SPY NEWS: 2023 — Week 7

Summary of the espionage-related news stories for the Week 7 (February 12–18) of 2023.

1. Ukraine: Former Spy Chief Claims Scared Putin Using Body Doubles Over Assassination Fears

The Mirror reported on February 12th that “a former spy chief has accused a scared Vladimir Putin of using body doubles over assassination fears. Lt-Gen Valeriy Kondratiuk, ex-head of Ukraine ’s military and foreign intelligence, described the Russian leader as a “madman” and “tyrant” who was obsessed with his security. He told the Kyiv Post newspaper that suggestions Russia was now run by Putin puppets were wide of the mark. Ukrainian President Volodymyr Zelensky also enraged Moscow by telling the Davos 2023 forum that he could not make out if Vladimir Putin “is still alive”. Kondratiuk, 52, said: “A person who has been in power for a long time, any tyrant, tries to take additional measures for his own security. “In order to prevent terrorist acts during public events, such as visiting public places or meetings, he often uses doubles. “The real Putin is where he meets with the defence minister at a large table, where the distance between him and [Sergei] Shoigu is far enough.” Yet “when he stands near the people at some events, awards — this role is played by doubles to reduce the risks of any assassination attempts.” Asked whether these doppelgängers could now be ruling Russia, he said this was not the case. “It is the madman Putin who is behind this war,” he said.”

2. US Blacklists Six Chinese Entities Over Spy Balloon Programme

Following week 5 story #55, and last week’s stories #1, #31, #40, #52, and #58, the Al Jazeera reported this week that “the United States has blacklisted six Chinese entities it said were linked to Beijing’s aerospace programmes as part of its retaliation over an alleged Chinese spy balloon that traversed US airspace. The move is likely to further escalate the diplomatic row between the US and China that intensified due to the surveillance balloon, which the US eventually shot down last weekend. The US said the balloon was equipped to detect and collect intelligence signals but Beijing has insisted it was a weather craft that had blown off course. On Friday, the US Bureau of Industry and Security said the six Chinese entities were being targeted for “their support to China’s military modernisation efforts, specifically the People’s Liberation Army’s (PLA) aerospace programs including airships and balloons”. “The PLA is utilizing High Altitude Balloons (HAB) for intelligence and reconnaissance activities,” it said. The US Deputy Secretary of Commerce Don Graves said on Twitter his department “will not hesitate to continue to use” such restrictions and other regulatory and enforcement tools “to protect US national security and sovereignty”. The six entities are Beijing Nanjiang Aerospace Technology Co, China Electronics Technology Group Corporation 48th Research Institute, Dongguan Lingkong Remote Sensing Technology Co, Eagles Men Aviation Science and Technology Group Co, Guangzhou Tian-Hai-Xiang Aviation Technology Co, and Shanxi Eagles Men Aviation Science and Technology Group Co.”

3. Australia: ASIO Will Go Wherever Terrorism Threat is, Despite Low Number of Listed Rightwing Groups

On February 13th The Guardian reported that “spy agency Asio has vowed to follow terrorism threats regardless of the source, insisting investigators won’t be hampered by the relatively low number of rightwing groups officially listed as terrorist organisations in Australia. The director general of the Australian Security Intelligence Organisation, Mike Burgess, said on Monday some groups were “very clever” and were very careful to do things to avoid getting formally designated, but his agency would focus on anyone who believed “violence is the answer”. “I can assure you, where we know about them we prosecute them to the fullest extent of our capabilities and law,” he told a Senate estimates committee hearing. “We will — my agency will — go where the threat is.” In broader remarks, Burgess said Asio had “a very productive year last year removing espionage and foreign interference problems from this country”. Answering questions from senators about his agency’s priorities, Burgess reiterated his position that espionage and foreign interference had “supplanted terrorism as our principal security concern”. “Australia is the target of sophisticated and persistent espionage and foreign interference activities from a range of hostile foreign intelligence services. These activities are an attack on our way of life,” Burgess said. He said despite his decision late last year to lower Australia’s terrorism threat level from “probable” to “possible”, the threat had not evaporated: “Possible does not mean negligible.” The Greens senator David Shoebridge asked about the fact that there were only three rightwing extremist groups out of the 29 listed terrorism organisations in Australia and whether this is disproportionate to the threat. Burgess said the threshold for formal listings was strictly laid out in law and it was a matter for parliamentarians if they wanted to amend that law. But he said where Asio put its resources was not driven by which groups were on the public list and which were not. He also pushed back at the idea that Asio may be playing down the threat of rightwing extremism.”

4. Spy Collection: India’s Cyber Espionage Operation Targeting Sri Lanka Navy in 2022

On February 13th we published this video. As per its description, “from August to October 2022 a cyber espionage actor dubbed as SIDEWINDER conducted an operation to spy on Sri Lanka Navy officials. This is a quick overview of this modern cyber espionage operation. SIDEWINDER is a nation-state actor who has been attributed to India’s intelligence services.”

5. Former KGB Agent Arne Treholt Dies at 80 Years Old

As reported by the Norwegian Aftenposten on February 12th, “Arne Treholt has died after a short illness. The family confirms this to Aftenposten. Treholt died in Moscow, where in recent years he had his home and business activities. Arne Treholt was the politician and diplomat who in 1985 was convicted of espionage for the benefit of the Soviet Union. A verdict he fought for the rest of his life, not least in the books “Alene” and “Gråsoner”. After the Brundtland government pardoned him in 1992 for health reasons, he lived as a businessman in Cyprus and in Moscow. Arne Treholt was born on 13 December 1942 at Brandbu. He became politically active in the Labor Party early on and was state secretary in the Ministry of the Law of the Sea before he transferred to the foreign service, including as an embassy counselour at the UN delegation in New York. Arne Treholt leaves behind a son and two grandchildren.” According to Wikipedia, “before his arrest in 1984, he was successively a journalist, a junior Norwegian Labour Party politician and a medium-level official of the Ministry of Foreign Affairs in Norway, while secretly working for the KGB. Treholt provided the Soviet Union with information on the Norwegian defense plans for northern Norway in the event of a Soviet invasion, material weaknesses in the Norwegian Armed Forces, mobilization plans, information on how to most effectively take out Norwegian soldiers, Norwegian emergency plans, the location of NATO allies’ stored equipment in Norway, and the meeting minutes of the Prime Minister and Foreign Minister. Treholt was found to possess a secret bank account in Switzerland with a substantial illicit amount. Treholt’s espionage is generally seen as the most serious spy case in the modern history of Norway.”

6. Podcast: Team House: CIA Secrets & Subterfuge: An Unauthorised History — Tim Weiner

On February 18th the Team House release a new podcast episode. As per its description, “Tim Weiner joins us for a second episode. Following on his seminal history of the CIA “Legacy of Ashes” Weiner has turned his attention to writing a post-9/11 history of the same agency. In this episode we will discuss the spectacular successes, stunning failures, and ongoing crisis that the CIA faces today.”

7. United Arab Emirates Continues Its Policy of Modernising Intelligence Services

On February 13th Eurasia Review published this article stating that “as demonstrated by the evolutions of modern intelligence services, the countries enjoying considerable financial resources as it is the case of UAE are developing predominantly their technical segments such as Signal Intelligence and more recently Artificial Intelligence (AI). This is due to the fact that getting certain important results by using technical means for acquiring information is relatively faster and safer as compared to using information gathered by human sources (HUMINT), which requires longer time for readying and exploiting such capabilities besides enhancing its intelligence technical capabilities, UAE continued as well to encourage the development of the private sector of security especially in the cyber field, under a relatively tight government control of these activities indeed. Nevertheless, some slippages occurred such as the Raven Project (the Emirati company Dark Matter was embroiled among others), which triggered a FBI investigation for the use of certain activities of digital espionage leading to arresting foreign dissidents, besides a certain degree of involvement in Jamal Khashoggi’s assassination, gathering information about Gulf monarchies and other Middle Eastern countries. UAE further enhanced the capabilities of the National College of Defence, headed presently by Maj. Gen. Aqab Shahin Al Ali, and having Thomas Drohan as Dean (he was preceded by John R. Ballard, the College’s first Dean). Joel Hayword’s name, considered an important international specialist in the field of military strategy and history of war, a New Zealander, is mentioned at one of the College’s faculties. National Electronic Security Authority (established in 2012 with the US assistance) headquartered in Abu Dhabi was renamed Signal Intelligence Agency (SIA). The Authority is the counterpart of NSA in the US and penetrating ISIS in UAE was one of its achievements. At the same time, there were suspicions that the Authority or other Emirati intelligence services were involved in using Tik Tok App for recording certain conversations, relations, meetings and pictures of the general public in the Emirate. For the 2022–2026 Five Year Plan, the UAE’s approved cyber budget amounts to 79 billion dollars, the biggest in the country’s history. According to Global Security Index 2020, UAE ranks 5th in the world.”

8. Ukraine: Introduction of New SBU Chief to the Agency’s Staff

Following last week’s story #87, on February 13th the Security Service of Ukraine (SBU) announced that “President of Ukraine Volodymyr Zelenskyi introduced the newly appointed head of the Security Service, Major General Vasyl Malyuk. The presentation of the head of the SBU took place today at the Headquarters of the Service. “Since the beginning of the full-scale invasion, Vasyl Vasyliovych Malyuk has proven that he is a patriot, a professional and exactly the person who should lead the Security Service of our state,” Volodymyr Zelenskyi said. The President praised the work of the intelligence service workers, in particular those who are fighting the enemy in the temporarily occupied territories of Ukraine. Vasyl Malyuk thanked the President for his trust and assured that the entire staff of the SBU is aware of the level of responsibility and tasks it faces.”

9. Cyber Espionage Operation Targeting Defence Production Factories in Pakistan

On February 17th cyber security researcher 0XYC discovered and disclosed technical indicators of a new cyber espionage operation. The operation involved a lure Microsoft Excel document titled “sample NOK details.xlsm” which, if opened and had its Macros executed, it was covertly installing a cyber espionage software implant. According to the researcher, this was targeting defence production factories located in Pakistan but the operator behind could not be identified.

10. Saudi Arabia: Abdulaziz Al Howairini Holds Sway Over Saudi Arabia’s Internal Security

Intelligence Online reported on February 17th that “Abdulaziz bin Mohammed Al Howairini, who is close to King Salman and benefited from Mohammed bin Salman’s 2017 purges, is in charge of Saudi Arabia’s internal security. As head of the powerful Presidency of State Security, his responsibilities range from fighting corruption and cyber tracking to counter-terrorism and surveilling those who don’t toe the line.”

11. New Videos by Former CIA Officer Jason Hanson

Throughout this week former United States CIA officer Jason Hanson published the following videos: 1) Ex CIA Reacts to a Gun Disarm FAIL, 2) Flashbang Flashlight REVIEW, 3) Ex CIA Reacts to a Homeowner Firing a Warning Shot at an Intruder.

12. United Kingdom: Sunak’s Government is Held Accountable in the Case of Bahrain Spying on Two of its Citizens Residing in Britain

On February 16th Al Jazeera reported that “the government of British Prime Minister Rishi Sunak is expected to be held accountable next Monday in a case linked to Bahrain’s spying on two of its citizens residing in Britain. Representative in the British House of Commons Kenny MacAskill will ask the British government about its efforts to protect British citizens and residents from cyber attacks and penetration using spying devices by the government of Bahrain. This accountability of Sunak’s government comes days after the British Supreme Court issued a ruling rejecting the Bahraini government’s use of the state’s immunity exception to refrain from responding to the lawsuit filed against it by Bahraini dissidents Saeed Al-Shihabi and Musa Mohammed. The two Bahraini activists residing in Britain accuse the Manama government of hacking their computers and downloading spyware on them in 2011, which made it easier for the government to view their contacts with political prisoners in Bahrain. In its defence, the Bahraini government considered that it “has the right to state immunity because any breach that is being talked about did not occur in Britain, and because the psychological damages for which they are claiming do not reach the level of personal injuries that English law excludes from state immunity.”

13. Russia: Citizen of Ukraine Sentenced in Tula to 16 Years in Prison for Espionage

Following 2022 week 48 story #50, on February 15th the Russian Interfax reported that “the Tula Regional Court found a citizen of Ukraine guilty of espionage, the press service of the Judicial Department of the Tula Region reported on Wednesday. “By a court verdict, a citizen of Ukraine was found guilty of committing a crime under Article 276 of the Criminal Code of the Russian Federation (Espionage),” the report says. He was sentenced to 16 years in a strict regime colony. According to the materials of the court, from January 2020 to August 2021, a man collected information constituting a state secret in Tula in order to transfer information constituting a state secret to a foreign state. The preventive measure for the convicted person in the form of detention was left unchanged until the sentence enters into force. The court began considering the criminal case in November last year. The meetings were held behind closed doors. In August 2021, the Center for Public Relations (CSP) of the FSB of Russia reported that a Ukrainian citizen was caught red-handed in Tula , collecting information on the latest weapons and secret technical documentation for them. According to the FSB, the detainee on the instructions of the intelligence services of Ukraine was looking for employees of Russian defence enterprises “from among the secret carriers.”.”

14. Poland Receives MQ-9 Reaper Drones

On February 13th the Defence Blog reported that “Poland has taken delivery of MQ-9A Reaper multi-mission, turboprop-powered intelligence, surveillance, and reconnaissance (ISR) drones, according to the country’s Defense Minister Mariusz Błaszczak. “MQ-9A Reaper MALE (Medium Altitude Long Endurance) drones were delivered to Poland, leased from the USA as part of an urgent operational need,” the minister wrote on Twitter on Sunday. He also noted that new drones will be used in the Air Force, conducting reconnaissance, among others, on the eastern border of Poland. Poland has received Reaper drones as part of a lease agreement, which has a net value of $70.6 million, to enhance the nation’s ability to conduct persistent airborne ISR and support its Defense Forces.”

15. Recording: International Spy Museum: Curator’s Corner: Spies Who Changed History with Nigel West

On February 13th the International Spy Museum published this video recording. As per its description, “he tracked down the elusive World War II double agent GARBO in Venezuela. He identified and interviewed German Intelligence chief Admiral Canaris’ mistress. He was responsible for the exposure in the early 1980s of British military officer Leo Long and retired diplomat Edward Scott as Soviet spies. And now he has identified the fourteen spies he believes made the greatest impact on the 20th century. Join International Spy Museum Historian and Curator Dr. Andrew Hammond live in conversation with renowned intelligence historian Nigel West. They will discuss how West used newly declassified files and his own comprehensive knowledge to choose the Spies Who Changed History: The Greatest Spies and Agents of the 20th Century. His criteria for selection is the degree to which each can now be seen to have had a very definite influence on a specific course of events, either directly, by passing vital classified material, or indirectly, by organizing or managing a group of spies. Those selected were active in the First World War, the inter-war period, the Second World War, the Cold War and even the post-Cold War era. From the lead of the “White Lady” spy ring in German-occupied Belgium during the First World War to a 27-year-old secretary in the 1930s, the list is full of surprises. After their conversation, you can ask Andrew and Nigel for their insight into other aspects of the secret world they have come to know and understand so well. It’s hard to believe that the mysterious and shadowy characters they will unveil really did exist.”

16. Analysis of SIDEWINDER APT Activity Between June and November 2021

On February 15th the private cyber security and intelligence firm Group-IB published an intelligence report for operations of SIDEWINDER, a cyber espionage actor previously associated with the intelligence services of India. As per the description of the release, “Group-IB Threat Intelligence team uncovered a previously undocumented spear phishing campaign carried out by APT SideWinder between June and November 2021. The new threat report details how SideWinder, also known as Rattlesnake, Hardcore Nationalist (HN2), and T-APT4, attempted to target dozens of government organizations in the Asia-Pacific over a period of 6 months. Delve into the group’s entire arsenal, network infrastructure, as well as its TTPs (Tactics, Techniques, and Procedures).”

17. Ukrainian SBU Detained Russian Agent in Dobropill

On February 18th Ukraine’s Security Service (SBU) announced that they “detained an enemy informant who “pointed” Russian missiles at schools and power stations in the Donetsk region. The Security Service has exposed another member of the Russian informant network, which operated in the front-line areas of eastern Ukraine. In the previous months, the SBU detained four of her accomplices for trying to pass intelligence on the basing of the Defence Forces in the Bakhmut and Kramatorsk directions to the Russian occupiers. Taking into account cooperation with the investigation, the court sentenced them to up to 8 years in prison. So far, the officers of the Security Service have detained an enemy informant, who was not only hiding from justice, but also continued intelligence and subversive activities against Ukraine. The perpetrator covertly gathered information about the location and movement of units of the Armed Forces in the Dobropill district of Donetsk region. In addition, she gave the coordinates of local schools and critical infrastructure facilities, including energy-generating enterprises, to the authorities. The Russian invaders used the received intelligence to prepare and carry out targeted missile strikes on Ukrainian settlements. As evidenced by the investigation materials, the perpetrator passed confidential information to her acquaintance through anonymous messengers. Then the intelligence was sent to the headquarters of the 1st Army Corps of the Southern Military District of the Russian Federation.”

18. United States: CIA Turns Attention Back to Human Intelligence

On February 16th Intelligence Online reported that “the Chinese spy balloon sent to fly over the US has turned the focus on the need for human intelligence to pierce the secrets of enemy moves at a time when data gathered by other means and technologies is hampering the deployment of human networks.”

19. Team Jorge Unit: The Hacking and Disinformation Team Meddling in Elections

On February 15th The Guardian released this story stating that “a team of Israeli contractors who claim to have manipulated more than 30 elections around the world using hacking, sabotage and automated disinformation on social media has been exposed in a new investigation. The unit is run by Tal Hanan, a 50-year-old former Israeli special forces operative who now works privately using the pseudonym “Jorge”, and appears to have been working under the radar in elections in various countries for more than two decades. He is being unmasked by an international consortium of journalists. Hanan and his unit, which uses the codename “Team Jorge”, have been exposed by undercover footage and documents leaked to the Guardian. Hanan did not respond to detailed questions about Team Jorge’s activities and methods but said: “I deny any wrongdoing.” The investigation reveals extraordinary details about how disinformation is being weaponised by Team Jorge, which runs a private service offering to covertly meddle in elections without a trace. The group also works for corporate clients. Hanan told the undercover reporters that his services, which others describe as “black ops”, were available to intelligence agencies, political campaigns and private companies that wanted to secretly manipulate public opinion. He said they had been used across Africa, South and Central America, the US and Europe. One of Team Jorge’s key services is a sophisticated software package, Advanced Impact Media Solutions, or Aims. It controls a vast army of thousands of fake social media profiles on Twitter, LinkedIn, Facebook, Telegram, Gmail, Instagram and YouTube. Some avatars even have Amazon accounts with credit cards, bitcoin wallets and Airbnb accounts.”

20. Armenia: NSS Revealed Cases of Bribery of Intelligence Agency Employees

On February 15th the Armenian Iravaban reported that “as a result of the implementation of operative data received in the Yerevan City Department of the National Security Service, factual data was obtained that A.S., the first-class specialist of the intelligence service of the Marash Passport Group of the Police Passports and Visa Department of the Ministry of Internal Affairs and the head of the same group L.H., being officials, with prior consent, as part of the group, using the influence due to their official status, demanded and received from a number of persons, including the latter or the persons indicated by them, to commit illegal acts in the administrative building of the said passport group. In many instances those are bribes of different amounts. This is reported by the National Security Service. In connection with the incidents, a criminal proceeding was initiated in the investigative department of the National Security Service under the relevant articles of the Criminal Code, which was sent to the Anti-Corruption Committee for investigation. In addition, on February 6, 2023, in the Yerevan city department of the NSS, an Armenian citizen reported an apparent crime that he applied to the passport group of Marash in order to obtain an identification card, where the employee of the same passport group A.S. demanded a bribe from him in exchange for providing it. On February 10, 2023, within the framework of the secret investigative operation “Imitation of Receiving and Giving Bribery”, the said citizen of Armenia personally gave the bribe-money pre-processed with appropriate chemical means to A.S. who was arrested by the officers and presented the received bribe money.”

21. Podcast: Grey Dynamics: ChatGPT, The Intelligence Community & Career Advice with Mike Evans

Grey Dynamics published this new podcast episode on February 17th. As per its description, “today I spoke with Mike Evans, head of intelligence at Securitas. Mike has been working in the private intelligence sector for nearly a decade, now leading an award-winning threat and intelligence service. He also has an intelligence background within the military. In this episode, we dive into topics such as the rise of AI, getting into the industry for young analysts, and what keeps us up at night.”

22. Turkish Intelligence Agency MIT Executed PSYOP to Save Erdoğan’s Battered Image After Quake

The Nordic Monitor published this article on February 16th stating that “the Turkish intelligence agency (Milli İstihbarat Teşkilatı, MIT) has launched a psychological and influence operation (PSYOP) to shore up Turkish President Recep Tayyip Erdoğan’s popularity, which was recently dealt a huge blow with a series of failures in earthquake preparedness and response. According to information obtained by Nordic Monitor from reliable sources, Hakan Fidan, a long time Erdoğan confidant who has been running MIT since 2010, ordered the execution of several influence operations simultaneously, mobilizing agency personnel and assets to shape the prevailing narrative around an earthquake, set in motion on the second day after a major earthquake struck the southeastern part of the country, killing over 35,000 people as of February 15. The PSYOP centered around a highly divisive and polarizing Islamist and nationalist narrative, which has been the main campaign theme of President Erdoğan for upcoming elections, which are scheduled for May 14, but are subject to debate for a postponement after the devastating quake. The agency also ordered its assets planted in the government-controlled media to aggressively push religious talking points, which mainly attributed the huge toll in the quake to fate and God’s work rather than to poor construction, the absence of building code enforcement and pervasive corruption. A privately shot video that showed Erdoğan telling a grieving quake victim last week that the earthquake could be attributed to destiny and that such things are bound to happen is an indication that such a PSYOP was sanctioned at the presidential level. In the field MIT also deployed assets, especially operatives in some religious communities and groups, to the quake zone and embedded them with rescue and relief teams. The effect of this clandestine mobilization was seen during rescue efforts that were carried live by government-controlled TV outlets for a nationwide audience. It was quite unusual to see religious slogans chanted while TV cameras were rolling to record rescue teams extricating people stuck under the rubble for days.”

23. Ukrainian SBU Detained 3 Russian Agents in Novogrodivka and Druzhkivka

Right before this week’s story #17, on February 16th, SBU announced that they “detained enemy informers who were correcting missile attacks on the positions of the Armed Forces of Ukraine in the Donetsk and Bakhmut areas. The perpetrators collected data on the location and movement of units of the Defence Forces in the region. The received information was forwarded to the Russian occupiers through anonymous messengers in the form of text messages with electronic coordinates and photo fixation. Intelligence was needed by the invaders to prepare and carry out targeted missile and artillery attacks on the positions of Ukrainian troops. In the course of investigative and operational actions, the SBU officers detained a resident of Novogrodivka for trying to pass intelligence on the basing of units of the Armed Forces of Ukraine in the Donetsk direction to the police. To gather information, she went around the area and later contacted a militant of the terrorist organisation “DNR”, who was part of the 1st Army Corps of the Russian Federation. After the Russian missile attacks, the attacker went to the scene and “reported” to the Russians about the results of the air attacks. A resident of Druzhkivka was also detained, who gave the aggressor the approximate location of the locations of the units of the Armed Forces of Ukraine and the routes of their movement in the Bakhmut direction. Another hostile informant turned out to be a local resident, who “bleached” the routes of movement of Ukrainian troops through several pro-Russian Telegram channels. Mobile phones with evidence of correspondence with members of the occupation groups were found in all the detainees.”

24. Clandestine U.K. Program Developed 3D-Printed ‘Suicide’ Drone for Ukraine

The Warzone published this article on February 16th stating that “in an until-now secretive program, the United Kingdom has rapidly developed and flight-tested a number of “complex” drones that would be suitable for use by Ukraine in its conflict with Russia. While it’s unclear which of any of the unmanned aircraft systems (UAS) in question were ultimately selected for supply to Ukraine, it’s obvious that a range of different capabilities was explored in the process, including surveillance drones and, most intriguingly, what is described as a “3D-printed delta-wing ‘suicide’ drone.” Some details of the rapid development program were recently revealed by QinetiQ, the U.K.-based defense technology company that works closely with the U.K. Ministry of Defense, especially on experimental projects and novel technologies. The drone program originated in the Future Capability Group — part of the defense ministry’s Defense Equipment and Support (DE&S) branch — which, in turn, engaged QinetiQ. A statement from QinetiQ doesn’t confirm when the program actually took place, while an uncaptioned accompanying photo (also seen at the top of this story) shows a small drone with swept wing and tail fin, apparently powered by a pair of micro-turbine engines, and possibly 3D-printed. The suggestion is that this is one of the prototypes from the program, but that also remains unconfirmed for now. On both counts, we have approached the company to find out more. The aim of the program was to “provide recommendations for uncrewed aircraft systems that could be deployed readily by the Ukrainian military” and was part of a wider U.K. government effort, known as KINDRED, that’s assessing what kinds of weapons and equipment could potentially be introduced to service by Ukraine in the space of just four months.”

25. Podcast: Spycraft 101: Demoralize and Deceive: OSS Psychological Warfare with Ann Todd

On February 13th Spycraft 101 published this new podcast episode. As per its description, “Elizabeth “Betty” MacDonald deployed to Kunming, China while on assignment with the Office of Strategic Services. Betty and the other members of her team worked in Morale Operations, a branch devoted to creating and disseminating black propaganda aimed at demoralizing members of the Japanese army. ‘Black’ propaganda differed from ‘white’ propaganda in that it was created to appear as if it had originated in Japan, not from their adversaries. Soldiers received postcards from their loved ones back home which had been intercepted, erased, and rewritten with subtle messages of family turmoil and rumors of impending defeat. They would tune in to radio broadcasts which were run by an OSS station that had overpowered the signal from a far-off Japanese station, and instead passed distressing stories of hardship on the homefront or strategic disasters on other fronts of the war. Betty was recruited because she’d worked in Hawaii as a beat reporter, and had been on the ground during the attack on Pearl Harbor. She was also enamored with the language and culture of Japan, which made her particularly effective at crafting messages that were sure to sow doubt and discord among Japanese troops far from home. Her teammates were from varied backgrounds, and had nothing approaching military discipline, but they’d all spent extensive time in East Asia, spoke one or more of the local languages, and possessed incredibly devious and creative imaginations. Two of Betty’s friends during the war were Paul Child and Julia McWilliams, who would later marry. Julia McWilliams became Julia Child and went on to a career as a world-renowned and beloved chef. Another of her closest companions was Jane Foster, who years later would be reported as a long-time communist spy working on Josef Stalin’s orders through the entirety of the war. For episode 70 of the Spycraft 101 podcast, I spoke with Ann Todd, author of OSS Operation Black Mail about Betty’s incredible contributions to the war effort, and the role of propaganda, deception, and psychological operations in warfare.”

26. Spy Way of Life: Au Piment du Centre Restaurant, Paris, France

This week’s selection for Intelligence Online’s Spy Way of Life was a “Chinese restaurant specialising in Sichuan cuisine, located on Boulevard de Sébastopol” in France. Intelligence Online describes is as the place “where the Chinese in Paris love to tuck in and gossip” stating that “this week, Intelligence Online digs in at Au Piment du Centre, a Paris restaurant frequented by the city’s eminent Chinese residents.”

27. United States: Four Florida Men Arrested in Plot to Kill Haitian President, Grand Jury Returns Indictment Against 11

The US FBI Counterintelligence Division together with the US Department of Justice issued a corrected press release for this case stating that “the original press release is corrected to reflect that three U.S. citizens and one legal permanent were arrested today. Defendant Intriago is a U.S. citizen (Venezuelan American), not a legal permanent resident.” As per the press release, “this morning, U.S. federal law enforcement arrested two U.S. citizens and a legal permanent resident living in South Florida and one U.S. citizen living in Tampa pursuant to criminal complaints on charges relating to their participation in the events leading to the July 7, 2021, assassination of President Jovenel Moise of Haiti. Following the arrests, a South Florida grand jury returned a third superseding indictment charging these four individuals, along with seven others previously arrested and charged in the U.S., for their alleged roles in the plot. The four men arrested in Florida today are: Arcangel Pretel Ortiz, 50, a Colombian national and U.S. permanent resident of Miami; Antonio Intriago 59, a Venezuelan American, Walter Veintemilla, 54, an Ecuadorian American of Weston; and Frederick Bergmann, 64, of Tampa. They are scheduled for initial federal court appearances today in Miami before U.S. Magistrate Judge Lauren F. Louis. With today’s arrests, 11 people now face charges in the Southern District of Florida in connection with the assassination. The third superseding indictment charges Ortiz, Intriago, and Veintemilla as well as James Solages, 37, Joseph Vincent, 57, and German Alejandro Rivera Garcia, 44, who were transferred into U.S. custody last month; Mario Antonio Palacios Palacios, 43, arrested January 2022; Rodolphe Jaar, 49, arrested January 2022; and Joseph Joel John, 51, arrested May 2022. These defendants — Ortiz, Intriago, Veintemilla, Solages, Vincent, Rivera, Palacios, Jaar, and John — are charged with conspiracy to provide material support and resources to a conspiracy to kidnap or kill outside the United States, resulting in death; providing material support and resources to a conspiracy to kidnap or kill outside the United States, resulting in death; and conspiracy to kill or kidnap a person outside the United States.”

28. Spain: Israeli Shin Bet Agents Brandish Weapons at Palestinian Protesters

On February 12th Tikun Olam reported that “the Palestinian students were having none of the university’s attempt to whitewash Israel. They know a normalizing event when they see one. Clearly, the university and Israeli embassy saw this as an opportunity to promote Israel’s peace-loving nature. So the Palestinian solidarity group marched down the hallway shouting slogans, charging toward the door of the hall in which the ambassador had begun to speak. Just as they reached the entrance, security guards came rushing out to confront them. In reviewing the video and consulting with eyewitnesses, there were several categories of security: private security permitted to be armed, though they did not display any weapons; a university security guard; a Spanish undercover anti-riot officer (UIP (Unidad de Intervencion Policial), and at least one Shin Bet agent (who did draw and brandish his weapon). You see each of them in the video. The slideshow isolates several frames from the video which show the gunman and his weapon clearly. Other Shin Bet agents inside the hall rushed the ambassador out of the room. Apparently, they believed she was in physical danger. That may explain the security officer drawing his weapon. But these decisions seem a total overreaction to the actual circumstances.”

29. How a Soviet Military Intelligence Officer Became the First CIA Double Agent

On February 15th Russia Beyond reported that “U.S. President Dwight Eisenhower and CIA chief Allen Dulles regarded Pyotr Popov, a major player in Soviet intelligence, as one of their best agents. At the same time, the USSR itself had a very low opinion of his abilities. Soviet intelligence officer Pyotr Popov didn’t display any particular talents. Bull-headed, intellectually inflexible and bereft of professional instinct, he was known for having an exaggerated opinion of himself and being very reserved and unsociable. That said, Popov became one of the most successful CIA agents in the Soviet Union in the 1950s. He was held in high regard by Central Intelligence Agency chief Allen Dulles, as well as U.S. President Dwight Eisenhower.”

30. United Kingdom: Stopping “Subversives”: The BBC and the Spooks

Declassified UK published this story on February 13th saying that “the appointment of Richard Sharp as BBC chairman is the latest chapter in the long history of close links between the corporation and the upper reaches of the British establishment, including the intelligence agencies, declassified files show. Papers released to the National Archives show the BBC hierarchy approached the Foreign Office’s secret propaganda unit after discreet contacts with senior intelligence officials.”

31. United States: SEASPRAY: Clandestine Air Operations and Covert Activity

Grey Dynamics published this article on February 12th stating that “SEASPRAY was a covert air unit and collaborative effort between the CIA and US Army, which began in 1981. It is very likely that anyone reading this has never heard of the term SEASPRAY. This is for good reason, as the United States government has spent the last four decades and great effort to cast a murky shadow over the program. SEASPRAY was a joint effort to provide the US Army with clandestine air power and serve the adjacent goals of the CIA. A grossly inaccurate pop culture representation of these phenomena forms our modern conception of black operations, black helicopters, black sites and plausibly deniable operators. Yet beyond the Tom Clancy novels, Modern Warfare video games, Bond movies, etcetera, there is an actual world of shadow covert activity. SEASPRAY, as we can tell from open sources, fits the bill perfectly.”

32. New Indian Cyber Espionage Operation Targeting Sri Lanka Ports Authority

On Februar6 16th cyber threat intelligence researcher WHY2TRY discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as SIDEWINDER, previously associated with the intelligence services of India. The operation involved a lure document impersonating the Sri Lanka Ports Authority (SLPA) which, if opened, was covertly installing a custom cyber espionage software implant.

33. Podcast: Spycraft 101: Tracking Down an Iraqi Bioweapons Expert with Stephen Monteiro

Spycraft 101 published another podcast episode no February 16th. As per its description, “a multi-agency team convoyed into Baghdad to rendezvous with an Iraqi biological weapons scientist, culminating a years-long effort to locate, contact, and eventually exfiltrate him to the United States. The scientist was Thamer Abdul Rahman Imran, known as the Gray Bird; a microbiologist who had initially been detained and interrogated by US forces after the 2003 invasion of Iraq but had since been released and disappeared. Years later, the Department of Homeland Security’s Office of Research and Development was tasked to find him and debrief him in an effort to learn more about his particular specialty: weaponized anthrax. The task fell to Stephen Monteiro, an experienced investigator and former US Secret Service agent now working for Homeland Security. He assembled a team which spent years locating striving to locate and contact Thamer, and all the while wrangling with the various agencies and bureaucracies involved in Iraq in order to bring him in once again. They eventually traveled to Iraq for a high-risk meeting with Thamer, where they saw him face to face for the first time and worked to secure his cooperation for a project that could potentially save thousands of American lives if another biological weapons attack occurred on American soil. For episode 71 of the Spycraft 101 podcast, I spoke to Steve Monteiro about his years-long search for the Gray Bird of Baghdad amidst the chaos of an occupation and civil war in Iraq.”

34. Spy Arrested in Germany Had to Pass FSB Coordinates of HIMARS Delivered to Ukraine

Following 2022 week 51 story #31, 2022 week 52 story #4 and #32, and this year’s week 1 story #40, week 2 story #52, week 4 story #38, week 5 story #10 and #69, and week 6 story #6, on February 17th the European Pravda reported that “the case of an officer of the Federal Intelligence Service (BND) suspected of espionage turned out to be more explosive than previously known. As “European Pravda” writes with reference to Tagesshau, Spiegel became aware of this. In particular, the Russian intelligence service of the FSB tried to obtain data on the location of artillery positions and air defence positions of the Ukrainian army through the BND officer, who is currently under arrest. Accordingly, the FSB instructed a BND agent to capture and transmit to it GPS data from the US-supplied HIMARS multiple-launch rocket systems and the Berlin-supplied IRIS-T air defense system. As a reward for his services, the officer received a six-figure sum, the money was found in his possession during the arrest. However, according to insiders, it is unlikely that such data was transferred. As reported, on December 21, the German Federal Prosecutor’s Office arrested an officer of the country’s Federal Intelligence Service on suspicion of treason — the man is suspected of spying for Russia. Later it became known that Russia could receive secret information about the situation in Ukraine through a detained intelligence service officer.”

35. British Intelligence Caught FBI Spy Chief Secretly Meeting a Russian in London

Following week 4 stories #1 and #86 as well as week 6 story #65, on February 16th Business Insider reported that “in 2018, Charles McGonigal, the FBI’s former New York spy chief, traveled to London where he met with a Russian contact who was under surveillance by British authorities, two US intelligence sources told Insider. The British were alarmed enough by the meeting to alert the FBI’s legal attaché, who was stationed at the US Embassy. The FBI then used the surreptitious meeting as part of their basis to open an investigation into McGonigal, one of the two sources said. The two sources, both former officials in the US intelligence community, did not specify the identity of the Russian who McGonigal met with. McGonigal, the former head of the FBI’s counterintelligence division in New York, stands accused of taking money from Oleg Deripaska, a Russian oligarch, in violation of US sanctions, in exchange for investigating one of Deripaska’s Russian rivals. McGonigal “traveled to meet Deripaska and others at Deripaska’s residence in London, and in Vienna,” according to one of the federal indictments lodged last month. The indictments do not say precisely when those alleged meetings took place, or how prosecutors came to believe they occurred. “Your sources sound well-informed,” said a third source, who worked for the US intelligence community in 2018 and was aware of communications between British intelligence officials and the US Embassy in London. They declined to confirm or deny that the meeting occurred. During his years in New York, McGonigal oversaw 150 FBI agents tasked with shadowing foreign operatives and turning them into spies for the US. He would have had intimate knowledge of surveillance penetration in world capitals, which makes the London meeting all the more mystifying. “What the fuck was he thinking?” said a fourth source, who said they had reason to believe that the meeting “apparently did occur,” but declined to confirm it. Years of experience running counterintelligence, the fourth source said, should have clued in McGonigal to the possibility that the London encounter would attract notice. Insider was able to determine the year but not the month of the meeting. The fourth source noted that regardless of whether the meeting occurred before or after McGonigal retired from the FBI in September 2018, it suggested a serious and extended relationship. “A meeting like this doesn’t just happen on a Tuesday,” they said, noting that whomever McGonigal met with, they were important enough to be under surveillance by the British and merit alerting the US Embassy. “There’s a long lead time.” The FBI’s national press office and its New York field office both declined to comment.”

36. Aero India 2023: Alpha-Elsec Supplies Teevra Drushti Surveillance System to Indian Army

Janes reported on February 16th that “Indian firm Alpha-Elsec Defence & Aerospace Systems has supplied 60 Teevra Drushti long-range reconnaissance and observation systemsto the Indian Army, the company told Janes at the Aero India 2023 show, held in Bangalore from 13 to 17 February. The Teevra Drushti electro-optical/infrared (EO/IR) system is deployed along India’s borders for long-range reconnaissance and target acquisition operations, the company said. The system can be used on a tripod, in a stationary observation post, or in a reconnaissance vehicle. As part of a modernisation programme by the Indian Air Force (IAF) for its Pechora surface-to-air III missile system, the Pechora’s vintage Russian optical camera will be replaced by the Teevra Drushti system. The legacy Pechora camera system has day-only capability. The upgraded system has a thermal and day camera, which increases image clarity and range. The Teevra Drushti system “will be delivered to [the] Indian Air Force later this year”, an Alpha-Elsec source told Janes.”

37. United States DIA Report Confirms Russia’s Use of Lethal Iranian Unmanned Aerial Vehicles in Ukraine

On February 14th the US Defence Intelligence Agency (DIA) issued this press release stating that “analysis confirms Russia’s use of various lethal Iranian unmanned aerial vehicles (UAVs) against Ukraine, according to an unclassified report released today by the Defense Intelligence Agency. “Iranian UAVs in Ukraine: A Visual Comparison” provides a comparative analysis of publicly available images of UAVs used by Russia in its war in Ukraine and recently declassified images of Iranian UAVs used to attack U.S. and partner interests in the Middle East. The report covers the Shahed-136 one-way attack UAV, renamed Geran-2 by the Russians; the Shahed-131 one-way attack UAV, renamed Geran-1 by the Russians; and the Mohajer-6 multirole UAV. DIA has released the report as part of ongoing transparency efforts to enhance public understanding of the Defense Intelligence Agency’s mission and to provide insights on Department of Defense and national security issues. Information within the report is considered current as of Oct. 27, 2022.” The report is available online, titled “Iranian UAVs in Ukraine: A Visual Comparison.”

38. German Party Moves to Expel Former Spy Chief as Member

Following week 4 story #19 and week 5 story #16, on February 13th the Associated Press reported that “Germany’s main opposition party on Monday launched an effort to expel from its ranks a former head of the country’s intelligence agency, weeks after he complained of what he said was a move toward “eliminatory racism against whites.” The center-right Christian Democratic Union two weeks ago gave Hans-Georg Maassen an ultimatum to leave the party by Feb. 5, which he ignored. On Monday, party leader Friedrich Merz said the CDU leadership decided unanimously to start expulsion proceedings and withdraw his membership rights with immediate effect. Maassen was removed as the head of the BfV domestic intelligence agency in 2018 after appearing to downplay far-right violence against migrants in the eastern city of Chemnitz. He has since become a vocal if marginal figure on the hard right of the CDU — the party once led by former Chancellor Angela Merkel — and ran unsuccessfully for election to the national parliament in 2021.”

39. Estonia: EDF Intelligence Chief: Russia Has Started Using Spy Balloons

The Estonian ERR reported on February 17th that “the Russian armed forces have begun using meteorological balloons in their war of aggression, to obtain information on Ukrainian air defense positions, according to chief of the Estonian Defense Forces’ (EDF) intelligence center, Colonel Margo Grosberg. “This week, for the first time, a strange phenomenon occurred, when meteorological balloons were observed over Kyiv. I don’t know whether the Russian Federation got this idea from the [recent alleged] Chinese [spy] balloons [in the U.S.] or from somewhere else, but in any case, we can see that this new tactic has now been introduced,” Colonel Grosberg said at an Estonian Ministry of Defense briefing on Friday. According to Grosberg, the main purpose of sending the meteorological balloons into Ukraine is to exhaust Ukrainian air defenses, who have to track and destroy them, as it is not known what they may be carrying. “This both wastes anti-aircraft weapons and exhausts the crews. It also makes the anti-aircraft crews visible as a result of their actions, because you can then see where the missiles are coming from,” Grosberg explained. The colonel also pointed out, that the cost of meteorological balloons is far lower than that of a spent anti-aircraft missile. “So, it’s a very cheap and clever trick,” he said. “It remains to be seen how long [it will go on for] and how the Ukrainians will respond to this maneuver,” said the defense intelligence chief.”

40. Video: When Signals from Secret Numbers Stations Clash

On February 15th Ringway Manchester published this video. As per its introduction, “continuing with our theme of number stations, I thought I’d show you some examples of when these mysterious intelligence-related broadcasts interfere or clash with other radio users.” The examples show where from: 1) Polish intelligence’s E11 “Oblique” on 8544KHz from 05 May 2007 at 12:30 UTC, 2) East German Army’s G03 “Gongs & Chimes” on 6410KHz from 02 May 1980 at 09:30 UTC, 3) Hungarian intelligence’s G04 “Three Note Oddity” on 5376KHz from 11 January 1999, 4) British intelligence’s E03 “The Lincolnshire Poacher” from December 2007, and 5) Ukrainian S06S “The Russian Lady” on 11780KHz from 11 January 2008 at 09:30 UTC.

41. Iran: IRGC Domestic Influence: A 12 Month Forecast

On February 16th Grey Dynamics published this article. As per its description, “the Islamic Revolutionary Guard Corps (IRGC) is a touchstone of Iranian domestic and foreign policy. It became an essential tool of Ayatollah Ali Khamenei in his rise to power. In doing so, the IRGC has developed extraordinary military and economic power within the Iranian state. As a result, it can influence the Assembly of Experts, the deliberative body responsible for the election of the next Supreme Leader in the event of Khamenei’s death. Current unrest in the Islamic Republic, as well as its increasing isolation, has created the circumstances in which the IRGC is most capable and most incentivised to utilise this influence”

42. Dutch AIVD Releases Brochure for Secure Use of AI Technologies

On February 15th the General Intelligence and Security Service (AIVD) of the Netherlands release this brochure. As per the announcement, “more and more organisations are using the possibilities of man-made intelligence, or artificial intelligence (AI). AI systems can help organisations perform processes faster, smarter and better. Think of models for image recognition, speech technology or cyber security. Developments in the field of AI are moving fast. So fast that it is already important to develop AI systems safely. Otherwise, you run the risk that your AI system will no longer work as it should, with all the consequences that entails.”

43. Pakistan: ISI Chief Nadeem Anjum in Hot Water Over Pakistan Taliban Attacks

Intelligence Online released this article on February 17th stating that “faced with a resurgence in deadly attacks by the TTP, the head of Pakistan’s Inter-Services Intelligence is in a delicate spot, having to cooperate with the Taliban in Kabul to curb terrorism by its Pakistan offshoot. Pakistan’s Inter-Services Intelligence (ISI) chief Nadeem Anjum’s plans to deal with the resurgence of deadly attacks by the Pakistan Taliban were put to close scrutiny by the country’s security decision-makers at a meeting on 3 February. The meeting was called in the wake of the 30 January suicide attack at a mosque in Peshawar’s Police Lines district that killed more than 100 people, most of them police officers. The Pakistani government blamed the attack on the TTP, or Tehrik-e-Taliban Pakistan. Anjum, who was appointed to head the ISI in November 2021, will need the support of the Taliban government in Kabul to hold on to his job, even though his own service has also been targeted in the TTP resurgence.”

44. North Korean Cyber Espionage Operation Targeting Individuals in South Korea

On February 14th the South Korean AhnLab Security Emergency response Center’s (ASEC) Analysis Team published this technical analysis of a new cyber espionage operation attributed to an actor dubbed as REDEYES (also known as APT37 and SCARCRUFT) who has been previously associated with the intelligence services of North Korea. As per the analysis, “the REDEYES group is known to steal personal computer information as well as mobile phone data targeting specific individuals, not companies. The main characteristics of this REDEYES group attack case are the use of the Hangul EPS vulnerability and the spread of malicious code using the steganography technique. The Hangul EPS vulnerability used in the attack is an old vulnerability that has already been patched in the latest version of the Hangul word processor. The attacker seems to have attempted an attack after knowing in advance that the attack target (individual) is using an old version of Hangul word processor that supports EPS. In addition, cases in which the REDEYES group distributed malicious code using steganography techniques have been confirmed in the past. In 2019, Kaspersky disclosed that the downloader malware used by the SCARCRUFT (REDEYES) group used steganography to download additional malware.”

45. Ukrainian SBU Conducted Anti-Sabotage Training Near the Border with Belarus

On February 13th Ukraine’s Security Service announced that they “conducted counter-sabotage training in the border areas of the Rivne region. The purpose of such measures is to increase the level of security near the border with Belarus. The training continued in conditions as close as possible to real ones with the involvement of a significant number of personnel of the Defence Forces, military and special equipment, including unmanned aerial vehicles. According to the plan, the “saboteurs”, disguised as civilians, secretly entered the territory of the region. They seized the building of the city council in the district centre near the Belarusian border and took hostage all the workers who were at the specified facility. Using psychological pressure and threats of physical violence, the “criminals” tried to force the “victims” to cooperate with the enemy and to rearrange the work of the city council in favour of the aggressor country. The leadership of the operational headquarters decided to conduct an assault. In the course of the special operation, the law enforcement officers, with the involvement of the soldiers of the central Security Service “A” of the SBU, neutralised a conditional enemy group and freed the “hostages”. Units of the Security Service of Ukraine, the Armed Forces of Ukraine, the National Guard, the National Police, the State Emergency Service, and representatives of the executive and local self-government bodies took part in the exercises. According to the assessment of the coordination group, the training participants effectively worked out the interaction algorithm.”

46. United States: Espionage Allegations Prompt Sharp Exchanges Between ex-CIA Officials

Intel News reported on February 13th that “a book by a former Central Intelligence Agency (CIA) case officer, which alleges that a senior Agency official sabotaged American counterintelligence efforts on orders from Moscow, has prompted a series of fiery exchanges by retired CIA personnel. The primary figures in the dispute are the book’s author, Robert Baer, and Paul J. Redmond, who served as the CIA’s Associate Deputy Director of Operations for Counterintelligence. Baer’s book, The Fourth Man: The Hunt for a KGB Spy at the Top of the CIA and the Rise of Putin’s Russia (Hachette Books, May 2022), focuses on the period following the arrests of three American intelligence insiders, who were found to have spied for the Kremlin: Federal Bureau of Investigation (FBI) agent Robert Hanssen, and CIA officers Aldrich Ames and Edward Lee Howard. By 2002, Hanssen and Ames were serving life sentences for espionage, while Howard had died in Russia where he had fled while under investigation by the FBI. Collectively, these three had been responsible for some of the CIA’s gravest operational setbacks against the Soviet KGB and its Russian successor agencies. Some in the CIA, however, remained convinced that not all of the CIA’s failures in the 1980s and 1990s could be explained away in this fashion. They held on to the suspicion that Moscow had been able to recruit a senior CIA executive, who — among other things — had sabotaged numerous probes by some of the Agency’s most committed spy-hunters. Baer’s book discusses how, in the mid-1990s, the CIA’s Directorate of Operations actively pursued those suspicions, by setting up a Special Investigations Unit (SIU). This new unit was led by one of the CIA’s most talented counterintelligence officers, Paul Redmond.”

47. Video: Inside China’s Espionage War: How the Communist Superpower is Spying on the West

Sky News Australia published this video on February 17th. As per its description, “the West faces an extraordinary threat from the rise of China but many of our political leaders have dramatically downplayed what is happening in the region. In this special investigation Sky News Australia spoke to intelligence experts who detailed how we are already in the grips of a cold war with China. A war not fought with missiles and traditional weaponry, but a battle for information which will ultimately decide whether China can become the world’s dominant power. Sky News Digital Originals presents this report from Digital Editor Jack Houghton.

48. United States: FBI is Investigating a Cybersecurity Incident on its Network

Bleeping Computer reported on February 17th that “the U.S. Federal Bureau of Investigation (FBI) is reportedly investigating malicious cyber activity on the agency’s network. The federal law enforcement agency says it already contained the “isolated incident” and is working to uncover its scope and overall impact. “The FBI is aware of the incident and is working to gain additional information,” the U.S. domestic intelligence and security service told BleepingComputer. “This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time.” CNN first reported on Friday that this was a hacking incident involving an FBI New York Field Office computer system used to investigate child sexual exploitation. An FBI spokesperson was not immediately available for comment when BleepingComputer reached out earlier today to ask for more details.”

49. Russia Also Has a Fleet of Spy Balloons

Along with this week’s story #39, on February 13th The Warzone published this article stating that “aerostats, including unpowered balloons, were very popular in the Soviet Union before World War II, but subsequently fell almost completely out of favor. However, once the Cold War was underway, Soviet surveillance balloons made a comeback. In the modern Russian military, there remains a limited niche for these kinds of balloons, although, with spy balloons very much back on the international agenda, it’s possible that they could become part of a broader resurgence. Beginning in the mid-1950s, thousands of free balloons drifted over the Warsaw Pact countries from the west; many of them flew into the territory of the Soviet Union. This was the impetus for the creation of a series of special balloon-intercepting aircraft, which you can read more about here. But it also spurred the Soviets to launch work on their own military balloons. Accordingly, in 1956, the OKB-424 design bureau — also known as the Dolgoprudny Automatics Design Bureau (DKBA) — was established, especially for the task of making new military aerostats. The first task of OKB-424 was to copy a U.S. photo-reconnaissance balloon that had come down on Soviet territory. Over the next 60 years, DKBA produced around 20 types of free-floating balloon envelopes, with volumes ranging from 11,500 cubic feet to 21,190,000 cubic feet, each of which could carry various kinds of mission equipment. The largest of them was the Ukolka series of balloons from the 1960s, which had a capacity of 21,190,000 cubic feet and could lift a 660-pound payload to an altitude of 147,600 feet.”

50. Espionage Malware Targeted Telecoms in Middle East Using Microsoft, Google, Dropbox Tools

On February 16th The Record reported that “an espionage campaign targeting telecommunications providers across the Middle East hid its activities through a range of popular tools from Microsoft, Google and Dropbox, according to a report released Thursday. Researchers at cybersecurity company SentinelOne named the campaign “WIP26” — work in progress — because they were unable to attribute it to any actor or country. But the campaign stood out because it relied heavily on the exploitation of public cloud infrastructure that allowed the hackers to evade detection by making malicious traffic look legitimate, the researchers said. Microsoft Azure and Dropbox instances were used to hold stolen data and host malware that abused Microsoft 365 Mail and Google Firebase services. “The WIP26 activity is initiated by precision targeting of employees through WhatsApp messages that contain Dropbox links to a malware loader,” the researchers said. “Tricking employees into downloading and executing the loader ultimately leads to the deployment of backdoors that leverage Microsoft 365 Mail and Google Firebase instances” as command-and-control servers for the malware. The WhatsApp messages contained Dropbox links that had files about poverty-related issues in Afghanistan. The backdoors — code used to break into systems — masqueraded as PDF editors, browsers or other software.”

51. Greece: Former Spy Chief Roubatis Trial for Sexual Harassment Postponed

Following week 1 story #32, on February 17th the Greek Edolio5 reported that “the trial with accused Yannis Roubatis was postponed! 27/9 is the date of the new determination of the trial with the former chief of the EYP in the dock following a lawsuit against an executive of the service for sexual harassment. Number 22 did not arrive for trial due to scheduling issues. The plaintiff, former director of an EYP’s border station, was present together with the witnesses she has proposed, while on the defendant’s side, Yiannis Roubatis, was only his lawyer. The trial was adjourned to September 27, 2023.”

52. Podcast: SpyCast: “The Counterintelligence Chief” — with FBI Assistant Director Alan Kohler

On February 14th the International Spy Museum’s SpyCast released a new podcast episode. As per its description, “beginning as a special agent in 1996, Alan Kohler’s extraordinary 28 year long career in the FBI has included serving on the 9/11 Evidence Response Team, supervising counterintelligence and cyber squads at the bustling New York Field Office, overseeing counterintelligence at the Washington Field Office, and time as an assistant legal attaché in London. Alan was named Assistant Director of the FBI’s Counterintelligence Division in April of 2020. This week on SpyCast, Alan joins Andrew for a conversation on all things counterintelligence. From learning how the FBI recruits foreign agents to breaking down what makes a successful counterintelligence operative, you won’t want to miss this fascinating conversation. And… In case you find ever find yourself picking up a suspiciously light coin, don’t hesitate to contact your local FBI Field Office. As Alan notes, conscientious citizens are the first line of defense for corporate espionage.”

53. Chinese MFA: US is the Number One Country in Surveillance and Reconnaissance

The Ministry of Foreign Affairs of China released the transcript of Foreign Ministry Spokesperson Mao Ning’s Regular Press Conference that took place on February 9, 2023. Among others it says that “the US is the number one country in surveillance and reconnaissance. It has long-running intelligence programs across the globe. US aircraft and warships frequently conduct close-in reconnaissance around China, which seriously threatens China’s national security and undermines regional peace and stability. The Chinese side has repeatedly voiced our grave concerns. The US needs to put an immediate end to such provocations.” As well as that “on the airship, the Chinese side has repeatedly shared its information. The unintended, unexpected entry of the unmanned Chinese civilian airship into US airspace is entirely caused by force majeure. The Chinese side has made that clear in its communication with the US side time and again, yet the US overreacted by using force. China firmly opposes and deplores this. I am not aware of any “fleet of balloons”. That narrative is probably part of the information and public opinion warfare the US has waged on China. As to who is the world’s number one country of spying, eavesdropping and surveillance, that is plainly visible to the international community.”

54. The SIGINT Summaries of the FIVE EYES

As shared by ElectroSpaces on February 14th, Christopher Parsons published a website called “The SIGINT Summaries” based on the documents released and leaked over the years. The summaries are for Canada’s CSE, New Zealand’s GCSB, United Staes NSA, Britain’s GCHQ, and Australia’s ASD.

55. Poland: China’s Propaganda Offensive

On February 17th the intelligence services of Poland issued this press release stating that “the activities of the Chinese intelligence services in Poland are aimed at, among other things, securing the strategic interests of the PRC and focus on obtaining information that primarily concerns: Polish foreign policy, the Russian war against Ukraine, the intentions of the US, EU and NATO, as well as areas related to, among others, with modern technologies and know-how. Another important factor for the PRC is the creation of a pro-Chinese narrative in societies and among representatives of the authorities of Western countries (including Poland). It is mainly intended to enable Beijing to become increasingly engaged in economic activity and strengthen its own interests in the West, as well as to build a strong international position, among others through in the global media. The analysis of information messages of Chinese propaganda indicates an increasing field of propaganda cooperation between China and Russia. Beijing is using Russia’s war against Ukraine to deliver anti-American messages. China’s propaganda promotes a vision of an aggressive West that has led to the outbreak of war with its policies. It also scares viewers with a vision of a global conflict. These actions are taken to weaken the West. In the near future, it should be expected that the interests and activity of Chinese intelligence will not change, mainly due to the scale of support that the Republic of Poland provides to Ukraine in repelling Russian aggression, Warsaw’s alliance with Washington, and the situation around Taiwan. In addition, an important aspect of the Chinese presence in Poland in the coming years will also be lobbying for China’s interests, including business and scientific cooperation aimed at building long-term political and economic influence and securing its own investments and economic ventures in Poland.”

56. French Intelligence Services and Financial Prosecutors Increase Ties

Intelligence Online reported on February 14th that “discussions between intelligence services and prosecutors probing financial crimes used to be carried out on an informal basis — but now they are intensifying, with an increasing focus on security risks raised by outsourcing anti-corruption work.”

57. Ukrainian SBU Detained Russian Agent in Slovyansk

On February 14th Ukraine’s SBU announced that they “detained a Russian agent in Slovyansk who was gathering intelligence for the enemy and aspiring to join the ranks of the occupation forces. The attacker turned out to be a resident of Sloviansk, who started volunteering for the intelligence service of the aggressor country last fall. He went to cooperate with the enemy for ideological reasons. Moreover, having shown his “benefit” for the Rashists, he planned to join the ranks of the terrorist organisation “DNR”. That is why the man actively helped the aggressor to scout the locations and routes of movement of the Ukrainian Defence Forces. In addition, the agent transmitted to the enemy the locations of civilian and critical infrastructure near the front line. The occupiers used this information to launch massive rocket and artillery strikes and prepare sabotage. To gather intelligence, he carried out covert visual surveillance of sites using photo and video recording equipment. He sent the collected information to representatives of the intelligence services of the Russian Federation through electronic communication channels worked out in advance. During the search of the perpetrator’s place of residence, law enforcement officers found a mobile phone containing evidence of correspondence with the enemy, as well as a draft statement in which the suspect asked to be accepted into the ranks of the occupiers.”

58. Anti Spy Detector: A Cold War Case Study

Grey Dynamics published this article on February 17th. As per its introduction, “the Cold War created some of the most well-known espionage tropes in the public mind. This era encapsulates all that is interesting about intelligence and counterintelligence. Bugging emerged early on as one of the principal ways the United States (US) and Soviet Union (USSR) fought this shadow war. The “Thing” in the Seal of the United States in its Moscow embassy is but one of the dozens of examples of bugging [source]. But how were such devices found?”

59. Video: Mega Projects: Utah Data Centre: Inside the NSA’s Hard Drive

This week Mega Projects published this new video focusing on the US National Security Agency’s (NSA) Utah-based Data Centre.

60. Ukraine: Top Spy Chiefs Warn Russia is Readying Massive New Attack with Fighter Jet Bombing Raids and 500k Troops in 7 Days

The Sun published this story on February 16th stating that “Russia is preparing for a “massive new attack” in just seven days, Ukraine’s top spy chiefs have warned. It comes as Vladimir Putin masses up to 500,000 soldiers amid fears he is planning a new onslaught on Ukraine to mark the first anniversary of the war. Ukrainian defenders are bracing for an assault that could include 1,800 tanks, 3,950 armoured vehicles, 400 fighter jets and 300 helicopters incoming from Russia. Oleksiy Danilov, Ukraine’s Secretary of the National Security Council, believes Putin could unleash the new offensive on either February 23 or 24. But he insisted the country is “ready” and will be able to “cope”. He told the My-Ukraine TV channel: “You and I started saying that they are preparing and will try to make another attempt at a massive attack on February 23–24. “You need to be calm about this. We are ready for it.”

61. United States: Man Goes to Court for Impersonating a CIA Officer and Claiming a Top Secret Clearance

Clearance Jobs published this article on February 16th stating that “while you can dress up for Halloween as someone who works for the government, you can’t tell people you work for them in hopes that it gets you connections. According to a federal criminal complaint that was unsealed, Robert Earhart Jr. appeared in court in Columbus, GA. He was detained and charged by the court with one count of false personation of an officer or employee of the United States. He could face three years in prison, followed by a year of supervised release, and a $250,000 fee.”

62. Cyber Espionage Operation Targeting Researchers and Think Tanks in Japan

On February 16th cyber security and intelligence firm TrendMicro published this technical analysis with its introduction saying that “in 2021, we observed several targeted attacks against researchers of academic organizations and think tanks in Japan. We have since been tracking this series of attacks and identified the new intrusion set we have named “Earth Yako”. Our research points the attribution to the known campaign “Operation RestyLink” or “Enelink”. Upon investigating several incidents, we identified previously unknown malware, tactics, techniques and procedures (TTPs), and infrastructure used by Earth Yako for cyberespionage. The intrusion set introduced new tools and malware within a short period of time, frequently changing and expanding its attack targets. Since we observed related attacks as recent as January 2023, we believe that Earth Yako is still active and will keep targeting more organizations soon. This investigation was presented at the JSAC 2023 in Tokyo, Japan.”

63. Russia: SVR Reveals Memorial Plaque for Yuri Shevchenko

On February 15th the Russian Foreign Intelligence Service (SVR) issued a press release stating that “a memorial plaque to the legendary illegal intelligence officer, Hero of Russia Yuri Shevchenko, who obtained the most important information, including about the plans of the West to dismember Russia, was opened on Wednesday in the building of his alma mater — the Moscow Architectural Institute. It is noteworthy that the event was held on the Day of Remembrance of Russians who performed their official duty outside the Fatherland. Director of the Foreign Intelligence Service of the Russian Federation Sergei Naryshkin took part in the solemn ceremony. “Illegal spies are naturally endowed with amazing talents and abilities. Among them are writers, journalists, musicians, historians, artists. One of these amazing people was a graduate of the Moscow Architectural Institute, Yuri Anatolyevich Shevchenko,” Naryshkin said. Being a sincere patriot, for the good of the Motherland, Yuri Shevchenko changed the peaceful profession of an architect to the difficult path of an illegal intelligence agent — a path filled with anxieties and dangers, and, performing the most difficult and responsible tasks of the Motherland, he spent many years in a foreign land, added the director of the Foreign Intelligence Service of Russia. The profession of an illegal intelligence agent, in which Colonel Shevchenko reached dizzying heights, became for him both a vocation and the meaning of his life, Naryshkin emphasised.”

64. United States: CIA: Publishes “Love at Langley”

On February 14th the United States Central Intelligence Agency (CIA) published this article with its introduction stating that “since the Agency’s founding, many officers have found relationships through work connections. “Why?” you might ask. Well, sometimes it is easier not having to dive into the age-old dating question, “So, what do you do?” when you are both sworn to secrecy. Here are a few of the CIA love stories that we’ve captured over the years.”

65. Canada: Review of CSIS threat reduction activities

On February 16th the National Security and Intelligence Review Agency (NSIRA) of Canada announced that “this is the second annual review of the Canadian Security Intelligence Service’s (CSIS) threat reduction measures (TRMs) completed by the National Security Intelligence Review Agency (NSIRA). This review sought to expand upon findings from last year’s review by examining a larger number of TRMs wherein CSIS disclosed information to external parties with their own levers of control, to reduce identified threats. The review studied the characteristics of these particular TRMs but focused its examination upon the extent to which CSIS appropriately identified, documented and considered any plausible adverse impacts that these measures could have on affected individuals.” Here is the report and here are CSIS responses.

66. Russia Expels 4 Austrian Diplomats in Retaliatory Move

Following week 5 story #50, on February 17th DailyMail reported that “Moscow has asked four Austrian diplomats to leave Russia in retaliation for the expulsion earlier this month of four Russian diplomats from Vienna. Austria had accused the Russian diplomats of spying, and Chancellor Karl Nehammer on Friday defended their Feb. 2 expulsion. He said Austria would not watch idly “while espionage occurs in our country and hospitality is abused.” In announcing the expulsion of the Austrian diplomats on Thursday, Russia’s Foreign Ministry called the earlier act by Austria “unfriendly and unreasonable,” calling into question Austria’s “previously positioning itself as an unbiased and neutral state.” Nehammer rejected the claim that Austria isn´t neutral anymore. Western European nations and Russia have expelled each others’ diplomats on several occasions following the Russian military operation in Ukraine that started nearly a year ago. Austria, a European Union member that has a policy of military neutrality, was initially hesitant to take such action, but expelled four Russian diplomats in April after pressure from the public and EU partners. The Russian diplomats had been given a week to leave Austria. Russia said the Austrian diplomats had until Feb. 23 to go. Moscow also said Vienna was making it difficult for Russian officials to obtain visas, “which contradicts Austria´s obligations as a venue for international meetings.”.”

67. Finland: Supo Gave the Ministry of the Interior a Report on Matti Saarelainen’s Activities

On February 13th the Finnish Security Intelligence Service (Supo) announced that “the Security Intelligence Service have taken the suspicions directed at Saarelainen in the public eye seriously, and we have been ready to clarify the matter in detail to the parties supervising Supo. In recent months, the stages of Matti Saarelainen’s career, a former employee of the Security Intelligence Service, have been widely discussed in the public. In the stories and the discussion that followed them, the reliability of the Security Intelligence Service has also been questioned. In the Security Intelligence Service, we have taken the suspicions directed at Saarelainen in public seriously. Although due to both privacy protection and national security secrecy regulations, we cannot deal with the matter except partially in public, we have been prepared to clarify the matter in detail to the parties supervising Supo. At the request of the Ministry of the Interior, we have gathered together the material related to Saarelainen. The report has now been handed over to the Ministry of the Interior, and the public parts of this report are naturally also available to the media. Some of the discussed issues happened more than twenty years ago, so the information has been gathered, among other things, through conversations with people who worked at the Security Intelligence Service at the time. It is clear that there is significant uncertainty associated with the investigation of such old events.”

68. United States: NGA TEARLINE Project Assesses North Korea Tourism Industry at Standstill

On February 14th the US National-geospatial Intelligence Agency (NGA) issued this press release saying that “the National Geospatial-Intelligence Agency and Stimson / 38 North have collaborated through NGA’s open-source Tearline project to research the North Korean tourism industry post-pandemic. Under Kim Jong Un, developing North Korea’s tourism industry has been a high priority, but several projects still have not resumed after being halted during the pandemic. The research found that four key tourism properties developed at different paces and several remain unfinished or unused. North Korea’s reopening has been slow and, based on the current low rate of development, it’s unclear when foreign visitors may be allowed to enter again. Economic priorities in recent years promoted projects meant to improve the standards of living for domestic use — such as housing and local area revitalization projects — rather than for generating income for tourism.” The detailed report is available in Project TEARLINE here.

69. Podcast: Intelligence Matters: Chinese Spy Balloon Fallout: Military Expert John Culver

On February 15th CBS News’ Intelligence Matters podcast release a new episode. As per its description, “in this episode of Intelligence Matters, host Michael Morell speaks with former senior CIA analyst and National Intelligence Officer for East Asia John Culver about the rippling implications of the Chinese surveillance balloon shot down over U.S. territory. Culver and Morell discuss Beijing’s possible intentions behind deploying the balloon as well as the potential information it — and other Chinese surveillance efforts — may have targeted. They also discuss the ways in which heightened tensions between Washington and Beijing could raise the risks of conflict over Taiwan.”

70. Greece: Person Associated with Ilias Michos, Suspect of Child Sexual Abuse and Trafficking, Had Contacts with EYP

Throughout this week the Greek Edolio5 published 5 articles in relation to people that have rapped children trafficked by the detained Ilias Michos. The first article is for a doctor who sexually abused a 12-year old girl trafficked by Michos. The second article states that a active parliament politician also sexually abused the 12-year old. The third article notes that dermatologist Antonis Maniatis, who was arrested for the sexual abuse of the 12-year old, had “an extra-marital relationship with a head of a department of the EYP who is married. She presented him at events of the Service, as her partner, even if it was illegal, he also enjoyed the access she had. According to the same source, the mistress of G.S. spread that she is a close associate of the Prime Minister and the Patoulis couple. Let’s remember that G. Patoulis (without of course this being legally objectionable) had attended as a speaker a gathering at the house of Ilias Michos. According to what several EYP officers told us, mostly women were the doctor’s clients… with what that means for those who understand.” The fourth article added more details on the EYP case stating that “it is already known from the report that the doctor has 5 children. What is not known, however, is that the last one with Georgia S.. An EYP officer who was hired during Prime Minister Antonis Samaras as a cleaner. The years passed and her studies at the open university enabled her to obtain the rank of department head. Her relationship with doctor Antonis Maniatis was known throughout Katehaki. Friends of hers in an active business role came through his office as patients. Her best friend was Maria V. Also an EYP officer who became maid of honour at her wedding to a technician who works in the EYP’s vehicle workshop. The well-known “George”. However, this marriage seems not to have stood in the way and the extramarital relationship with doctor Maniatis continued without a break. The child they had together became more united. For the last 3 years, Georgia S. has been the favourite child of one of the deputy chiefs of the Service, while she tried to join a union in the Service, but without much success. He always boasted about the connections he had with the edges of the political system. Everyone knew and knows, as she says, the close contact she maintains with regional governor Giorgos Patoulis. Let’s remember that Patoulis was one of the first protagonists of photos that saw the light of day of him hugging his “political friend” Ilias Michos.” And the last article about this story stating that “the first topic of discussion today in the Katehaki building was the revelations by Edolio5 about the relationship of the doctor who was arrested with the former department head of the logistics department at EYP who has now been demoted and deals with spare parts together with her legal husband (George)! 4 of the 5 recently arrested for the case of rape and trafficking of the 12-year-old girl from Colonos were sentenced to pre-trial detention.”

71. Ukrainian SBU Detained FSB Agent in Mykolaiv

On February 15th Ukraine’s SBU announced that they “detained a traitor who was “leaking” data on the defence of Mykolaiv to the enemy. The perpetrator was a resident of the village of Vradiivka, Mykolaiv region. The Russian intelligence service involved him in secret cooperation through the banned social network “Vkontakte”. At the behest of the occupiers, he collected intelligence on the locations and movements of units of the Defence Forces in the region. First of all, the enemy was interested in the exact coordinates of Ukrainian troops and fortified areas in the regional centre. In addition, the traitor gave the invaders information about the location of critical infrastructure and its technical condition. The intelligence was needed by the Russian occupiers to prepare and carry out targeted missile strikes on Ukrainian sites. The SBU officers detained the attacker while trying to transfer classified information to the Russian Federation. It was established that the person involved was recruited by the FSB after the start of the full-scale invasion. He came to the attention of the aggressor due to his destructive activity in the Russian social network, where he spoke in support of the Kremlin regime and justified the war crimes of the Rashists. According to the investigation, he was in constant contact with a blogger who lives in Russia and works for the FSB. It was through him that he transmitted intelligence to the Russian invaders. To do this, he created cartographic materials in Google Maps, where he marked Ukrainian sites with labels and sent them to the “link” through anonymous messengers. During searches of the detainee’s whereabouts, law enforcement officers found computer equipment and smartphones with evidence of correspondence with a representative of the aggressor country.”

72. Russian Intelligence Community Anxious About Open Source Leaks

Intelligence Online reported on February 16th that “alert to the risks of strategic intelligence leaks, the Russian government has changed the status of intelligence services so that they and their suppliers are not mentioned on public service portals.”

73. Indian Cyber Espionage Operation Targeting Pakistan

On February 13th cyber security researcher Johann Aydinbas discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as DONOT, previously associated with the government of India. The operation involved a lure Microsoft Word document titled “PMDU Report 8–2–23.doc” and impersonating Pakistan’s Prime Minister’s Performance Delivery Unit (PMDU). If opened, it was covertly installing a cyber espionage software implant.

74. British Mercenary Tortured Arab

Declassified UK published this story on February 16th stating that “in a war crime covered up by UK diplomats, a captured rebel had his throat slashed in a gruesome Middle East torture session, newly discovered files from the 1960s reveal. The documents found by Declassified provide disturbing details of prisoner abuse by a veteran of colonial policing who suppressed uprisings from Palestine to Cyprus and Oman.” Among others, this article states that “Yet this did not deter Baxendale from engaging with the Sultanic regime, which still permitted slavery. “The second in command of the Sultan’s armed forces in Oman was Colonel Colin Maxwell, who I’d served with in Eritrea and was also ex-Palestine police,” Baxendale explained. “And one fine day he came on board the ship to see me when we called in [Oman’s capital] Muscat and asked me if I’d like to join the Sultan’s armed forces on the intelligence side.” Baxendale agreed to become a mercenary, paid to serve in the military of a foreign power. He was given the rank of captain and told to monitor the flow of weapons into the breakaway southern region of Dhofar. “Oh it was very backward, very backward down there. Very backward indeed,” Baxendale recalled. Unlike later operations when British troops would claim to win ‘hearts and minds’, he said: “We didn’t go in for that in those days”. His job included interrogating suspects. “Sometimes they’d be quite straightforward but nine times out of ten they weren’t,” he said with a laugh, in one of his last remarks to the tape recorder.” As well as that “on 20 February 1966, Baxendale was examined by the camp doctor who “formed the impression that he was under considerable mental strain.” The physician advised him to rest completely for a week. Instead, an intelligence officer, Major Malcom Dennison, tasked Baxendale with questioning a “hard core Dhofari prisoner” the very next day. The detainee was Mohammed al-Adid, who Dennison supposedly thought “might break under interrogation”. Baxendale was instructed “not to mark the prisoner — but the odd broken finger did not matter.” A British major had already “worked on him for ten days at one stage” and “beat him up”. Yet worse was to follow.”

75. OSINT Experts Hold Their Breath as Bright Data-Meta Lawsuit Plays Out

On February 16th Intelligence Online reported that “in its latest battle against open source intelligence firms harvesting data from its platforms, US social networking giant Meta has filed a number of lawsuits that could have a significant effect on how OSINT operates.”

76. United States: Former Spy Chief Accuses POLITICO Of Distorting Letter On Hunter Biden Laptop

DailyWire published this article on February 13th stating that “former Director of National Intelligence James Clapper accused POLITICO of “deliberately” misrepresenting a letter he and 50 other intelligence veterans signed regarding the Hunter Biden laptop story. Clapper, who served as the nation’s spy chief during the Obama administration, said the letter did not assert that reporting on the laptop was part of a Russian disinformation operation, a notion that POLITICO peddled with its headline when first reporting the existence of the letter. “There was message distortion,” Clapper told The Washington Post’s Fact Checker. “All we were doing was raising a yellow flag that this could be Russian disinformation. Politico deliberately distorted what we said. It was clear in paragraph five.” The letter from the 51 former intelligence officials came out in the days leading up to the 2020 presidential election, warning that reporting about the laptop’s alleged contents “has all the classic earmarks of a Russian information operation.” Although the signees stressed they did not know if emails being reported at the time were genuine, and they insisted they had no evidence of Russian involvement, POLITICO, which first reported the letter, went further than what the letter said by publishing a headline that said the former intelligence officials were claiming the story was “Russian disinfo.” Then-candidate Joe Biden, Hunter’s father, used the letter to cast doubt on the laptop story during one of his debates with then-President Donald Trump. “There are 50 former national intelligence folks who said that what he’s accusing me of is a Russian plan,” Biden said during the debate.”

77. Norway Spy Agency Highlights Chinese Investment Risk in Arctic

Bloomberg reported on February 13th that “Norway’s domestic intelligence service warned that Chinese investment in businesses and properties in the High North may form part of the Communist nation’s espionage and influence efforts focused on the Arctic region. Comments from Norway, a NATO member state that shares a border with Russia, reflect growing concern across the Nordic region about China’s influence. Finnish Prime Minister Sanna Marin late last year warned of Europe’s technological dependency on China, while Danish intelligence agencies have pointed to China’s growing operations in the Arctic. China will “try to purchase or establish businesses on strategically located properties in the High North,” Norway’s domestic intelligence and security service said in its annual risk assessment published on Monday. Such activities, while “not necessarily illegal,” may seek the same goals as unlawful activities, such as gaining access to sensitive technology, it said. It also highlighted vulnerabilities linked the Nordic country’s upcoming chairmanship of the Arctic Council, due to start next month.”

78. United States: NSA: Challenge, Overcome, Give Back: Kenneth’s NSA Story

On February 13th the NSA published this article stating that “for Black History Month, NSA is proud to present “Who We Are,” an article series that spotlights African American employees and allies who continue to advocate for diversity and who are helping to shape an inclusive culture across the Enterprise. Around the same time Kenneth LeGrand was debuting in the movie “The Color Purple” as an extra, he discovered the National Security Agency (NSA). As a computer science student at North Carolina Agricultural & Technical University with a passion for acting, Kenneth became a member of the Association for Computing Machinery and attended a symposium at NSA. “That is when I met Dr. Avon Garrett, the NSA Black Affairs Program Manager at that time, who asked me a simple question: ‘Would you like to work at the NSA?’” he said. “This question would alter the course my career.” With the encouragement of his father, Kenneth filled out the paperwork and applied to NSA’s Cooperative Education Program (COOP). He continued to participate in plays and one-man shows, but COOP was the beginning of his career as a computer programmer. Currently the coordinator for industry engagement and program manager for public-private technical exchange, Kenneth has been at the Agency for 35 years.”

79. Podcast: True Spies: Celebrity Spies, Part 1/3 — The Dangerous Edge of Things

On February 14th SpyScape’s True Spies podcast series published the first part of a new podcast episode. As per its description, “celebrities, by definition, live life out in the open. Spies, on the other hand, are happiest in the shadows. But rules are made to be broken. In this True Spies trilogy, Sophia Di Martino tells the stories of three spies whose fame and fortune were no obstacle to their espionage. Whether they used their notoriety to their advantage, or operated in spite of it, these glamorous part-time spooks had a hand in the clandestine history of the 20th century. In Part One, we’ll follow author, The Third Man screenwriter and MI6 spy Graham Greene on a mysterious mission to 1950s Vietnam, where an important appointment with Communist leader Ho Chi Minh awaits…”

80. Indra to Develop ELINT System for Spanish Navy

On February 15th Monch announced that “under the Spanish national ‘Santiago’ electronic defence programme, Indra is to develop a next-generation strategic electronic intelligence (ELINT) system to enhance the Spanish Navy’s ability to detect, classify and extract intelligence from the signals emitted by potentially hostile radars. The demonstrator to be delivered incorporates the latest advances in digital signal processing and associated technologies that underpin current development of the future ELINT capabilities of Spain’s other armed forces, thus maximizing resources and ensuring seamless data sharing. Indra’s extensive work in other aspects of the Santiago programme have attracted the interest of several foreign navies. With its European partners, Indra has also been extensively involved in development of the DASS Praetorian EW system that features on over 500 Eurofighter aircraft in seven countries, and has developed the advanced electronic defence pod in operational use with Spain’s F-18s.”

81. A Secret Intelligence War Between Morocco and France

The Algerian Echorouk El Yawmi newspaper reported on February 15th that “in its report entitled “A Secret Intelligence War between Morocco and France?” the American website said that “Algeria, which is hated by some Moroccans, is not involved at all in this affair, as some have tried to accredit”, adding that “the structure — a state one — behind “Chris Coleman” and which has exposed Moroccan counterespionage and diplomacy is probably the French DGSE (Direction générale de la Sécurité extérieure)”, which exposed Moroccan espionage and diplomacy after weeks of investigation and review, noting that a secret and very unfriendly war has been raging for a decade, and perhaps more, between the French and Moroccan intelligence agencies, “what follows is the result of several weeks of investigation and cross-checking that reveal that an underground and very unfriendly war has been going on for a decade, or perhaps more, between the French DGSE and the Moroccan DGED”, the report added. The source indicated in its report that thousands of secret Moroccan documents were revealed by an unknown source, and many of them are now being highlighted in the international press to support corruption charges against current and former members of the European Parliament in the “MarocGate” case, and they are originally attributed, according to the results of the investigation, to the truth about the secret intelligence war between Morocco and France, which has been raging for more than a decade, out of sight and television screens.”

82. Afghanistan: Former Afghan Spy Chief Warns Iran of the Consequences of Close Ties with the Taliban

Kabul Now reported on February 12th that “Rahmatullah Nabil, a former chief of Afghanistan’s intelligence agency, has warned Iran of the consequences of close ties with the Taliban. “The Taliban and its mindset is a lethal and lasting disease for the Afghan society and the region,” he tweeted in Pashto, warning Iran that “you will be infected with this disease, and it will have dangerous consequences for you.” The warning came after senior Taliban officials, including the group’s deputy foreign minister, Mohammad Abbas Stanikzai, attended an event celebrating the 44th anniversary of the Iranian Islamic revolution in Kabul on Saturday 11 February. A separate event was held in the northern city of Mazar-i-Sharif.”

83. United States: Pentagon’s Counterintelligence Agency Investigating Better Ways to Use Big Data

Defense Scoop published this article on February 14th stating that “the Defense Counterintelligence and Security Agency is making progress in pinpointing big data analytics tools to apply to internal and publicly available sources in support of its critical spy-thwarting and personnel security missions. But according to DCSA Director Bill Lietzau, most of this work is currently in pilot and experimentation phases — and the analytics capabilities the agency aims to invest in long term have largely not yet been solidified. “We’re still in the kind of investigation stage of how we can best use those tools,” he said Tuesday during a virtual event hosted by the Intelligence and National Security Alliance. Lietzau, a former Marine colonel, was tapped to serve as DCSA chief in early 2020. The agency was formed into its current state in 2019 to ultimately ensure that the Defense Department’s security clearance investigations and adjudications are conducted safely, efficiently and reliably. DOD’s data strategy published in September 2020, sets the department’s vision to operate as “a data-centric organization” that “uses data at speed and scale” for mission advantage and increased efficiency.”

84. USA Training al-Qaeda, ISIS Terrorists to Attack Russia, Claims Country’s Spy Agency SVR

Editorji reported on February 15th that “alleging a new instance of clandestine warfare, Russia has accused the United States of America of training Islamist terrorists to attack the European country. Russia’s foreign spy service SVR reportedly said that the US had recruited around 60 terrorists from the ranks of ISIS and al-Qaeda. The recruits are now being trained at an American base in Syria, Moscow said according to a Reuters report. The USA will use the Islamist terrorists to attack diplomats, civil servants, law enforcement officers and personnel of the armed forces, SVR has claimed.”

85. Video: Democracy Now: Reporter Seymour Hersh on “How America Took Out the Nord Stream Pipeline”:

Following last week’s story #82, on February 15th Democracy Now published an exclusive interview with Seymour Hersh. As per its description, “when the Nord Stream pipelines carrying natural gas from Russia to Germany were damaged last September, U.S. officials were quick to suggest Russia had bombed its own pipelines. But according to a new report by the legendary investigative journalist Seymour Hersh, it was the U.S. Navy that carried out the sabotage, with help from Norway. Citing a source “with direct knowledge of the operational planning,” Hersh writes on his Substack blog that planning for the mission began in December of 2021. The White House and the Norwegian government have since denied the claims. Hersh joins us for an in-depth interview to discuss his report and says the U.S. decision to bomb the pipelines was meant to lock allies into support for Ukraine at a time when some were wavering. “The fear was Europe would walk away from the war,” he says. Hersh won a Pulitzer Prize in 1970 for his reporting on the My Lai massacre. His reporting on CIA spying on antiwar activists during the Vietnam War era helped lead to the formation of the Church Committee, which led to major reforms of the intelligence community, and in 2004, he exposed the Abu Ghraib prisoner abuse scandal in Iraq.”

86. South Sudan’s Spy Agency Release 3 Detained Journalists

On February 18th Sudan’s Post reported that “South Sudan’s National Security Service (NSS) has release three of the seven detained journalists whom it arrested in January over a viral video of President Salva Kiir Mayardit, Radio Tamazuj quoting anonymous source reports. In a footage circulated on social media in December 2022, President Kiir could be seen wetting on himself in public during an inauguration of a road project connecting the country’s capital Juba to several states of the Greater Bahr el Ghazal region. The footage angered the president and his allies in the National Security Service arrested six journalists on January six, accusing them of standing behind the circulation of the video on line. In late January, another journalist was detained in relation to the video. A Juba-based lawyer who requested not to be named told Radio Tamazuj that three of the detained journalists were released about two weeks ago, but four of them were still in detention and were still being investigated. “3 journalists were released 2 weeks ago but the other 4 are still in detention. Those released are Joval Tombe, the control room director, Cherbek Reuben, the control room technician and Joseph Oliver a cameraman, while those still in detention at the Blue House are Victor Lado, a senior editor, Benjamin Jacob, Mustafa Osman, and Garang John,” he said.”

87. Netherlands Orders Russian Embassy to Downsize, Moscow Says it Will Respond

On February 18th Reuters reported that “the Dutch government on Saturday said it would close its consulate in Saint Petersburg, Russia, and that it would limit the number of Russian diplomats allowed at the Russian embassy in The Hague. “Russia keeps trying to secretly get intelligence agents into the Netherlands under cover of diplomacy. We cannot and shall not allow that,” Foreign Minister Wopke Hoekstra said in a statement. “At the same time Russia refuses to give visas to Dutch diplomats who would work at the consulate in St Petersburg or the embassy in Moscow.” In Moscow, the Russian foreign ministry said it would respond to the move, RIA news agency reported. The Dutch government said it had decided to limit the number of diplomats at the Russian embassy in The Hague to match the number of those at the Dutch embassy in Moscow. “A number of diplomats shall therefore have to leave the country within two weeks,” The Foreign Affairs ministry said in a statement, without giving a specific number. The Dutch government also ordered the Russian trade office in Amsterdam to close by Tuesday.”

88. In Wake of Ukraine War, U.S. and Allies are Hunting Down Russian Spies

The Washington Post published this story on February 17th saying that “among the slumbering passengers on an overnight flight from Miami to Munich last month were two travelers on opposing sides of an espionage takedown. In one seat was a German citizen who would be arrested upon arrival and charged with treason for helping Russia recruit and run a Kremlin mole in the upper ranks of Germany’s intelligence service. Seated nearby was an FBI agent who had boarded the flight to surreptitiously monitor the suspected operative, according to Western security officials, and make sure that he was taken into custody by German authorities. The Jan. 21 arrest of Arthur Eller — based largely on evidence that the FBI had assembled during the suspect’s stay in Florida — was the latest salvo in a shadow war against Russia’s intelligence services. Over the past year, as Western governments have ramped up weapons deliveries to Ukraine and economic sanctions against Moscow, U.S. and European security services have been waging a parallel if less visible campaign to cripple Russian spy networks. The German case, which also involved the arrest of a senior official in the BND, Germany’s foreign intelligence service, followed roll-ups of suspected Russian operatives in the Netherlands, Norway, Sweden, Austria, Poland and Slovenia.”

89. Russian FSB Detains SBU Agent Planning Sabotage in Moscow

On February 15th the Russian Federal Security Service (FSB) issued a press release stating that “the Federal Security Service of the Russian Federation detained a citizen of Ukraine, born in 1977, involved in the commission of two acts of sabotage on the infrastructure of the Moscow Railway on the instructions of the Security Service of Ukraine. The saboteur was recruited by SBU officers on the territory of Poland in Bydgoszcz with the direct participation of the Polish intelligence services, and his verification and training before being sent to Russia was carried out in Riga together with the intelligence services of the Republic of Latvia. At the end of November 2022, in order to carry out terrorist activities under the guise of a refugee, he was sent from Latvia to Russia in order to legalise and obtain Russian citizenship. While in the capital region, the detainee, at the command of the handler from the SBU, at night set fire to two signalling cabinets, centralisation and automatic blocking of the Moscow Railway. The saboteur was seized means of communication and electronic media containing photo and video reports, as well as correspondence with an SBU officer. As part of the initiated criminal case under Art. 281 (“Sabotage”) of the Criminal Code of Russia checks the involvement of the detainee in the commission of other crimes.”

90. Australia: Intelligence Chief Unaware of Chinese Police in Sydney

DailyMail reported on February 13th that “Australia’s intelligence chief says he’s not aware of Chinese police officers operating out of a makeshift police station in Sydney. Non-government group Safeguard Defenders alleged Beijing had clandestine officers operating in Sydney that collaborated with police in China to harass, threaten and intimidate dissidents. ASIO head Mike Burgess said he hadn’t seen evidence of operations in Sydney. “Not that I’m aware of,” he told senators on Monday when if there Chinese police officers working out of Sydney. “I see many things in the media but I let the data we have available to us to determine that.” He said he would not comment on specific operations. “We will investigate things that are associated with acts of foreign interference, but I won’t bring colour to them in a public hearing,” he said. “If there was anyone here who was engaged in acts of espionage or foreign interference that would be of concern and something that we would investigate.” Mr Burgess said while espionage has become the agency’s chief issue, he’s not aware of any spy balloons over the country as seen over North America in recent weeks. Mr Burgess says balloons are not the typical method foreign adversaries use for spying.”

91. Video: System Integration of Two SIGINT Systems — Artemis and BlackFish

On February 16th the Airborne Technologies published this video. As per its description, “two different SIGINT phone locating systems in action: Artemis by Smith Myers for Locating Mobile Phones, BlackFisch by Horizon Technologies for Locating Satphones.”

92. Argentina’s Fernandez to Replace Cabinet Chief as Election Looms

Saltwire reported on February 13th that “Argentina’s center-left President Alberto Fernandez will elevate the country’s current spy chief to lead the Cabinet, an important reshuffle as the embattled Peronist government looks to win back voters ahead of an October general election. Fernandez on Wednesday will swear in Agustin Rossi, a former defense minister who now heads the country’s intelligence agency, the presidency said in a statement on Monday, replacing current Cabinet chief Juan Manzur. Manzur has said he would return to the northern province of Tucuman, where he is from, to lead the campaign for the ruling coalition’s governor candidate in upcoming local elections.”

93. Khalistani groups: Pakistani Spy Agency ISI’s Fresh Bid to Revive Terrorism in Punjab

According to India Today from February 15th “the ISI-backed Khalistani terror groups, in a fresh attempt to revive terrorism and spread communal disharmony in Punjab, are not only attacking Hindu religious places in the country and abroad, but are also planning targeted killings of religious leaders. An alert issued by the central security agencies said that the religious leaders and crowded places were the target of the ISI and the Khalistani terror groups. Sources said the Punjab Police has been asked to step up vigil on the Punjab-Jammu border which can be used by the ISI to send consignments of arms, ammunition and explosives to Punjab. Meanwhile, Union Home Minister, Amit Shah, in an interview to a news agency, said that the Centre is in touch with the Punjab government and is closely monitoring the situation.”

94. South Korean Intelligence Agency Raids Top Union Confederation

Following week 5 story #5, on February 16th Progressive International reported that “during the raid, 30 agents of the National Intelligence Agency (NIS) executed a search warrant on the KCTU’s headquarters in Seoul. They were delayed by hours of scuffles with KCTU staff, who stalled them until the confederation’s lawyer arrived. The KCTU is a network of unions that has grown to more than 1 million members in the world’s 10th largest economy. KCTU members work in industries ranging from auto and shipbuilding to emerging sectors like health care and software engineering. Since its founding in 1995 (seven years after the end of the country’s military dictatorship), it has been subject to routine repression by the government, conservative and liberal alike, with all ten KCTU presidents to date being jailed at least once during their terms. But this is the first time that the KCTU has ever been raided directly by the NIS, the equivalent of the CIA and the FBI combined. While the warrant was issued for a single KCTU official over allegations of links with the North Korean spy agency, 1,000 riot police and firefighters surrounded the building in what appeared to be a public relations stunt. That was twice the number of police initially deployed to a Halloween block party in Seoul, where 158 young revelers were crushed to death due to the lack of crowd control. In a twist, the NIS did not arrest the official, allegedly a national security threat. Instead, the agents seized data from his phone and computer and then left. The situation was similar at the office of the KCTU-affiliated Korean Health and Medical Workers Union and two other locations where the NIS simultaneously executed search warrants involving three other former and current KCTU officials. The NIS and the police made spectacular scenes and then left after downloading data from the subjects’ electronic devices.”

95. Canada’s Spy Agency Failed to Fully Consider Human Toll When Disrupting Threats

Following this week’s story #65, on February 18th Global News reported that “a new report from the federal spy watchdog says the Canadian Security Intelligence Service failed to adequately consider the potentially serious adverse effects on people and their families when using its powers to disrupt potential threats. The National Security and Intelligence Review Agency report also finds the spy service takes an “overly narrow” approach when determining whether a judicial warrant is required for a particular threat disruption measure. Eight years ago, Parliament passed legislation allowing CSIS to go beyond its traditional role of gathering information about espionage and terrorism to actively derailing suspected schemes. For instance, the disruption powers could permit CSIS to thwart travel plans, cancel bank transactions or covertly interfere with radical websites.”

96. Ukrainian GUR: Belarusians are Trying to Refrain from Participating in the War Against Ukraine

The Ukrainian military intelligence (GUR) announced on February 18th that “military intelligence of Ukraine monitors Russian troops on the territory of Belarus around the clock and the terrorist country’s attempts to fully involve Belarusians in the war against Ukraine. Andrii Chernyak, a representative of the Ministry of Internal Affairs and Communications of Ukraine, stated this in a comment to the British television channel “ITV news”. “We see that Belarus seems to support Russia and, at the same time, tries by all means to refrain from joining the war. We also see how much Russia is pressuring them. According to Ukrainian military intelligence, the Belarusian military will be forced to obey Lukashenka’s orders and may be involved in the invasion of Ukraine. However, in the next two or three weeks, neither the forces nor the means to invade the Russian territory from the territory of Belarus exist,” Andrii Chernyak said.”

97. Swedish SÄPO: Situation Report Presentation

On February 15th the Swedish Security Service (SÄPO) issued a press release stating that “what do the security threats to Sweden look like? How has the intelligence threat evolved and the extremist environments and their operations changed? On February 22, the Security Service 2022–2023 and the situational picture of threats to Sweden will be presented. Head of the Security Service, Charlotte von Essen, and representatives of the Security Service’s operational areas participate in the press seminar. Time: Wednesday, February 22, 2023, at 09.30. Entry via the main entrance at 08.45–09.15. Please arrive in good time as the security check may take time. Valid press identification and advance registration are required. Location: The Security Service headquarters at Bolstomtavägen 2 in Solna. The possibility is also available for journalists to follow the seminar digitally via the Security Service’s website.”

98. Ukrainian SBU Announces Prison Term of 14 Years for 4 Russian Agents Detained in 2022

This is likely a follow from up 2022 week 30 story #35. On February 14th Ukraine’s SBU announced that “four agents of the Russian Federation, who corrected missile strikes on Bakhmut and Kramatorsk, will spend up to 14 years behind bars. The attackers gathered intelligence about the location and movement of units of the Defence Forces in the front-line areas of eastern Ukraine. First of all, they were interested in the positions of the Ukrainian defenders in the Bakhmut, Kramatorsk and Severodonetsk directions. They also “leaked” the aggressor with information about the coordinates and technical condition of critical infrastructure facilities in the region. Intelligence was needed by the occupiers to prepare and carry out targeted missile strikes on Ukrainian cities. SBU officers detained Russian agents during special operations in Donetsk and Luhansk regions. According to the materials of the Security Service, the court sentenced them to 9 to 14 years of imprisonment. Among the convicts is an agent who transmitted intelligence through his “liaison” from the “MDB DNR” under the control of the invaders. Another criminal recorded the locations of the units of the Armed Forces of Ukraine in Bakhmut and sent the corresponding locations to the chatbot of the “Press Service of the People’s Militia of the DNR”. In order to disguise intelligence and subversive activities, he registered in the messenger under the pseudonym “Cipolino” (чиполіно). A resident of Druzhkivka, who passed intelligence information to the so-called “Republican Guard of the DNR” through his sister from the temporarily occupied part of Donetsk region, was also convicted. Another enemy henchman is a resident of Severodonetsk, who was in constant contact with a soldier of the 2nd Army Corps of the Russian Federation and sent him the coordinates of the base of Ukrainian troops.”

99. United States: Sealed With a Kiss: National Cryptologic Museum Explores Encrypted Love Letters of WWII

On February 14th the NSA’s National Cryptologic Museum published this article stating that “as bombs dropped over beleaguered Europe, and Allied forces waged war against Axis oppression, a U.S. soldier named Albert penned a letter to his beloved Gloria. Written over a series of days during World War II, the message is scrawled across three time-worn pages. “The day is perfect today. The sun is shining in all its glory,” he wrote. “I can’t think of much to pester you about at the present time, but when I [write] again I will [write] you my little code. Gloria, these are the key words: The boy ran to the train station!” The poignant letter contains a cipher and secret code, and is on display at the National Cryptologic Museum (NCM) until March 31, 2023 as part of its newest exhibit: “Sweetheart Codes.”.”

100. The US Adviser Who Tried to Swing Nigeria’s 2015 Election

On February 18th The Guardian published this story, a follow up from this week’s story #19, stating that “in January 2015, Patten found himself parachuted into Abuja, Nigeria, to lead a last-minute $1.8m “ghost” campaign for SCL (Cambridge Analytica) in support of President Jonathan and against Buhari. Kaiser had helped land the contract in her first weeks with the company. In her memoir, Targeted, she writes that it was her friend, a former Libyan prince, who introduced her to “wealthy Nigerian oil industry billionaires” who wanted a last-minute anonymous campaign to help get Jonathan re-elected. Emails obtained by the Observer show that Kaiser’s travel schedule in December 2014, when she was helping seal the contract, was a whirlwind of meetings across three continents with highly placed contacts and a complicated web of different, though often overlapping, projects. One was the last-minute attempt to affect the outcome of the west African election. While the wealthy Nigerian client hired Cambridge Analytica and Team Jorge on separate contracts, the expectation was that both sides would coordinate. Within a fortnight of the Madrid meeting, Patten flew into Abuja. He is understood to have coordinated with others in the country against Buhari — among them Hanan, who sources say he met in a hotel in Abuja. Another Team Jorge operative working in Nigeria did so under the alias “Joel”. Hanan claimed in emails that they had entered the country on a “special visa”. A highly placed source told the Observer in 2017 that the Israeli contractors travelled on Ukrainian passports and that their fee for work in Nigeria — $500,000 — was transmitted via Switzerland into a Ukrainian bank account.”

101. The Cult of Secrecy: America’s Classification Crisis

Foreign Affairs published this review essay on February 13th saying that “in August 2016, the United States suffered one of the most cataclysmic leaks of classified information in history. An anonymous entity calling itself “the Shadow Brokers” exposed an arsenal of cyberweapons that had been developed — in great secrecy — by the National Security Agency. The intelligence community sprang into damage-control mode. Because the NSA’s hackers rely on a degree of plausible deniability, the disclosure of such clandestine tools and their connection to the U.S. government meant that the agency would be forced to devise new ones. But there was also a more pressing danger: with the source code for these powerful weapons now published on the Internet, any unscrupulous actor could deploy them. It was the digital equivalent of “loose nukes.” Practically overnight, cybercriminals repurposed the NSA’s proprietary exploits to launch audacious ransomware attacks, ultimately shutting down millions of computers around the world and paralyzing thousands of private businesses, from an auto plant in France to a chocolate factory in Australia. Foreign governments took advantage of the tools, as well. North Korea used the NSA’s malicious code to attack the British health-care system, forcing hospitals to turn away patients. Iran used it to target airlines in the Middle East. Russia used it against Ukraine. Even as these cyber-assaults proliferated, officials in Washington had no idea who was responsible for the breach. They did not know whether it was a foreign intelligence service that had compromised the NSA’s vaunted digital defenses or some disillusioned agency coder gone rogue. As if to compound the government’s humiliation and alarm, the Shadow Brokers taunted the agency in a series of online posts, mocking the investigation in playfully broken English: “Is NSA chasing shadowses?”.”

102. How British Security Guard Turned into Spy for Putin at Berlin Embassy After His Ukrainian Wife Moved Back Home

Following 2022 week 14 story #46, 2022 week 15 story #43, and 2022 week 45 story #4, this week there were several news stories about this case. DailyMail reported on February 17th that “David Smith, 58, was sentenced for sending classified documents to Russia; He was paid to provide intelligence to Putin’s regime, the court ruled against him.” BBC reported on February 16th that “Smith, who is originally from Scotland, was extradited on 6 April last year and then arrested at Heathrow for offences under the Official Secrets Act. Last November, Smith pleaded guilty to eight charges under the Official Secrets Act by committing an act prejudicial to the safety or interests of the state. Smith is due to be sentenced at the Old Bailey on Friday.” On February 18th BBC also reported that “a spy at Berlin’s British embassy, who sold secrets to Russia and was caught in an undercover MI5 sting, has been jailed for 13 years and two months. David Smith, 58, tried to damage Britain’s interests by passing on details of the embassy and its staff for cash payments, a judge found after the spy pleaded guilty. The BBC’s Home Affairs correspondent Tom Symonds explains what Mr Smith did, and how he was stopped.”

103. New Cyber Espionage Operation Targeting Individuals Interested in North Korea

Following this week’s story #44, on February 17th the cyber security and intelligence firm TrendMicro published this technical analysis stating that “we discovered a new backdoor which we have attributed to the advanced persistent threat actor known as Earth Kitsune, which we have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North Korea. In many of the cases, we have investigated in the past, the threat actor used watering hole tactics by compromising websites related to North Korea and injecting browser exploits into them. In the latest activity we analyze here, Earth Kitsune used a similar tactic but instead of using browser exploits, employed social engineering instead. At the end of 2022, we discovered that the website of a pro-North Korean organization was compromised and modified to distribute malware. When a targeted visitor tries to watch videos on the website, a malicious script injected by the attacker displays a message prompt notifying the victims with a video codec error to entice them to download and install a trojanized codec installer. The installer was patched to load a previously unseen backdoor, that we dubbed “WhiskerSpy.” In addition, we also found the threat actor adopting an interesting persistence technique that abuses Google Chrome’s native messaging host.”

104. Canada: Lack of Government Action on Chinese Interference Seems to Be What Led to CSIS Leaks

The Epoch Times published this article by Phil Gurski on February 18th saying that “I’ll never forget July 18, 1983. It was my first day on the job at the Communications Security Establishment, Canada’s signals intelligence (SIGINT) agency. I was all of 22 years old, days out of an MA from Western University and ready to start my first full-time job as a translator at the Department of National Defence (at least that is what I had been told). Now I was getting my indoctrination into what I was really being asked to do: Read sensitive intercepted signals and extract intelligence to be forwarded to senior government officials to help keep Canada safe. A large, imposing ex-RCMP officer I’ll call Joe was walking me through the position and what my obligations were. At the end, as my mind struggled to take in what I was hearing, he looked at me and said: “Son (yes, he called me “son”), you are going to get access to some very sensitive material which must be protected. If you choose to share any of it outside of work you’ll get 14 years in the slammer!” What in heaven’s name had I signed up for? Those of us who worked in intelligence/national security took our obligations regarding secrecy seriously. Some made up stories about the workplace (Me? Oh I’m just a numberless clerk!). Others simply said nothing to anyone about our employment. All of us learned quickly how to deflect questions and probing by friends and family about what exactly we did in the Sir Leonard Tilley building in central Ottawa. There are reasons of course for this secrecy. The two most important elements to intelligence are sources and methods: where you gather intelligence and how you do so. Compromise either and very valuable information can disappear overnight. Trust me, I’ve seen it happen. It is rarely a good idea to act wantonly when one’s livelihood is at stake. What, then, should we make of what certainly appears to be a “leak” at CSIS, the Canadian Security Intelligence Service where I toiled as a senior strategic terrorism analyst after my sojourn at CSE? Documents obtained by a Globe and Mail reporter point to egregious attempts by the People’s Republic of China government to interfere in the 2021 federal election through “strategies to leverage politically [active] Chinese community members and associations within Canadian society,” and employing “disinformation campaigns and proxies connected to Chinese-Canadian organizations in Vancouver and the GTA … to voice opposition to the Conservatives and favour the Trudeau Liberals,” among other acts.”

105. “Havoc” — A New Cyber Espionage Operation Targeting a Government Organisation

Cyber security firm Zscaler published this technical analysis on February 14th stating that “Zscaler ThreatLabz research team observed a new campaign targeting a Government organization in which the threat actors utilized a new Command & Control (C2) framework named Havoc. While C2 frameworks are prolific, the open-source Havoc framework is an advanced post-exploitation command and control framework capable of bypassing the most current and updated version of Windows 11 defender due to the implementation of advanced evasion techniques such as indirect syscalls and sleep obfuscation. The technical analysis that follows provides an overview of recently discovered attack campaign targeting government organization using Havoc and reveals how it can be leveraged by the threat actors in various campaigns.”

106. Land Forces at Kola Reduced to One-fifth, Norwegian Intelligence Says

On February 14th The Barents Observer reported that ““The land forces on Kola are reduced to a fifth of their original numbers before the invasion of Ukraine,” says Chief of the Norwegian Intelligence Service, Vice Admiral Nils Andreas Stensønes to the Barents Observer. He warns that the consequence is a Russia which may lower the threshold for nuclear escalation, also near Norway.”