SPY NEWS: 2022 — Week 17

Summary of the espionage-related news stories for the Week 17 (24–30 April) of 2022.

1. French DGSE To Build HQ at the Le Fort Neuf de Vincennes

As it was reported by Intelligence Online, the French Directorate-General for External Security (DGSE) received a budget of €889 million this year for its new headquarters at the Le Fort Neuf de Vincennes located in Paris, France. This is a project that started in 2018 and is expected to be completed by 2028.

2. Summary of SBU Completed Counter-Intelligence Activities

On April 24th, the Ukrainian Security Service (SBU) published a summary of recently completed counter-intelligence operations. Those were: 1) A Deputy Council member in the Kherson region was detained for being recruited as a Russian FSB agent 2) In Kharkiv, SBU arrested a female spy (see week 16 story #72) 3) SBU assassinated a group of Russian agents in the Luhansk region, including three residents of Severodonetsk 4) SBU detained a person helping Russian forces in the bombing of one of the Kramatorsk plants 5) SBU detained an individual in Odessa for carrying out online pro-Russia Information Operations (IOs).

3. Interview: AFIO —The Spymaster of Baghdad

On Sunday, April 24th, the US Association of Former Intelligence Officers (AFIO) published a 23-minute long interview with investigative journalist Margaret Coker, discussing her 2021 book “The Spymaster of Baghdad: A True Story of Bravery, Family, and Patriotism in the Battle Against ISIS.” As the description says, it is an “account of how a covert Iraqi intelligence unit called “the Falcons” came together against all odds to defeat ISIS. The Falcons, comprised of ordinary men with little conventional espionage background, infiltrated the world’s most powerful terrorist organization, ultimately turning the tide of war against the terrorist group and bringing safety to millions of Iraqis and the broader world.”

4. 2022 GEOINT Symposium: The Foundation of Intelligence

On 24–27 April the United States Geospatial Intelligence Foundation (USGIF) hosted the largest GEOINT professionals gathering event in the US, the GEOINT 2022 Symposium at the Gaylord Rockies Resort & Convention Center, Aurora, CO. This year’s theme was “The Foundation of Intelligence” and the full agenda is available here. There were also 33 training sessions (listed here), and the official prospectus was published online.

5. Pakistani Cyber Espionage Operation Targeting India

Malware Bytes Labs Threat Intelligence Researcher, Jazi, published technical indicators of a cyber espionage operation attributed to an actor dubbed as “TRANSPARENT TRIBE”, and who has been previously associated with the intelligence services of Pakistan. The operation was using a lure document impersonating a survey from the Indian Institute of Technology (IIT) Hyderabad. If the target opened the lure document they’d get infected with a custom cyber espionage software implant.

6. Australia Spying on Solomon Islands and Making Press Leaks to Avoid the Signing of the Agreement with China

On week 14 (story #41) it was reported that the chiefs of the Australian Secret Intelligence Service (ASIS) and the Office of National Intelligence (ONI) visited Solomon Islands in order to push them to abandon the agreement with China. This week it was revealed that the Australian spy agencies knew about the deal weeks prior to its public disclosure and also that they chose to follow a clandestine leak of the issue to the media as a “last resort” to stop the deal from happening. Andrew Shearer, the Director-General of ONI denied that this was an Australian intelligence failure, but highlighted that Australian government is worried that this agreement will allow China to expand its military presence and that “in such a fragile, volatile country Chinese policing techniques and tactics that we’ve seen deployed so ruthlessly in Hong Kong, for example, are completely inconsistent with the Pacific way of resolving issues and could incite further instability and violence in the Solomon Islands.”

7. Catalonia Issues Ultimatum and Freezes Relationships with Spain Over Espionage Scandal

Following last week’s (story #9) disclosures of the Spanish intelligence service (CNI) spying on Catalonia officials, this week Catalonian President Pere Aragonès issued an ultimatum to the Spanish government to “provide a complete list of names of people spied on with the Pegasus system, explain who gave the official green light for the operation to go ahead and who has used the information and the purpose of it.” In the meantime, Catalonia temporarily froze the relations with Spain’s central government.

8. India’s Raisina Dialogue — International Spies Gathering Event

On 25–27 April 2022 India hosted one of the largest international intelligence services gathering in New Delhi, India known as the “Raisina Dialogue”. The discussions were led by India’s National Security Advisor (NSA), Ajit Doval. Note that “sources said U.S.’ Central Intelligence Agency (CIA) director William Burns and Canadian Security Intelligence Services (CSIS) director David Vigneault were expected originally, but had to cancel their attendance in the last few days due to different reasons.” The event was organised by India’s main foreign intelligence agency, the Research and Analysis Wing (R&AW) and the National Security Council Secretariat (NSCS), both reporting to NSA Ajit Doval. The event was attended by intelligence and security agencies from more than 20 countries including Australia, Germany, Israel, Singapore, Japan and New Zealand.

9. Explosions in Secret Turkish MİT Base in Iraqi Kurdistan

Kurdish journalist Amed Dicle reported that a base operated by the Turkish National Intelligence Organisation (MİT) in the Iraqi Kurdistan was hit by several explosions but the Turkish government refuses to comment on the incident. The base is located in a village near the town of Sheladiz and the reporter said that “there’s a Turkish ban on reporting involving incidents and casualties concerning foreign operations of the MİT. Earlier, there had been news reports about two MİT officers being killed in Libya, leading to indictment of some journalists. Now, what’s the significance of this MİT base? This place is actually the entrance to the Zap valley (…) We have an angle visible over there. It provides direct access to Zap. It’s incredibly important for Turkey to have a MİT base there, because they can both conduct electronic surveillance, and recruit locals at the same time.”

10. Podcast: Spy Skills for Parenting with Former CIA Officer

On April 25th, the Spies Like Us podcast published a new 51-minutes long episode featuring Christina Hillsberg, former CIA officer and author talking about her CIA-inspired unique approach to raising children. The host of the podcast was former CIA Counter-Terrorism Officer Brandon Blackburn.

11. Armenian NSS Detains Army Officer on Espionage Charges

On Monday the Armenian National Security Service (NSS) announced the detainment of a career army officer on espionage charges. During the 2020 Nagorno-Karabakh war (also known as 44-day war) the defendant was Deputy Commander of a missile battery and intentionally did not order effective strikes and intentionally exposed missile equipment to drone strikes while operating as a recruited agent of a foreign intelligence service. He also received $1,400 from his handler to provide the “telephone numbers of his former fellow students who graduated from a military academy abroad, the phone numbers of officers in charge of the missile and artillery department, as well as information about the staff of a military unit, the number of missile systems of the same unit, losses of military equipment during the 44-day war in 2020, location of missile and artillery systems, places of military exercises, military equipment used and the names of senior officers who took part in the exercises.” He was detained on April 20th, 2022 after attempting to transfer classified “combat maps of the military unit with secret markings for a reward of $8000.”

12. FSB Detained Group of Neo-Nazi Members in Russia Planning Sabotage and Assassination Operations Under SBU Instructions

The Russian Federal Security Service (FSB) made a press release for the detainment of a neo-Nazi group called “National Socialism/White Power” in Russia. FSB says the members were Russian citizens and were planning subversive actions, including the murder of Russian journalist Vladimir Solovyov, under the instructions of the Ukrainian Security Service (SBU). During the searches on their homes, FSB found an Improvised Explosive Device (IED), 8 incendiary devices (Molotov type), 6 PM pistols, a sawn-off hunting rifle, an RGD-5 grenade, over 1,000 rounds of various calibers, narcotics, fake Ukrainian passports, neo-Nazi literature and paraphernalia.

13. Two EU and UK Citizens Charged for Sanction Evasion to Support North Korean Government’s Covert Funding

Following week 15 (story #21) two more persons were charged for helping American citizen Virgil Griffith evade the US economic sanctions and covertly provide funding to the North Korean government. The US Department of Justice (DoJ) announced that “Alejandro Cao De Benos, 47, a citizen of Spain, and Christopher Emms, 30, a citizen of the United Kingdom, partnered to jointly plan and organize the Pyongyang Blockchain and Cryptocurrency Conference (the DPRK Cryptocurrency Conference) for the benefit of the DPRK.” According to the DoJ press release, US Attorney Damian Williams said that “Alejandro Cao de Benos and Christopher Emms conspired with Virgil Griffith, a cryptocurrency expert convicted of conspiring to violate economic sanctions imposed on North Korea, to teach and advise members of the North Korean government on cutting-edge cryptocurrency and blockchain technology, all for the purpose of evading U.S. sanctions meant to stop North Korea’s hostile nuclear ambitions.”

14. More Details on the Turkish MİT Disrupted Iranian Spy Ring

This week more details were revealed from the investigation of suspended Turkish Prosecutor Davut Yılmaz who faces up to 42 years in prison for participating in an Iranian intelligence (MOIS) espionage network with 16 people involved in kidnapping Iranian dissidents and plotting assassinations. He was paid $150,000 as mentioned in the 77-pages long indictment. He was working together with İhsan Sağlam, owner of the “SAĞLAM SAVUNMA SANAYİ AŞ” defence company, and the alleged leader of the ring, who was using the cryptonym “MIKAIL-ANGEL” in his communications. Sağlam and Yılmaz were in direct contact with MOIS intelligence officers between 2019–2022. The first identified target of the spy ring was former Iranian Colonel Mashai Firouze, his wife Arezou Saeidvand and their son Arıan Aminmavaneh. The second target was former Iranian Navy officer Mohammed Rezaei. And the third target was Iranian economist Shahnam Golshani. The Turkish MİT was able to disrupt the kidnapping attempts for the latter two targets but the ring had already managed to kidnap and covertly smuggle to Iran Firouze and his family.

15. Latvia Uncovers FSB Spies’ Covert 2017–2018 Visits from the Ukrainian GUR’s Leaked List of FSB Covert Operatives

On week 13 (story #5) the Chief Directorate of Intelligence of the Ministry of Defence of Ukraine (GUR MOU) publicly disclosed the full details of 620 covert Russian FSB operatives. This week, Latvian media discovered that two people from that list (Ruslan Annenkov and Denis Gorlachev) had visited Latvia in 2017 and 2018 posing as Russian Army Lieutenants on official visits to Latvian military facilities. The State Secretary of the Ministry of Defence of Latvia, Janis Garisons, said that “these two officers were in Latvia as part of the so-called OSCE Vienna Document verification. Accordingly, they participated in the inspection, during which they visited Adazi, Lielvarde and some other military bases.” The article notes that “Denis Gorlachevs (b. 1974) visited Latvia in November 2017 together with three other persons. The Arms Control Inspection lasted four days. He visited Riga, Adazi and military installations in the central part of Latvia. As usual during official visits, the participants took friendly photos. The photos also captured Gorlachev.” And about the second person, “Ruslan Annenkov (born 1980) also came to Latvia as a member of the Arms Control Inspectorate. In November 2018, he spent four days here. Official information testifies that even then the Russian delegation was interested in the airfield and the Lielvarde base in the central part of Latvia. Together with other members of the delegation, Annenkov is also captured in several photographs.”

16. Global Push for Transparent Investigation of Greek NIS Illegal Covert Surveillance of Investigative Journalist

Following week 15 (story #16) revelations of the Greek National Intelligence Service (NIS) spying on investigative journalist Thanasis Koukakis under the direct order of Prime Minister Kyriakos Mitsotakis, several international human rights and journalist organisations demand a transparent investigation of this incident. In the latest developments, the EU Media Freedom Rapid Response issued an open letter to the Greek government signed by the Committee to Protect Journalists (CPJ), the European Centre for Press and Media Freedom (ECPMF), the European Federation of Journalists (EFJ), the Free Press Unlimited (FPU), the International Press Institute (IPI), the Reporters Without Borders (RSF) and the OBC Transeuropa (OBCT). No official response has been provided by the Greek government yet.

17. India’s Cyber Espionage Operation Targeting Bangladesh

On April 25th, the Shadow Chaser Group of the GcowSec team published technical indicators of a new active cyber espionage operation attributed to an actor dubbed as “SIDEWINDER” who has been previously associated with the government of India. The new operation was using a lure document impersonating the Ministry of Foreign Affairs of Bangladesh and it was titled “Allowance for Eid-al-Fitr 2022.” If opened, the document was covertly installing a custom cyber espionage software implant.

18. FBI Warns of Unprecedented Cyber Espionage from China

Last Sunday FBI Director Christopher Wray said that the “the biggest threat we face as a country from a counterintelligence perspective is from the People’s Republic of China and especially the Chinese Communist Party. They are targeting our innovation, our trade secrets, our intellectual property, on a scale that’s unprecedented in history.” He added that the Chinese cyber espionage program is larger “than that of every other major nation combined.” He also added that “there’s well north of 2,000 of these investigations. All 56 of our field offices are engaged on it, and I can assure that it’s not because our agents don’t have enough else to do. It’s a measure of how significant the threat is.”

19. Albanian SHISH National Security Committee Update

On April 19th, the Albanian State Intelligence Service (SHISH) presented the 2021 developments as well as the future plans of the agency at the National Security Committee of the Albanian Parliament. Subsequently, SHISH issued a press release. SHISH was represented by its Director, Helidon Bendo, who said the agency continues on the 2020–2023 strategy as planned and has fulfilled all its legal obligations for 2021. On the current and future threats he noted the “hybrid” activities of adversary intelligence services involved in influence operations, propaganda and misinformation with divisive narratives. Those are used in combination with traditional espionage methods as well as Open Source Intelligence (OSINT) and cyber operations. He warned that “domestic disputes are exploited by third countries to maintain an unstable situation in the region in order to hinder the process for the EU integration.” For the near future, SHISH aims on strengthening its operational capacity with stronger focus on the cyber domain.

20. Podcast: True Spies — Undercover In The Old West

This week SpyScape’s True Spies podcast series released a new 40-minute long episode titled “Undercover In The Old West” and covering a real Wild West undercover story from the American detective Charlie Siringo (1855–1928) who was part of the Pinkerton Agency. The episode is presented by Vanessa Kirby with Siringo voiced by Mike Capozzola.

21. Russia Expels 40 German Diplomats on Espionage Allegations

On Tuesday, April 26th, the Russian Ministry of Foreign Affairs announced the expulsion of 40 German diplomats from Moscow on suspicions of being involved in espionage activities. The German Foreign Minister, Annalena Baerbock said it was “expected” as a “tit for tat” response to Germany’s expulsions of Russian intelligence officers under diplomatic cover, but she did not comment on the espionage allegations.

22. Pakistani Cyber Espionage Operation Faking Smuggling Report

The Red Drip Team of the Qi An Xin cyber security company published technical indicators of a new cyber espionage operation attributed to an actor dubbed as “TRANSPARENT TRIBE” and who has been previously associated with the Pakistani intelligence services. This campaign was impersonating a report titled “Details of Smuggler & their Assocaites ftr” which, if opened, would infect the system with a custom cyber espionage software implant. It is not known who was the target of this operation.

23. Mali Government Accuses French of Espionage and Sabotage

On Wednesday, April 27th, the government of Mali made a public statement accusing French military of violating 50 times the country’s airspace to conduct aerial surveillance operations on their forces, as well as conducting “sabotage” by making illegal drone strikes and disseminating “false images accusing civilians (Mali soldiers) of killing civilians.” Later, the French military denied the accusations.

24. Russian and Belarusian Spies Arrested in Poland

On April 27th it was announced that the Polish Military Counterintelligence Service (SKW) arrested two individuals, a Russian citizen and a Belarusian citizen, in the city of Bialystok (near the border with Belarus). SKW said that the suspects “collected information about military units, personnel status, as well as about units of the allied forces.” Both have been living in Poland for many years and are now on temporary (3 months) arrest until the court takes place. They face up to 10 years in prison.

25. Video: A Top Secret Radio Espionage Site

On April 26th, the YouTube channel Ringway Machester published a new 4.5-minute long video covering how Britain’s GCHQ had created a covert facility in Capenhurst, UK in order to intercept British Telecom (BT) microwave communications between Wales (specifically Gwaenysgor) and Ireland (specifically Dublin) during the 1980s. This allowed GCHQ to spy on all telephone communications between the two regions.

26. Cyber Espionage Campaign by the Gaza Cybergang

On April 25th a previously unknown cyber espionage operation was uncovered by Threat Intelligence Researcher, Jazi. The new operation was attributed to a non-state (but state-backed) actor known as “Gaza Cybergang” or “WIRTE” group, associated with Palestine actors. The operation was using a lure document titled “سري للغاية — مكتب السفير- محاضر اجتماعات السفيرمع المبعوث الأمريكي لليمن-” (Top Secret — Ambassador’s Office — Minutes of the Ambassador’s meetings with the US envoy to Yemen) which, if opened, would compromise the user’s device with a custom cyber espionage software implant. It is not known who was the target, but based on past activity, it was likely Arabic-speaking Middle East countries.

27. Alleged British Spy Freed from Yemen After 5 Years Without Trial

This week it was announced that after 5 years of imprisonment (2017–2022), British national Luke Symons (30) was freed to return to the UK. Symons was arrested on April 4, 2017 by Houthis in a security checkpoint at the city of Ta’iz, Yemen on espionage suspicions. Houthis said that he confessed he was a British spy but Luke Symons later disputed that, saying he did confess to avoid the torture he was subjected to. With the behind-the-scenes support of Saudi Arabia and Oman, the British government arranged his release.

28. Spanish CNI Likely Spied on Swiss Politicians

Following the recent revelations of the Spanish National Intelligence Centre (CNI) spying on Catalonian officials, media noticed that among the targets of the cyber espionage (using Pegasus product, developed and sold by the Israeli NSO Group) there were also some Catalan politicians and journalists living in exile in Zug, Switzerland. The Swiss Public Prosecutor is now investigating the case further and the newspaper highlights that “this potentially illegal espionage in Swiss territory could be the subject of legal proceedings.”

29. Podcast: American Undercover — Alex Alonso

On April 27th, the DTD Podcast published a new nearly 2-hours long episode featuring Alex Alonso, retired federal law enforcement agent with over 29 years career in several agencies (U.S. Customs and Border Protection — CBP, Homeland Security Investigations — HSI, and more.) Throughout his career he was almost exclusively conducting undercover operations both in the US and also internationally with covert operations in Spain, Italy, Venezuela, Colombia and even Afghanistan.

30. Greek NIS Uncovers Turkish MİT Online HUMINT Covert Operation Targeting Military and Gov Officials in Aegean Islands

On April 26th, Greek newspaper “Proto Thema” revealed that the Greek National Intelligence Service (NIS) uncovered several (including some successful) online Human Intelligence (HUMINT) recruitment attempts of Greek military and government officials by the Turkish National Intelligence Organisation (MİT), as well as a more elaborate operation. Since March 22nd, allegedly, MİT opened a free online foreign language school in one of those Greek islands in Aegean, specifically targeting Greek government and military officials that have to qualify in the Turkish language. According to NIS, this is a covert operation to collect information on those individuals which can be later used for espionage/recruitment or other clandestine activities.

31. Dutch Shipbuilder Uses Former Spies to Compete

The Intelligence Online published an article discussing how the Dutch shipbuilder Damen Shipyards Group has “resumed its offensive to supply warships to Romania’s Navy under a contract that France’s Naval Group has been trying to finalise for three years.” In this effort, Damen hired former Romanian intelligence senior officers, with excellent knowledge and connections to the Romanian military and government, to influence and support the Dutch company beat its competition.

32. Russian SVR Announces US/Polish Plans to Take Control of Ukrainian Areas as “Historical Possessions”

Through an official press release the Director of Russia’s Foreign Intelligence Service (SVR), Sergey Naryshkin, announced that they obtained classified intelligence indicating that the US and Poland are collaborating on a plan to establish military and political control over areas they define as “historical possessions” in Ukraine. This will start by Polish troops moving in Ukraine under the pretext of protecting key areas from Russia. The plans are developed without NATO involvement, only with what the SVR calls the “willing states” which are defined as “coalition of like-minded people.” The contingent plan, is to deploy this as a peacekeeping operation in areas with minimal Russian military activity, and with the covert objective to take over the control of strategic facilities from the Ukrainian National Guard.

33. Palantir Releases Series of Tutorial & Demo Videos

This week private intelligence platform firm Palantir, used extensively for intelligence analysis by national intelligence agencies, published a series of videos about their products. The videos are: the 7-minute long “Data Integration Series (part 1 & 2)”, the 18-minute long “Palantir Apollo Demo Day”, the 49-minute long “Foundry 2022 Operating System Demo”, the 5-minute long “Data Integration Series (part 3)” and the 5-minute long “Data Integration Series (part 4)”.

34. Podcast: SpyCast — CIA Case Office Mike Susong (part 1)

The International Spy Museum’s SpyCast podcast published a new 48-minute long episode featuring W. Michael Susong who was a CIA Case Officer (1990–2001) before moving to the private intelligence sector in companies including Fujitsu, Visa, ASIS International and more. The podcast’s intelligence learnings were: 1) The outgrowth of “intelligence” from a nation-state activity to a corporate activity 2) Recruiting and running agents as a CIA case officer 3) His shift from tactical intelligence to strategic intelligence an 4) His journey from a curious kid with a short-wave radio to an intel professional

35. Kaspersky GReAT Publishes Q1 2022 Threat Intelligence Summary

On April 27th, the Kaspersky Global Research and Analysis Team (GReAT) published their Q1 2022 report which summarises the nation-state cyber operations observed in Ukraine, as well as more details on cyber espionage activity by Russia, China, Iran, Southeast Asian and Korean actors. Kaspersky GReAT highlights the increased operational tempo aligned with the war in Ukraine which lowered the technical complexity of the operations but increased their numbers and frequency.

36. USAF To Replace the E-3 Spy Planes with the E-7 Wedgetail

This week it was announced that the US Air Force plans to replace some of its Boeing E-3S Sentry Airborne Early Warning and Control (AEW&C) aircrafts with the newer Boeing E-7 Wedgetail. The first prototype is expected “in the 2023 Fiscal Year and then take delivery of it in the 2027 Fiscal Year.”

37. Italian National Award in Honour of Fallen AISE Officer

On April 28th, the Italian Presidency of the Council of Ministers, in an effort to boost the nation’s security mindset, did the “Premio Pietro Antonio Colazzo: Un Nostro Eroe” (Pietro Antonio Colazzo Awards: Our Hero). The awards were given to 6 people and the Agency also published a short video. The awards were named after fallen AISE officer Pietro Antonio Colazzo (48) who was killed in a terrorist attack in Kabul, Afghanistan on February 26, 2010 while on clandestine intelligence mission. The 6 awards were given to people that published stories about Pietro Antonio Colazzo, his legacy and the meaning of his clandestine work for Italy’s national security.

38. FSB Detains 2 Russians for Sabotage Attempt in Belgorod, Russia

On April 27th, the Russian Federal Security Service (FSB) made a press release for the detainment of 2 Russian citizens in the city of Belgorod, Russia. According to the FSB, they were “preparing to commit sabotage at one of the transport infrastructure facilities” of the city in support of Ukraine, and they confessed their crimes. Additionally, FSB established that they were sharing sensitive information about Russian troops and their movements to the Ukrainian website “Миротворец” (Peacemaker).

39. RCMP Officers Quits After CSIS Refusing to Provide Details for National Security Target’s Arrest

According to CBC law enforcement officers of RCMP left service after being asked to carry out an arrest warrant for a “national security target” based on classified intelligence from the Canadian Security Intelligence Service (CSIS). The report highlights that “we learned of a case where the INSET was tasked with carrying out an arrest but not given the reason why. This caused great conflict in the investigative team, causing some officers to quit.”

40. Pakistan’s Court Asks Intelligence to Stop Harassing TV Station

With a court verdict, Pakistan is officially asking the country’s law enforcement and intelligence services to stop harassing the ARY News TV channel with intimidation and fake accusations. According to ABC News, the TV station “has been critical of Pakistan’s new Prime Minister Shahbaz Sharif” and is, allegedly, the motivation behind the harassments.

41. How Spies Communicate Using Shortwave Numbers Stations

On Wednesday, The Recount published a 12-minute video talking about number stations and One Time Pads (OTP), and how they are used for one-way clandestine communications by intelligence agencies. The video was titled “How Spies Communicate Using Shortwave Numbers Stations.”

42. NGA Takes Control of Pentagon’s Project MAVEN

On April 25th it was announced that US National Geospatial-intelligence Agency (NGA) will take the operational control of Project MAVEN. This is a US Department of Defence spying project to provide software “designed to process imagery and full-motion video from drones and automatically detect potential targets.” NGA Director Vice Admiral Robert Sharp said the assignment “includes responsibility for labeled data, AI algorithms, test and evaluation capabilities, and the platform.”

43. FSB Declassifies Reports on Hitler’s Pilot, Hans Baur

On April 29th, the Russian Federal Security Service (FSB) declassified one more file from the Red Army’s counter-intelligence unit, called SMERSH. It’s a file from the FSB Directorate for the Novgorod region about Hitler’s personal pilot, SS Gruppenführer and Police Lieutenant General, Hans Baur.

44. New NSA & GCHQ Additions to the Cryptologic Hall of Honour

The US National Security Agency (NSA) issued a press release for the addition of cryptologic innovators from the NSA and Britain’s GCHQ at the Agency’s Cryptologic Hall of Honour. The first new additions were those of Clifford Cocks, James Ellis and Malcolm Williamson from GCHQ whose work “resulted in the discovery of public key cryptography (PKC).” Next, Joseph Gilligan Jr. was added for being “a pioneer in signals intelligence collection and exploitation capabilities.” Finally, the new addition was also Jack Mortick who “developed various mathematical theories and algorithms needed to confront the most critical issues at NSA. He also offered a course on analysis that has been the basis for multiple Agency courses for more than three decades.”

45. South Korea Arrests 2 Nationals Acting as DPRK Spies

On April 29th the South Korean National Police Agency stated that they arrested two South Korean nationals, “a 29-year-old army captain who allegedly passed login information for South Korea’s Joint Command & Control System — a crucial military-run internal communications network” as well as a “38-year-old businessman who runs a virtual asset management firm, is accused of giving the army captain a wristwatch with a secret camera to aid in intelligence gathering.” They were both operating on behalf of North Korea’s intelligence services and were paid in cryptocurrencies. The captain received about ₩48 million ($37,789) from his North Korean handler and the 38-year-old businessman got around $600,000.

46. Video: Former CIA & FBI Agent Tracy Walder — Courageous Leader

On April 26th, the Virginia Military Institute (VMI) Centre for Leadership and Ethics published a 57-minute long video from a recent event. The talk was by Tracy Walder, former Staff Operations Officer in CIA’s Counter Terrorism Centre (CTC), then FBI Special Agent in the Counterintelligence Division (CD) with expertise in Chinese espionage, and author of the book “The Unexpected Spy.”

47. ODNI Publishes Intelligence/Surveillance Transparency Report

This week the US Office of the Director of National Intelligence (ODNI) published a 38-pages long report titled “Annual Statistical Transparency Report Regarding the Intelligence Community’s Use of National Security Surveillance Authorities.”

48. FSB Detained Former Ukrainian Marine Planning Subversive Actions

On April 30th, Russia’s Federal Security Service (FSB) announced the detainment of a former Ukrainian marine, born in 1988, in the region of Crimea. FSB said that he had joined the paramilitary Azov Battalion and was planning to place Improvised Explosive Devices (IEDs) in a shopping and entertainment centre in the city of Simferopol. FSB also seized homemade explosives, manuals for IEDs and other incriminating evidence.

49. Spy Collection: Romanian SRI 25th Anniversary Stamps

On Saturday, April 30th, we published a 3-minute long video about some stamps the Romanian government released in 2015 as part of the SRI’s 25th Anniversary (1990–2015). The video briefly covers SRI’s history.

50. NGA For Kids Video Series

The US National Geospatial-intelligence Agency (NGA) published a new web page titled “NGA Kids: Videos” and featuring short videos explaining basic GEOINT concepts. Currently there are 4 episodes: 1) What is Geospatial Intelligence? 2) What is GPS? 3) What is LIDAR? and 4) What is Coding?

51. Chinese Cyber Espionage Operation Targeting Russian Military

SecureWorks Counter Threat Unit (CTU) published a technical report on a previously unknown cyber espionage operation attributed to the intelligence services of China. The report indicates a new cyber espionage operation targeting Russian military personnel likely located in Blagoveshchensk with the report saying that “Blagoveshchensk is a Russian city close to the China border and is home to the 56th Blagoveshchenskiy Red Banner Border Guard Detachment. This connection suggests that the filename was chosen to target officials or military personnel familiar with the region.”

52. Dutch AIVD Releases 2021 Threat Report

This week the Dutch Security and Intelligence Agency (AIVD) released its AIVD 2021 Annual Report. It is a 35-pages long report split into four sections: 1) National Threats, 2) International Threats and Political Security Interests, 3) Eliminating Threats and Helping Prevention, and 4) Supervision and Organisation. Note that there is a web-based version of the report too.

53. Podcast: Team House — The First Green Beret in Afghanistan

The Team House published a nearly 3 hours long podcast featuring Justin Sapp, one of the US Special Forces members that together with CIA’s paramilitary operators infiltrated Afghanistan literally days after the 9/11 terrorist attack.

54. New US DHS and DoE Documents Released by Public Intelligence

This week, the Public Intelligence released 3 new documents from US government agencies. The first was the 33-pages long “Cybersecurity and Digital Components Supply Chain Deep Dive Assessment” by the Department of Energy (DoE), the second was the Department of Homeland Security’s (DHS) 28-pages long “Combatting Targeted Disinformation Campaigns: A Whole-of-Society Issue”, and the third one was from the 48-pages long DHS document “Combatting Targeted Disinformation Campaigns: A Whole-of-Society Issue — Part Two.”

55. Russian Navy Spy Dolphins Spotted in the Black Sea

The United States Naval Institute (USNI) published a blog post based on Open Source Intelligence (OSINT) demonstrating the deploying of Russian Navy dolphins to protect the Black Sea Naval Base. The article highlights that “the Arctic unit has also become more active in recent years. Beluga whale pens have now also been established at Olenya Guba, the secretive naval base of GUGI (Main Directorate Of Deep Sea Research). The intelligence organization is believed to be responsible for key undersea espionage assets of the Russian military.” On Friday, the author of the article, H. I. Sutton also published a 19.5-minutes long video presentation of the discovery.

56. CIA Appoints its First Ever CTO to Handle Tech Challenges

With an official announcement the US Central Intelligence Agency (CIA) appointed Nand Mulchandani to serve as CIA’s first-ever Chief Technology Officer (CTO) on April 29th.

57. Potential Sabotage Activities in Russian Strategic Facilities

The Washington Post published an article discussing several recent unexplained incidents with fires and explosions at strategic facilities inside Russia. Those include “storage depots, a sensitive defence research site and the country’s largest chemical plant.” The article notes that those incidents raise questions of potential Ukrainian covert sabotage operations or even covert allied actions inside Russia.

58. Alexei Saab, a Hezbollah Spy in New York City

On April 25th, the New York Post published an article about Alexei Saab, a New Jersey-based software engineer who was covertly operating as a member of Hezbollah’s espionage branch to identify potential targets, conduct tactical reconnaissance, and other espionage activities.

59. German BND Reforms to Combat the Russian Activities

As per Intelligence Online’s article, the German Federal Intelligence Service (BND) is undergoing a major reform to “to step up to the task of responding to Russia.”

60. NGA Warns of Spy Satellites Hijacking by Adversarial Actors

Jeff Stein of the Spy Talk published an article summarising a newly identified threat for the United States NGA and NRO. That is, the hijacking of US government’s satellites by foreign intelligence services.

61. Organised Crime Member Investigated by Greek NIS Assassinated

This week, it was revealed that John Skaftouros who was assassinated the week before at his house, was part of an ongoing investigation by the National Intelligence Service (NIS) related to organised crime and government corruption networks.

62. USAF Intelligence Officer Put Classified Information Online

According to the Express, United States Air Force (USAF) intelligence officer Adam Sitzes used the public web service Trello to upload a series of classified (SECRET) documents to be able to work on them from home. According to reports, the documents included the “RAF’s Typhoon fighter jets, as well as a list of names of US counter-terrorism officers based in the United Kingdom” along with US arms deals and emails of staff members of the NSA. The article notes that “The Sun was alerted to the leak when discovered and was able to find the information and data in seconds using a simple Google search. Upon realising the severity of the problem, the tabloid contacted Whitehall who used emergency means to contact the US to remove all the files.”

63. Slovakian Lawyer Confessed Bribing SIS Chief

This week Slovakian lawyer Zoroslav Kollár confessed that in August 2020 he bribed the former Head of the Slovak Information Service (SIS), Vladimír Pčolinský, with €40,000 to make sure his staff will not conduct surveillance (as it was ordered) on him. The bribe was delivered by Ľudovít Makó and the SIS chief split it with his, then, deputy, Boris Beňa.

64. Former Mossad Spies Share Holocaust Story for the First Time

On April 27th, Itamar Eichner published an article as part of the Holocaust Remembrance Day. Israel’s spy agency, the Mossad, held a memorial event where two clandestine operatives spoke for the first time about their experiences. As the article says “Haim Victor Tayar, whose full name and picture were revealed, and Sylvia, whose identity remains hidden due to the significant operational damage its exposure might cause despite her advanced age, sat down and recounted their stories.”

65. Change in Command for ISR-MNBN in NATO’s KFOR

On April 27th it was announced that NATO’s Kosovo Force (KFOR) mission had a change of command in its Intelligence, Surveillance and Reconnaissance Multinational Battalion (ISR MNBN). The event took place at Camp FILM CITY in Kosovo and Lieutenant Colonel Giovanni Amoroso (from Italy’s 13th HUMINT Regiment) passed the command to Lieutenant Colonel Fabrizio Naso (from Italy’s 33rd Electronic Warfare Regiment). The ISR MNBN was established in 2016 to provide intelligence capabilities to the KFOR and it has intelligence operators from 9 different NATO members.

66. Russia Detains 2 British Nationals on Espionage Accussations

According to media reports, Russian forces captured 2 British nationals at a checkpoint in Zaporizhzhia on Monday. The British nationals, Paul Urey and Dylan Healy, said they were “operating independently to try to get vulnerable Ukrainians out” but they are accused of conducting espionage activities.

67. Espionage Charges for Iranians Speaking with Hostile Government Media Outlets

This week, the Legal Bureau of the Iranian Parliament’s Research Centre drawn up legislation that controls the communications of Iranian citizens with foreign media agencies. Specifically, Iranians communicating with media funded by hostile governments or overseas opposition groups would be prosecuted on espionage charges.

68. Ukrainian SBU Spy Mobile Application ТиХто

Intelligence Online published an article about a Ukrainian mobile application (ТиХто, TyHto) sponsored by the country’s Security Service (SBU). The application was created in collaboration with the Artellence face recognition Ukrainian company and the YouControl Ukrainian business inventory (its main developer). ТиХто is used to scan a person’s ID or passport, their face, vehicle’s license plate and then: 1) Compare the face with the documents, 2) Check if the person is on SBU’s wanted list, 3) Check if the person is in an international terrorist watchlist, 4) Check if the person is marked for sanctions by Ukraine’s National Security and Defense Council (NSDC), 5) If the person is a paramilitary or foreign military member, 6) Update the “Peacemaker” database, and 7) Whether the vehicle’s license plate is on an SBU watchlist. Intelligence Online says that “its developer, YouControl, is already thinking about export possibilities.”

69. Turkish MİT Orchestrated US-Russia Spy Swap in Ankara

According to Turkish news agencies, the April 27th’s spy swap between the US and Russian governments was orchestrated by the Turkish National Intelligence Organisation (MİT), and it’s also the reason why the spy swap took place in Turkey’s capital, Ankara. MİT organised it in close collaboration with the US and Russian intelligence services with MİT operatives acting as intermediates, validating the identities of the prisoners, vetting the covert flights, etc. The two (almost certainly spies) exchanged where American 30 year old former Marine, Trevor Reed, who was arrested in 2019 in Russia and sentenced to 9 years in prison, and Russian pilot Konstantin Yaroshenko, arrested in 2010 in Liberia and extradited to the US on drug trafficking charges.

70. Newly Released Video Shows 9/11 Hijackers with Alleged Saudi Intelligence Operative

On April 27th, the CBS News released a story based on newly declassified material from the 9/11 terrorist attack. In a declassified video, Saudi national Omar al-Bayoumi is seen meeting with the hijackers and a redacted 2017 FBI memo says that “in the late 1990s and up to September 11, 2001, Omar al-Bayoumi was paid a monthly stipend as a cooptee of the Saudi General Intelligence Presidency (GIP) via then Ambassador Prince Bandar bin Sultan” and it continues that “allegations of al-Bayoumi’s involvement with Saudi Intelligence were not confirmed at the time of the 9/11 Commission Report. The above information confirms these allegations.” The article notes that “retired FBI agent Danny Gonzalez, who worked on Operation Encore, told CBS News last fall that he believes Bayoumi was part of the hijackers’ U.S-based support network. “He helped them with apartments, he helped them with bank accounts,” Gonzalez told CBS News.” CBS News tried via the Saudi Embassy to reach out to Bayoumi who now lives in Saudi Arabia, but they only got the response that “any allegation that Saudi Arabia is complicit in the September 11 attacks is categorically false.”

71. MGB DPR Detained Ukrainian OSCE SMM Member on Espionage Charges

On Friday, the Donetsk People’s Republic (DPR) Ministry of State Security (MGB), which is not recognised by most countries, announced the detainment of Ukrainian national Vadim Golda, born in 1967, on espionage charges. V. Golda was in the Donetsk region as a member of the Organization for Security and Co-operation in Europe (OSCE) Special Monitoring Mission (SMM) but according to MGB, he was covertly conducting espionage “under the instructions of the OSCE Security Officer Aman Akhmedzyanov” for a foreign intelligence service. Specifically, DPR MGB is accusing him of collecting and transmitting intelligence about “the location of the DPR forces and industrial facilities, including state and defence infrastructure.”

72. Spy Way of Life: The Burlington Arms

This week, Intelligence Online’s “Spy Way of Life” series was about The Burlington Arms pub in London, UK which is described as “a pub that has traditionally been the happy hour for the London’s intelligence village” but it is currently struggling to hold on to its customers.

73. Podcast: Flying for the CIA’s Air America in South East Asia

On April 29th, the Cold War Conversations published a new 1.5-hour long podcast episode featuring former CIA’s Air America pilot Neil Hansen talking about his experiences in Southeast Asia during the Vietnam War as a covert CIA pilot working for Air America, a CIA front airline. N. Hansen also released a book about his clandestine journey in 2019. His book is titled “Flight: An Air America Pilot’s Story of Adventure, Descent and Redemption.”

74. Microsoft Publishes Cyber Threat Activity in Ukraine Analysis

On April 28th, the Microsoft Security Response Centre (MSRC) released a technical analysis of all the cyber espionage and cyber attack activity they have observed targeting Ukraine, along with supportive technical indicators.

75. Ukrainian Armed Forces Detain Russian Informant in Nikolaev

On April 30th, Ukrainian media reported that a man was detained on suspicions of espionage in the city of Nikolaev, Ukraine. He is accused of photographing Ukrainian military forces, tracking their movements, documenting precise coordinates, and sending them to his Russian handler. In return he was receiving payments.

76. ODNI: IARPA HAYSTAC Proposers’ Days Recordings

The US Office of the Director of National Intelligence (ODNI) published two video recordings from an propers’ presentation event that took place on March 22nd, 2022. The first recording is 1.5-hour long and the second is 58-minutes long. The recordings were part of Intelligence Advanced Research Projects Activity’s (IARPA) HAYSTAC program. HAYSTAC is the Hidden Activity Signal and Trajectory Anomaly Characterisation which “aims to develop novel capabilities that produce large-scale microsimulations of fine-grained human movement and create AI reasoning engines capable of both identifying abnormal movement trajectories and generating normal ones.”

77. Mandiant Merges UNC2452 into APT29 Threat Actor

The Mandiant cyber security and intelligence firm published a blog post explaining why they decided to merge two cyber espionage actors they were tracking separately (UNC2452 and APT29) into one, along with a recent summary of their activities and technical indicators. As the post notes, this actor, dubbed as “APT29” is “a Russia-based espionage group assessed to be sponsored by the Russian Foreign Intelligence Service (SVR).”