Monday, November 5, 2018

CIA suffered ‘catastrophic’ compromise of its spy communication system


The United States Central Intelligence Agency suffered a “catastrophic” compromise of the system it uses to communicate with spies, which caused the death of “dozens of people around the world” according to sources. This is alleged in a major report published on Friday by Yahoo News, which cites “conversations with eleven former US intelligence and government officials directly familiar with the matter”. The report by the online news service describes the compromise of an Internet-based covert platform used by the CIA to facilitate the clandestine communication between CIA officers and their sources —known as agents or spies— around the world.
According to Yahoo News, the online communication system had been developed in the years after 9/11 by the US Intelligence Community for use in warzones in the Middle East and Central Asia. It was eventually adopted for extensive use by the CIA, which saw it as a practical method for exchanging sensitive information between CIA case officers and their assets in so-called ‘denied areas’. The term refers to regions of the world where face-to-face communication between CIA case officers and their assets is difficult and dangerous due to the presence of non-state adversaries like the Taliban, al-Qaeda or the Islamic State. However, it appears that the system was flawed: it was too elementary to withstand sustained scrutiny by Internet-savvy counterintelligence experts working for state actors like Iran, China or Russia.
In September of 2009, Washington made a series of impressively detailed revelations about the advanced status of Iran’s nuclear program. These angered Tehran, which redoubled its efforts to stop the US and others from acquiring intelligence information about the status of its nuclear program. Some sources told Yahoo News that one of the CIA assets inside Iran’s nuclear program was convinced by the Iranians to become a double spy. He proceeded to give Tehran crucial information about the CIA’s online communication system. Based on these initial clues, the Iranians allegedly used Google-based techniques “that one official described as rudimentary” to identify an entire network of CIA-maintained websites that were used to communicate with assets in Iran and elsewhere. The Iranians then kept tabs on these websites and located their users in order to gradually unravel an entire network of CIA agents inside their country. Around that time, Iranian media announced that the Islamic Republic’s counterintelligence agencies had broken up an extensive CIA spy ring consisting of more than 30 informants.
The Yahoo News report says that the CIA was able to successfully exfiltrate some of its assets from Iran before the authorities were able to apprehend them. The agency also had to recall a number of undercover officers, after they were identified by the Iranians. The effects of the compromise, however, persisted on a global scale, according to former US intelligence officials. In 2011 and 2012, another network of CIA spies was busted in China, leading to the arrest and execution of as many as three dozen assets working for the US. Many, says Yahoo News, believe that the Iranians coached the Chinese on how to use the CIA’s online communication system to identify clandestine methods and sources used by the agency.
Along with other specialist websites, IntelNews has monitored these developments as they took place separately in Iran and China. However, the Yahoo News report is the first to piece together these seemingly disparate developments and suggest that they were likely triggered by the same root cause. What is more, the report suggests that the CIA had been warned about the potential shortcomings of its online communication system before 2009, when the first penetrations began to occur. In response to the compromise, the CIA has reportedly modified, and at times completely abandoned, its online communication system. However, the implications of the system’s compromise continue to “unwind worldwide” and the CIA is “still dealing with the fallout”, according to sources. The effects on the agency’s operational work are likely to persist for years, says Yahoo News.
► Author: Joseph Fitsanakis

Suicide bomber who attacked Russian spy agency identified as ‘anarchist-communist’

Mikhail Zhlobitsky

A teenager who killed himself with an improvised explosive device in the lobby of a regional office of Russia’s domestic intelligence agency appears to have identified himself as an “anarchist-communist” on social media. At 8:52 am local time on Wednesday, the 17-year-old entered the regional office of Russia’s Federal Security Service (FSB) in the city of Archangelsk, located 800 miles north of Moscow. On CCTV footage released by the Russian security services, he is seen reaching into his backpack and taking out an object, which soon exploded, killing him and wounding three others.
The bomber was later identified in the Russian media as Mikhail Zhlobitsky, a student at a local technical college. Within hours, reports pointed to posts made on social media platforms by Zhlobitsky, who used several online aliases, including that of “Sergey Nechayev”, one of Russia’s leading 19th-century anarchists, who died in prison for advocating terrorism as a means of revolution. Shortly before the attack, someone using the alias “Valeryan Panov” commented on the social messaging application Telegram that he was about to bomb the FSB in Archangelsk. In the comment, which was posted on an anarchist forum, the user said that he had decided to act “because the FSB falsifies cases and tortures people”. The user added that he would probably die in the attack because he had to manually detonate the improvised explosive device he was carrying with him. He concluded his message with the words: “I wish you a glorious future of anarchist communism!”.
The activities of militant Russian anarchists and anarcho-communists date back to the mid-19thcentury; anarchist militants are responsible for numerous assassinations of senior Russian officials, including Emperor Alexander II, who was killed by a Russian anarchist in 1881. But the movement was ruthlessly suppressed by the Soviet state and today the FSB and other Russian security services are actively monitoring the remnants of the Russian anarchist movement. These include the Confederation of Revolutionary Anarcho-Syndicalists, the group Autonomous Action, and the Siberian Confederation of Labor. Large sections of these groups have now moved underground, as the government of Russian President Vladimir Putin has named anarchists as primary enemies of order and security in the Russian Federation. Earlier this month, another Russian teenager, Vladislav Roslyakov, killed himself after shooting 19 students and teachers at a technical college in Kerch, a Black Sea port city in Russian-annexed Crimea. No political motive for the attack has been reported.
► Author: Joseph Fitsanakis

Denmark recalls its envoy from Tehran, accuses Iran of assassination plot

Finn Borch Andersen

The Danish government has recalled its ambassador from Iran and has accused the intelligence services of the Islamic Republic of plotting an assassination operation on Danish soil. Danish government officials also said that Copenhagen would seek to impose further economic and diplomatic sanctions on Tehran, in coordination with the European Union. The accusations against Iran were leveled during an emergency news conference in the Danish capital on Tuesday, led by Anders Samuelsen, Denmark’s Minister of Foreign Affairs, and Finn Borch Andersen (pictured), Director of the Danish Security and Intelligence Service, known as PET.
The two men said that “an Iranian intelligence agency” had planned “an attack on Danish soil”, which  Defense Minister Samuelsen condemned as “completely unacceptable”. PET Director Andersen said that a Norwegian national of Iranian background had been arrested in Sweden on October 21, and was now in custody awaiting extradition to Denmark. The arrestee is an employee of Iranian intelligence, said Andersen, and had been observed conducting surveillance against a Danish-based leading member of an Iranian separatist group. The alleged target is a member of the Arab Struggle Movement for the Liberation of Ahvaz (ASMLA), a hardline separatist group campaigning for a separate homeland for Iran’s Arab minority. Approximately 2 percent of Iranians (around 1.5 million people) belong to the country’s ethnic Arab population. Most of them are concentrated in Khuzestan, a region in Iran’s oil-rich southwest, which borders neighboring Iraq. Some of these ethnic Arabs seek autonomy from Tehran, which they see as an alien regime. ASMLA represents the militant wing of Iran’s separatist Arab community and has a history of staging terrorist attacks inside Iran. Last September, the group claimed it was behind an armed attack on a military parade in the city of Ahvaz —a major urban center in Iran’s Arab-speaking region— which killed 24 people, including some women and children. Later, however, a representative of the group retracted the claim.
On Tuesday, several Iranian officials issued strong denials of the Danish government’s allegations. Speaking in Tehran, Iranian Foreign Ministry Spokesman Bahram Qassemi dismissed Denmark’s claims as “spiteful”. He added that the timing of reports linking Iran to assassination operations on European soil were suspect and described them as “a plot by [Iran’s] enemies to damage Tehran’s growing relations with European countries”. Earlier this month, France seized the financial assets of individuals whom it described as Iranian spies, after blaming Tehran for a foiled bomb attack in Paris. The move followed the arrest of six people in France, Germany and Belgium, who allegedly planned to bomb the annual conference of the National Council of Resistance of Iran (NCRI) last June. The NCRI is led by Mujahedin-e Khalq (MEK), a militant group with roots in radical Islam and Marxism, which Iran sees as a terrorist organization.
► Author: Joseph Fitsanakis

Tuesday, October 9, 2018

France freezes assets of Iranian spies in response to foiled terror attack in Paris

France has seized the financial assets of two Iranian spies and frozen all assets belonging to the Iranian Ministry of Intelligence, in response to a foiled bomb attack in Paris, which the French government has blamed on Tehran. The alleged bomb attack was uncovered on June 30 of this year, when members of Belgium’s Special Forces Group arrested a married Belgian couple of Iranian descent in Brussels. The couple were found to be carrying explosives and a detonator. On the following day, German police arrested an Iranian diplomat stationed in Iran’s embassy in Vienna, Austria, while another Iranian man was arrested by authorities in France, reportedly in connection with the three other arrests.
All four individuals were charged with a foiled plot to bomb the annual conference of the National Council of Resistance of Iran (NCRI) that took place on June 30 in Paris. The NCRI is led by Mujahedin-e Khalq (MEK), a militant group with roots in radical Islam and Marxism. The MEK was designated as a terrorist group by the European Union and the United States until 2009 and 2012 respectively. But it has since been reinstated in both Brussels and Washington, reportedly because it provides the West with a vehicle to subvert the Iranian government. France, Germany and Belgium allege that the aborted bombing plot was an attempt by Iran to disrupt the close relations between the MEK and Western governments.
On Tuesday, Paris announced the seizure of assets of two of the men who were arrested in June and July. One is an accredited Iranian diplomat identified as Assadollah Asadi, who is believed to be an official-cover intelligence officer. The other man is Saeid Hashemi Moghadam, who was arrested by French authorities. He is believed to be an Iranian sleeper agent. All assets belonging to the Islamic Republic’s Ministry of Intelligence were also been frozen, effective immediately, it was announced. In a joint statement, the French ministers of foreign affairs, economics and the interior said that the move reflected the France’s “commitment to fight terrorism, in all its manifestations […], especially on its territory”. The statement added that “the extremely heinous act envisaged on our territory could not go without a response”.
The Iranian government has denied all connection to the alleged plot in Paris and has dismissed the incident a “false flag” operation staged by MEK in cooperation with Tehran’s “enemies at home and abroad”.
► Author: Joseph Fitsanakis 

Britain sees Russian government hackers behind Islamic State cyber group

Cyber Caliphate

A new report by the British government alleges that the so-called ‘Cyber Caliphate’, the online hacker wing of the Islamic State, is one of several supposedly non-state groups that are in fact operated by the Russian state. The group calling itself Cyber Caliphate first appeared in early 2014, purporting to operate as the online wing of the Islamic State of Iraq and Syria (ISIS), which was later renamed Islamic State. Today the Cyber Caliphate boasts a virtual army of hackers from dozens of countries, who are ostensibly operating as the online arm of the Islamic State. Their known activities include a strong and often concentrated social media presence, as well as computer hacking, primarily in the form of cyber espionage and cyber sabotage.
But an increasing number of reports, primarily by Western government agencies, have claimed in recent years that the Cyber Caliphate is in fact part of a Russian state-sponsored operation, ingeniously conceived to permit Moscow to hack Western targets without retaliation. On Wednesday, a new report by Britain’s National Cyber Security Centre (NCSC) described the Cyber Caliphate and other similar hacker groups as “flags of convenience” for the Kremlin. The report was authored by the NCSC in association with several British and European intelligence agencies. American spy agencies, including the National Security Agency and the Federal Bureau of Investigation, also helped compile the report, according to the NCSC. The report names several hacker groups that have been implicated in high-profile attacks in recent years, including Sofacy, Pawnstorm, Sednit, Cyber Berkut, Voodoo Bear, BlackEnergy Actors, Strontium, Tsar Team, and Sandworm. Each of these, claims the NCSC report, is “an alias of the Main Directorate of the General Staff of Russia’s Armed Forces”, more commonly known as the GRU. The report concludes that Cyber Caliphate is the same hacker group as APT 28Fancy Bear, and Pawn Storm, three cyber espionage outfits that are believed to be online arms of the GRU.
The NCSC report echoes the conclusion of a German government report that was leaked to the media in June of 2016, which argued that the Cyber Caliphate was a fictitious front group created by Russia. In 2015, a security report by the US State Department concluded that despite the Cyber Caliphate’s proclamations of connections to the Islamic State, there were “no indications —technical or otherwise— that the groups are tied”. In a statement issued alongside the NCSC report on Wednesday, Britain’s Secretary of State for Foreign and Commonwealth Affairs, Jeremy Hunt, described the GRU as Moscow’s “chosen clandestine weapon in pursuing its geopolitical goals”. The Russian government has denied these allegations.
► Author: Ian Allen |

Missing Saudi journalist 'murdered and dismembered' inside his country's consulate in Istanbul while fiancée waited outside, claims friend

'Murdered': Saudi dissident Jamal Khashoggi

Turkish officials have claimed a missing Saudi journalist was killed inside his own country's consulate in Istanbul last week.
Jamal Khashoggi was  said to have been killed in what Turkish police claimed was the deliberate targeting of a prominent critic of the Gulf kingdom's rulers.
Mr Khashoggi entered the Saudi consulate in Istanbul to get documents for his forthcoming marriage, according to reports.
Saudi officials say he left shortly afterwards but his fiancee, who was waiting outside, said he never came out.
A friend of a Mr Khasoggi today said officials told him to "make your funeral preparations".

Saudi officials gather outside the Saudi consulate in Istanbul (AFP/Getty Images)

Turan Kislakci, a friend of Jamal Khashoggi and the head of the Turkish-Arab Media Association, said officials also told him they "have evidence he was killed in a barbaric way" and dismembered.
Saudi officials have denied the allegations that Mr Khashoggi was killed as "baseless".
One Turkish official said authorities believe Mr Khashoggi was killed at the Saudi consulate, while another said it was a "high possibility".

Police said their initial assessment was that Mr Khashoggi had been murdered (AFP/Getty Images)

Turkish police said: "The initial assessment of the Turkish police is that Mr Khashoggi has been killed at the consulate of Saudi Arabiain Istanbul.
"We believe that the murder was premeditated and the body was subsequently moved out of the consulate."
The President of Turkey said the Saudi Consulate and Istanbul's airports are being closely monitored for clues.
Recep Tayyip Erdogan said today that he is still hopeful that Jamal Khashoggi is alive.
"God willing we will not be faced with the situation we do not desire," he added.
The comment apparently referred to Turkish officials saying they believed that Mr Khashoggi was killed at the Saudi Consulate after disappearing on Tuesday.
Mr Erdogan called Mr Khashoggi a "journalist and a friend".
He said he was personally following the case and would announce the results of the investigation at an undisclosed time.
Mr Khashoggi, a former newspaper editor in Saudi Arabia and adviser to its former head of intelligence, left the country last year saying he feared retribution for his growing criticism of Saudi policy in the Yemen war and its crackdown on dissent.

Moscow: Dutch expulsion of Russian spies is a 'misunderstanding'

GRU officers being apprehended by Dutch intelligence officers near the headquarters of the OPCW in The Hague

Russia's foreign minister has dismissed the expulsion of four alleged agents from the Netherlands as a "misunderstanding".
Speaking at a news conference on Monday, Sergey Lavrov described the visit as a "routine trip".
Dutch authorities said last week they had expelled four GRU military intelligence agents in April for plotting a cyber attack on the world's chemical weapons watchdog at The Hague.
The Russian foreign ministry handed a note to the Netherlands' ambassador on Monday, which said the detention and expulsion of its citizens was a provocation.
The British ambassador to the Netherlands, Peter Wilson, has revealed how one of the Russian agents allegedly attempted to disrupt the investigation into Malaysia Airlines Flight 17 (MH17), which was shot down in 2014.
He said the agents were being sent around the world to "conduct brazen close-access cyber operations".
Mr Lavrov said: "There was nothing secret about the trip by our specialists to the Netherlands.
What is Russia's GRU intelligence agency?

What is Russia's GRU intelligence agency?

Russia's military intelligence service has been blamed for several global cyber attacks
"They didn't hide when they checked into the hotel, or when they came to the airport, or when they went to our embassy.
"They were detained without explanation... and asked to leave. It looked like a misunderstanding,"
Mr Lavrov said that there had been no diplomatic protests over the incident.
Sergey Lavrov says the visit was a 'routine' trip
Image:Sergey Lavrov says the visit was a 'routine trip'
A car carrying hacking equipment used by GRU officers, travelling on official Russian passports, parked near the headquarters of the OPCW in The Hague
Image:The car contained hacking equipment used by GRU officers
The men had entered the country on Russian diplomatic passports on 10 April and were caught three days later with a car packed with electronic equipment in the Marriott Hotel next to the Organisation for the Prohibition of Chemical Weapons (OPCW).
Their details, including passports and a taxi receipt for a trip to Moscow airport from a street containing a branch of the military intelligence agency, were revealed to the Dutch media.
Mr Lavrov confirmed his office would summon the Dutch ambassador over the issue on Monday.
Russian cyber agents targeted UK Foreign Office

Russian cyber agents targeted UK Foreign Office

The Russian embassy hits back at claims Moscow was behind several global cyber attacks
He said: "Yes, we are inviting the ambassador from the Netherlands to bring his attention to this point of view... We will give more information (later)."
Russia has already discussed the incident with The Hague's envoy in September after Dutch media broke the news over the Russians' expulsion, according to Mr Lavrov.
A car carrying hacking equipment used by GRU officers, travelling on official Russian passports, parked near the headquarters of the OPCW in The Hague
Image:The car was packed with electronic equipment in the Marriott Hotel car park
But a further meeting between the Russian ambassador and Dutch authorities on 3 October had failed to produce any "facts," the foreign minister said.
"Once again we are dealing with a sort of loudspeaker diplomacy, a disregard for legal mechanisms," he added.
Responding to the claims made on Thursday, the Russian embassy in London said the allegations were "irresponsible" and that the UK was imparting "crude disinformation".