware vendors to protect users. Today, we actively track more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government backed actors. These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house. While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments to target dissidents, journalists, human rights workers and opposition party politicians. In this blog, we’re sharing details about two distinct campaigns we’ve recently discovered which used various 0-day exploits against Android, iOS and Chrome and were both limited and highly targeted. The 0-day exploits were used alongside n-day exploits and took advantage of the large time gap between the fix release and when it was fully deployed on end-user devices. Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits.” The first was targeting people located in Italy, Malaysia and Kazakhstan, and the second one individuals located in the United Arab Emirates (UAE).
47. Greek EYP and Israeli Mossad Disrupted Terrorist Attack Plot on Jewish Sites in Athens
On March 28th the Times of Israel reported that “the Mossad spy agency says it aided Greek authorities in foiling an attempt by two Pakistanis to carry out an attack against Israeli and Jewish targets in Greece. In a statement carried by the Prime Minister’s Office, the Mossad says details of the “serious affair” that were released earlier today are part of Iran’s constant attempts to target Israelis and Jews abroad. “After the investigation of the suspects began in Greece, the Mossad assisted in unraveling intelligence of the infrastructure, the methods of operation, and the connection to Iran,” the spy agency says. The Mossad says the investigation revealed that the two Pakistanis were part of a “wide Iranian network that operates from Iran and out of many countries.” The spy agency vows that together with its partners in the intelligence community, it “works by virtue of its role continuously to thwart terror attacks by Iran all over the globe.”.” On March 29th the Jerusalem Post published this article saying that “the terrorists planned to strike a target of “high symbolic value”: A Jewish synagogue, which also functions as a restaurant, located in the center of Athens, Greek media reported. According to the reports, the terrorists were two Pakistani nationals, with a third operative suspected of being located in Iran. The Iran-based operative had reportedly urged them to carry out the attack and said they would be paid.” The Greek City Times reported on March 29th that “for each dead person, the two Pakistani perpetrators would receive 15,000 euros from the Pakistani mastermind of the terrorist network, Proto Thema reported. The case began to unfold two months ago when information about the network’s activity reached the National Intelligence Service (EYP) of Greece. The Anti-Terrorism Department were also informed.” Ahram Online stated that “the embassy of the Republic of Iran strongly denies the rumours spread by Zionist sources and their baseless accusations against Iran,” it said on Twitter. “It is obvious that their fabricated scenarios are intended to divert the public’s attention from their internal crisis.”.”
48. Documentary: The MI5 Spy and the IRA: Operation Chiffon
The BBC published this documentary this week. As per its description, “award-winning BBC journalist Peter Taylor reveals the extraordinary story of how a former undercover MI5 officer put his life and career on the line to encourage the IRA to end its violent campaign and embrace politics. The former MI5 officer, simply known as Robert, ran the top-secret back channel of communications between the UK government and the leadership of the IRA. What Robert did has been a closely guarded secret for three decades and was the key link in the chain that led to the Good Friday Agreement.” On April 1st i24 reported that “two men suspected of being members of a terrorist cell that was planning an attack against an Israeli restaurant in Athens appeared before an investigating magistrate on Friday. The two suspects were arrested on Tuesday, in an operation by the country’s anti-terrorist agency based on information by Greece’s National Intelligence Service and the Israeli Mossad spy agency; six others were arrested in the raid.”
49. Russian Hackers are Preparing for a New Campaign in Ukraine
The Economist published this article on March 29th saying that “Russia’s cyber-offensive last year was fast, furious — and underwhelming. In it, hackers conducted perhaps the largest ever assault on computer networks. Ukraine, well-prepared and supported by foreign tech companies and allies, parried many of these blows, keeping communications and crucial government services online against all expectations. But the cyberwar, like the physical one, is evolving.”
50. Is this Australian-based Mum Really a Russian Spy? ASIO Agents Raid the Home of Unassuming Council Worker Accused of Being a Kremlin Operative — And Haul Her Off for Interrogation
Following week 9 story #14, the DailyMail reported on March 28th that “a mild-mannered Adelaide mother accused of being a Russian spy was dragged away from her family and interrogated before being hauled off to a detention centre. Marina Sologub, 39, lived in the city’s western suburbs with her husband and their teenage son until their home was raided on February 23 by the Australian Security and Intelligence Organisation (ASIO) and her visa was cancelled. The Kazakhstan-born ethnic Russian arrived in Australia in 2020 on a distinguished talent visa, having forged a career in the space sector in Ireland where she lived most of her life. She is currently being held in a Melbourne immigration facility awaiting an Administrative Appeals Tribunal decision on her visa, which is expected to be given in July. ‘Of course I am innocent. I have nothing to hide,’ Ms Sologub told 7News from detention this week.”
51. Ukrainian SBU Detained FSB Agent in Odesa Targeting Power Stations
On March 30th Ukraine’s SBU announced that they “detained Stremousov’s “follower” in Odesa, who was pointing Russian missiles at local power stations. The perpetrator was a local “follower” of Stremousov’s collaborator. At the beginning of the full-scale invasion, an enemy henchman tried to organize an enemy propaganda network in Odesa, which agitated local residents to support the Russian invaders. To do this, he administered several pro-Russian telegram channels, where he “dispersed” disinformation about the situation on the southern front and tried to discredit the Defence Forces. In the future, the agent performed additional tasks of his “handler” from the FSB. In particular, he collected intelligence on the bases of the Defence Forces in the region. In addition, he transmitted to the aggressor the coordinates of local critical infrastructure, including electrical substations. The occupiers used the relevant information to prepare and carry out targeted missile strikes on Ukrainian energy facilities. SBU officers located the intruder and detained him while performing an intelligence task. During the search of the residence of the Russian agent, computer equipment, flash drives and documents confirming his illegal activities were found.”
52. United States DIA: ‘Stone Ghost’ Secret Intelligence Network May Expand to More Nations
The DefenseNews reported on March 29th that “the U.S. Defense Intelligence Agency plans to upgrade its international intelligence-sharing system to allow more seamless collaboration with a broader coalition of allies. DIA uses the top-secret system to communicate with and share intelligence among the U.S. and its Five Eyes partners — the U.K., Australia, New Zealand and Canada. Chief Information Officer Doug Cossa told reporters the agency will begin designing an upgrade to Stone Ghost in fiscal 2024 to allow information to be shared with more countries as needed. “The idea is to add and remove coalitions based on the intelligence problem set that we’re uniquely focused on collectively,” Cossa said during a March 23 briefing at DIA headquarters in Washington. “That’s really where the focus of those modernization efforts will go: [H]ow do you add and remove partners on the fly?” The agency has the ability to share information with other countries, but doing so requires a separate system. As the Defense Department’s lead organization for open-source intelligence, DIA processes an increasing amount of data, Cossa said, and being able to maintain that information seamlessly and quickly within a single network is important. DIA operates more than a dozen international information systems, including Stone Ghost. Cossa said the agency is increasingly applying zero-trust principles to those networks — a cybersecurity approach that emphasizes regular validation that every user, function and piece of hardware that connects to a system is authorized. That work partly relies on artificial intelligence to automate activity logs and evaluate trends, he said.”
53. Amnesty International Uncovers New Hacking Campaign Linked to Mercenary Spyware Company
Following this week’s stories #20 and #46, on March 29th Amnesty International published this report stating that “a sophisticated hacking campaign by a mercenary spyware company targeting Google’s Android operating system has been exposed by Amnesty International’s Security Lab. The technical findings were shared with Google’s Threat Analysis Group, which focuses on countering government-backed cyber-attacks. As a result, Google along with other affected vendors, including Samsung, were able to release security updates protecting billions of Android, Chrome and Linux users from the exploit techniques used in this attack. Amnesty International is not naming the company while the Security Lab continues to track and investigate its activity. However, the attack showed all the hallmarks of an advanced spyware campaign developed by a commercial cyber-surveillance company and sold to governments hackers to carry out targeted spyware attacks. “Unscrupulous spyware companies pose a real danger to the privacy and security of everyone. We urge people to ensure they have the latest security updates on their devices,” said Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab. “While it is vital such vulnerabilities are fixed, this is merely a sticking plaster to a global spyware crisis. We urgently need a global moratorium on the sale, transfer, and use of spyware until robust human rights regulatory safeguards are in place, otherwise sophisticated cyber-attacks will continue to be used as a tool of repression against activists and journalists.” Amnesty International’s Security Lab actively monitors and investigates companies and governments who proliferate and abuse cyber-surveillance technologies which pose a fundamental threat to human rights defenders, journalists, and civil society. On Monday, in a significant step to address the spyware crisis, US President Biden signed an executive order restricting the government’s of use of commercial spyware technology that poses a threat to human rights. The move sends a strong message to other governments to take similar action.”
54. The “Vulcan Files” — A Look Inside Putin’s Secret Plans for Cyber-Warfare
On March 30th the Spiegel International published this article stating that “elite hackers from Russia have their sights set on airports and power plants around the world, along with the internet. Confidential data from Moscow, obtained by DER SPIEGEL and its partners, now provide a look inside their arsenal of cyber-weapons and reveal their strategy.” Cyber security and intelligence firm Mandiant also published this report on March 30th about the same topic saying that “as a part of Mandiant’s research on Russian cyber and information operations (IO) capabilities, Mandiant worked with a collective of media outlets, including Papertrail Media, Der Spiegel, Le Monde, and Washington Post, to analyze several documents belonging to a Russian IT contractor named NTC Vulkan (Russian: НТЦ Вулкан). The documents detail project requirements contracted with the Russian Ministry of Defense, including in at least one instance for GRU Unit 74455, also known as Sandworm Team. These projects include tools, training programs, and a red team platform for exercising various types of offensive cyber operations, including cyber espionage, IO, and operational technology (OT) attacks. The documents, which are dated between 2016 and 2020, offer a brief snapshot of previous Russian investments and considerations in scaling cyber operations and capability development. However, Mandiant lacks evidence to prove that the capabilities we discuss have been implemented or are feasible. A note on source authenticity: Mandiant cannot conclusively confirm the authenticity of these documents based on limitations in our current visibility. However, we strongly suspect they are legitimate based on consistencies observed across the documents we reviewed, limited instances where we were able to validate details externally, and an apparent alignment between the capabilities detailed for development in these programs and those that we have previously observed used at high levels by Russian intelligence services.”
55. Canada: ‘This is Very Bad for Them’: Months of Leaks Rattle Canada’s Low-profile Spy Agency
On March 29th The Guardian reported that “most Canadians have no idea where the country’s spy agency is located, nor do they know much about its daily operations. This is not because the Canadian Security Intelligence Service operates in a particularly clandestine fashion, it’s because most Canadians don’t care. The CSIS, a civilian-run organisation based in a triangular structure of concrete and glass on the outskirts of Ottawa, lacks the intrigue of Britain’s MI5 and the notoriety of America’s Central Intelligence Agency. “I look nothing like Daniel Craig, and I did not arrive here in an Aston Martin. I’m just as disappointed as you are — on both fronts,” its director, David Vigneault, said in a speech in 2018, poking fun at the service’s largely uncharismatic reputation. “Most of you remember the movie Fight Club. And you will know that the first rule of Fight Club is ‘don’t talk about Fight Club’. Well, the first rule of CSIS has always been ‘don’t talk’. Period.” But the operations of CSIS have become headline news after months of leaks of intelligence documents that suggest China has a sophisticated election interference network across Canada. The allegations of Beijing’s meddling attempts have caused political turmoil and ruined at least two political careers. They have also put an uncomfortable spotlight on an organisation already grappling with allegations of a toxic work environment and deep internal rifts over its future. When Vigneault appeared before parliament in early March, he lamented that the leaks were “very serious” and revealed the agency’s investigative methods and possibly its sources. Despite his frustration, the leaks have persisted. In the months since intelligence documents were first shared with two Canadian media outlets, it remains unclear if the leaks are coming from within the agency or from disgruntled bureaucrats in the federal government who have access to CSIS documents. The publicity-shy agency has remained largely silent as the political crisis has deepened.”
56. Inside the Shadowy World of Iranian Cyber Espionage Group APT33
Forbes published this article on March 28th saying that “several of the most threatening cybercrime groups today carry the inside industry name of “APT.” APT stands for Advanced Persistent Threat, and an advanced persistent threat (APT) is a clandestine type of cyberattack or group that uses APT techniques in which the attacker gains and maintains unauthorized access to a targeted network and remains undetected for a significant period of time. During the time between infection and remediation, the hacker will often monitor, intercept, and relay information and sensitive data. APTs often use social engineering tactics or exploit software vulnerabilities in organizations with high value information. Despite having similar names, each “APT” group is distinct with separate history, tactics, and targeting. In our hacker series, we already covered APT 28 (Fancy Bear) and APT 10 (Stone Panda). Today, we focus on APT33.”
57. Chinese Cyber Espionage Targets Middle Eastern Telecoms
Cyber security and intelligence firm Hive Pro published this report on March 29th. As per its summary, “a Chinese cyber espionage group attributed to the Operation Soft Cell campaign, namely Gallium and APT41, has been observed targeting the telecommunications sector in the Middle East.” Its attack region was “Akrotiri and Dhekelia, Bahrain, Cyprus, Egypt, Iran, Iraq, Israel, Jordan, Kuwait, Lebanon, Oman, Palestine, Qatar, Saudi Arabia, Syria, Turkey, United Arab Emirates, Yemen.”
58. United States: The DEA Bought Customer Data from Rogue Employees Instead of Getting a Warrant
Vice published this article on March 29th saying that “for years, the DEA secretly paid workers inside U.S. agencies and companies for access to user data, rather than going to a court to obtain a search warrant for such data. That included paying sources inside the parcel industry to open and reroute packages; airline industry sources who provided flight itineraries, dates of birth, and seat numbers; and workers at private bus companies who provided daily lists of passengers who bought tickets in cash. Paying moles inside companies allowed the DEA to passively monitor some services for potential targets without the friction of going through the courts, where such broad surveillance could be denied outright. In some cases, the DEA used the information to seize money or drugs from people. But buying the information in the first place may in some cases skirt Fourth Amendment protections. Now, a pair of bipartisan lawmakers are pushing the Department of Justice to tighten policies around confidential human sources that would ban the practice entirely across the DOJ, including the DEA and FBI.”
59. Preliminary Lessons from Russia’s Unconventional Operations During the RussoUkrainian War, February 2022–February 2023
On March 29th the Royal United Services Institute (RUSI) for Defence and Security Studies published this 39-pages long report. It includes the following sections: 1) Russia’s Agent Network, 2) Assessing the Strengths and Weaknesses of the Network, 3) The Plan of Activation, 4) The Counterintelligence Regime on the Occupied Territories, 5) The Irregulars, and 6) Human Intelligence and Reconnaissance.
60. Former United States CIA Officer Jason Hanson Publishes New Videos
Throughout this week former US Central Intelligence Agency (CIA) officer Jason Hanson released the following videos: 1) How Foreign Enemies Infiltrate Our Country and How It Could Affect You…, 2) Russia vs US: Here’s How They Recruit People…, 3) My Escape and Evasion Gun Belt + All The Gadgets Inside.
61. He Came to D.C. as a Brazilian Student. The U.S. Says He Was a Russian Spy
Following this week’s story #6, on March 29th The Washington Post published this article stating that “like anyone who gets into his dream college, Victor Muller Ferreira was ecstatic when he was admitted to Johns Hopkins University’s graduate school in Washington in 2018. “Today we made the future — we managed to get in one of the top schools in the world,” he wrote in an email to those who had helped him gain entry to the elite master’s program in international relations. “This is the victory that belongs to all of us man — to the entire team. Today we f — -ing drink!!!” The achievement was even sweeter for Ferreira because he was not the striving student from Brazil he had portrayed on his Johns Hopkins application, but a Russian intelligence operative originally from Kaliningrad, according to a series of international investigations as well as an indictment the Justice Department filed in federal court Friday. His real name is Sergey Cherkasov and he had spent nearly a decade building the fictitious Ferreira persona, according to officials and court records. His “team” was a tight circle of Russian handlers suddenly poised to have a deep-cover spy in the U.S. capital, positioned to forge connections in every corner of the American security establishment, from the State Department to the CIA. Using the access he gained during his two years in Washington, Cherkasov filed reports to his bosses in Russia’s military intelligence service, the GRU, on how senior officials in the Biden administration were responding to the Russian military buildup before the war in Ukraine, according to an FBI affidavit.”
62. Podcast: She Worked Undercover for the CIA. Now, Her Apparel Company Tops $10 Million in Annual Sales
Inc. published this article on March 27th saying that “Emily Hikade didn’t plan on running a fast-growing startup. After a near-death experience, one thing just led to another. A case officer working undercover for the Central Intelligence Agency, Hikade’s job had taken her family to nine countries on three continents, and she wanted a safer life for her children. During a flight over the Indian Ocean to meet an affiliate of a known terrorist group, Hikade’s plane started to nosedive. “The lights went out and people were screaming,” Hikade told Inc.’s What I Know podcast. “I had three little boys at home, and my youngest one wasn’t even a year old. I could see them so clearly in my head, and I felt really profoundly sad that they were going to grow up without a mother.” While aspiring entrepreneurs can feel like there’s no ideal time to start a company, as the plane righted itself, Hikade thought, well, this is as good a time as any. In 2015, while working in East Africa, Hikade launched Petite Plume, a high-end line of pajamas and other sleepwear. She scouted production facilities in the mornings before work and would take customer service calls or work with U.S. fulfillment centers in the evenings. Later that year, Petite Plume launched childrens’ cotton-blend pajamas on Shopify, later expanding to wholesale and adult sizes. Today, the Chicago-based brand is available in Nordstrom, Maisonette, and Neiman Marcus, and also sells products directly through its website. Annual revenue in 2022 reached more than $10 million, and the company hasn’t taken outside investment.”
63. Pakistani Cyber Espionage Operation Infrastructure Discovered
On March 28th cyber security researcher Kimberly discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as TRANSPARENT TRIBE, previously associated with Pakistan. The operation involved lure documents titled “Doc2–1[.zip” and “Toronto[.zip” which, if opened, were covertly installing a cyber espionage software implant known as Crimson RAT.
64. New Video Has Emerged of the Moment a ‘Canadian Spy’ Met a Teenage
Following 2022 week 35 story #22, 2022 week 39 story #6, and 2022 week 46 story #77, on March 27th Fux e Associados published this article stating that “nеw video has emerged of the moment a ‘Canadian spy’ met a teenage in Istanbul bеfore he allegedly ѕmugɡled her into Syriɑ. Footage obtained by the shows Begum, then 15, аnd two othеr East London schoolgirls, Kadiza Sultana, 16, and 15-year-old Amira Аbase, transferring between cars at the Turkish Law Firm capital’s main buѕ station in 2015. The video was filmed by Mohammed Al Rashed, who is accused of moving the girls from Turkey to ISIS-controlled Syria at the same time as he waѕ working aѕ an agent fօr. Tһiѕ information was allegedly covereɗ up by Сanada even while the was leading a huge international search for the trio.After Britain was eventually іnformed, it was then aⅼso pеrsuaded to keep quiet, it is claimed. Ms Beցum was stripped of her British citizenship in 2019 after she fled Britain four ʏeaгs eaгlier to join ISIS. In a forthcomіng BBC podcast, cаlled, Mѕ Begum insisted she would have ‘never’ beеn able to join ISIS without Rashed’s help. If ʏou ɑdored this information as well as you wοuld wɑnt to acquire guidance about Turkish Law Firm kindly check out the internet site. ‘He (Rashed) organised the entire trip from Turkey to Syria…I don’t think anyⲟne ᴡould have been able to make it to Syriɑ withoսt the help of smugglers. ‘He һad helped a lot of people come in… We were just doing everything he was telling us to do because he knew everything, we didn’t know ɑnything.’.”
65. Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
Cyber security firm Proofpoint published this technical analysis on March 30th saying that “researchers have observed TA473, a newly minted advanced persistent threat (APT) actor tracked by Proofpoint, exploiting Zimbra vulnerability CVE-2022–27926 to abuse publicly facing Zimbra hosted webmail portals. The goal of this activity is assessed to be gaining access to the emails of military, government, and diplomatic organizations across Europe involved in the Russia Ukrainian War. The group utilizes scanning tools like Acunetix to identify unpatched webmail portals belonging to these organizations to identify viable methods for targeting victims. Following initial scanning reconnaissance, the threat actors deliver phishing emails purporting to be relevant benign government resources, which are hyperlinked in the body of the email with malicious URLs that abuse known vulnerability to execute JavaScript payloads within victim’s webmail portals. Further, the threat actors appear to invest significant time studying each webmail portal instance belonging to their targets as well as writing bespoke JavaScript payloads to conduct Cross Site Request Forgery. These labor-intensive customized payloads allow actors to steal usernames, passwords, and store active session and CSRF tokens from cookies facilitating the login to publicly facing webmail portals belonging to NATO-aligned organizations. Proofpoint researchers recently promoted TA473 to a publicly tracked threat actor. Known in open-source research as Winter Vivern, Proofpoint has tracked this activity cluster since at least 2021.”
66. China Campaign to Influence Local Leaders Bore Fruit in Utah
The New York Post published this report on March 27th saying that “China’s furtive efforts to affect policy and raise its stature worldwide achieved some of its greatest successes in Utah — a deeply religious and conservative state seemingly a world away from the machinations of Beijing’s Communist government, the Associated Press reported Monday. For years, China and its affiliates in the US have worked behind-the-scenes to cultivate relationships with state and local officials and lawmakers, connections that have allowed Beijing to delay legislation it didn’t like and ditch resolutions that expressed dissatisfaction with its actions. For example, China persuaded friendly lawmakers to hold off banning Beijing-funded Confucius Institutes at state universities — programs that US security officials have described as a front for spreading propaganda. Branches of the Confucius Institute at the University of Utah and Southern Utah University only closed last year. In 2020, during the early days of the COVID-19 pandemic, Utah legislators passed a resolution expressing solidarity with China by a near-unanimous margin. (A similar effort in Wisconsin failed, with the Badger State’s senate president publicly blasting it as a piece of propaganda.).”
67. Documentary: Minox the Camera Made for Espionage!
On March 28th Jim Sollows published this short documentary with its description saying that “the Minox is an incredible camera that can be easily concealed, It produces high quality images despite its size. The camera wasn’t made for snap shooters on vacation or pro photographers. It was made specifically for the purpose of facilitating espionage. The camera has an amazing history including the fact that it played a key role in stopping all out nuclear war in the 1960’s. This video will show you how the camera works and tell you a bit of its cool history.”
68. Supply Chain Cyberattack with Possible Links to North Korea Could Have Thousands of Victims Globally
CyberScoop published this article on March 29th saying that “hackers modified an enterprise communication company’s installation software in an attack that could steal credentials and other information from companies around the world, according to an analysis published Wednesday. Researchers with cybersecurity firm SentinelOne’s SentinelLabs team traced illicit activity flagged by its detection systems back to the installation software from a company called 3CX, which according to its website provides video conferencing and online communication products to companies such as Toyota, McDonalds, Pepsi and Chevron. In total, the company says it serves some 12 million customers globally. This sort of large-scale attack that takes advantage of a company’s supply chain — similar to how attackers leveraged a flaw within a SolarWinds product update to install backdoors inside its customers’ networks — can be difficult to defend against and could lead to devastating consequences for victims. It’s also the kind of operation that is typically associated with a nation-state hacking group. “This is an op that has been going on for a while,” said Juan Andrés Guerrero-Saade, senior director of SentinelLabs, noting that a GitHub repository associated with the campaign dates back to early December. Other infrastructure associated with the campaign date back as far as February 2022. He added that early indications suggest “at least attempted victims upwards of 1,000 organizations, which means that it’s got to be a much larger number beyond our visibility.” The campaign could be seen as an “enabler operation,” Guerrero-Saade added, noting that the attackers are infecting many enterprises, stealing credentials and other information, “and then figure out what you want to do with the next stage of the operation.” Attacks on software such as this are attractive because “in addition to monitoring an organization’s communications, actors can modify call routing or broker connections into voice services from the outside,” the SentinelLabs team said in an analysis published late Wednesday. SentinelLabs, the research arm at SentinelOne, has not attributed the attack it is calling “SmoothOperator” to any particular hacking group. But researchers at the cybersecurity firm Crowdstrike said in a blog post Wednesday that the attacks are likely the work of a group it calls “Labyrinth Chollima,” its name for one of the most prolific North Korean hacking units. That group is known in the cybersecurity industry more widely as part of the “Lazarus Group,” which the U.S. government has linked to North Korean-directed malicious cyberactivity. SentinelLabs has seen some “TTP” overlaps with North Korean-aligned hacking efforts, but so far the evidence is not conclusive, Guerrero-Saade said.”
69. Russia: FSB Detains The Wall Street Journal Correspondent Evan Gershkovich on Suspicion of Espionage
The Kommersant reported on March 30th that “the FSB reported that The Wall Street Journal (WSJ) correspondent Evan Gershkovich was detained in Yekaterinburg. According to the intelligence service, the American “on the instructions of the United States was collecting information about one of the enterprises of the Russian military-industrial complex, which constitute a state secret.” A case of espionage was initiated (276 of the Criminal Code of the Russian Federation). “Evan Gershkovich was detained in Yekaterinburg, a case of espionage was initiated. On instructions from the United States, he was collecting information about one of the enterprises of the Russian military-industrial complex that constitutes a state secret, ”explained the Federal Security Service (quote from RIA Novosti ). The department clarifies that the journalist was engaged in “illegal activities” in Yekaterinburg, which was successfully “suppressed”. According to Kommersant’s information, the journalist is planned to be taken to Moscow and arrested in the Lefortovo court. The case is being handled by the central office of the FSB. Earlier, the local publication Vecherniye Vedomosti reported that the American journalist had stopped communicating since yesterday evening. Presumably, he could have been detained at the Bukowski Grill restaurant in the city center. PR specialist Yaroslav Shirshikov, who met with Evan Gershkovich the day before, claims that the detained journalist in Yekaterinburg “studied the attitude in society towards Wagner PMC.” Journalist Dmitry Kolezev (declared a foreign agent) specifies that Mr. Gershkovich could also travel to other cities in the Sverdlovsk region where defense enterprises are located. Evan Gershkovich’s mobile phone is offline, the last time he was online on March 29 at 13:28 Moscow time. Evan Gershkovich has been living in Moscow for six years and is accredited by the Russian Foreign Ministry. Mr. Gershkovich is a reporter covering events in Russia, Ukraine and the former Soviet Union. He previously worked for Agence France-Presse, The Moscow Times and The New York Times. The last article by Gershkovich was published by the WSJ on March 28.” The Russian Federal Security Service (FSB) issued this press statement on March 30th saying that “the Federal Security Service of the Russian Federation stopped the illegal activities of US citizen Evan Gershkovich, born in 1991, a correspondent of the Moscow bureau of the American newspaper The Wall Street Journal, accredited at the Russian Foreign Ministry, who is suspected of spying in the interests of the American government. It was established that E. Gershkovich, acting on the instructions of the American side, collected information constituting a state secret about the activities of one of the enterprises of the Russian military-industrial complex. While trying to obtain secret information, the foreigner was detained in Yekaterinburg. The Investigation Department of the FSB of Russia initiated a criminal case against a US citizen under Article 276 of the Criminal Code of the Russian Federation (espionage).”
70. Interview: Bellingcat’s Eliot Higgins | The People’s Intelligence Service (Part 1)
On March 26th the “How To Academy Mindset” published this recording. As per its description, “how did a collective of self-taught internet sleuths end up solving some of the biggest crimes of our time — from the downing of Malaysia Flight 17 over Ukraine to the sourcing of weapons in Syria? “Taking on the Kremlin from his couch . . . Eliot Higgins and Bellingcat are fighting Vladimir Putin and his ilk, using little more than computers and smartphones.” (Foreign Policy) Bellingcat, the home-grown investigative unit, is redefining the way we think about news, politics and the digital future. In this livestream event, their founder — a high school dropout on a kitchen laptop — tells the story of how they created a whole new category of information gathering, galvanising citizen journalists across the globe to expose war crimes and pick apart disinformation, using just their computers. From the downing of Malaysia Flight 17 over the Ukraine to the sourcing of weapons in the Syrian Civil War and the identification of the Salisbury poisoners, Eliot Higgins will dig deep into some of Bellingcat’s most successful investigations. He will explore the most cutting-edge tools for analysing data, from virtual-reality software that can build photorealistic 3D models of a crime scene, to apps that can identify exactly what time of day a photograph was taken. In our age of uncertain truths, Bellingcat is what the world needs right now — an intelligence agency by the people, for the people. Praise for Eliot Higgins’ We Are Bellingcat: ‘John le Carré demystified the intelligence services; Higgins has demystified intelligence gathering itself’ Financial Times ‘Uplifting . . . Riveting . . . What will fire people through these pages, gripped, is the focused, and extraordinary investigations that Bellingcat runs . . . Each runs as if the concluding chapter of a Holmesian whodunit’ Telegraph ‘We Are Bellingcat is Higgins’s gripping account of how he reinvented reporting for the internet age . . . A manifesto for optimism in a dark age’ Luke Harding, Observer Eliot Higgins is the founder of Bellingcat, an independent international collective of researchers, investigators and citizen journalists using open-source and social media investigation to probe some of the world’s most pressing stories. A senior fellow at the Atlantic Council, Higgins also sits on the technical advisory board of the International Criminal Court in the Hague. In 2018 he was a visiting research associate at King’s College London and at the University of California Berkeley. Hannah MacInnes is a broadcaster and journalist. Alongside hosting How To Academy’s live programmes and podcast, she presents a cultural show on Times Radio and interviews on-stage at a number of other major literary events. She is the host of The Klosters Forum Podcast series and has written for the Radio Times, the Evening Standard and TLS. Before going freelance she worked for 8 years at BBC Newsnight, as Planning Editor and as a Producer / Filmmaker. Filmed April 2022.”
71. An Accused Russian Spy Boasted that Infiltrating the US Was Easy. He’s Now in Prison After Getting Caught with Files that Blew His Cover
Following this week’s stories #6 and #61, Business Insider published this article on March 25th saying that “secret messages from court documents give a look into the wild life of an accused Russian spy. The DOJ accuses Sergey Cherkasov of operating undercover in the US, and got a cache of his messages. He boasted wildly about his false identity, writing “We fucking did it!!! AAAAAAA.” Then his luck ran out.”
72. CIA Deputy Director Meets Paraguay’s Abdo in Rare Visit
Reuters reported on March 30th that “U.S. Central Intelligence Agency (CIA) Deputy Director David Cohen has met with Paraguayan President Mario Abdo to discuss strengthening cooperation over security ahead of crunch elections in the South American country, Abdo said. Abdo said on Twitter on Wednesday that he had received Cohen in Paraguay but did not say when the previously unannounced meeting had taken place. The U.S. Embassy in Paraguay wrote that the meeting “took place within the framework of robust bilateral cooperation” between the two countries and that “shared strategies for combating global threats were addressed”. Cohen’s visit drew attention in a country that rarely receives high-ranking officials from outside the region. It is preparing to hold elections on April 30, which could determine the country’s diplomatic ties with Taiwan and China. Abdo traveled on Tuesday to the United States, where he plans to tour a military base in Tampa, Florida, among other activities. Paraguayan Foreign Minister Julio Arriola met with U.S. Secretary of State Antony Blinken in Washington on Monday.”
73. United States: Declassified Report Suggests “Havana Syndrome” Could Result from Energy Weapon
The Salon published this exclusive story on March 29th saying that “a newly obtained declassified report prepared for the director of national intelligence by a panel of experts appears to show conclusively that “Havana syndrome” — a cluster of unexplained symptoms experienced by diplomats and government personnel abroad — is not a naturally occurring health problem. It does not reach any conclusions about who or what may be responsible, but suggests that an unknown device or weapon using “pulsed electromagnetic energy” remains a plausible explanation. The document was declassified after the James Madison Project, a nonprofit dedicated to reducing government secrecy, sued to obtain further information on “Anomalous Health Incidents” or AHIs, the official term used to designate the syndrome. “The U.S. government is covering up evidence as to what AHIs are,” said James Madison Project attorney Mark Zaid, who also represents a number of Havana syndrome patients. “This report differs from the summary released earlier this month and previous statements from the intelligence community. It is becoming apparent that these events were perpetrated either by foreign actors, or it is an experiment gone horribly wrong.” Although heavily redacted, the 153-page report clearly outlines that the “signs and symptoms” of Havana syndrome are “genuine and compelling,” and finds that some of the cases “cannot be easily explained by known environmental or medical conditions and could be due to external stimuli.” Four core characteristics of the AHIs are “distinctly unusual and unreported elsewhere in the medical literature,” the report goes on to say.”
74. United States: Hunter Biden Was Asked to Use His FBI Contacts to Help his Chinese Business Partner Arrested for Bribery and Money Laundering — as Whistleblower Claims President’s Son Had ‘Mole’ Agent Who Tipped Them Off to Investigation
On March 30th the DailyMail published this exclusive story stating that “emails obtained by DailyMail.com reveal Hunter Biden was asked for his FBI contacts while representing his now convicted CEFC partner Patrick Ho in 2017. The day of Ho’s arrest, an attorney working with him on the case asked for ‘the names of the FBI agents you spoke with’ — to which Hunter replied: ‘Working on it’. Last week, Israeli energy expert Dr. Gal Luft claimed Hunter had an FBI mole who tipped off CEFC execs that they were under investigation.”
75. United States: Elk Grove and Las Vegas Residents Sentenced for Conspiring to Violate the U.S. Trade Embargo on Iran
The FBI’s Counterintelligence Division along with the US Department of Justice released this press release on March 27th stating that “Dariush Niknia, 60, of Elk Grove, was sentenced today to two years and 10 months in prison, and Richard Lant, 77, of Las Vegas, Nevada, was sentenced to 24 months of home detention and fined $7,500 for a conspiracy to export to an embargoed country, Iran, U.S. Attorney Phillip A. Talbert announced. According to court documents, between May and October 2015, Niknia, Lant and others conspired to unlawfully sell and supply 500 Russian-made tank helmets to Niknia’s contact in Tehran, Iran. The helmets were to be configured for a Russian-produced T-72S battle tank and were required to have a five-pin plug, a feature that is necessary to enable a tank communication device. In May 2015, Niknia contacted Lant, who operated R&L Ltd., a company that sold Russian items, and requested to purchase 500 T-72S tank helmets and to have the helmets shipped to Tehran. Niknia initially paid R&L to purchase sample tank helmets and to have the helmets sent from Russia to Iran. Prior to the shipment of the first sample helmet, both Lant and Niknia were told that the United States’ sanctions prohibited the shipment of items to Iran, but both nevertheless proceeded with the transaction. Niknia’s customer rejected the first sample helmet because it did not have a rectangular five-pin plug, but approved the second sample tank helmet that was sent to Tehran. In an email communication with Niknia, Niknia’s Iranian contact discussed the fact that the helmets would be inspected by the ultimate buyer, the Government of Iran. Niknia then requested additional helmets be sent to Tehran, 50 at a time, and paid Lant money for the purchase and shipment of the first 50 helmets. However, the deal ultimately stalled because Lant’s associate could not obtain and ship the tank helmets in the quantities and timeframe Niknia required. The Russian supplier said the difficulties stemmed from the fact that it was illegal to sell large quantities of tank helmets and to send modern military items to countries such as Iran that might use them in “terroristic or any war ways.” In May 2015, Niknia had attempted to purchase battle tank helmets from another individual who sold Russian military memorabilia online. This individual did not sell Niknia any helmets and instead reported him to the Federal Bureau of Investigation. The embargo on Iran, which is enforced through the International Emergency Economic Powers Act and the Iranian Transactions and Sanctions Regulations, prohibits the export, sale, and supply of goods to Iran by United States persons with very limited exceptions. It also prohibits, with very limited exceptions, United States persons from engaging in any transaction or dealing related to the sale or supply of goods to Iran.”
76. Ukraine’s SBU Detained FSB Agent in Kirovohrad
On March 31st Ukraine’s Security Service (SBU) announced that they “detained a traitor in Kirovohrad Oblast, who was gathering information about the local military airfield for the Russian Federation. The attacker turned out to be a local resident who came into the field of view of the Russian intelligence services during his trips to the Russian Federation even before the beginning of the full-scale invasion. After February 24 last year, the aggressor remotely involved the man in tacit cooperation against Ukraine. On the instructions of the enemy, he collected intelligence on the locations and movements of the Defence Forces in the region. First of all, the Russian agent tried to identify military airfields and railway routes for transporting weapons and ammunition of Ukrainian troops to the frontline areas. In particular, he was looking for an airfield where unmanned aerial vehicles are tested on the instructions of the handler. To do this, the traitor traveled around the area and took photos and videos of the sites. He paid special attention to the movement of railway transport. He tried to transfer the received information to the FSB through the Telegram messenger. Intelligence was needed by the occupiers to prepare and carry out targeted missile strikes in the region. However, counter-intelligence officers of the SBU timely exposed the intruder and detained him during his intelligence mission. The phone, which he used for conspiratorial communication with the aggressor, was seized from the detainee.”
77. Spy Way of Life: The Cercle de l’union interalliée, in Paris, France
This week’s selection for Intelligence Online’s Spy Way of Life was the Cercle de l’union interalliée, in Paris, France. As per the article, “this week, Intelligence Online explores the prestigious Cercle de l’Union Interalliée in Paris, historically favoured by France’s diplomatic and entrepreneurial elite but where members in the business of security and corporate intelligence are gradually making their mark.”
78. Google TAG Bulletin: Q1 2023
Following this week’s story #46, on March 30th Google TAG published this bulletin for the first quarter of 2023, providing an overview of disrupted online influence operations. In summary the mentioned ones include operations from Russia, Iran, Azerbaijan, China, and Albania.
79. Podcast: “Secrets Revealed” — Curators Alexis and Andrew on SPY’s Pop-Up Exhibit
On March 28th the International Spy Museum’s SpyCast release a new episode. As per its description, “this year, the International Spy Museum opened a new pop-up exhibit, featuring artifacts from the private collection of Grant Verstandig, Co-founder, Chairman and CEO of Red Cell. Andrew and Alexis curated the exhibit and sat down to talk all about it… Dr. Alexis Albion currently serves on the SPY team as the Curator of Special Projects. In previous chapters, she was a staff member on the 9/11 Commission Report, consultant with the World Bank, and strategist with the U.S. Department of State.”
80. Report: With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets
The threat intelligence firm Recorded Future released this intelligence product on March 30th. As per its executive summary, “Recorded Future’s Insikt Group has identified a large cluster of new operational infrastructure
associated with use of the custom Windows and Linux backdoor KEYPLUG. We attribute this activity to a threat activity group tracked as RedGolf, which is highly likely to be a Chinese state-sponsored group. RedGolf closely overlaps with threat activity reported in open sources under the aliases APT41/BARIUM and has likely carried out state-sponsored espionage activity in parallel with financially motivated operations for personal gain from at least 2014 onward. A 2020 US Department of Justice (DOJ) indictment states that a RedGolf-associated threat actor boasted of connections to the Chinese Ministry of State Security (MSS); the indicted actors were also linked to the Chengdu-based company Chengdu 404 Network Technology (成都市肆零肆网络科技有限公司). The group remains highly active within a wide range of geographies and industry verticals, targeting aviation, automotive, education, government, media, information technology, and religious organizations. Organizations operating in these industries — particularly those whose products or activities may be of strategic interest to the Chinese government and security services — are at increased risk of targeting. RedGolf has historically exploited public and zero-day vulnerabilities in internet-facing devices for initial access, including Citrix, Cisco, and Zoho. Maintaining a frequent patching cadence for these devices is essential for addressing known security issues.”
81. US Army: ADES Modernises Aerial Military Intelligence
The US Army issued this press release on March 30th saying that “the solution to these challenges is the High Accuracy Detection and Exploitation System, or HADES. “It will possess speed, range, endurance-at-range, and altitude to overcome the physical challenges, without sacrificing the unique quality and capability of collection that airborne ISR provides to Army and joint force commanders around the world,” said Lt. Col. Matt Paladino, ISR Task Force aerial chief for the Army Military Intelligence Staff. “With exceptional payload capacity, it will offer convergence options that occur on or off-board the aircraft to cover assured, denied, or degraded communication environments.” To help bridge the gap between decommissioning the old fleet and commissioning the new fleet, the ISR Task Force is using Aerial Technology Demonstrators, or ATD. ATDs are aircraft that Army is contracting as a service to test which airframes will work best for the mission requirements. The ISR Task Force started by looking at all joint, interagency and allies’ ISR programs and compared them to the Army’s priorities. When the Task Force was finished, they decided on a large-cab business jet. This gave the Army the ability to group all the sensors on one plane with the ability to upgrade and/or add to those systems without losing performance. The first ATD was the airborne reconnaissance and target exploitation multi-mission system or ARTEMIS in 2020, said Capt. Jonathan Magee, ISR Task Force aerial planner for the Army Military Intelligence Staff. “ARTEMIS was our first attempt at putting sensors on a jet to see how that was employed, and we put it in the [Indo-Pacific Command’s Area of Operation] to see what it could do,” Magee said. “All of it was good at the end of the day. It’s informing the HADES POR, program of record, for what we need in the end.” During the first ATD tests, the ISR Task Force learned that the jets had longer flight times then the turboprops, which only had a five-to-six-hour flight time. The ATDs had a faster deployment capability and could travel anywhere in the world within 24 hours. They also flew higher and faster while allowing deeper sensor penetration. “When you sync all of those together, you then build a program that is now contributing to the joint fight rather than just the Army’s fight,” Magee said. After ARTEMIS’s success in the Pacific, it was moved to the U.S. Army Europe and Africa. Here ARTEMIS showed its value. “ARTEMIS demonstrated both the operational and financial value of the Army’s future ISR concept, providing cross-combatant command support for its relatively new four-star theater commander with responsibilities that span tremendous geography across two continents,” Paladino said. “No longer will the Army require multiple bed-down locations to access regional hotspots. A single aircraft with the speed and range of HADES can provide thousands of miles of reach from a single bed-down site, forward deployed.” In 2022, an additional ATD, Airborne Reconnaissance and Electronic Warfare System or ARES, was deployed to the INDO-PACOM Area of Responsibility. This aircraft was larger and closer to the HADES project’s long-term goals. “ARES revolutionized the Army’s contribution to a joint fight in that theater,” Paladino said. “ARES provides the [U.S. Army Pacific Command] an organic deep sensing capability with relevant collection capability for the modern battlefield. Adding additional altitude and persistence over ARTEMIS, ARES is competing nearly every day with the nation’s most advanced adversaries. Just like with ARTEMIS, Army Soldiers operating in concert with the defense industry are providing this support to both Army and joint force commanders today.” Outside of the physical aspects of the jets being able to fly faster, longer and higher, there has been some changes to the internal configurations the HADES project has built compared to the old turboprops.”
82. SIGINT Historian: Gwen: Gone Fishing
Following week 11 story #87 and last week’s story #65, on March 28th the former GCHQ departmental historian Tony Comer published this article with its introduction saying that “FISH is the name given to encryption systems attached to teleprinters used by the German Armed Forces during the Second World War. Writing for an audience of fellow Siginters, Gwen takes a fair bit for granted, but gives a clear picture of what the day-to-day work of an analyst could be like between 1939 and 1989. When a signals officer at one end of a FISH link had a message or messages to send, he would tell the other end by using the Q signal QEP followed by a number. That number must have indicated from lists how the machines at both ends were to be set. Immediately after this came a stream of encoded text. The transmitting operator usually checked that his transmission was being clearly received by the other end by putting a few words in German chat. He might use a phrase denoting some grouse he had, like being cooped up in a metal caravan. Or he might use some Nazi phrase (Heil Hitler was common), which hinted at how deeply the dreadful madness had affected Germans for more than 20 years. But thereafter he went on to send the actual messages at an automatic speed, because it came from a pre-recorded tape.”
83. Finland: Supo: Russian Personal Intelligence Has Been Pushed to the Limit in Finland
On March 30th the Finnish Security Intelligence Service (Supo) announced that “the deportations of Russian intelligence officers and the denial of visas at the initiative of the protection police weakened Russian intelligence in Finland. Personal intelligence under diplomatic cover has traditionally been the main method of Russian intelligence abroad. Russia — but also China and some other countries — use intelligence to collect information that they use to their advantage and against Finland. The Security Service (Supo) succeeded in significantly weakening Russian intelligence in Finland during 2022. “In the last year, the size of the Russian intelligence station was reduced by about half of what it was before. The main reason for the decrease in the number of intelligence officers was the deportations of intelligence officers and the denial of visas at the initiative of the National Security Police, Antti Pelttari , head of the National Security Police , said at the launch of Supo’s yearbook on March 30. The decrease in the number of intelligence officers and the restrictions related to travel across the Russian border have significantly weakened the operational possibilities of Russian personal intelligence in Finland. Intelligence under diplomatic cover has been the main method of Russian intelligence abroad. “Russia still strives to place its intelligence officers under diplomatic cover, but over time it must try to compensate for the gap created in personal intelligence, for example by introducing more other covers abroad as well. However, building contacts in personnel intelligence is a very long-term activity, and a replacement operating model cannot be implemented in an instant,” Pelttari stated. Russia is also trying to fix the problems of personal intelligence with cyber espionage. However, cyber espionage only partially replaces personal intelligence because the information it provides is of a different nature. In the second half of 2022, Russia’s cyber espionage efforts against Finland were even more active.”
84. Podcast: Spycraft 101: Death and the Dangers of Clandestine Work
On March 27th the Spycraft 101 published a new podcast episode. As per its description, “Roberto Calvi, known as “God’s Banker,” was found hanging from a noose under a London bridge on June 17th, 1982. Calvi was president of Banco Ambrosiano, Italy’s largest private bank, and had close ties with both the Vatican bank and the Italian Mafia. Calvi was also a member of a secret Masonic lodge known as Propaganda Due, or P2. The Falklands War between Argentina and Great Britain concluded on June 14th, 1982, just days before Calvi was found dead in London. During the 10-week conflict, Argentine Exocet missiles sunk the HMS Sheffield and damaged several other British ships. There is evidence Calvi was helping Argentina purchase more Exocet missiles in his final days. Calvi’s body was discovered by a postman on his way to work. Calvi’s wallet held more than $13,000 in three different currencies, he was carrying a passport under a false name, and his pockets were weighed down with bricks. A videotaped recreation of the scene of the crime was made for an Italian court, filmed at the exact location where Calvi was found. It represented the most likely method of murder and abandonment of his body. It was found to be incredibly unlikely that he had hung himself from the scaffolding, and instead had been “helped.” The Calvi case has never been satisfactorily closed, and major questions remain unanswered about nearly every aspect of the case. He was a powerful man who made powerful enemies, and it appears those enemies eventually caught up to him one night in London. For episode 76 of the Spycraft 101 podcast, I discuss Calvi’s death along with several others spies, sources, and defectors who died under mysterious circumstances from 1941–1982.”
85. United States: Ypsilanti Man Pleads Guilty to Lying About His Work on a Classified Naval Project for a Foreign Country During Application Process for a U.S. Navy Job
On March 30th the US Department of Defence along with the FBI’s Counterintelligence Division published this press release saying that “an Ypsilanti man pleaded guilty this week to making several false statements in his security clearance application for a job working with the United States Navy overseas, announced United States Attorney Dawn N. Ison. Ison was joined in the announcement by James A. Tarasca, Special Agent in Charge of the Detroit Field Office of the Federal Bureau of Investigation. According to court records, Yifei Chu, age 57, a naturalized U.S. citizen and recent employee of the National Oceanic and Atmospheric Administration (NOAA), applied for a three-year detailed assignment to the United States Embassy in Singapore working for the United States Navy. To obtain this position, Chu was required to apply for and obtain a security clearance. Chu made several false statements in his security clearance application during an interview with federal background investigators and in an affidavit he signed regarding his security clearance application. Chu’s false statements were made to hide his extensive contacts with members of the Taiwanese Navy and a Taiwanese company. These contacts included the fact that Chu was hired by the Taiwanese company to provide consulting services on a “classified” Taiwanese Navy project, was paid money by the Taiwanese company, and that he traveled to Taiwan on multiple occasions to meet with members of the Taiwanese Navy on a military base in Taiwan in performance of his consulting services. Chu pleaded guilty to both counts charged in the indictment: (1) making false statements and (2) falsifying records in a federal investigation. Chu faces a maximum sentence of five years in prison on the false statements charge, and a maximum of twenty years in prison on the false record in a federal investigation charge. Sentencing is set for August 15, 2023 before United States District Judge Victoria A. Roberts. “It is vital that those individuals who gain access to classified information related to our national defense are truthful and honest about their connections to foreign governments so that our nation’s military secrets do not end up in the wrong hands,” said United States Attorney Dawn N. Ison.”
86. United Arab Emirates: Former Intelligence Officer Anwar Gargash Has Become MbZ’s Indispensable Diplomatic Adviser
On March 31st Intelligence Online reported that “a key Emirati foreign policy figure who was trained in the country’s intelligence services, Anwar Gargash has survived the change in the balance of power since Mohammed bin Zayed became president. His spymaster aura enables him to continue operating in UAE security circles.”
87. Podcast: State Secrets: The DIA’s Global Intelligence Picture
On March 29th the Cipher Brief’s State Secrets released this new episode. As per its description, “in this week’s State Secrets, host Suzanne Kelly talks with Dr. Trent Maul. Dr. Maul was appointed to Director of Analysis for the Defense Intelligence Agency in May 2021. Dr. Maul discusses the Defense Intelligence Agency’s global outlook on the Russia-Ukraine war and the possibility of Russia trying to expand its influence in the region to other neighboring countries.”
88. Argentina: Former Spy Convicted for Infiltrating Media Outlet for 10 Years
On March 31st Buenos Aires Herald reported that “Américo Balbuena, a former intelligence officer from the Federal Police accused of spying on a community media outlet for ten years, was given a two-year suspended sentence. Balbuena started to work as a journalist in the Walsh News Agency, renowned at the time for having fluent contact with social movements, in 2002. The agency’s director and founder Rodolfo Grinberg brought him on — he knew Balbuena from primary school and coincidentally encountered him again at the massive 2001 protests in Buenos Aires during the social and economic crisis. According to the plaintiffs, Balbuena only posed as a journalist to gain privileged access to information about protests so the police could get the upper hand. For his work at the agency, Balbuena interviewed relatives of the Cromañón disco tragedy that left some 200 dead in 2004 and the family of Luciano Arruga, a young man that disappeared in 2009 in a case where the police were a suspect. He also maintained contact with other social movements and unions — but most of that information did not end up in any of his articles. On May 2013, Balbuena’s colleagues found out he was a member of the Federal Police — a former intelligence officer, José “Iosi” Pérez, had tipped them off. They accused him of spying on them, as well as on social movements, activists, and political parties through the media outlet. Grinberg called Balbuena to his house and confronted him. The story made headlines. Then-Security Minister Nilda Garré expelled the intelligence officer from the force shortly after news broke out about the infiltration. Balbuena did not participate in the Walsh News Agency after that. Five and a half years later, in 2018, federal judge Sergio Torres called Balbuena for a deposition. The former intelligence officer claimed that his participation in the agency had been a “hobby” and not related to his work in the Federal Police. Torres also subpoenaed his two superiors in the Federal Police, Alfonso Ustares and Alejandro Sánchez — both contended that the goal of Balbuena’s infiltration was to put together a “protest agenda” for the force. The three of them were charged with “abuse of authority.” Both Ustares and Sánchez also got suspended sentences of two years. According to the plaintiffs, Balbuena and his superiors violated several laws, including conducting investigations without a warrant, working at a media outlet as a federal police intelligence officer, and gathering information on people because of their political opinion or their belonging to political organizations.”
89. South Korean NIS: North Korean Hackers Target Popular Banking Software in South Korea
On March 31st NK News reported that “Seoul’s National Intelligence Service (NIS) issued an advisory on Thursday warning that North Korean hackers are exploiting vulnerabilities in a financial security certificate software installed on over 10 million systems in South Korea and abroad. The press release stated that the NIS, the Korea Internet and Security Agency, and the National Security Research Institute confirmed at the end of last year that North Korea hacked some 210 computers across around 60 major domestic and foreign organizations, including defense companies. The NIS said that the software is used by domestic and foreign institutions, companies, and individuals for electronic finance and public sector certificates, and its applications include electronic banking. “We started an emergency response in January this year and completed a detailed analysis of the operating principles of the malicious code,” the agency said. The NIS advised the public to update their financial security certification software to the latest versions but did not identify the specific software or the company involved. The delays in reporting the incident and advising the public to update their security certification software without naming it are “odd” given the apparent severity of the suspected North Korean attack, Daniel Pinkston, a Seoul-based lecturer in international relations at Troy University, told NK Pro. “Why would they release this now if this event was in January?” he questioned. The NIS did not attribute the campaign to any particular group, but North Korean hackers have previously targeted similar certification software, which is widely used in South Korea by essential services such as banks and government agencies.”
90. Video: 2023’s National Security Challenges: A Hayden Centre Open Forum
On March 31st the Hayden Centre published this video recording. As per its description, “the Michael V. Hayden Center for Intelligence, Policy, and International Security hosted an open forum looking ahead to 2023’s national security challenges. Its panel included: General (retired) Michael Hayden, former Director of both the Central Intelligence Agency & National Security Agency; Michael Morell, former Acting Director and Deputy Director of CIA; David Priess, publisher of “Lawfare,” chief operating officer of the Lawfare Institute, and former CIA analyst and briefer; Andrew McCabe, former Acting Director and Deputy Director of the Federal Bureau of Investigation. Larry Pfeiffer, Director of the Hayden Center, former Senior Director of the White House Situation Room, and former Chief of Staff at the CIA, moderated the conversation. Hayden Center panel discussions have always invited audience questions. We’re always met with excellent questions towards the end of our events, but never had been able to get to all of them. Thus, we decided to start 2023 strong with a Q&A-style event focusing on current national security challenges where the audience questions drove the conversation. The Hayden Center is located at George Mason University’s Schar School of Policy and Government in Arlington, VA. General Hayden, our founder, has been a distinguished visiting professor at Schar School for 13 years. Mr. McCabe is also serving as a distinguished visiting professor. Mr. Morell and Mr. Priess are both senior fellows at the Hayden Center and have taught graduate-level courses at Schar School as recently as the fall semester.”
91. Iran: IRGC Commanders Warn of “Spies” and “Infiltrators”
IranWire published this exclusive story on March 31st saying that “Iranian authorities are increasingly resorting to accusations of espionage when setting out to silence dissent, justify the inefficiencies of the Islamic Republic and secure additional funding for military and paramilitary institutions. Intelligence and security agencies routinely accuse those who attempt to uphold the rule of law, fight for their livelihood, protest to demand more freedoms and women’s rights of being “spies” or “infiltrators.” The Islamic Republic boasts of having the strongest intelligence agencies in the world, but secret information regarding the country’s nuclear program and other sensitive activities has been stolen and exposed by the Israeli government. Top members of the security apparatus and nuclear scientists have also been assassinated inside Iran in recent years.”
92. Video: Virtual Field Trip to the CIA Museum
On March 31st the C-SPAN Classroom released a series of small videos from the CIA’s museum. As per its description, “this lesson features a virtual tour of the Central Intelligence Agency (CIA) Museum, a location not normally open to the public. The lesson, which features the museum’s director and curator Robert Byer, opens with reflective questions that ask students to consider the role of the CIA and what can be learned by visiting museums. After completing a vocabulary activity, students then view an introductory video clip in which Byer discusses the purpose of the museum and its security protocols. From there, students then engage in a choice engagement activity, choosing to one of five specific topics featured in the museum, including: (1) the early CIA from 1941 to 1947, (2) the role of the CIA during the Cold War, (3) the CIA’s efforts to engage in Soviet reconnaissance, (4) the Argo mission during the 1979 Iran Hostage Crisis, and (5) the killing of Osama bin Laden. After the class shares their findings from the choice activity and records the answers to other students’ sections, students then view a final video clip in which Byer highlights the museum’s artifacts about traitors and discusses what people can learn from the museum’s artifacts. Finally, students respond to a summative writing prompt that asks them to “summarize the role of the Central Intelligence Agency.”.”
93. Is Myanmar Building a Spy Base on Great Coco Island?
The Chatham House published this article on March 31st saying that “Myanmar’s Coco Islands in the Bay of Bengal have long been the subject of geopolitical intrigue and controversy among analysts, journalists, and policymakers across South Asia. The most common allegation is that since the early 1990s, Myanmar has allowed a Chinese signals intelligence facility on the archipelago. Little evidence exists for such a facility, bar a heavily weathered radar station, but recent satellite photographs have raised concerns, especially for India, of increased activity on the islands.”
94. Canada: Former CSIS Officials Say Decades of China Warnings Went Unheeded
CBC of Canada reported on March 31st that “former CSIS officials say the intelligence agency has been warning successive governments about foreign election interference for decades but all failed to act — and measures outlined in this week’s budget are not enough to address the problem. “Thirty-two years in national security work, every time we’ve had a crisis, every time we’ve had an incident, that’s what the government’s done. We’ll throw money at the RCMP, we’ll say you folks have got to sort that out. And I don’t think that’s really an appropriate response,” Dan Stanton, former executive manager at the Canadian Security Intelligence Service (CSIS), told a committee of MPs on Friday. Budget 2023 earmarks $48.9 million over three years to help the RCMP protect Canadians from harassment and intimidation by foreign governments, increase its investigative capacity and help communities at risk of being targeted by foreign interference. The budget also gives $13.5 million over five years to Public Safety Canada so it can establish a National Counter-Foreign Interference Office. “We’re allocating millions of dollars to the RCMP … with no investigative strategy, no prosecution strategy. We’re just here saying, ‘Here, take this money and use this,’” said Stanton, who was CSIS’s national program manager for China during the years of Stephen Harper’s government.”
95. US Uses Tech Companies Controlling Internet to Spy on World
The FarsNews published this article on March 31st saying that “the US government allows its intelligence agencies to “carry out warrantless spying” on foreigners’ emails, phones and other online communications, said the report. Compared with other countries, Washington has the advantage of having jurisdiction over the small number of companies that effectively run the modern internet, including Google, Meta, Amazon and Microsoft, it said. “It is a case of ‘rules for thee but not for me,’” Asher Wolf, a tech researcher and privacy advocate based in Australia, was quoted as saying. The US targeted 232,432 “non-US persons” for surveillance in 2021, when the most recent year for which data is available, the report said. The American Civil Liberties Union (ACLU) estimates that the US government has collected more than 1 billion communications per year since 2011, according to the report. There have been some indications that US officials see China, rather than TikTok itself, as the ultimate concern, it noted. The US moves to restrict TikTok appeared to be “more political than good policy”, Vedran Sekara, an assistant professor at the IT University of Copenhagen, was quoted as saying.”
96. Interview: AFIO: Todd Bennett — How the Glomar Explorer’s Covert Espionage Mission Shielded the CIA from Transparency
On March 26th the United States Association of Former Intelligence Officers (AFIO) released this recording. As per its description, “Interview of Wednesday, 1 February 2023 of M. Todd Bennett, Federal Historian/Professor/Author. Interviewer — Host: James Hughes, AFIO President, a former CIA Operations Officer. TOPIC: Todd Bennett and Jim Hughes discuss Bennett’s latest book, “Neither Confirm nor Deny: How the Glomar Mission Shielded the CIA from Transparency” which covers billionaire Howard Hughes’s 1974 Glomar Explorer, a risky deep-sea mining vessel used to retrieve a sunken Soviet sub. The secret operation featured underwater espionage, impossible gadgetry, and high-stakes international drama, and employed public deniability — what became known as “the Glomar response”: “We can neither confirm nor deny. . . .” The interview explores the logistics, media fallout, and geopolitical significance of this deep-sea operation. It helped the CIA ward off oversight during a decade infatuated with expansive openness and disdain for secrecy. And closes with advice for students seeking careers in intelligence.”
97. U.S. Journalist Warned He Would Be Followed Before He Was Detained by Russian Spy Agency
Following this week’s story #69, on April 1st NBC News reported that “the American journalist detained in Russia on spying allegations may have been attempting to report on the Wagner mercenary group and speak to employees at one of the country’s largest tank production facilities, a Russian reporter familiar with his plans told NBC News on Friday. Evan Gershkovich, 31, understood that his assignment for The Wall Street Journal in the Ural Mountains city of Yekaterinburg could attract the attention of Russia’s Federal Security Service — the domestic intelligence service that succeeded the Soviet-era KGB — said Dmitry Kolezev, an independent Russian journalist. Kolezev added that he had warned Gershkovich that agents from the spy agency would follow him, but the American knew this was par for the course for foreign journalists operating on Russian soil. “He said that he understands this very well, and he had the same kind of chase when he was traveling to Perm,” Kolezev said, referring to one of Gershkovich’s previous reporting trips to another Russian city. He added that Gershkovich, who was based in the U.K. but would travel to Russia for two to three week on assignments, had “sounded pretty sure that they wouldn’t touch him because he was an American journalist working for a famous newspaper.”.”
98. Head of Ukraine’s SBU Met with the Ambassador of Japan to Discuss Cooperation in Countering Common Threats
Through an official announcement on March 31st, Ukraine’s SBU stated that “the head of the Security Service Vasyl Malyuk and the Japanese ambassador to Ukraine Matsuda Kuninori agreed on practical steps to prepare a series of measures aimed at strengthening cooperation between the countries and countering common threats. In particular, the meeting discussed repelling the military aggression of the Russian Federation against Ukraine, information protection, cyber threats and international terrorism. “We are interested in deepening cooperation with law enforcement and special services of Japan. And we will gladly share the unique experience we have gained in countering Russia’s armed and hybrid aggression,” noted SBU Head Vasyl Malyuk. He sincerely thanked the Japanese government for its consistent assistance to the Ukrainian people, as well as for the powerful sanctions pressure on Russia and Belarus. In turn, Matsuda Kuninori noted that such support will continue in the future. “The Japanese Government and the entire people of Japan are ready to comprehensively help Ukraine to return real peace to your land. And as a result of the visit of the Prime Minister of Japan to Ukraine and the meeting with the President of Ukraine, a new stage of relations between our countries has begun — a special global partnership. The first step in its implementation is the conclusion of the Agreement on the Protection of Information,” said the Ambassador of Japan to Ukraine. Therefore, the parties discussed the organisational preparation for the conclusion of this international Agreement. The ambassador also emphasised that Japan highly values the professionalism of SBU employees and all Ukrainian defenders. “The SBU, together with representatives of the Defence Forces, are on the front line to protect the territorial integrity and independence of our state. Our priority is counter-intelligence activity and execution of operational-combat tasks,” said Vasyl Malyuk. According to Vasyl Malyuk, the intelligence service is currently investigating more than 43,000 criminal proceedings regarding Russian war crimes.”
99. United Kingdom: MI6 Boss Pledges to Put A Woman on the Shortlist for His Successor as ‘C’ to Run the Secret Intelligence Service
DailyMail reported on April 1st that “the UK’s top spy has vowed to end all-male shortlists ahead of the appointment of his successor as chief of the Secret Intelligence Service. Richard Moore, the head of MI6, who is also known by the codeword ‘C’, has signalled the time has come to follow in the footsteps of sister agency MI5 — which has already had two women at its helm. In a tweet, Moore, who has been in the post since 2020 and is expected to be there for a further two years at least, said: ‘I will help forge women’s equality by working to ensure I’m the last C selected from an all-male shortlist.’ About 3,600 personnel are employed by MI6 in its London headquarters at Vauxhall Cross on the south bank of the River Thames and in covert locations around the world. But despite nearly half of them being women, with a growing number working in senior roles, none has ever made the shortlist to become the head of the service.”
100. India: ISI-trained Spy Arrested from Rajasthan, Had Been Visiting Pakistan Since 2012 Under the Pretext of Meeting His Kins
On April 1st OpIndia reported that “the police have arrested two youths from Rajasthan’s Barmer district for allegedly spying for Pakistan. According to reports, one of the accused identified as Ratan Khan had been long spying for the Pakistani intelligence agency ISI. Khan had been visiting Pakistan since 2012, under the pretext of meeting his relatives. However, during the interrogation, he revealed that he use to go to Pakistan to receive espionage training from the ISI and had been sending confidential information to his handlers there since then. The second accused reportedly worked in Mangala Processing Terminal (MPT), the famous crude oil processing facility in Barmer, Rajasthan. He was allegedly honey-trapped by a female ISI agent on social media and had been passing confidential information to her in exchange for money. According to reports, the CID Intelligence of Rajasthan was keeping a close watch on Pakistan’s espionage efforts in the state. During this time, the unit discovered two individuals in the Barmer district who were communicating with Pakistan via social media. The agency increased its surveillance and identified Ratan Khan, a resident of Langon Ki Dhani village in Sheo tehsil of Rajasthan’s Barmer district, and Paruram, a resident of Shobhala Jetmal village. The agency then began investigating the background of these youths. The intelligence agency learnt that Ratan Khan had been visiting Pakistan under the guise of visiting relatives since 2012. He used to go there to meet ISI agents and get espionage training. He went there and learned how to create confidential border information on his mobile phone and disseminate it over social media. Following training, Ratan Khan began passing confidential information to Pakistan via WhatsApp, including images and videos of restricted border areas. In exchange, he received money from Pakistan. In the last ten years, he has visited Pakistan more than 20 times. On the other hand, Paruram who was working as a security guard at Mangala Processing Terminal, Nagana Kawas (Barmer), was honey-trapped by an ISI female handler on social media. He used to send confidential information to her in exchange for money. During the interrogation, it came to the fore that ISI’s female spy had sent money to Paruram several times in the past.”
101. Afghanistan: Taliban Detains Three British Men in Afghanistan, UK Non-profit Says
CNN reported on April 1st that “three British men have been detained by the Taliban in Afghanistan, according to the non-profit Presidium Network. The UK non-profit which “provides support to communities in crisis” tweeted Saturday that they have been working with the families of two of the detained men “in support of finding a resolution and release for the detainees.” The UK’s Foreign, Commonwealth, and Development Office is working to contact the detained British nationals and also supporting their families, they said in a statement. Scott Richards, co-founder of the Presidium Network, claimed the detention of the three men is “ultimately the extension of a misunderstanding.” During an interview with UK’s private Sky Network, Richards said the organization has spoken with multiple witnesses to the events and believes that the General Directorate of Intelligence, the national intelligence, security, and spy agency under the Islamic Emirate of Afghanistan, “reacted to a tip regarding weapons stored in the premises.” “That weapon was licensed. And we believe that during the course of the search, the license may have been separated from the weapon,” Richards added. When asked if the men were in good health, Richards said “We do believe they’re in good health and being well treated. We have no reason to believe they’ve been subjected to the sort of any negative treatment such as torture.” The arrests come amidst a clampdown on those advocating for the education of Afghan women and as allegations of war crimes committed by the British Armed Forces in Afghanistan are under investigation.”
