SPY NEWS: 2023 — Week 4

Summary of the espionage-related news stories for the Week 4 (January 22–28) of 2023.

1. United States: Former Special Agent in Charge of the FBI New York Counterintelligence Division Charged with Violating U.S. Sanctions on Russia

On January 23rd the FBI in collaboration with the Department of Justice announced that “a former Special Agent in Charge of the FBI New York Counterintelligence Division and a former Soviet and Russian diplomat were arrested Saturday on criminal charges related to their alleged violating and conspiring to violate the International Emergency Economic Powers Act (IEEPA) and conspiring to commit money laundering and money laundering. According to court documents, Charles F. McGonigal, 54, of New York City, and Sergey Shestakov, 69, of Morris, Connecticut, are charged in a five-count indictment unsealed today in the Southern District of New York with violating and conspiring to violate the IEEPA, and with conspiring to commit money laundering and money laundering. According to court documents, on April 6, 2018, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated Oleg Deripaska as a Specially Designated National (SDN) in connection with its finding that the actions of the Government of the Russian Federation with respect to Ukraine constitute an unusual and extraordinary threat to U.S. national security and foreign policy. According to the U.S. Treasury, Deripaska was sanctioned for having acted or purported to act on behalf of, directly or indirectly, a senior official of the Government of the Russian Federation and for operating in the energy sector of the Russian Federation economy. McGonigal is a former Special Agent in Charge (SAC) of FBI’s Counterintelligence Division in New York who retired in 2018. While working at the FBI, McGonigal supervised and participated in investigations of Russian oligarchs, including Deripaska. Sergey Shestakov is a former Soviet and Russian diplomat who later became a U.S. citizen and a Russian interpreter for courts and government offices. In 2021, McGonigal and Shestakov conspired to provide services to Deripaska, in violation of U.S. sanctions imposed on Deripaska in 2018. Specifically, following their negotiations with an agent of Deripaska, McGonigal and Shestakov agreed to and did investigate a rival Russian oligarch in return for concealed payments from Deripaska. As part of their negotiations with Deripaska’s agent, McGonigal, Shestakov and the agent attempted to conceal Deripaska’s involvement by, among other means, not directly naming Deripaska in electronic communications, using shell companies as counterparties in the contract that outlined the services to be performed, using a forged signature on that contract and using the same shell companies to send and receive payment from Deripaska.”

2. Venezuela Frees Former Spy Chief Who Defied Nicolás Maduro

On January 22nd ALVA Review-Courier reported that “Venezuela’s government has freed a former spy chief who spent nearly five years in prison for leading a movement of loyalists to the late leftist President Hugo Chávez in challenging the rule of his handpicked successor, Nicolás Maduro. Miguel Rodríguez Torres departed his homeland Saturday to live in exile in Spain, according to someone close to Rodríguez Torres who spoke on the condition of anonymity because the release hadn’t yet been announced by the Maduro government. He was accompanied by former Spanish President José Luis Rodríguez Zapatero, who had been working behind the scenes to secure Rodríguez Torres’ freedom, according to the person. Rodríguez Torres is a former army major general with deep ties inside Venezuela’s military, which is the traditional arbiter of the country’s political disputes. He cut his teeth as revolutionary stalwart by partaking in a failed 1992 coup led by Chávez, who was a tank commander at the time. But he ran afoul of Maduro, by questioning the socialist leader’s stubborn adherence to rigid foreign exchange controls blamed for soaring inflation and a cratering currency. Never embraced by Maduro’s traditionally conservative opponents, who despised him for leading a crackdown on anti-government protests in 2014 while serving as interior minister, Rodríguez Torres nonetheless galvanized a small if combative movement of onetime loyalists. Maduro, who, unlike Chávez, never served in the military, immediately viewed him as a threat. In March 2018, he was hauled away by agents from the Bolivarian intelligence service he once commanded while delivering a speech at a hotel ballroom in which he called for free and fair elections. Later, he was charged with multiple crimes, including treason and leading a barracks rebellion. But he never admitted his guilt and spent most of the past five years at a military prison in Caracas.”

3. United Kingdom: Intelligence, Surveillance and Reconnaissance (JDN 1/23)

The Ministry of Defence of the UK published the Joint Doctrine Note 1/23, Intelligence, Surveillance and Reconnaissance (First Edition). As per its summary, “Joint Doctrine Note (JDN) 1/23, Intelligence, Surveillance and Reconnaissance (ISR) captures concepts of current and future developments in ISR and draws together elements of existing doctrine and best practice.”

4. Spy Collection: HY929 Contact Spy Microphone and Probe

On January 23rd we published this video. As per its description, “this is a commercially available spy gadget which, however, was recently used by real-world spies in the Ukraine-Russia conflict. The HY-929 is manufactured by several Chinese companies and is based on a decades old espionage technology. In February 2022 a Russian military intelligence (GRU) agent was detained by Ukraine’s Security Service (SBU) and among others, he was carrying this.”

5. United States: Russian Agents Suspected of Directing Far-Right Group to Mail Bombs in Spain

The New York Times published this article on January 22nd stating that “U.S. officials say the operation may be a signal by Russia that the country and its proxies could carry out more terrorist actions in Europe if nations continue supporting Ukraine.”

6. Ukrainian SBU Detained Russian FSB Agent in Sumy

On January 23rd Ukraine’s Security Service (SBU) announced that they “detained a Russian agent who tried to join the Sumy Regional Military Administration. As a result of a multi-stage special operation, an FSB agent was detained in Sumy, who received a hostile task to get a job at the Department of Defence of the regional military administration. In case of successful penetration into the ranks of the state institution, he was supposed to covertly collect classified information about the systems of defence of the region in the conditions of armed aggression of the Russian Federation. He planned to transmit the received information to the enemy through closed channels of electronic communication using conventional symbols worked out in advance. However, SBU employees prevented these intentions — they exposed the Russian agent, documented his criminal actions and detained him near the administrative building of the local OVA. According to the investigation, the traitor turned out to be a resident of the regional centre, who was recruited by the FSB before the start of the full-scale invasion. The attacker agreed to cooperate with the aggressor because of his pro-Kremlin beliefs and a monetary reward. After February 24, 2022, on the instructions of the Russian intelligence services, he scouted the locations and movements of the Defence Forces in the region. To do this, he traveled around the territory and covertly observed units of Ukrainian troops. In addition, he collected personal data of local law enforcement officers and their families. In order to protect the Russian agent from exposure as much as possible, the occupiers paid for his “services” in cryptocurrency. During the search of the suspect’s place of residence, SBU officers found a Russian passport, mobile phones and computer equipment with evidence of intelligence and subversive activities.”

7. Google TAG: Over 50,000 Instances of Chinese Cyber Activity Disrupted in 2022

On January 26th Google Threat Analysis Group (TAG) announced that “we are sharing year-in-review insights for 2022 about DRAGONBRIDGE, the most prolific IO actor TAG tracks. DRAGONBRIDGE, also known as “Spamouflage Dragon,” is a spammy influence network linked to China that has a presence across multiple platforms. Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs. However, a small fraction of DRAGONBRIDGE accounts also post about current events with messaging that pushes pro-China views. DRAGONBRIDGE narratives in 2022 spanned a wide range of news topics — ranging from China’s Covid-19 response to the war in Ukraine — and included a higher volume of content critical of the US. The actor has primarily targeted Chinese speakers, but some narratives were in English and other languages. In 2022, Google disrupted over 50,000 instances of DRAGONBRIDGE activity across YouTube, Blogger, and AdSense, reflecting our continued focus on this actor and success in scaling our detection efforts across Google products. We have terminated over 100,000 DRAGONBRIDGE accounts in the IO network’s lifetime. Despite their scale and profuse content production, DRAGONBRIDGE achieved practically no organic engagement from real viewers — in 2022, the majority of DRAGONBRIDGE channels had 0 subscribers when Google disrupted them, and over 80% of DRAGONBRIDGE videos had fewer than 100 views. Engagement for DRAGONBRIDGE’s blogs on Blogger was also low, with nearly 95% receiving 10 or fewer views for blogs terminated in December.”

8. Podcast: True Spies: Exodus, Part 1/3: The Telegram — Mossad

SpyScape’s True Spies series published a new episode on January 24th. As per its description, “in the late 1970s, the Mossad launched one of history’s most audacious missions: Operation Brothers. Their goal? To rescue thousands of Ethiopian Jews facing violence, and bring them safely to Israel. In this deep three-part retelling of the very first True Spies story, Sophia Di Martino meets Mossad operatives Daniel Limor, Rubi Viterbo and Gad Shimron, who worked undercover to lead the covert evacuations. We also hear from Takele Mekonen, one of the thousands of Jews saved during the operation. In Part One, Dani Limor recounts the frantic early days of the mission, and his partnership with the heroic Ethiopian that helped to make it possible — Ferede Aklum.”

9. Eurodrone to be Equipped with SIGINT Capability

Janes reported on January 23rd that “Hensoldt has been awarded a contract to develop an intelligence capability for the Eurodrone platform. The German Federal Office of Bundeswehr Equipment, Information Technology and In-Service Support (BAAINBw) awarded a EUR15 million (USD16.3 million) contract to Hensoldt for the development of a signals intelligence (SIGINT) demonstrator for the Eurodrone medium-altitude long-endurance (MALE) unmanned aerial vehicle (UAV), the company announced on 20 January. The sensor suite will be integrated into a pod for the Eurodrone platform and will be based on the latest “digitisation, electronic beam-steering, and metallic 3D printing” technologies, some of which have already been developed under Hensoldt’s ‘Kalaetron’ product family, the company said. A Hensoldt spokesperson confirmed to Janes that the SIGINT sensor suite is intended specifically for the German Eurodrone aircraft. According to the company, Hensoldt will also develop a system architecture to allow for the integration of the SIGINT capability into the future mission system of the Eurodrone. The SIGINT payload will be capable of networking with other platforms, the company added.”

10. North Korean Startup Aimed at Acquisition (of Your Funds)

Cyber security and intelligence firm Proofpoint published this report on January 25th stating that “in the world of tech startups, luminaries and charlatans alike boast of the value of rapid iteration, testing products on the fly, and failing forward. TA444, a North Korea-sponsored advanced persistent threat group, has taken these mantras to heart. TA444, which overlaps with public activity called APT38, Bluenoroff, BlackAlicanto, Stardust Chollima, and COPERNICIUM, is likely tasked with generating revenue for the North Korean regime. That tasking has historically involved the targeting of banks to ultimately funnel cash to the Hermit Kingdom or handlers abroad. More recently, TA444 has turned its attention, much like the tech industry, to cryptocurrency. While we do not know if the group has ping pong tables or kegs of some overrated IPA in its workspace, TA444 does mirror the startup culture in its devotion to the dollar and to the grind.”

11. United States DIA to Break Ground in Huntsville for New MSIC Facility Feb. 24th, 2023

The US Defence Intelligence Agency (DIA) announced on January 26th that “the Defense Intelligence Agency will host a groundbreaking ceremony here on Feb. 24 for the Missile and Space Intelligence Center’s Advanced Analysis Complex at the Richard C. Shelby Center for Missile Intelligence on Redstone Arsenal. The existing MSIC campus broke ground on January 26, 1998, 25 years ago today. This new expansion will enhance mission capabilities and collaboration between DIA and foreign partners through increased laboratory and dedicated analysis space. Providing advanced resources for engineering analysts and support professionals, this new complex will take MSIC’s real-time weapon expertise to new heights. MSIC provides warfighters, weapons developers, policymakers and homeland security officials with intelligence assessments on foreign weapons systems. A DoD center of excellence, MSIC is composed of officers who develop intelligence assessments that provide strategic and tactical advantages to U.S. and allied forces in all current and future conflicts. This brand-new facility will aid MSIC’s ability to meet future threats and advance DIA’s pursuit of excellence in defense of the Nation.”

12. Podcast: Shawn Ryan Show: Bob “Ninja” Poras — Inside CIA’s Global Response Staff (Part 2)

Following last week’s part 1, on January 23rd the Shawn Ryan Show published the second (and last) episode of this podcast. As per its description, “Ninja is back in the final installment of this two-part series. This episode spans his entire career working for the CIA, covering the differences between CIA staffers and GRS contractors, and how the enemy evolved their IED based warfare into a new kind of weapon: EFP. Bob gives us a behind the scenes look at the Khost bombing and the triple agent behind it. Learn about an event in Tripoli that saved 150+ lives and lasted a grueling 24 hours — the greatest evacuation you’ve never heard about. We’ll wrap up with his transition into civilian life and a high-speed motorcycle crash that changed everything.”

13. The Biggest US Surveillance Program You Didn’t Know About

WIRED published this article stating that “hundreds of law enforcement agencies in the United States have access to a little-known database of 150 million money transfers sent between the US, Mexico, and 22 other regions, according to a report this week by The Wall Street Journal. The database, maintained by the nonprofit Transaction Record Analysis Center (TRAC), provides over 600 local and federal law enforcement agencies with warrantless access to the “full names of the sender and recipient” and the amounts of money transfers made through services like Western Union, MoneyGram, and Viamericas. According to the report, the program was created to assist government agencies in gathering evidence of financial crimes such as fraud and money laundering. However, it has raised concerns among privacy advocates as it allows bulk access to data on money transfers, which are not as heavily regulated as traditional banking transactions.”

14. Iran Regime Terrorist Spy Operations Spread in Austria

On January 24th The Jerusalem Post reported that “Austria’s Federal Office for the Protection of the Constitution and Counterterrorism released a report this month asserting that Iran’s regime spread its spy activities in the central European country and Austria is “attractive” for bad actors like China, Russia, Iran and Turkey because of weak criminal penalties for espionage. “Over the years, the network of Iranian intelligence services has also spread in Austria. For civil domestic and foreign surveillance, the Ministry of Information (MOIS) is responsible,” according to the report, documenting the 2021 calendar year. “The military home and foreign intelligence services emerge from the Iranian Islamic Revolutionary Guard (and is referred to as IRGC-IO — Islamic Revolutionary Guard Corps Intelligence Organization). The military special unit Quds Force also plays a not insignificant role, which, in addition to extraterritorial military operations, is specialized in obtaining intelligence information.” The US classified the IRGC as a foreign terrorist organization in 2019. Last week, The European Parliament voted for a non-binding resolution to sanction it as a terrorist entity. The EU’s top diplomat, Josep Borrell, said on Monday that the EU needs a court ruling declaring that the IRGC engages in terrorist activities before the 125,000-strong military force can be proscribed as a terrorist organization. The Austrian intelligence report said cyber espionage in Austria was largely carried out by Russia, China and Iran.”

15. Russia Says Ukraine Storing Arms at Nuclear Plants, Kyiv Denies Claim

Reuters reported on Janaury 23rd that “Russia’s foreign intelligence service (SVR) on Monday accused Ukraine of storing Western-supplied arms at nuclear power stations across the country, an allegation dismissed as untrue by a senior Ukrainian official. The Russian spy agency provided no evidence and Reuters was unable to verify the claims. An SVR statement said that U.S.-supplied HIMARS rocket launchers, air defence systems and artillery ammunition had been delivered to the Rivne nuclear power station in northwest Ukraine. “The Ukrainian armed forces are storing weapons and ammunition provided by the West on the territory of nuclear power plants,” it said, adding that an arms shipment to the Rivne power station had taken place in the last week of December. Asked about the report on Monday, Kremlin spokesman Dmitry Peskov said the claims demonstrated the importance of maintaining dialogue with the United Nations’ nuclear watchdog, the International Atomic Energy Agency.”

16. Protest over Belgian Aid Worker Jailed in Iran for Alleged Espionage

EuroNews reported on January 23rd that “hundreds of people held a demonstration in Brussels in support of a Belgian humanitarian worker who’s been detained in Iran since February 2022. Olivier Vandecasteele was sentenced to a total of 40 years in prison in Tehran for alleged ‘espionage’. The 42-year-old was also sentenced to 74 lashes. His parents were at the rally. “It is very difficult for our family,” explained his father Bernard Vandecasteele. “Fortunately, everyone and all of Olivier`s friends are helping us every day so that we are able to continue living.” “It`s very difficult for him, and for us too, of course,” added his mother Annie Santy, “his circumstances and his health are not good.” Olivier’s parents say their son has lost 25 kilos and has been psychologically weakened after 11 months in solitary confinement. According to Amnesty International, the conviction makes no sense, the arrest was arbitrary and Olivier didn’t receive a fair trial.”

17. Podcast: AFIO: Norman T. Roule, National Intelligence Manager, Iran; Senior CIA Officer, Provides Update on Iran

On January 22nd the United States Association of Former Intelligence Officers (AFIO) published this recording. As per its description, this is an interview with Norman T. Roule who “works as a business consultant on Middle East political, security, economic, and energy issues with an emphasis on the Gulf Cooperation Council states and Iran. Mr. Roule served for 34-years in the Central Intelligence Agency, managing significant programs relating to the Middle East. His service in the CIA’s Directorate of Operations included roles as Division Chief and Chief of Station. He has held multiple senior assignments in Washington as well as during more than 15 years of overseas work. He served as the National Intelligence Manager for Iran (NIM-I) at the Office of the Director of National Intelligence from November 2008 until September 2017. As NIM-I, he was the principal Intelligence Community (IC) official responsible for overseeing national intelligence policy & activities related to Iran & Iran-related issues, to include IC engagement on these topics with senior policymakers in the National Security Council, the Department of State and Congress. Mr. Roule received multiple national security awards during his career. Mr. Roule is a life member of the Council on Foreign Relations, a non-resident Fellow at the Belfer Center for Science & International Affairs at the Harvard Kennedy School, and a 2021 Visiting Fellow at the National Security Institute at George Mason University’s Antonin Scalia Law School.
Mr. Roule is frequently asked to speak on Middle East issues & routinely appears on U.S. and international media. He is a frequent contributor to The Cipher Brief & has written for U.S. & international print media.
Mr. Roule currently serves as a Senior Adviser to the Counter Extremism Project and United Against Nuclear Iran. He is CEO of Pharos Strategic Consulting LLC.”

18. Russian Cyber Espionage Operation Impersonating Humanitarian Assistance

On January 23rd cyber threat intelligence researcher Kimberly discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as GAMAREDON, previously associated with Russia’s Federal Security Service (FSB). The operation involved a lure document titled “List of necessary humanitarian assistance for the qualitative opposition to the aggression of the Russian Federation.pdf.lnk” which, if opened, was covertly installing a custom cyber espionage software implant.

19. Ex-German Spy Chief Under Pressure Over Far-Right Leanings

The National News reported on January 24th that “a former German spy chief jockeying for influence in Berlin faces possible expulsion from his party over what it called his embrace of far-right language and conspiracy theories. Hans-Georg Maassen is running to lead a hard-right faction of Germany’s main opposition party, the Christian Democratic Union, which nominated him in a failed bid to become an MP in 2021. He has become an increasing embarrassment to the party after raging against migration, alleging a range of left-wing conspiracies, sowing doubts about vaccines and recently speaking of “racism against white people”. The CDU’s general secretary Mario Czaja said on Tuesday that Mr Maassen should resign from the party amid calls for a formal disciplinary process. He said Mr Maassen was moving closer to the far-right Alternative for Germany party, which has come under surveillance by the domestic intelligence agency he used to lead. “Again and again he uses the language of anti-Semites and conspiracy theorists,” said Mr Czaja. “His constant provocations do not have any purpose except to promote his own ego. He has increasingly become a burden to the CDU. There is no place in our party for his language or the ideology behind it.” It comes a day after terror charges were announced against five people accused of plotting to kidnap a senior minister as part of a plan to reinstate the former German Reich.”

20. Turkish MIT Operatives Kidnap 6 Residents of Afrin, Syria

According to ANF News “since the occupation of Afrin, kidnappings by mercenaries loyal to Turkey continue. The so-called civil police backed by Turkish intelligence (MIT) raided the village of Kefer Zite in Jindires district. As a result of the raid with dozens of military vehicles, the invaders kidnapped locals named Bekir Hesen Xêro (35), Rêber Hesen Xêro (32), Elî Kalo (40), Mihemed Ferîd (28), Mihemed Kalo (36) and Ednan Ebdo (39). Abducted persons are often taken to torture centres run by the mercenary groups and are only released in exchange for high ransom payments. In the torture centres, agents of the Turkish secret service MIT are actively involved in the torture and thus try to extort information about the ongoing resistance in Afrin. With names like “civil police”, Turkey tries to give the mercenary groups a legal veneer. In reality, however, they are a conglomerate of jihadists and Turkish right-wing extremists who compete with each other for ransoms, loot and protection money and operate their own torture prisons under the control of the MIT. The so-called “civil police” have been given control tasks inside Afrin in particular. At the same time, the al-Qaeda offshoot HTS (Hayat Tahrir al-Sham) is stationed there to a large extent. According to the human rights organisation Afrin-Syria, 346 people were abducted by the occupying forces and their mercenary militias in the first half of 2022. Among them are 30 women. At least 18 people were murdered in this context in the first half of the year. More up-to-date statistics are not yet available.”

21. Ukrainian SBU Detained FSB Agent in Kirovohrad

On January 24th Ukraine’s SBU announced that they “exposed a Russian agent who was preparing a missile attack on Kropyvnytskyi power stations. The Security Service exposed another FSB agent during a multi-stage special operation in the Kirovohrad region. The henchman of the aggressor collected information about the placement of units of the Defence Forces and critical infrastructure facilities in the region. First of all, he was interested in the locations of local energy facilities. Also, on the instructions of the enemy, he had to install a GPS tracker near one of the transformer substations in Kropyvnytskyi. According to the “beacon” signals, the occupiers wanted to adjust the missile strike on the Ukrainian energy facility. In the event of a successful air attack, the invaders planned to continue a series of shelling on the territory of the regional centre, using “tips” from the FSB agent. However, SBU officers promptly exposed the intruder, documented his criminal actions and detained him while trying to install a GPS device near the city’s electrical substation. According to the investigation, the traitor turned out to be a local resident who was recruited by the Russian special service after the start of the full-scale invasion. He came into the attention of the aggressor because of his pro-Kremlin views, which he repeatedly made public among his entourage. To collect information for the FSB, their agent went to the area and took photos and videos of Ukrainian objects. The received “report” with electronic coordinates was transmitted to the enemy through anonymous messengers. During the inspection of the scene and searches of the detainee’s residence, law enforcement officers found: 1) ️GPS tracker with a SIM card of a mobile operator; 2) ️telephones and computer equipment with evidence of correspondence with a representative of the FSB.”

22. Greece’s Spy Scandal Must Shake Us Out of Complacency

On January 26th EUObserver reported that “a surveillance scandal that has smouldered for almost a year erupted this week after the leader of Greece’s main opposition party filed a no-confidence motion against the government after a string of exposés after a string of exposés that journalists and politicians were targeted with spyware and/or were under state surveillance. The controversy began in March last year when digital rights group Citizen Lab told journalist Thanasis Koukakis that his phone had been under surveillance for ten weeks by powerful spyware called Predator. Four months later, it emerged that Nikos Androulakis, the leader of opposition party Pasok-Kinal, had also been targeted with the same spyware. Almost a year since this scandal broke, people in Greece are still awaiting the outcome of ongoing judicial investigations into the allegations of surveillance, and for to improvements to safeguards on the right to privacy. Following the revelation that Koukakis’s phone had been infected with spyware, it was revealed that he had also been wiretapped by the National Intelligence Service. Meanwhile, the government admitted that Androulakis had been placed under what they claimed to be legal state surveillance — yet they denied they used Predator. Since April 2022, the authorities have ordered at least three criminal investigations into the use of spyware. The third probe commenced after the Greek newspaper Documento published a list of high-profile individuals who were allegedly under state surveillance or had been targeted with Predator. In December 2022, Euractiv reported that investigative journalist Tasos Telloglou, who is conducting investigations into spyware use in Greece, was also under state surveillance for unknown national security reasons. In a parliamentary debate this week, Alexis Tsipras, the leader of the main opposition party Syriza, revealed the names of some individuals under state surveillance, listed in a report by the country’s telecom watchdog. A government minister and the chief of armed forces were included on the list. Despite the myriad allegations and public outrage, the Greek government continues to deny having ever purchased or used Predator spyware. Yet in December 2022, The New York Times revealed that the Greek government granted export licences for Predator to Intellexa, an Israeli-owned spyware company. Greek media outlets also reported on alleged links between state officials and the companies involved in the circulation of Predator.”

23. British Cyber Agency Issues Warning Over Russian and Iranian Espionage Campaigns

The Record reported on January 25th that “two separate but similar espionage campaigns from Russian and Iranian-linked groups have prompted a warning from Britain’s National Cyber Security Centre. In a document published on Thursday local time the NCSC warned how instead of sending surprise phishing emails, the hacking groups — identified as “Russia-based” SEABORGIUM and “Iran-based” APT42, or Charming Kitten — are contacting their targets in a benign fashion and attempting to build a rapport and a sense of trust. Only after this has been established do the groups attempt to dupe their victims into visiting a website which looks like the real sign-in page of a legitimate service, such as Gmail or Office 365, but is actually designed to harvest the target’s log-in credentials. Individuals working in “academia, defence, government organisations, NGOs, think-tanks, as well as politicians, journalists and activists,” are being targeted by the two groups. The attackers use “open-source resources to conduct reconnaissance, including social media and professional networking platforms” before reaching out. “Having taken the time to research their targets’ interests and contacts to create a believable approach,” the hackers start to build a rapport with their targets, often beginning “by establishing benign contact on a topic they hope will engage their targets,” NCSC said.”

24. Podcast: Spycraft 101: Thwarting Lenin’s Global Communist Plot with Giles Milton

On January 23rd Spycraft 101 published a new podcast episode. As per its description, “British MI6 agent Sir Paul Dukes, known as The Man of a Hundred Faces, is the only man ever knighted for his accomplishments in espionage. Dukes was an Englishman who lived and worked for nearly a decade in Russia as a musician and conductor before the Bolshevik Revolution. Both highly intelligent and a gifted linguist, he’d taken to writing his observations of the city for the Foreign Office, which brought him to the attention of the Secret Intelligence Service. After being recruited by the SIS, Dukes returned to Petrograd and undertook the mission of a lifetime. He was soon at the center of chaotic events as the new government under Lenin fought against the White armies attempting to depose them. Dukes stayed one step ahead of the Red Guards and secret police by constantly switching identities, building networks of agents, and recruiting couriers to smuggle messages out of the country. The information he gathered was of the highest quality imaginable. Dukes was joined in Russia by some of the most colorful and capable men in the history of espionage: George Hill, who carried a sword cane everywhere he went, and used it to deadly effect one night on the streets of Petrograd; Oswald Rayner, the man who may have killed Rasputin himself; Captain Nathaniel Cromie, who died in a gunfight when Red Guards attacked the British consulate; Arthur Ransome, the journalist and ardent communist who nevertheless put King and Country first; and the most famous of them all: Sidney Reilly, the Ace of Spies. All were directed from afar by the first chief of the Secret Intelligence Service, a man so secretive he was known to them only as “C”. Finally, when the danger to Dukes grew too great to be ignored, a hand-picked crew of sailors was sent to rescue him, navigating the mine-filled Gulf of Finland in a shallow-draft coastal skimmer. But after three failed rendezvous attempts, he successfully escaped on his own through Latvia and back to London in August 1919.”

25. Europe: Boom in Software Spying on Remote Workers, MEPs Hear

EUObserver reported on January 23rd that “companies are increasingly using software to spy on employees working remotely, Polish computer forensics analyst Maciej Broniarz told MEPs on Monday (23 January). “The market for highly intrusive spyware is snowballing,” Broniarz warned. Remote monitoring tools, also known as Bossware, has the potential to breach privacy of unsuspecting employees, he said. He said the issue of such software “may lead to comparable breaches in privacy that are very similar to those for example, Pegasus.” Pegasus was developed by the Israeli NOS group and sold to some governments, including in Europe, to fight terrorism or other serious crimes. Bu it has also been used against opposition politicians in Poland, journalists in Hungary, and some MEPs. Meanwhile, Bossware is allowing firms to digitally-track people — by taking screenshots or logging keystrokes without letting employees know. One study found that the global demand for employee-monitoring software increased by 58 percent March 2020 to September 2022, compared to 2019. A more recent survey in the US from last September said some 60 percent of companies with employees who work remotely are using monitoring software to track employee activity and productivity.”

26. Germany: Federal Authority in Contact with “Intellexa”

On January 26th the Tagesschau reported that “at least one federal agency is interested in spy software from the controversial Intellexa consortium. This is shown by research by SWR and “WELT”. The “Predator” software is said to have been used in the wiretapping scandal in Greece. After commercial spying and surveillance software was said to have been used against members of the opposition in several EU countries, an investigative committee of the EU Parliament has been dealing with the issue since March last year. A parliamentary investigation was launched in Greece after it became known that the conservative head of government had ordered several politicians and journalists to be monitored and spied on using the “Predator” spyware. The Greek investigators have searched numerous offices in this connection in recent weeks, and last week there was a first arrest. Behind “Predator” is a consortium of spy software providers called “Intellexa”. According to a 160-page draft report by the committee of inquiry, it has branches in Cyprus, Greece, Ireland and France, among other places. The company name appears on 22 pages in the document from last November.” Intellexa” was founded in 2019 by Tal Dilian in Cyprus. Dilian previously held several influential posts in the Israeli security and intelligence apparatus. On its website, the ‘Intellexa’ Alliance describes itself as an EU-based and EU-regulated company for the purpose of developing and integrating intelligence-enhancing technologies.” And it also states that “research by SWR and “WELT” now shows that the former secret service coordinator Bernd Schmidbauer apparently worked as a lobbyist and door opener for “Intellexa” at federal authorities. The former CDU politician recently made the headlines after the Wirecard bankruptcy. Information available to SWR and “WELT” shows that Schmidbauer was summoned to the Chancellery in August 2021 after his appearance in the Bundestag, which MPs described as “bizarre”. With a view to reporting, he was reminded of his continuing confidentiality obligations. After this appointment, the former secret service coordinator probably also acted as a representative for the products of the “Intellexa” group of companies. The research revealed that Schmidbauer contacted the President of the Federal Office for Information Security (BSI), Arne Schönbohm, who has since been fired, by telephone and email in November 2021 to arrange a meeting with the company “Intellexa”. After further mail traffic, which was forwarded to the responsible department in the BSI, it is said that a meeting never took place.”

27. Ukraine’s SBU Detained Russian FSB Agent in Odessa

On January 25th Ukraine’s Security Service (SBU) stated that they “detained a Russian agent who was “pointing” enemy missiles at Odessa energy facilities. The Security Service exposed another FSB agent during a special operation in Odessa. The henchman of the aggressor collected information about the placement of units of the Defence Forces and critical infrastructure facilities in the region. First of all, he tried to identify combat features of the Ukrainian air defense system. In addition, the agent was interested in the exact locations of local energy facilities. He kept the collected information on a flash drive, which he planned to hand over to a representative of the Russian intelligence service. He expected to receive up to 70,000 hryvnias per month from the enemy for carrying out enemy missions. If they received the intelligence, the invaders planned to use it to prepare and carry out a series of missile attacks on Ukrainian sites. However, the SBU officers prevented this plan — they exposed the intruder in a timely manner, documented his criminal actions and detained him. According to the investigation, the traitor turned out to be a local resident who was recruited by the FSB after the start of the full-scale invasion. He came to the attention of the occupiers because of his pro-Kremlin views, which he repeatedly expressed among those around him. To collect intelligence, he traveled to various districts of Odessa and the suburbs of the regional centre, where he took photos and videos of sites. During the search, a flash drive with evidence of subversive activity was found in the attacker’s possession.”

28. Avtandil Chkadua: “Kristine Takalandze was Charged with Espionage Illegally”

Following 2022 week 30 story #40, on January 25th Echo of the Caucasus reported that “the Supreme Court of Abkhazia is considering a criminal case on espionage for Georgia, initiated by the State Security Service against Georgian citizen Kristine Takalandze. She is accused of collecting and transmitting to the intelligence services of Georgia information that is a protected secret. The trial is being held behind closed doors. Her lawyer, Avtandil Chkadua, believes that the criminal case against Takalandze was initiated illegally, since there is no evidence of her guilt in the case file. In July last year, the State Security Service of Abkhazia detained a Georgian citizen Kristine Takalandze. She was born in Georgia, in the city of Zugdidi, she is 24 years old, lived in the village of Nabakevi, Gali district, she does not have Abkhaz citizenship. According to the State Security Service of Abkhazia, Kristine Takalandze, on the instructions of foreign intelligence, collected and transmitted to representatives of the intelligence services of Georgia information constituting state, military and other secrets protected by the law of Abkhazia. The prosecution believes that her activities created opportunities for the State Security Service of Georgia to use the transmitted information to damage external security, the constitutional order and the sovereignty of the Republic of Abkhazia.”

29. Turkish MIT Operatives Kidnap Two More People in Afrin, Syria

Following this week’s story #20, on January 25th ANF News reported that “the Turkish state intelligence kidnapped two people in Cindirêsê, in the province of Afrin. The two men have been named as Mihemed Reşid Hiso (32) and Ferman Eloş Sedo (28). There is no information about the fate of the two abducted people.”

30. Former Indian Spy Chief Calls for Talks with Pakistan, China

DAWN reported on January 23rd that “former Indian spy chief A. S. Dulat said on Sunday that India and Pakistan should resume talks to resolve a host of matters that trouble both sides, including terrorism and the Kashmir dispute. He also underscored the need to talk to China. Speaking at a literature festival in Jaipur, the former Research and Analysis Wing (RAW) chief said there was no need to scrap Article 370 of the Indian Constitution that gave special status to Jammu and Kashmir, saying there was nothing left in it and it was only a “fig leaf”. Mr Dulat was also of the view that “militancy” will continue to come down, but “terrorism will stay unless we sort it out with Pakistan” and batted for dialogue with Islamabad. “Pakistan has been an inherent part of Kashmir. Since 1947, what the government of India has been trying to do is to mainstream Kashmir and get Pakistan out of the Kashmiri minds. And I think we’ve succeeded to a very large extent.” He was in conversation with senior journalist Mandira Nayar about his latest book A Life in the Shadows: A Memoir, published by HarperCollins India.”

31. Podcast: Spycraft 101: The OSS, Uranium in the Congo, and the Atom Bomb with Kathryn Hogue

On January 26th Spycraft 101 published a new podcast episode. As per its description, “OSS agent Wilbur “Dock” Hogue served in the Belgian Congo for much of World War II. He was recruited for the apparent backwater posting, far from the front lines of the war, due to his fluency in French and his previous experience in West Africa, working for the Firestone Rubber Company. His first assignment with the OSS was to Liberia and the Ivory Coast in 1942, where he set up networks that would prove invaluable during the Allied invasion of North Africa. After a short return trip to the US to meet his son, who was born in his absence, Dock set off for the Belgian Congo. In the Congo his mission was altogether different, and unbeknownst to him, far more crucial to an Allied victory. There he replaced two previously-deployed OSS men, neither of whom had been up to the task, and had subsequently been recalled to the US. Perhaps as a sign of the anticipated lack of danger so far from the fighting in Europe, Dock’s issued sidearm for the mission was a single-shot .45ACP Liberator pistol. As it would later turn out, one shot was all he would need. Dock was there to set up a network of informants; to spy on enemy activity in the region, and to steal secret military and economic information whenever possible. But he was also given another top-secret mission: under the cover of investigating diamond smuggling, he was to learn if Germany was smuggling raw ore from the Shinkolobwe Mine. The ore itself was being purchased by US concerns from the Belgians. Though Dock had no idea at the time, shipping ore from the Shinkolobwe Mine to the US while keeping it out of German hands was of the utmost importance; the mine was the world’s richest source of a little-known and little-understood element called uranium. Along the way he would survive three separate attempts on his life as he unknowingly worked to help keep the atom bomb out of the clutches of Nazi Germany.”

32. Ukrainian SBU Detained Russian Agent in Luhansk

On January 26th Ukraine’s SBU announced that they “detained a Russian agent who was correcting missile strikes on Liman. The attacker turned out to be a local resident who, after the deoccupation of the city, established contact with the Russian intelligence services and offered them his help in the war against Ukraine. At the instruction of the aggressor, he collected information about the locations of bases and movements of units of the Defence Forces in the territory of the district. In addition, the attacker gave the occupiers the locations of local critical infrastructure facilities, including energy-generating enterprises, through his acquaintance, who lives in the temporarily captured part of Luhansk region and is in the field of view of the special services of the Russian Federation. The Rashists used the received information to carry out targeted missile strikes on the territory of the urban community. After shelling, an enemy henchman went to the area to record the consequences of air attacks and then “report” to the aggressor. SBU officers detained a Russian agent for another attempt to transfer intelligence via messenger. During the search, a phone with evidence of intelligence and subversive activities in favour of the aggressor country was found in the detainee’s possession.”

33. Like Intellexa, Merlinx Collaborates with Bangladeshi Intelligence

Intelligence Online reported on January 26th that “Israeli spyware firm Merlinx, acquired in 2021 by Israeli-US cloud data company OwnBackup, has been supplying its tools to Bangladesh’s intelligence service via Israeli-PC integrator Prelysis. Its rival Intellexa was exposed this month for doing business with the same service.”

34. Poland Urges EU to Regularly Publish Reports on “Russian Espionage”

Russia Today (RT) published this story on January 24th stating that “the Polish Institute of International Relations (PISM) calls on the European External Action Service to regularly publish reports on Russia’s “espionage activities” on the territory of EU member states. RT got acquainted with the report. “Despite the reduction in the number of intelligence officers working under diplomatic cover in 2022, Russia still has a huge potential for conducting espionage activities, also due to differences in the policies of EU member states,” the report of the Polish think tank notes. According to the authors of the document, “some member states, while pursuing a favourable policy towards Russia, do not take public action against its spies.” As PISM emphasises, this is due, among other things, to their assessment of security threats and the extent of economic ties with Russia. Thus, the authors call on the European External Action Service to regularly issue reports on espionage activities of third countries to inform European partners.”

35. Britain’s Cyber Intelligence Agency GCHQ to Start Search for New Director as Fleming Signals Departure

The Record published this article on January 26th stating that “GCHQ, Britain’s cyber and signals intelligence agency, is searching for a new director, following the announcement on Thursday that Sir Jeremy Fleming would be leaving. In a statement, the agency said: “In line with normal practice, there will be an internal civil service competition to identify a successor. Sir Jeremy and the Board will continue to lead and oversee work at GCHQ until the summer.” Fleming has been in the role as GCHQ head for almost six years, assuming the office in April 2017. His official page credits him with leading “a significant period of growth” at the agency — citing the opening of a new secure facility in Manchester, as well as the launch of the National Cyber Force. He also championed a “focus on diversity and inclusion.” Since the agency was founded in 1919 — initially under the name of the Government Code and Cypher School — it has had 16 chiefs, all of whom have been men. The Record’s sources, who are not directly involved in the recruitment process, said there is a feeling that the next director should be a woman. Officially, the director of GCHQ is appointed by the foreign secretary, although a recent rewrite of the recruitment process allows the prime minister to veto a proposed candidate and have the process re-run. The job listing is not publicly available but is circulated among a restricted group including senior intelligence community officials and police chiefs. GCHQ’s emphasis on diversifying its ranks under Fleming’s watch attracted politically-motivated criticisms of the focus as “woke” — including from government ministers. The United Kingdom’s security and intelligence agencies regard diversity as a competitive advantage over foreign adversaries.”

36. Podcast: SpyCast: “Code Name Blue Wren: Cuban Spy Ana Montes” — with Jim Popkin

On January 24th the International Spy Museum’s SpyCast published a new episode. As per its description, “she’s “the most famous spy no one’s ever heard of” — Why? Clouded by the tragedy of 9/11, Ana Montes was arrested on suspicion of espionage on September 21, 2001, as the Twin Towers smoldered. She had been spying for Cuba for almost two decades, sending secrets from the heart of American intelligence to Fidel Castro’s regime. This week, author and investigative journalist Jim Popkin joins Andrew to discuss Ana Montes’ story framed by his new book, Code Name Blue Wren: The True Story of America’s Most Dangerous Female Spy — and the Sister She Betrayed. Jim debriefs us on how Ana was recruited, how she gathered and sent secrets, and how she ultimately the net closed in on her. And… The timing couldn’t be better to discuss Ana Montes’ story. Ana was released from prison two weeks ago on January 6th after serving 21 of her 25-year prison sentence. Why has Ana been released while fellow spies who caused tremendous damage, Robert Hanssen and Aldrich Ames, remain incarcerated? Tune into this week’s episode to find out!”

37. New Indian Cyber Espionage Activity Detected

Cyber threat intelligence researcher Kimberly discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as BITTER, previously associated with the government of India. The operation involved a lure document titled “SUSPECTED FOREIGN TERRORIST FIGHTERS.chm” which, if opened, was covertly installing a custom cyber espionage software implant.

38. German Arrested for Allegedly Passing on Intelligence to Russia

Reuters reported on January 26th that “a German citizen was arrested at the Munich airport on suspicion of treason for allegedly colluding with an intelligence service employee to pass on intelligence to Russia, the prosecutor general’s office said on Thursday. The man, identified as Arthur E., was arrested on Sunday upon arriving in Germany from the United States, the prosecutor said in a statement. He is said to be an associate of Carsten L., an employee of the German foreign intelligence service (BND) who was arrested in December on suspicion of spying for Russia. Arthur E., who is not a German intelligence employee, is believed to have passed on to the Russian intelligence service information he had obtained from Carten L., according to the prosecutor’s statement. An arrest warrant had already been issued for Arthur E., who was brought before a judge of Germany’s top criminal court on Monday and remanded in custody, the statement added. The investigation was conducted it close cooperation with the BND and the U.S. Federal Bureau of Investigation (FBI), the prosecutor said.”

39. Turkey’s MIT Maps Out Intelligence Academy Plans

Intelligence Online reported on January 26th that “following the lead of a number of Western intelligence communities, Turkey is planning to open an intelligence academy, under the aegis of the MIT, headed by spymaster Hakan Fidan.”

40. Podcast: State Secrets: NATO’s Priorities for Intelligence and Security

On January 26th The Cipher Brief’s State Secrets podcast released a new episode. As per its description, “in one of his very first public interviews as NATO Assistant Secretary General for Intelligence and Security, David Cattler sits down with State Secrets host Suzanne Kelly to talk about one of the most trying times in the alliance’s 74 year history. The Russian invasion of Ukraine is re-shaping the alliance, and fueling expansion as NATO keeps a close eye on China’s global rise.”

41. Ukrainian SBU Uncovered Russian Penetration Among Its Ranks

With a formal announcement on January 26th Ukraine’s SBU stated that they “exposed another traitor in its own ranks: he collected data for transfer to the Russian intelligence services. The Security Service continues the systematic cleansing of its own ranks. The Main Department of Internal Security of the SBU, together with the SBU, exposed an officer of one of the units of the Service in the Zaporizhzhia region, who was conducting intelligence and subversive activities for the benefit of the Russian intelligence services. It was established that after the full-scale invasion, he began to covertly collect the identification data of his colleagues and secret information about the materials of the pre-trial investigation of high-profile cases. “Today, the Service works as a single team and does its utmost for the victory of Ukraine. And self-purification of our ranks from traitors is an important part of this process. I advise everyone to realize: the SBU is not a place for agents of the Kremlin and people who do not believe in the victory of Ukraine. If someone betrayed the oath and the Ukrainian people, he must answer according to the law,” stressed the head of the Security Service, Vasyl Malyuk.”

42. United Kingdom: Gavin Williamson and the Somaliland Massacre

Declassified UK published this story on January 24th. As per its summary, “former UK defence secretary faces criticism for his staunch support of a breakaway African republic, after its security forces killed 20 protesters.” Among others, it says that “UK’s ambassador to Mogadishu (Somalia’s capital) merely said she was “concerned about the violence in Laascaanood resulting in civilian deaths and casualties.” Britain’s representative to Hargeisa has not commented separately. Several soldiers are also seen in images from the incident, and it’s possible the UK trained their unit too. When Williamson visited Somaliland in 2019 as defence secretary, he appeared thrilled to meet its top army general. He was accompanied by Sir Mark Carleton-Smith, the then head of the British army and a former head of UK special forces. The following year, Lieutenant Colonel Huan Davies, Britain’s defence attaché in Mogadishu, went to Hargeisa to discuss increasing support for Somaliland’s military. The UK Ministry of Defence has previously paid Adam Smith International, a security consultancy, to train Somaliland’s military intelligence.”

43. Netherlands: Former AIVD Employee Convicted of Embezzlement

On January 24th De Telegraaf reported that “a former employee of the AIVD was sentenced on Tuesday by the court in Zwolle for embezzling over a hundred computers of the intelligence service. He was given an eight-month suspended prison sentence and 240 hours of community service.” As per the report, “the theft came to light when a private individual offered his computer to manufacturer Dell for repair. That computer was registered on paper as property of the AIVD. Through a series of intermediaries, the detectives arrived at 42-year-old IT employee Victor G. Between January 2019 and mid-October 2021, he allegedly stole the computers and screens from the AIVD building in Zoetermeer, where he worked at the time.”

44. United States: Police Contractor That Promised to Track Homeless People Hacked

The Motherboard published this article stating that “hackers have stolen more than 15GB of data from ODIN Intelligence, a law enforcement contractor which, among other things, recently had plans to track people experiencing homelessness with facial recognition. The cache includes a bevy of sensitive information, such as photos, reports, and other ODIN customer and internal data. In one directory called “gallery” are 5,900 files. These include images such as mugshots, people, homes, vehicles, and peoples’ tattoos. Some of the files include identifying information, such as the name of the person in the filename or identity and Social Security cards. Other files include field interrogation reports, and sex offender registration information. ODIN runs Sex Offender Notification and Registration (SONAR), a system used by local and state police for tracking sex offenders. The dump also included some polygraph reports, including of convicted sex offenders. One file contains what appears to be user login information. This includes two FBI email addresses.”

45. Australia Says It’s ‘Troubled’ by Delays in Writer’s Espionage Trial Verdict in China

Asahi reported that “a verdict in the espionage trial of Australian writer Yang Hengjun, detained by China since his arrest there four years ago, has been delayed until April, the seventh such delay, his supporters said on Thursday. Pro-democracy blogger Yang is an Australian citizen born in China who was working in New York before his arrest at Guangzhou airport in 2019, coinciding with deteriorating relations between Australia and China. A Beijing court heard Yang’s trial in secret in May 2021 and the case against him has never been publicly disclosed. Yang has denied working as a spy for Australia or the United States. “The Australian government is deeply troubled by the ongoing delays in his case. Since Dr Yang was detained, the Australian government has called for basic standards of justice, procedural fairness and humane treatment to be afforded to Dr Yang,” Foreign Minister Penny Wong said in a statement marking the fourth anniversary of his detention. Yang’s case, and that of detained Australian journalist Cheng Lei, tried in secret on national security charges in March 2022, are being closely watched in Australia as the two nations seek to improve diplomatic ties after a leaders meeting. The first consular visit since October to the two journalists detained in Beijing took place on Jan. 13, after the Australian government called for consular access to be restored. Chinese authorities had previously suspended visits citing COVID-19 restrictions. A verdict in Yang’s trial has been delayed by the court seven times, and his lawyer was told the deadline had been extended a further three months to April, his supporters told Reuters.”

46. New Videos by Former CIA Officer Jason Hanson

This week former CIA officer Jason Hanson published the following videos: 1) I Met 2 Hookers in an Elevator and Here’s What Happened, 2) Here’s Why I Hate Glocks, 3) Put This in Your Bug Out Bag.

47. Russian OSINT Firm Lavina Pulse Pursues Southeast Asian Conquest

Intelligence Online reported on January 23rd that “spearheading Moscow’s diplomatic and business push into Southeast Asia, Lavina Pulse, headed by former intelligence officer Andrei Masalovich, is prospecting in Indonesia.”

48. United Kingdom: MI6 Shuts Down a Spy School After Floor Plans to the Site Were Revealed in Council Blunder

Daily Mail reported on January 22nd that “MI6 has closed down a top-secret training facility after its location and floor plans were made public in a bureaucratic blunder. The discreet central London training centre had been used for many years to teach agents spycraft and self-defence. But it is now vacant and officers from the Secret Intelligence Service (SIS) are instead trained at another location, sources confirmed. The closure came after planning documents were published by bumbling council bureaucrats that revealed in detail a series of costly, new additions to the building, including five satellite dishes, high-tech security gates and a complex network of CCTV cameras. The Mail on Sunday knows the location of the building, but is not revealing it for security reasons. The white stucco-fronted building with Roman pillars is located in a well-heeled area of Westminster, sandwiched between multi-million-pound apartments. In the past, neighbours had complained the signal on their TVs and radios were being affected by ‘electromagnetic interference’ from the building. The documents further reveal MI6 received a stern email from Westminster planning chiefs after the satellite dishes were installed without permission ‘knowing that Government departments are immune’. The applications, which have been on the internet for almost a decade, were submitted under the name ‘Government Communications Bureau’ — shorthand for MI6. One request from 2017 refers to the building as ‘Government offices’. In perhaps an even bigger blunder, detailed plans for the spy training centre in central London have been available online since 2004 — while still in regular use by SIS officers — and are available to hostile foreign states. It is understood that MI6 decided to vacate the building for strategy and not security concerns. The Foreign Office did not comment.”

49. Greek Government in No-Confidence Vote Over Spying Scandal

On January 26th EUObserver reported that “in his office in Brussels, Greek Left MEP Stelios Kouloglou watches online as opposition leader Alexis Tsipras in Athens reads off a list of names that had been under surveillance by the Greek secret services. “It is a major development,” Kouloglou tells EUobserver on Wednesday (25 January). Moments later, Tsipras calls for a no-confidence vote on a government and its leadership under conservative prime minister Kyriakos Mitsotakis. The vote is set for Friday, in a move welcomed by Mitsotakis ahead of possible early elections later this year. “It is a good opportunity to compare what we have done during our four-year terms,” insisted Mitsotakis. Tsipras has accused Mitsotakis of being a “mastermind and chief behind this criminal network”, following revelations of state led surveillance against five top military officials and an energy minister. For Kouloglou, those named do not come as a surprise, noting they had been already leaked. “We know the names. We knew them, but now it is official,” said Kouloglou, who sits in as a substitute on the European Parliament’s Pega (short for Pegasus, the Israeli mobile phone spyware) surveillance inquiry committee. When Mitsotakis became prime minister, he moved the Greek state intelligence service EYP under his watch and remit. The scandal erupted last July when it was revealed attempts had been made to infect the phone of Pasok opposition leader Nikos Androulakis with Predator, a spyware capable of making recordings. Mitsotakis then admitted the EYP had monitored Androulakis but denied authorities ever used Predator. Greek authorities had also admitted snooping on Thanasis Koukakis, a Greek journalist. EYP chief Panagiotis Kontoleon resigned over the affair, posing questions on why journalists and political oppositions figures are being spied upon by the Greek state. “The minute I say that I’m going to stand for the socialist party, I suddenly realised that I’m a victim of phone hacking or wiretapping,” said Androulakis last year.”

50. Declassified U.S. Intelligence Documents Describe Taliban History with Illicit Narcotics Trade

Unredacted published this article on January 24th. As per its introduction, “this now-declassified DIA cable further stated that while the Taliban’s ban would likely reduce the worldwide opium production by at least 50%, the ban resulted in the quadrupling of the Afghan price for opium, morphine base, and heroin — which were previously at record lows. The cable explicitly states that one year after the ban the Taliban was still benefiting substantially from drug revenues, “… chiefly from its taxes on continuing narcotics trafficking and from Taliban-owned narcotics stockpiles, whose value has increased substantially.” The DIA cable also notes that the ban would likely not have an impact on the U.S. over the coming months, because its main heroin sources were from Southeast Asia and Latin America. While the Taliban never faced having to weigh its interests in extending the ban due to the U.S. invasion beginning in October 2001, the DIA cable notes all of the influences that the Taliban would likely weigh in the decision making processing, including the potential recognition from the international community, major narcotics traffickers’ reactions to an extension, the size of stockpiles, and the impact on their own finances.”

51. Podcast: Everyday Spy: How to Become Irresistible

On January 24th former CIA clandestine operative Andrew Bustamante published this new video. As per its description, “nobody likes being ignored, and yet we ignore most of the people we meet. Have you ever wondered why? In this episode, Andrew gives you the ultimate life HACK to capture and keep someone’s attention any time you want it. This is your chance to get into the mind of every client, customer, and date you want to win-over now and for the rest of your life.”

52. Investigating Havana Syndrome

Bradley Hope of The Brush Pass published this article on January 23rd. As per its introduction, “in 2016, U.S. diplomatic personnel, including undercover CIA officers, in Havana, Cuba, began reporting a series of extraordinary, and worrying, physical ailments. Affected individuals reported suffering extreme nausea, dizziness, headaches, and memory loss, among other symptoms. Many of the affected officials said they had heard an ear-shattering, high-pitched sound just prior to feeling ill. For some, these experiences have led to chronic crippling health problems. You’ll recall that, at first, the U.S. government tried to keep the investigation into these “anomalous health incidents” — colloquially known, now, as Havana Syndrome–under wraps. But the secret probe into these events soon leaked into the press. Were they some sort of attack by the Cubans, or perhaps another historical U.S. adversary, like Russia? Was there an environmental explanation for them? Or perhaps a psychogenic one? Eventually, examples of potential Havana Syndrome incidents mushroomed, with events reported in China, India, Europe–and even the U.S. itself.”

53. NGA TEARLINE: North Korea’s Tourism Industry: A Grand Initiative in Limbo

On January 25th Project TEARLINE of the US National Geospatial-intelligence Agency (NGA) released this new analysis. As per its overview, “North Korea’s tourism industry took a major hit in 2020 when the pandemic forced the country to close its borders. Once high-profile construction projects, such as the Wonsan-Kalma Beach Resort, were effectively halted as priorities shifted toward domestically oriented projects. Despite a slow reopening to trade in 2022, activity at the North’s key tourist sites remains largely unchanged. It may still be a while before foreign visitors are allowed back into the country, especially at pre-pandemic levels. Stepped-up attempts to finish major tourist projects could provide some indication of when that is expected. However, at this time, the resorts that were open before 2020 appear to still be in operation, but those that were under construction are no closer to opening.”

54. A Mural Dedicated to the Ace of Polish Intelligence from World War II has been Unveiled in Morocco

The Polish Wiadomości Onet published this story on January 24th saying that “in Morocco, a huge mural with the image of Major Mieczysław Słowikowski, an officer of Polish intelligence, was unveiled on Monday in Morocco, thanks to which the landing of the Allied forces in North Africa in 1942 was possible. The mural was inspired by the Polish Embassy in Rabat. The 35-metre mural was painted on a building in the centre of Kenitra, a town about 40 km from Rabat. The mural is dedicated to Operation “Torch” — the landing of American and British troops in Morocco and Algeria on November 8, 1942, and to the Polish intelligence ace, Major Słowikowski “Rigor”, which led to the success of this operation.”

55. Ukrainian GUR: Russian Space Intelligence is Collapsing Under the Influence of International Sanctions

On January 24th the Ukrainian military intelligence (GUR) announced that “sanctions are already gouging out the enemy’s “eyes”. In the closed city of Zheleznogorsk (Krasnoyarsk Territory, Russian Federation) there is a strategically important enterprise of the defence industry called “Information Satellite Systems named after Academician M. F. Reshetnev”. According to the information of the military intelligence of Ukraine, at its facilities, Russian designers and scientists, among other things, are developing the so-called “big eyes” — means of conducting space reconnaissance, in particular: “Repey” — a project of a promising high-orbital system for conducting radio-electronic intelligence; “Geracle-KV” — the project of the complex of the global space command-relay system; “Sphere” is a project of the unified satellite communication system of the 3rd stage. The key elements of the listed projects are space vehicles, the production of which has de facto stopped due to an acute shortage of electronic components of both foreign and Russian production. It is about the absence of hundreds of thousands of equipment elements for space modules. As a result, the planned deadlines for the completion of scientific and research works of the specified space intelligence complexes were disrupted and “postponed” for several years: the “Repey” project — from 2022 to 2024; the “Geracle-KV” project — from 2023 to 2025; the Sphere project — from 2025 to 2027. After the full-scale invasion of Russia into Ukraine, the joint-stock company “Information Satellite Systems named after Academician M. F. Reshetnev” came under international sanctions. Due to sanctions and mobilisation, several more branches of the Russian economy will soon be at risk of ceasing to exist.”

56. United States: General Nakasone, NSA General Counsel Engage in FISA Section 702 Forum

Following week 2 story #64, on January 26th the NSA announced that “as part of a virtual roundtable discussion with the Privacy and Civil Liberties Oversight Board (PCLOB), GEN Paul M. Nakasone, Commander, USCYBERCOM, Director, NSA/Chief, CSS, recently provided keynote remarks to help inform the panel and discussions surrounding the forthcoming congressional debates on whether to renew FISA Section 702 in December. The collection authority FISA Section 702 was created in part to address a rapidly changing communications and technology landscape. Many of the Nation’s most critical foreign intelligence targets located outside of the United States use U.S. infrastructure and services to communicate. FISA Section 702 authorities allow the Agency to collect intelligence on some of the highest-priority foreign intelligence targets. “FISA Section 702 is irreplaceable,” GEN Nakasone said. “It is focused and limited, yet agile enough to address national security threats in an ever-changing technological and threat environment.” The Director explained that since FISA Section 702 was enacted in 2008 to counter foreign terrorist threats in the aftermath of 9/11, the national security threat environment has evolved substantially. “Our focus has shifted from counterterrorism to strategic competition,” he explained. “In the two decades since 9/11, we have seen the People’s Republic of China evolve as America’s primary geopolitical challenge.” GEN Nakasone outlined how FISA Section 702 has helped the U.S. Government understand the strategic intentions of the Peoples Republic of China (PRC), Russia, Iran, and the Democratic People’s Republic of Korea. He also shared that the U.S. Government was able to identify multiple foreign ransomware attacks on U.S. critical infrastructure using FISA Section 702 data. “This intelligence positioned the government to respond to and mitigate these events, and in some instances prevent significant attacks on U.S. networks,” he said.”

57. French Domestic Intelligence Service keeps Ukrainian Community in France Under Surveillance

Intelligence Online published this article on January 23rd stating that “France’s domestic intelligence service, the DGSI, is taking a close interest in the Ukrainian community in Paris. Tips provided by some members of the community are providing it with knowledge on Ukraine as well as counter-intelligence data.”

58. Did Mexico’s Top Cop Play a Role in the Killing of a DEA Informant?

The Intercept published this story saying that “for the Beltrán-Leyva Organization, one of Mexico’s most notorious cartels, collecting cocaine from their Colombian suppliers was supposed to be a straightforward process. The Colombians would travel to international waters near Mexico, where they would meet Beltran-Leyva powerboats and submarines. The cocaine haul was loaded onto Mexican cartel vessels and brought to shore. For years, everything worked smoothly. Then something went wrong. Between 2007 and 2008, for a period of six to seven months, the powerboats and submarines were intercepted by U.S. officials. The cocaine was confiscated by the Drug Enforcement Administration, leaving the Beltran-Leyva Organization and the brothers at its helm without their precious supply. The brothers were certain: There had to be a snitch. Arturo Beltrán Leyva, the leader of the group, ordered his lieutenants to root out the leaker, and sought the help of corrupt, high-level Federal Police officials. The Mexican officials arrived at a meeting with the narcos, holding a cardboard binder with a photograph and the identity of the snitch: a Colombian man working as a DEA informant. Enraged, Beltrán Leyva ordered the informant be kidnapped, tortured, interrogated, and killed. As with many of his diktats, Beltrán Leyva’s orders were followed to a T. According to testimony in an American court, one of the key, yet little noted, figures implicated in the killing was a top-ranking Mexican security official: Genaro García Luna. A so-called architect of the drug war, García Luna oversaw the Federal Police, prisons, and a vast intelligence network as President Felipe Calderón’s secretary of public security. Not only was he Calderón’s right-hand man, but Washington also viewed García Luna as its trusted ally in the fight against drug trafficking.”

59. CNN: Man Escapes Feared Russian Agency, Reveals What Russian Spies are Saying

On January 25th the CNN published this video with its description stating that “CNN’s Melissa Bell speaks with two defectors from the FSB, Russia’s federal security service, and reports on the danger they now face for speaking out against Vladimir Putin.”

60. Sweden: Imprisonment for Serious Unauthorised Occupation with a Secret Mission

On January 25th the Swedish Security Service (SÄPO) announced that “on January 25, Göta Court of Appeal sentenced a man to two years in prison for gross unauthorised position with secret information. The Security Service has conducted the preliminary investigation. The man is convicted of illegally disseminating secret and sensitive information about a large number of defence facilities. The Örebro District Court’s previous judgment is thereby confirmed. In the past, several other people have been charged with this type of crime.”

61. United States: NSA Launches Unprecedented Hiring Effort in 2023

On January 24th the NSA issued this press release stating that “seeking to grow its workforce in 2023, NSA is undertaking one of its largest hiring surges in 30 years with openings for over 3,000 new employees. NSA’s unique foreign signals intelligence and cybersecurity missions offer U.S. citizens extraordinary opportunities to serve in a wide variety of skill fields including computer science, cybersecurity, math, data science, engineering, intelligence analysis, language analysis, communications, business and accounting. Opportunities are available for entry, mid, and senior level professionals. “As NSA shifts to an era of strategic competition, it is critical that we’re able to build and sustain the diverse and expert workforce we need to continue working our missions,” said NSA Executive Director Catherine Aucella. NSA is committed to its world-class workforce and provides benefits and opportunities that foster both career development and work-life balance. Along with a generous federal benefits package, including retirement and paid time off, NSA also offers relocation assistance, robust well-being services, and extensive development opportunities such as college tuition assistance programs, professional training programs, and the opportunity to attend the National Cryptologic University.”

62. France Urges Release of 7 Nationals Imprisoned in Iran

The Daily Mail reported on January 26th that “France on Thursday called for the “immediate release” of seven French nationals detained in Iran, denouncing an “unjustifiable and unacceptable” situation. The French “hostages” in Iran include 35-year-old Louis Arnaud, foreign ministry spokesperson Anne-Claire Legendre said. Arnaud was arrested Sept. 28 as he was traveling in Iran “for touristic reasons,” Legendre said. He is being detained in “very difficult conditions” in Tehran’s Evin prison, where France´s ambassador to Iran met with him on Dec. 11, she said. The French government had not previously made Arnaud’s name public, Legendre said. Foreign Minister Catherine Colonna discussed the detained French nationals in a phone call with Iranian Foreign Minister Hossein Hossein Amirabdollahian, the French Ministry for Europe and Foreign Affairs said. “We are especially worried about Bernard Phélan given his health condition,” Legendre said. The foreign ministry has said the French-Irish citizen, who has been detained in Iran since October, needs “appropriate medical care that is not provided” in prison. Iran has detained a number of foreigners and dual nationals over the years, accusing them of espionage or other state security offenses and sentencing them after secretive trials in which rights groups say they are denied due process.”

63. United States: National Counterintelligence and Security Center Director Offers Insight into Counterintelligence Threats

Clearance Jobs published this article on January 24th sharing a webinar recording, stating that “ClearanceJobs was delighted to host a recent webinar with current director of the National Counterintelligence and Security Center, Michael Orlando.”

64. Documentary: True Life Spy Stories: How a CIA Spy’s Deadly Dance with the KGB Ended in Tragedy

On January 22nd Philip Thompson published this new video. As per its description, “this is the story of Alexander Dmitrievich Ogorodnik, a mid-level Soviet diplomat turned CIA spy. Ogorodnik was a Soviet diplomat who was recruited to spy on the Soviet Union while stationed in Bogotá, Colombia. Codenamed Agent Trigon, he was later transferred to the Soviet Foreign Ministry in Moscow where he photographed secret diplomatic cables and requested a suicide pill from the CIA in case he was caught. His handler, Martha ‘Marti’ Peterson was the first female CIA case officer to operate within Moscow. At the height of the Cold War, she had the daunting task of running one of the CIA’s most valuable spy prospects. Ogorodnik was ultimately betrayed by a CIA translator and arrested by the KGB.”

65. Ukrainian GUR: There are Almost 6,000 Russian Military Personnel on the Territory of Belarus

On January 25th Ukraine’s military intelligence (GUR) announced that “Vadym Skibitskyi, a representative of the Main Directorate of Intelligence of the Ministry of Defence of Ukraine, stated this on the air of the national telethon. “Today, on the territory of Belarus, the ground component consists of 5,800 military personnel. The second mechanized division has now moved to the territory of Russia, including already entered the territory of Ukraine. This is Luhansk region. Currently, units of the sixth division, units of the territorial troops are entering there for training. This is a completely different contingent that was at the beginning of the aggression. There is no powerful aviation component there, despite the training, there is no powerful missile component there, there are no airborne troops,” Vadym Skibitskyi said. According to a representative of military intelligence, today there is one “Iskander” division, S-300, S-400 anti-aircraft missile systems and three MIG-31 aircraft on the territory of Belarus.”

66. North Korean Cyber Actor Responsible for Harmony’s Horizon Bridge Currency Theft

On January 23rd the United States FBI issued this press release stating that “the FBI continues to combat malicious cyber activity, including the threat posed by the Democratic People’s Republic of Korea (DPRK) to the U.S. and our private sector partners. Through our investigation, we were able to confirm that the Lazarus Group (also known as APT38), cyber actors associated with the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge reported on June 24, 2022. FBI Los Angeles and FBI Charlotte — in coordination with the FBI’s Cyber Division, the United States Attorney’s Office for the Central District of California, the United States Attorney’s Office for the District of Columbia, the National Cryptocurrency Enforcement Team, the National Security Division’s Counterintelligence and Export Control Section, and the FBI’s Virtual Assets Unit — continue to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs. On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of ethereum (ETH) stolen during the June 2022 heist. A portion of this stolen ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC).”

67. French DGSE’s Real Estate Business

On January 25th the French DGSE published a recruitment post and video about a lesser known part of the agency, that responsible of the agency’s overt and covert facilities. As per the article, “the staff and activities of the DGSE are increasing and our equipment must evolve rapidly. Thanks to our integrated service, we ensure the design, construction and maintenance in operational conditions of our sites in France and abroad. At each of these steps, we need your energy! You work in one of these specialties: the construction and rehabilitation of buildings, site maintenance and upkeep, the operation of industrial works, estate and heritage management, commitment to sustainable real estate.”

68. Podcast: Intelligence Matters: Understanding Electronic Surveillance with NSA’s Former Top Lawyer

On January 25th CBS News Radio’s Intelligence Matters published this new podcast episode. As per its description, “in this episode of Intelligence Matters, host Michael Morell speaks with Glenn Gerstell, former general counsel at the National Security Agency, about how and when the NSA is authorized to use electronic surveillance to collect intelligence on foreign targets. Gerstell offers a detailed explanation of the origins and evolution of the Foreign Intellingence Surveillance Act (FISA) and the statute, most commonly referred to as Section 702, that allows electronic surveillance using U.S. electronic communications service providers. He and Morell walk through the legal limitations put forth in the statute and the debate currently surrounding its reauthorization by Congress.”

69. Former CIA and US Military Intelligence Observation Post in Germany

Le Cueilleur published this Twitter thread on January 23rd stating that “former CIA and US military intelligence observation post at Friedrichstraße 206 next to Checkpoint Charlie in (West) Berlin. Quick coffee at the Cafe Adler, then up to the 3rd floor and under the roof for surveillance? This is roughly how one could imagine the work of the US intelligence services in the building. Of course, it was not like that. If you wanted to get to the upper floors, you had to go through a security gate. Everything was strictly shielded from the lower floors and for good reason. After the Wall was built (1961), CIA and military intelligence moved into the upper floors — with a direct view of the border. The border crossing at Friedrichstraße became a bottleneck for espionage in the East. Anyone who wanted to cross from either side was watched very closely. The building was an ideal place — a contact point and monitoring centre. Long-range binoculars, directional radio and observation technology was used. Across the street, the Stasi and the KGB also set up hidden observation posts.”

70. Russian FSB Declassifies 1945 Document from the Auschwitz Concentration Camp

On January 26th the Russian FSB announced that “on the occasion of the next anniversary of the liberation of the Auschwitz concentration camp by the Soviet troops on January 27, 1945 (the day of the liberation of the camp was established by the United Nations as the International Day of Remembrance of the Victims of the Holocaust), the Centre for Public Relations of the FSB of Russia publishes on the official website of the department in the area of “Archival materials” of the section “History” materials containing essay by a former prisoner of the concentration camp Gavrish P. L., written at the suggestion of Smersh operatives of the 13th Army of the 1st Ukrainian Front.”

71. United Arab Emirates: Royal Technology Solutions, Tahnoon bin Zayed’s Personal Cyber Integrator

On January 25th Intelligence Online published this article saying that “
National Security Adviser Tahnoon bin Zayed is strengthening his capacities via his firm Royal Technology Solutions by hiring cyber intelligence experts experienced in dealing with Emirati state entities. Tahnoon bin Zayed Al Nayhan, the brother and national security adviser of the Emirati president Mohammed bin Zayed Al Nahyan (MbZ), is streamlining the restructuring of those United Arab Emirates’ state cyber intelligence entities that he is responsible for while strengthening his own capacities. Royal Technology Solutions (RTS), an offshoot of the conglomerate Royal Group, part of his personal holding company International Holding Co (IHC), has been busy recruiting former DarkMatter executives. RTS, an integrator of cyber solutions active since 2010, poached several staff from local firm Connection Systems, many of whom previously worked for DarkMatter. According to the US news site The Intercept, this company was founded by DarkMatter’s former CFO, Samer Khalife, to rehouse its US staff after revelations about its ties to the US government. Connection Systems appears to have closed last year. Some of its staff returned to the job market, and its website and phone number are no longer operational.”

72. Documentary: The Spy In the Duffelbag: The Suspicious Demise of Gareth Williams

On January 23rd Dreading — Crime & Psychology published this documentary about the story of Gareth Wyn Williams (1978–2010). As per Wikipedia, “Gareth Wyn Williams (26 September 1978 — c. 16 August 2010) was a Welsh mathematician and Junior Analyst for GCHQ seconded to the Secret Intelligence Service (SIS or MI6) who was found dead in suspicious circumstances at a Security Service safe house flat in Pimlico, London, on 23 August 2010. The inquest found that his death was “unnatural and likely to have been criminally mediated.” A subsequent Metropolitan Police re-investigation concluded that Williams’s death was “probably an accident”. Two senior British police sources have said some of Williams’s work was focused on Russia — and one confirmed reports that he had been helping the US National Security Agency trace international money-laundering routes that are used by organised crime groups including Moscow-based mafia cells.”

73. Chinese National Who Enrolled in US Army Reserves Sentenced to 8 Years for Spying

As reported by Fox News on January 26th “a Chinese national who enlisted in the U.S. Army Reserves has been sentenced to eight years in prison after being found guilty of spying in a scheme “to obtain access to advanced aerospace and satellite technologies being developed by companies within the U.S.,” the Justice Department says. Ji Chaoqun, 31, was handed the punishment Wednesday after an Illinois jury convicted him last year on numerous counts, including acting as an agent of the People’s Republic of China without first notifying the Attorney General. The Justice Department says Ji, who lived in Chicago, provided biographical information on certain U.S.-based individuals to a Chinese intelligence officer in hopes of recruiting them as spies. “The individuals included Chinese nationals who were working as engineers and scientists in the United States, some of whom worked for U.S. defense contractors,” the Justice Department said in a statement. “This tasking was part of an effort by the Jiangsu provincial department to obtain access to advanced aerospace and satellite technologies being developed by companies within the U.S.” Officials said in 2016, “Ji enlisted in the U.S. Army Reserves under the Military Accessions Vital to the National Interest (MAVNI) program, which authorized the U.S. Armed Forces to recruit certain legal aliens whose skills are considered vital to the national interest.” The Justice Department said on two occasions, Ji failed to disclose his contact with a foreign government.”

74. United States: Former CIA Chief Writes Truth-based Fiction

The Observer reported on January 26th that “Ralph Hughes’ life versus his writing could be a case of the truth being stranger than fiction. And it’s going to have to stay that way, because, well, the truth is secret. The Harbourside resident wrote two spy novels, and Central Intelligence Agency reviewers read both before they could go to print. “I spent 27 years in the CIA as a Chief of Station in charge of all the Arab countries for a while, so I know a lot about CIA operations,” Hughes said. “Since I couldn’t tell my own stories because they’re classified, I decided to write fiction.” Hughes began his adult life with a football scholarship to the University of Nebraska. But after only a year, he’d suffered shoulder and knee injuries. When told they’d take a few years to heal, he dropped out and took the exams for the military’s Officer Candidate School. “My company commander came to me and said, ‘Some civilians want to talk to you.’ To make a long story short, the next thing I knew, I was in the CIA on my way to (Iraq),” Hughes said. “I spent my entire military career as a civilian. As far as the Army was concerned, I was stationed in Arlington (Virginia), but I was really in (Iraq).” The long story is that Hughes spent three years in the military and then went back to Nebraska, not to play football, but to earn his degree as a certified public accountant and go on to law school. The goal was to become a tax attorney, but as CPA offers started rolling in, he was looking back at the CIA instead of forward to law school. The first time around, things went so quickly, Hughes was taking a polygraph test with no idea why. The second time, he knew he was applying to the CIA, but had to wait on a six-month background check. The CIA was interested in Hughes because his military testing revealed an innate language ability. Only an English speaker at the time, he went on to be fluent in Arabic, Turkish and French. Hughes studied Arabic at the Foreign Service Institute. Normally a two-year program, he finished in a little over a year. While in Tehran, Hughes picked up Farsi with no formal training. He doesn’t claim to be fluent in Farsi, but he was able to learn the basics through conversation. He can also speak conversational Russian.”

75. Oman’s Spymaster Mohammed Al Numani Marks Turf as Mediator in Yemen Talks

On January 27th Intelligence Online published this article saying that “as the conflict in Yemen enters its eighth year, Muscat, with strong support from Washington, is trying to hold on to its role as chief mediator, to the annoyance of Riyadh which would like to steer the process.”

76. Webinar: Difficult Decisions: Eisenhower and the Rosenberg Case

On January 27th IkeLibrary published this new webinar. As per its description, “in 1950, Truman administration officials arrested Julius and Ethel Rosenberg for conspiracy to commit espionage. Specifically, the serious charges concerned passing information about the atomic bomb to the Soviet Union and thereby causing the Korean War. Upon his inauguration in January 1953, Dwight Eisenhower inherited both the unpopular war and the problematic case. While he managed to bring the war to a close, the president struggled to manage the global image of the United States concerning the Rosenbergs. He had two opportunities to weigh in on whether Julius and Ethel would live or die. How he grappled with this case provides a fascinating lens into Eisenhower’s presidential decision-making process. Lori Clune is Associate Professor of History at California State University, Fresno. She is author of Executing the Rosenbergs: Death and Diplomacy in a Cold War World (Oxford University Press, 2016). Clune has written numerous articles and book chapters concerning propaganda, communism, and the 1950s. She has also written for Made By History at the Washington Post, History News Network, Passport, and H-Diplo. She has given numerous interviews and invited talks, including at the Department of Justice, International Spy Museum, and Tamiment Library. She is a member of the OAH and SHAFR, where she is also the Director of Secondary Education. Clune earned her doctorate at University of California at Davis, and her master’s degree from New York University. She is working on a project that explores the American experience during the Korean War.”

77. Denmark’s Agencies Silent on ‘Spy’ Sent to Syria

Borneo Bulletin published this article on January 27th saying that “Spanish courts said Ahmed Samsam (AFP, pic below) fought for Islamic State (IS) but from his prison cell he insists he worked undercover for Denmark’s spy agencies which have left him high and dry. The affair is increasingly embarrassing for Denmark’s intelligence services and the government has repeatedly rejected calls for an inquiry. Samsam said he was working for Denmark’s secret service PET and military intelligence service FE in Syria in 2013 and 2014, spying on foreign extremist fighters. Several investigations by Danish media have backed him up, concluding the 34-year-old Dane of Syrian origin never joined IS. But the two intelligence agencies have refused to say whether he was working for them. Samsam, who has a long criminal record, travelled to Syria in 2012 of his own accord to fight the regime. Danish authorities investigated him after his return but did not press any charges. He was then sent to the war zone on several occasions with money and equipment provided by PET and later FE, according to Danish media outlets DR and Berlingske. They based their reports on anonymous witnesses and money transfers wired to Samsam. In 2017, threatened by Copenhagen thugs in a settling of scores unrelated to his trips to Syria, Samsam headed to Spain. There, he was arrested by Spanish police, who were surprised to find pictures of him on Facebook posing with the IS flag. Samsam was sentenced the following year to eight years in prison for having joined IS.”

78. Video: C-SPAN: United States Director of National Intelligence Haines on Classified Information

C-SPAN published this recording on January 26th. As per its description, “Director of National Intelligence Avril Haines delivered keynote remarks on classified information and Democracy at the Lyndon B. Johnson Presidential Library in Austin, Texas.”

79. Spy Way of Life: The Fitzroy Tavern in London, UK

This week’s selection for Intelligence Online’s Spy Way of Life was “the Fitzroy Tavern, a London pub where corporate investigators spend a happy hour.” As per the article, “this week, Intelligence Online explores a typical London pub, The Fitzroy Tavern, which has gradually become a favourite drinking hole of corporate investigators in the capital and further afield.”

80. South Korea: Yoon Hints at Objection to Changing Spy Agency’s Role

On January 27th The Korea Times reported that “President Yoon Suk Yeol on Thursday hinted at his objection to the scheduled transfer of the investigative jurisdiction of espionage cases to the police from the National Intelligence Service (NIS) next year. The issue has come to the fore in South Korea due to the unique nature of its spy agency. Most foreign espionage organizations usually collect information regarding foreign countries and their citizens. But the NIS has the authority to investigate South Korean nationals who are under suspicion of engaging in espionage activities especially for North Korea. Conservatives want the NIS to retain that role, citing the threat of North Korean spies, while progressives want the agency to focus instead on intelligence-gathering overseas and let the police handle domestic investigations. The NIS and police are currently investigating allegations that underground civic groups in Jeju and Changwon, South Gyeongsang Province were instructed by a North Korean spy, known as Kim Myong-song, to stage anti-U.S. and anti-Yoon Seok Yeol protests. Also, counter-espionage authorities on Jan. 18 raided multiple offices of the Korean Confederation of Trade Unions, one of the largest umbrella unions in South Korea, on suspicions that former and incumbent senior officials of the union may have formed affiliations with North Korea’s Workers’ Party Cultural Exchange Bureau ― an espionage department that recruits South Korean sympathizers to Pyongyang. Counter-espionage authorities believe that those involved in the cases contacted North Korean spies in foreign countries, such as Cambodia. Against this backdrop, calls have been growing within the ruling party that the NIS should retain its anti-espionage investigative function, pointing out that the police lack an overseas anti-espionage intelligence network. During a luncheon with ranking members of the ruling People Power Party (PPP), Yoon was quoted as saying that investigations into espionage cases require law enforcement agencies to have an overseas network, so the scheduled transfer of investigative jurisdiction has some issues to be further discussed. This is the first time that the president mentioned the investigative jurisdiction of espionage cases.”

81. Norwegian Lies Caught Red-Handed

According to TFI Global news from January 26th “the US and its allies are at work to destroy the Russian mercenary group Wagner. A man who claims to be a former fighter of Russia’s Wagner group has been given asylum by Norway. Andey Medvedev illegally crossed the border into Norway seeking protection from Putin’s regime. Medvedev has accussed the Wagner group of brutality and added that Russian prisoners have been recruited without their consent to fight in Mocsow’s wars. The news brings up a lot of suspicions. To conclude, that this man is a NATO mole in the Wagner group. His mission was to document their strategy and future plans since it was impossible to place a mole in the impregnable Russian Army. Wagner is an easy target but why Norway? Because unlike other Western countries which are quite active in circulating propaganda against the Kremlin, Norway is a neutral nation.”

82. United States: FBI Director Chris Wray Says People with Access to Classified Information Need to be More ‘Conscious of the Rules’

CNN reported on January 26th that “FBI Director Christopher Wray on Thursday addressed the ongoing controversies about classified documents, saying that people with access to those materials need to be more “conscious of the rules.” “Obviously I can’t comment on any specific investigation, but we have had, for quite a number of years, any number of mishandling investigations,” Wray told reporters during a Justice Department news conference where it announced the takeover of the so-called Hive ransomware group. “That is, unfortunately, a regular part of our counterintelligence division, counterintelligence programs work,” Wray added. “And people need to be conscious of the rules for classified information and appropriate handling of it. Those rules are there for a reason.” Attorney General Merrick Garland repeatedly declined to comment on the investigations into classified documents found in the homes of President Joe Biden and former President Donald Trump. “I’ll say as a general matter that people we chose as a special counsel are experienced prosecutors with experience in the Justice Department,” Garland said. “They know how the Justice Department work’s, they know what the department’s practices are, and I’m fully confident that they will resolve these matters one way or the other in the highest traditions of the department.” Garland appointed Jack Smith as a special counsel to investigate Trump’s handling of classified information in November, and Robert Hur as a special counsel to investigate Biden’s handling of classified documents. The attorney general has not said whether he plans to appoint yet another special counsel to investigate classified documents found in former Vice President Mike Pence’s Indiana home.”

83. How Turkey Pursues Dissident Exiles Like Me All Over the World

The Washington Post published this article on January 23rd. It’s written by “Can Dündar is a Turkish journalist residing in Germany” and it says that “as a child watching American Westerns on Turkish television, I saw “Wanted” posters portraying vicious outlaws with a price on their heads. On the last day of 2022, at the age of 61, I found my own name and photo on such a display: the “Terrorist Wanted” list on the website of the Turkish Ministry of the Interior. Like an Old West poster, it offered a reward: up to 500,000 Turkish lira — approximately $27,000 — for information that would lead to my capture. What could I have done to deserve this sudden infamy? For the past six years I’ve lived in Germany, working as an independent journalist online and on the radio. A note below my name linked me to Fethullah Gulen, a religious cleric residing in Pennsylvania, who is accused of masterminding a coup attempt against Turkish President Recep Tayyip Erdogan in 2016. I’ve never set eyes on the man. Here’s the real reason I assume I was on the list. In 2015, when I was editor in chief of the Cumhuriyet newspaper in Istanbul, we published a report, including photographs and video, on the Turkish intelligence agency, MIT, illegally shipping weapons to Islamist militants in Syria. Erdogan said the reports revealed a “state secret” and told state-run TV, “The person who wrote this story will pay a heavy price for it; I won’t let him go unpunished.” Give him credit: He kept his word. I was arrested six months after that article appeared and kept in pretrial detention for 92 days. Freed by the constitutional court pending a trial, I was able to leave Turkey — and after an attempted military coup in 2016, I decided not to go back. A few years later, a Turkish court sentenced me, in absentia, to more than 27 years in prison for obtaining and publishing state secrets. Meanwhile, the government confiscated everything I owned. By adding my name to a terrorist list six years later, Erdogan is threatening me again. This is what has been happening to exiled opponents of the Turkish regime all over the world. Erdogan is attempting to either kidnap them and bring them back to Turkey, or punish them where they live, to which ends he deploys his intelligence agency, thugs operating illegally outside the country — or even diplomacy.”

84. Video: VICE Investigators — The US Soldiers Leaking Nuclear Secrets

On January 23rd VICE News published this video investigation. As per its description, “US nuclear weapons are stored across Europe but their presence is neither confirmed nor denied, so Foeke Postma from Bellingcat went looking for them. Along with Editor Maxim Edwards, they discovered that US soldiers had been leaking highly confidential locations of these nuclear weapons via flashcard apps, for years and years as well as hundreds of other secrets that were not meant to be in the public domain at all. It has been described as “one of the most monumental security breaches” in recent years. And all of it was online and available at the click of a button. This is the story of this unique investigation, conducted entirely through open source techniques, harnessing the power of google searching and social media stalking to expose a massive failure of the US military.”

85. Russia: Veteran Spy Vladimir Bulavin Heads Customs Service Caught Between War Economy and Internal Feuds

On January 27th Intelligence Online reported that “the Federal Customs Service plays a key role in Russia’s security, with its intelligence services and defence industry partners. The service has become even more central to the state as it deals with sanctions and transitions to a war economy. FTS head and veteran spy Vladimir Bulavin must also contend with a long-standing rivalry with the FSB.”

86. Inside the Extramarital Affair and Cash-fueled Double Life of Charles McGonigal, the FBI Spy Hunter Charged with Taking Russian Money

On January 27th Business Insider published an exclusive story, follow up of this week’s story #1. As per the article, “one morning in October 2017, Allison Guerriero noticed something unusual on the floor of her boyfriend’s Park Slope, Brooklyn, apartment: a bag full of cash. There it was, lying next to his shoes, near the futon, the kind of bag that liquor stores give out. Inside were bundles of bills, big denominations bound up with rubber bands. It didn’t seem like something he should be carrying around. After all, her boyfriend, Charles F. McGonigal, held one of the most senior and sensitive positions in the FBI. “Where the fuck is this from?” she asked. “Oh, you remember that baseball game?” McGonigal replied, according to Guerriero’s recollection. “I made a bet and won.” McGonigal had two high-school-age children and a wife — or “ex-wife” as he sometimes referred to her — back at home in Chevy Chase, Maryland. He would return there once or twice a month. But McGonigal had led Guerriero to believe that he was either divorced or soon would be. She didn’t question his story, nor did she question the story about the bag full of cash. A few days before, Guerriero had sat on the couch with McGonigal in the one-room garden sublet to watch McGonigal’s Cleveland Indians beat the Yankees. Much later — after Guerriero’s cancer diagnosis, their breakup, and McGonigal’s retirement from the FBI — McGonigal would be indicted on suspicion of, among other things, accepting $225,000 in cash from a former employee of Albania’s intelligence agency. That total includes one $80,000 chunk that was allegedly handed over in a parked car, outside a restaurant, on October 5, 2017. October 5 and 6 also happened to be the days when the Indians beat the Yankees in the first two games of the American League Division Series. Today, Guerriero no longer believes the bag of cash contained winnings from a sports bet.”

87. Ukrainian CERT Uncovers New Russian GRU CNA Operation

On January 27th the Ukrainian Computer Emergency Response Team (CERT-UA) announced the Ukrainian National Information Agency “Ukrinform” was hit by a series of destructive (wiper) software implants as part of a Computer Network Attack (CNA) operation attributed to an actor dubbed as UAC-0082. An actor previously associated with Russian military intelligence’s (GRU) cyberwarfare and cyber espionage units.

88. Video: China’s Spy Agencies Explained

On January 28th YG from SG published a new video. As per its description, “many of us would have heard of the American CIA and British MI6, but few have heard of Chinese intelligence services. In this video, I explained Chinese spy agencies, their roles, responsibilities and some of their operations.”

89. United States: DOJ Charges 3 Men in Murder-for-hire Plot Against Journalist Critical of Iran

On January 27th NBC News reported that “the Department of Justice has charged three members of an Eastern European criminal group with ties to Iran with attempting to assassinate a prominent U.S. journalist and activist critical of the Iranian regime. In a 25-page indictment unsealed in the U.S. District Court for the Southern District of New York, the Department of Justice said the three men were enlisted last year to murder an American citizen of Iranian origin on U.S. soil. The indictment did not identify the victim by name but said the person wrote critically about Iran’s treatment of women, protesters and other issues. Soon after the charges were announced, writer and women’s rights activist Masih Alinejad revealed that she was the target of the assassination plot. “I just learned from 12 FBI agents that the 3 men hired by the Iranian regime to kill me on US soil have been indicted. The Islamic Revolutionary Guards have been conducting these terrorist operations for four decades. Islamic Republic is ISIS with oil. #WomanLifeFreedom,” she tweeted.”