Iran says it arrests CIA spies, Gulf tensions simmer

FILE PHOTO - The Iranian flag flutters in front the International Atomic Energy Agency (IAEA) headquarters in Vienna, Austria July 10, 2019. REUTERS/Lisi Niesner

By Michael Georgy

DUBAI (Reuters) – Iran announced on Monday it had captured 17 spies working for the U.S. Central Intelligence Agency (CIA) and sentenced some of them to death, deepening a crisis between the Islamic Republic and the West.

Iranian state television published images that it said showed the CIA officers who had been in touch with the suspected spies.

In a statement read on state television, the Ministry of Intelligence said 17 spies had been arrested in the 12 months to March 2019. Some have been sentenced to death, according to another report.

Such announcements are not unusual in Iran, and are often made for domestic consumption. But the timing suggests Tehran could harden its position in a standoff with Western powers which has raised fears of a direct military confrontation.

In recent weeks the United States has blamed Iran for attacks on shipping near the Strait of Hormuz, the global oil trade’s most important waterway, accusations Iran has denied.

The United States and Iran have downed drones operated by the other side and on Friday, Iran captured a British-registered tanker, the Stena Impero, in the Strait of Hormuz. Tehran had previously warned it would respond to Britain’s seizure of an Iranian tanker off Gibraltar on July 4.

There was no immediate comment on the Iranian allegations by the CIA or U.S. officials.

Iran announced in June that it had broken up an alleged CIA spy ring but it was unclear whether Monday’s announcement was linked to the same case.

BRITAIN’S NEXT MOVE

Prime Minister Theresa May’s office has said she would chair a meeting of Britain’s COBR emergency response committee early on Monday to discuss the tanker crisis and the government was expected to announce its next steps in parliament.

As Britain weighed its next move a recording emerged showing the Iranian military defied a British warship when it boarded and seized the Stena Impero, underscoring the challenges Britain faces responding.

Experts on the region say there are few obvious steps London can take at a time when the United States has already imposed the maximum possible economic sanctions, banning all Iranian oil exports worldwide.

Washington imposed the sanctions after President Donald Trump pulled out of a deal signed by his predecessor Barack Obama, which had provided Iran access to world trade in return for curbs on its nuclear program.

European countries including Britain have been caught in the middle. They disagreed with the U.S. decision to quit the nuclear deal but have so far failed to offer Iran another way to receive the deal’s promised economic benefits.

In Tokyo, Prime Minister Shinzo Abe said on Monday that Japan wants to make every effort to reduce tension between the United States and Iran before responding to an expected U.S. request to send its navy to safeguard strategic waters off Iran.

Japanese media have said Washington’s proposal to boost surveillance of vital Middle East oil shipping lanes off Iran and Yemen could be on the agenda during a visit to Tokyo this week by U.S. national security adviser John Bolton.

“We have a long tradition of friendship with Iran and I’ve met with its president any number of times, as well as other leaders,” Abe told a news conference after his coalition’s victory in a Sunday election for parliament’s upper house.

“Before we make any decisions on what to do, Japan would like to make every effort to reduce tensions between Iran and the United States.”

The United States is struggling to win its allies’ support for an initiative to heighten surveillance of vital Middle East oil shipping lanes because of fears it will increase tension with Iran, six sources familiar with the matter said.

(Reporting by Gulf bureau and Elaine Lies and Linda Sieg in Tokyo; Editing by Raissa Kasolowsky and Jon Boyle)

Evidence suggests Saudi crown prince liable for Khashoggi murder: U.N. expert

FILE PHOTO: Crown Prince of Saudi Arabia Mohammad bin Salman is seen during the Arab Summit in Mecca, Saudi Arabia, May 31, 2019. REUTERS/Hamad l Mohammed/File Photo

By Stephanie Nebehay

GENEVA (Reuters) – Saudi Crown Prince Mohammed bin Salman and other senior Saudi officials should be investigated over the murder of journalist Jamal Khashoggi since there is credible evidence they are liable for his death, a U.N. rights investigator said on Wednesday.

Saudi Arabia’s minister of state for foreign affairs, Adel al-Jubeir, rejected the investigator’s report as “nothing new”.

He added in a tweet: “The report of the rapporteur in the human rights council contains clear contradictions and baseless allegations which challenge its credibility.”

Khashoggi’s killing provoked widespread disgust and damaged the image of the crown prince, previously admired in the West for pushing deep changes including tax reform, infrastructure projects and allowing women to drive.

Agnes Callamard, the U.N. special rapporteur on extrajudicial executions, called on countries to invoke universal jurisdiction for what she called the international crime and make arrests if individuals’ responsibility is proven.

In a report based on a six-month investigation, she also urged countries to widen sanctions to include the crown prince, who many consider the kingdom’s de facto ruler, and his personal assets abroad, until and unless he can prove he has no responsibility.

Khashoggi, a critic of the prince and a Washington Post columnist, was last seen at the Saudi consulate in Istanbul on Oct 2 where he was to receive papers ahead of his wedding.

His body was dismembered and removed from the building, the Saudi prosecutor has said, and his remains have not been found.

“What needs to be investigated is the extent to which the crown prince knew or should have known of what would have happened to Mr. Khashoggi, whether he directly or indirectly incited the killing…whether he could have prevented the execution when the mission started and failed to do so,” Callamard told reporters.

“It is the conclusion of the Special Rapporteur that Mr. Khashoggi has been the victim of a deliberate, premeditated execution, an extrajudicial killing for which the state of Saudi Arabia is responsible under international human rights law,” Callamard said in her report.

PROSECUTOR

The Saudi public prosecutor indicted 11 unnamed suspects in November, including five who could face the death penalty on charges of ordering and committing the crime.

Callamard said the Saudi trial should be suspended, citing concerns over secret hearings and a potential miscarriage of justice. Instead, a follow-up international criminal probe should be launched, she said, adding: “Of course there are a range of options, an ad hoc tribunal, a hybrid tribunal, any type of mechanism that will deliver a credible process and a credible outcome.”

The CIA and some Western countries believe the crown prince ordered the killing, which Saudi officials deny.

The U.N. report publishes excerpts from what it calls conversations inside the consulate shortly before Khashoggi arrived at the building and during his final moments, in which a Saudi official is heard discussing cutting a body into pieces.

The material relies on recordings and forensic work by Turkish investigators and information from the trials of the suspects in Saudi Arabia, the report said. Callamard said that she could not reach firm conclusions about what the team was told was the sound of a “saw” in the operation.

“Assessments of the recordings by intelligence officers in Turkey and other countries suggest that Mr. Khashoggi could have been injected with a sedative and then suffocated using a plastic bag,” the report said.

Callamard went to Turkey earlier this year with a team of forensic and legal experts and said she received evidence from Turkish authorities.

“There is credible evidence, warranting further investigation of high-level Saudi officials’ individual liability, including the crown prince’s”, she said.

“Indeed, this human rights inquiry has shown that there is sufficient credible evidence regarding the responsibility of the crown prince demanding further investigation,” she added, urging U.N. Secretary-General to establish an international probe.

Asked if universal jurisdiction meant potential arrests of suspects abroad, Callamard said: “If and when the responsibility of those individuals has been proven, including the responsibilities of a level that warrant arrest, absolutely.”

Judicial authorities in countries that recognize universal jurisdiction for serious offenses can investigate and prosecute those crimes no matter where they were committed.

(Reporting by Stephanie Nebehay; additional reporting by Stephen Kalin and Tuvan Gumrukcu in Turkey; Editing by Andrew Heavens and William Maclean)

North Korean leader’s slain half-brother was a CIA informant: Wall Street Journal

FILE PHOTO - Kim Jong Nam arrives at Beijing airport in Beijing, China, in this photo taken by Kyodo February 11, 2007. Mandatory credit Kyodo/via REUTERS

WASHINGTON (Reuters) – Kim Jong Nam, the half-brother of North Korean leader Kim Jong Un who was killed in Malaysia in 2017, had been an informant for the U.S. Central Intelligence Agency, the Wall Street Journal reported on Monday.

The Journal cited an unnamed “person knowledgeable about the matter” for the report, and said many details of Kim Jong Nam’s relationship with the CIA remained unclear.

Reuters could not independently confirm the story. The CIA declined to comment.

The Journal quoted the person as saying “There was a nexus” between the CIA and Kim Jong Nam.

“Several former U.S. officials said the half brother, who had lived outside of North Korea for many years and had no known power base in Pyongyang, was unlikely to be able to provide details of the secretive country’s inner workings,” the Journal said.

The former officials also said Kim Jong Nam had been almost certainly in contact with security services of other countries, particularly China’s, the Journal said.

Kim Jong Nam’s role as a CIA informant is mentioned in a new book about Kim Jong Un, “The Great Successor,” by Washington Post reporter Anna Fifield that is due to be published on Tuesday. Fifield says Kim Jong Nam usually met his handlers in Singapore and Malaysia, citing a source with knowledge of the intelligence.

The book says that security camera footage from Kim Jong Nam’s last trip to Malaysia showed him in a hotel elevator with an Asian-looking man who was reported to be a U.S. intelligence agent. It said his backpack contained $120,000 in cash, which could have been payment for intelligence-related activities, or earnings from his casino businesses.

South Korean and U.S. officials have said the North Korean authorities had ordered the assassination of Kim Jong Nam, who had been critical of his family’s dynastic rule. Pyongyang has denied the allegation.

Two women were charged with poisoning Kim Jong Nam by smearing his face with liquid VX, a banned chemical weapon, at Kuala Lumpur airport in February 2017. Malaysia released Doan Thi Huong, who is Vietnamese, in May, and Indonesian Siti Aisyah in March.

According to the Journal, the person said Kim Jong Nam had traveled to Malaysia in February 2017 to meet his CIA contact, although that may not have been the sole purpose of the trip.

U.S. President Donald Trump and Kim Jong Un have met twice, in Hanoi in February and Singapore last June, seeming to build personal goodwill but failing to agree on a deal to lift U.S. sanctions in exchange for North Korea abandoning its nuclear and missile programs.

(This story has been refiled to correct “Ki’s” to “his” in paragraph 8)

(Reporting by Mark Hosenball and David Brunnstrom; Writing by Mohammad Zargham; Editing by Sandra Maler)

U.S. spy chiefs warn Senate on many threats to the United States

FBI Director Christopher Wray, CIA Director Gina Haspel, Director of National Intelligence Dan Coats, Defense Intelligence Agency (DIA) Director Gen. Robert Ashley, National Security Agency (NSA) Director Gen. Paul Nakasone and Robert Cardillo, director of the National Geospatial-Intelligence Agency, testify to the Senate Intelligence Committee hearing about "worldwide threats" on Capitol Hill in Washington, U.S., January 29, 2019. REUTERS/Joshua Roberts

By Patricia Zengerle and Doina Chiacu

WASHINGTON (Reuters) – China and Russia pose the biggest risks to the United States, and are more aligned than they have been in decades as they target the 2020 presidential election and American institutions to expand their global reach, U.S. intelligence officials told senators on Tuesday.

The spy chiefs broke with President Donald Trump in their assessments of the threats posed by North Korea, Iran and Syria. But they outlined a clear and imminent danger from China, whose practices in trade and technology anger the U.S. president.

While China and Russia strengthen their alliance, Director of National Intelligence Dan Coats said some American allies are pulling away from Washington in reaction to changing U.S. policies on security and trade.

The directors of the CIA, FBI, National Security Agency and other intelligence agencies flanked Coats at the Senate Intelligence Committee hearing. They described an array of economic, military and intelligence threats, from highly organized efforts by China to scattered disruptions by terrorists, hacktivists and transnational criminals.

FBI Director Christopher Wray, CIA Director Gina Haspel, Director of National Intelligence Dan Coats, Defense Intelligence Agency (DIA) Director Gen. Robert Ashley, National Security Agency (NSA) Director Gen. Paul Nakasone and Robert Cardillo, director of the National Geospatial-Intelligence Agency, testify to the Senate Intelligence Committee hearing about "worldwide threats" on Capitol Hill in Washington, U.S., January 29, 2019. REUTERS/Joshua Roberts

FBI Director Christopher Wray, CIA Director Gina Haspel, Director of National Intelligence Dan Coats, Defense Intelligence Agency (DIA) Director Gen. Robert Ashley, National Security Agency (NSA) Director Gen. Paul Nakasone and Robert Cardillo, director of the National Geospatial-Intelligence Agency, testify to the Senate Intelligence Committee hearing about “worldwide threats” on Capitol Hill in Washington, U.S., January 29, 2019. REUTERS/Joshua Roberts

“China, Russia, Iran, and North Korea increasingly use cyber operations to threaten both minds and machines in an expanding number of ways – to steal information, to influence our citizens, or to disrupt critical infrastructure,” Coats said.

“Moscow’s relationship with Beijing is closer than it’s been in many decades,” he told the panel.

The intelligence officials said they had protected the 2018 U.S. congressional elections from outside interference, but expected renewed and likely more sophisticated attacks on the 2020 presidential contest.

U.S. adversaries will “use online influence operations to try to weaken democratic institutions, undermine alliances and partnerships, and shape policy outcomes,” Coats said.

The intelligence chiefs’ assessments broke with some past assertions by Trump, including on the threat posed by Russia to U.S. elections and democratic institutions, the threat Islamic State poses in Syria, and North Korea’s commitment to denuclearize.

Coats said North Korea is unlikely to give up its nuclear weapons. Trump has said the country no longer poses a threat.

Coats also said Islamic State would continue to pursue attacks from Syria, as well as Iraq, against regional and Western adversaries, including the United States. Trump, who plans to withdraw U.S. troops from Syria, has said the militant group is defeated.

The intelligence officials also said Iran was not developing nuclear weapons in violation of the 2015 nuclear agreement, even though Tehran has threatened to reverse some commitments after Trump pulled out of the deal.

Senators expressed deep concern about current threats.

“Increased cooperation between Russia and China – for a generation that hasn’t been the case – that could be a very big deal on the horizon in terms of the United States,” said Senator Angus King, an independent who caucuses with Democrats.

CHINA BIGGEST COUNTERINTELLIGENCE THREAT

The officials painted a multifaceted picture of the threat posed by China, as they were questioned repeatedly by senators about the No. 2 world economy’s business practices as well as its growing international influence.

“The Chinese counterintelligence threat is more deep, more diverse, more vexing, more challenging, more comprehensive and more concerning than any counterintelligence threat I can think of,” FBI Director Christopher Wray said.

He said almost all the economic espionage cases in the FBI’s 56 field offices “lead back to China.”

Coats said intelligence officials have been traveling around the United States and meeting with corporate executives to discuss espionage threats from China.

He said China has had a meteoric rise in the past decade, adding, “A lot of that was achieved by stealing information from our companies.”

Speaking in Beijing, Chinese foreign ministry spokesman Geng Shuang said he hoped the United States would abandon its zero-sum thinking and work with China, Russia and the rest of the international community to ensure global security.

Tuesday’s testimony came just a day after the United States announced criminal charges against China’s Huawei Technologies Co Ltd [HWT.UL], escalating a fight with the world’s biggest telecommunications equipment maker and coming days before trade talks between Washington and Beijing.

Coats also said Russia’s social media efforts will continue to focus on aggravating social and racial tensions, undermining trust in authorities and criticizing politicians perceived to be anti-Russia.

Senator Mark Warner, the panel’s top Democrat, said he was particularly concerned about Russia’s use of social media “to amplify divisions in our society and to influence our democratic processes” and the threat from China in the technology arena.

The Senate Intelligence Committee is one of several congressional panels, along with Special Counsel Robert Mueller, investigating whether there were any connections between Trump’s 2016 and Russian efforts to influence the election.

Russia denies attempting to influence U.S. elections, while Trump has denied his campaign cooperated with Moscow.

Coats declined to respond when Democratic Senator Ron Wyden asked whether Trump’s not releasing records of his discussions with Russian President Vladimir Putin put U.S. intelligence agencies at a disadvantage.

“To me from an intelligence perspective, it’s just Intel 101 that it would help our country to know what Vladimir Putin discussed with Donald Trump,” Wyden said.

(Reporting by Patricia Zengerle and Doina Chiacu; Additional reporting by Ben Blanchard in Beijing; editing by Mary Milliken and Jonathan Oatis)

Special Report: How Iran spreads disinformation around the world

FILE PHOTO: Iran's national flags are seen on a square in Tehran

By Jack Stubbs and Christopher Bing

LONDON/WASHINGTON (Reuters) – Website Nile Net Online promises Egyptians “true news” from its offices in the heart of Cairo’s Tahrir Square, “to expand the scope of freedom of expression in the Arab world.”

Its views on America do not chime with those of Egypt’s state media, which celebrate Donald Trump’s warm relations with Cairo. In one recent article, Nile Net Online derided the American president as a “low-level theater actor” who “turned America into a laughing stock” after he attacked Iran in a speech at the United Nations.

Until recently, Nile Net Online had more than 115,000 page-followers across Facebook, Twitter and Instagram. But its contact telephone numbers, including one listed as 0123456789, don’t work. A Facebook map showing its location dropped a pin onto the middle of the street, rather than any building. And regulars at the square, including a newspaper stallholder and a policeman, say they have never heard of the website.

The reason: Nile Net Online is part of an influence operation based in Tehran.

It’s one of more than 70 websites found by Reuters which push Iranian propaganda to 15 countries, in an operation that cybersecurity experts, social media firms and journalists are only starting to uncover. The sites found by Reuters are visited by more than half a million people a month and have been promoted by social media accounts with more than a million followers.

The sites underline how political actors worldwide are increasingly circulating distorted or false information online to influence public opinion. The discoveries follow allegations that Russian disinformation campaigns have swayed voters in the United States and Europe. Advisers to Saudi Arabia’s crown prince and the army in Myanmar are also among those using social media to distribute propaganda and attack their enemies. Moscow has denied the charges; Riyadh and Yangon have not commented.

Former CIA director John Brennan told Reuters that “countries around the globe” are now using such information warfare tactics.

“The Iranians are sophisticated cyber players,” he said of the Iranian campaign. “There are elements of the Iranian intelligence services that are rather capable in terms of operating (online).”

Traced by building on research from cybersecurity firms FireEye and ClearSky, the sites in the campaign have been active at different times since 2012. They look like normal news and media outlets, but only a couple disclose any Iranian ties.

Reuters could not determine whether the Iranian government is behind the sites; Iranian officials in Tehran and London did not reply to questions.

But all the sites are linked to Iran in one of two ways. Some carry stories, video and cartoons supplied by an online agency called the International Union of Virtual Media (IUVM), which says on its website it is headquartered in Tehran. Some have shared online registration details with IUVM, such as addresses and phone numbers. Twenty-one of the websites do both.

Emails sent to IUVM bounced back and telephone numbers the agency gave in web registration records did not work. Documents available on the main IUVM website say its objectives include “confronting with remarkable arrogance, western governments and Zionism front activities.”

Nile Net Online did not respond to questions sent to the email address on its website. Its operators, as well as those of the other websites identified by Reuters, could not be located. Previous owners identified in historical registration records could not be reached. The Egyptian government did not respond to requests for comment.

“UNSPOKEN TRUTH”

Some of the sites in the Iranian operation were first exposed in August by companies including Facebook, Twitter and Google’s parent, Alphabet after FireEye found them. The social media companies have closed hundreds of accounts that promoted the sites or pushed Iranian messaging. Facebook said last month it had taken down 82 pages, groups and accounts linked to the Iranian campaign; these had gathered more than one million followers in the United States and Britain.

But the sites uncovered by Reuters have a much wider scope. They have published in 16 different languages, from Azerbaijani to Urdu, targeting Internet users in less-developed countries. That they reached readers in tightly controlled societies such as Egypt, which has blocked hundreds of news websites since 2017, highlights the campaign’s reach.

The Iranian sites include:

* A news site called Another Western Dawn which says its focus is on “unspoken truth.” It fooled the Pakistani defense minister into issuing a nuclear threat against Israel; * Ten outlets targeting readers in Yemen, where Iran andU.S. ally Saudi Arabia have been fighting a proxy conflict since civil war broke out in 2015; * A media outlet offering daily news and satirical cartoons in Sudan. Reuters could not reach any of its staff; * A website called Realnie Novosti, or “Real News,” for Russian readers. It offers a downloadable mobile phone app but its operator could not be traced. The news on the sites is not all fake. Authentic stories sit alongside pirated cartoons, as well as speeches from Iran’s Supreme Leader Ayatollah Ali Khamenei. The sites clearly support Iran’s government and amplify antagonism to countries opposed to Tehran – particularly Israel, Saudi Arabia and the United States. Nile Net’s “laughing stock” piece was copied from an Iranian state TV network article published earlier the same day.

Some of the sites are slapdash. The self-styled, misspelled “Yemen Press Agency” carries a running update of Saudi “crimes against Yemenis during the past 24 hours.” Emails sent to the agency’s listed contact, Arafat Shoroh, bounced back. The agency’s address and phone number led to a hotel in the Yemeni capital, Sana’a, whose staff said they had never heard of Shoroh.

The identity or location of the past owners of some of the websites is visible in historical Internet registration records: 17 of 71 sites have in the past listed their locations as Iran or Tehran, or given an Iranian telephone or fax number. But who owns them now is often hidden, and none of the Iranian-linked operators could be reached.

More than 50 of the sites use American web service providers Cloudflare and OnlineNIC – firms that provide website owners with tools to shield themselves from spam and hackers. Frequently, such services also effectively conceal who owns the sites or where they are hosted. The companies declined to tell Reuters who operates the sites.

Under U.S law, hosting and web services companies are not generally liable for the content of sites they serve, said Eric Goldman, co-director of the High Tech Law Institute at Santa Clara University. Still, since 2014, U.S. sanctions on Iran have banned “the exportation or re-exportation, directly or indirectly, of web-hosting services that are for commercial endeavors or of domain name registration services.”

Douglas Kramer, general counsel for Cloudflare, said the services it provides do not include web-hosting services. “We’ve looked at those various sanctions regimes, we are comfortable that we are not in violation,” he told Reuters.

A spokesman for OnlineNIC said none of the sites declared a connection to Iran in their registration details, and the company was in full compliance with U.S. sanctions and trade embargoes.

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) declined to comment on whether it planned an investigation.

ANOTHER WESTERN DAWN

The Kremlin is widely seen as the superpower in modern information warfare. From what is known so far, Russia’s influence operation – which Moscow denies – dwarfs Iran’s. According to Twitter, nearly 4,000 accounts connected to the Russian campaign posted over 9 million tweets between 2013 and 2018, against over 1 million tweets from fewer than 1,000 accounts believed to originate in Iran.

Even though the Iranian operation is smaller, it has had impact on volatile topics. AWDnews – the site with the focus on “unspoken truth” – ran a false story in 2016 which prompted Pakistan’s defense minister to warn on Twitter he had the weapons to nuke Israel. He only found out that the hoax was part of an Iranian operation when contacted by Reuters.

“It was a learning experience,” said the deceived politician, 69-year-old Khawaja Asif, who left Pakistan’s government earlier this year. “But one can understand that these sorts of things happen because fake news has become something huge. It’s something which anyone is capable of now, which is very dangerous.”

Israeli officials did not respond to a request for comment.

AWDnews publishes in English, French, Spanish and German and, according to data from web analytics company SimilarWeb, receives around 12,000 unique visitors a month. Among others who shared stories from AWDnews and the other websites identified by Reuters were politicians in Britain, Jordan, India, and the Netherlands; human-rights activists; an Indian music composer and a Japanese rap star.

In August 2015, an official account for a European department of the World Health Organization (WHO) tweeted an AWDnews story. Annalisa Buoro, secretary for the WHO’s European Office for Investment for Health and Development, said the person running the department’s Twitter account at the time did not know the website was part of an Iranian campaign.

She said the tweet had gone out when the account had a relatively small following, limiting the damage, but “on the other hand, I am very concerned … because as a UN agency we have a huge responsibility.”

JOBS FOR WOMEN

FireEye, a U.S. cybersecurity firm, originally named six websites as part of the Iranian influence operation. Reuters examined those sites, and their content led to the Tehran-based International Union of Virtual Media.

IUVM is an array of 11 websites with names such as iuvmpress, iuvmapp and iuvmpixel. Together, they form a library of digital material, including mobile phone apps, items from Iranian state media and pictures, video clips and stories from elsewhere on the web, which support Tehran’s policies.

Tracking usage of IUVM content across the Internet led to sites which have used its material, registration details, or both. For instance, 22 of the sites have shared the same phone number, which does not work and has also been listed for IUVM. At least seven have used the same address, which belongs to a youth hostel in Berlin. Staff at the hostel told Reuters they had never heard of the sites in question. The site operators could not be reached to explain their links with IUVM.

Two sites even posted job advertisements for IUVM, inviting applications from women with “ability to work effectively and knowledge in dealing with social networks and (the) Internet.”

DEMOLISHED HOME

One of IUVM’s most popular users is a site called Sudan Today, which SimilarWeb data shows receives almost 150,000 unique visitors each month. On Facebook, it tells its 57,000 followers that it operates without political bias. Its 18,000 followers on Twitter have included the Italian Embassy in Sudan, and its work has been cited in a report by the Egyptian Electricity Ministry.

The office address registered for Sudan Today in 2016 covers a whole city district in north Khartoum, according to archived website registration details provided by WhoisAPI Inc and DomainTools LLC. The phone number listed in those records does not work.

Reuters could not trace staff members named on Sudan Today’s Facebook page. The five-star Corinthia hotel in central Khartoum, where the site says it hosted an anniversary party last year, told Reuters no such event took place. And an address listed on one of its social media accounts is a demolished home.

Sudan used to be an Iranian ally but has changed sides to align itself with Saudi Arabia, costing Tehran a foothold in the Horn of Africa just as it becomes more isolated by the West. In that environment, Iran sees itself as competing with Israel, Saudi Arabia and the United States for international support, and is taking the fight online, said Ariane Tabatabai, a senior associate and Iran expert at the Center for Strategic and International Studies in Washington, D.C.

Headlines on Sudan Today’s homepage include a daily round-up of stories from local newspapers and Ugandan soccer results. It also features reports on bread prices – which doubled in January after Khartoum eliminated subsidies, triggering demonstrations.

Ohad Zaidenberg, senior researcher at Israeli cybersecurity firm ClearSky, said this mixture of content provides the cover for narratives geared at influencing a target audience’s attitudes and perceptions.

The site also draws attention to Saudi Arabia’s military actions in Yemen. Since Sudanese President Omar al-Bashir ended his allegiance with Iran he has sent troops and jets to join Saudi-led forces in the Yemeni conflict.

One cartoon from IUVM published by Sudan Today in August shows Donald Trump astride a military jet with an overflowing bag of dollar bills tucked under one arm. The jet is draped with traditional Saudi dress and shown dropping bombs on a bloodstained map of Yemen. The map is littered with children’s toys and shoes.

Turkish cartoonist Mikail Çiftçi drew the original. He told Reuters he did not give Sudan Today permission to use it.

Alnagi Albashra, a 28-year-old software developer in Khartoum, said he likes to read articles on Sudan Today in the evenings when waiting for his baby to fall asleep. But he and three other Sudan Today readers reached by Reuters had no idea who was behind the site.

“This is a big problem,” he said. “You can’t see that they are not in Sudan.”

Government officials in Khartoum, the White House, the Italian Embassy and the Egyptian Electricity Ministry did not respond to requests for comment.

BACKBONE

It is unclear who globally is tasked with responding to online disinformation campaigns like Iran’s, or what if any action they should take, said David Conrad, chief technology officer at ICANN, a non-profit which helps manage global web addresses.

Social media accounts can be deleted in bulk by the firms that provide the platforms. But the Iranian campaign’s backbone of websites makes it harder to dismantle than social media because taking down a website often requires the cooperation of law enforcement, Internet service providers and web infrastructure companies.

Efforts by social media companies in the United States and Europe to tackle the campaign have had mixed results.

Shortly after being contacted by Reuters, Twitter suspended the accounts for Nile Net Online and Sudan Today. “Clear attribution is very difficult,” a spokeswoman said but added that the company would continue to update a public database of tweets and accounts linked to state-backed information operations when it had new information.

Google did not respond directly to questions about the websites found by Reuters. The company has said it identified and closed 99 accounts which it says are linked to Iranian state media. “We’ve invested in robust systems to identify influence operations launched by foreign governments,” a spokeswoman said.

Facebook said it was aware of the websites found by Reuters and had removed five more Facebook pages. But a spokesman said that based on Facebook user data, the company was not yet able to link all the websites’ accounts to the Iranian activity found earlier. “In the past several months, we have removed hundreds of Pages, Groups, and accounts linked to Iranian actors engaging in coordinated inauthentic behavior. We continue to remove accounts across our services and in all relevant languages,” he said.

Accounts linked to the Iranian sites remain active online, especially in languages other than English. On Nov. 30, 16 of the Iranian sites were still posting daily updates on Facebook, Twitter, Instagram or YouTube – including Sudan Today and Nile Net Online. Between them, the social media accounts had more than 700,000 followers.

(Additional reporting by Nadine Awadalla in Cairo, Erich Knecht and Khalid Abdelaziz in Khartoum, Bozorgmehr Sharafedin Nouri and Ryan McNeill in London; Edited by Sara Ledwith)

Russia the main suspect in U.S. diplomats’ illness in Cuba: NBC

FILE PHOTO: Cuban employees enter the U.S. Embassy in Havana, Cuba, August 22, 2018. REUTERS/Stringer

WASHINGTON (Reuters) – Russia is the main suspect in U.S. agencies’ investigation of mysterious illnesses in American personnel in Cuba and China, NBC News reported on Tuesday.

Evidence from communications intercepts has pointed to Moscow’s involvement during the investigation involving the FBI, CIA and other agencies, NBC reported, citing three unidentified U.S. officials and two other people briefed on the probe.

The evidence, however, is not conclusive enough for the United States to assign blame publicly to Moscow, according to the NBC report.

The FBI said it did not have a comment on the NBC report. A U.S. government source familiar with official assessments said intelligence agencies would not confirm the report.

U.S. officials said in July that they are still investigating health problems at the U.S. Embassy in Cuba, and do not know who or what was behind the mysterious illnesses, which began in 2016 and have affected 26 Americans.

State Department spokeswoman Heather Nauert told Reuters on Tuesday, “We have made no determination on who or what is responsible for the health attacks.”

Symptoms have included hearing loss, tinnitus, vertigo, headaches and fatigue, a pattern consistent with “mild traumatic brain injury,” State Department officials have said.

The State Department said in June it brought a group of diplomats home from Guangzhou, China, over concern they were suffering from a mysterious malady resembling brain injury.

Cuban officials, who are conducting their own investigation, have denied involvement.

The United States believes sophisticated electromagnetic weapons may have been used on government workers, possibly in conjunction with other technologies, NBC reported.

The U.S. military has been trying to reverse-engineer the weapon or weapons used to harm the diplomats, including by testing various devices on animals, NBC said, citing Trump administration officials, congressional aides, and others.

Part of the work is being done at the directed energy research program at Kirtland Air Force Base in New Mexico, where the military has giant lasers and laboratories to test high-power electromagnetic weapons, including microwaves, NBC said.

(Reporting by Doina Chiacu, Lesley Wroughton, Mark Hosenball; Editing by Susan Thomas and Dan Grebler)

Exclusive: Chief U.S. spy catcher says China using LinkedIn to recruit Americans

Small toy figures are seen between displayed U.S. flag and Linkedin logo in this illustration picture, August 30, 2018. To match Exclusive LINKEDIN-CHINA/ESPIONAGE REUTERS/Dado Ruvic/Illustration

By Warren Strobel and Jonathan Landay

WASHINGTON (Reuters) – The United States’ top spy catcher said Chinese espionage agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets, and the company should shut them down.

William Evanina, the U.S. counter-intelligence chief, told Reuters in an interview that intelligence and law enforcement officials have told LinkedIn, owned by Microsoft Corp., about China’s “super aggressive” efforts on the site.

He said the Chinese campaign includes contacting thousands of LinkedIn members at a time, but he declined to say how many fake accounts U.S. intelligence had discovered, how many Americans may have been contacted and how much success China has had in the recruitment drive.

German and British authorities have previously warned their citizens that Beijing is using LinkedIn to try to recruit them as spies. But this is the first time a U.S. official has publicly discussed the challenge in the United States and indicated it is a bigger problem than previously known.

Evanina said LinkedIn should look at copying the response of Twitter, Google and Facebook, which have all purged fake accounts allegedly linked to Iranian and Russian intelligence agencies.

“I recently saw that Twitter is cancelling, I don’t know, millions of fake accounts, and our request would be maybe LinkedIn could go ahead and be part of that,” said Evanina, who heads the U.S. National Counter-Intelligence and Security Center.

It is highly unusual for a senior U.S. intelligence official to single out an American-owned company by name and publicly recommend it take action. LinkedIn boasts 562 million users in more than 200 counties and territories, including 149 million U.S. members.

Evanina did not, however, say whether he was frustrated by LinkedIn’s response or whether he believes it has done enough.

LinkedIn’s head of trust and safety, Paul Rockwell, confirmed the company had been talking to U.S. law enforcement agencies about Chinese espionage efforts. Earlier this month, LinkedIn said it had taken down “less than 40” fake accounts whose users were attempting to contact LinkedIn members associated with unidentified political organizations. Rockwell did not say whether those were Chinese accounts.

“We are doing everything we can to identify and stop this activity,” Rockwell told Reuters. “We’ve never waited for requests to act and actively identify bad actors and remove bad accounts using information we uncover and intelligence from a variety of sources including government agencies.”

Rockwell declined to provide numbers of fake accounts associated with Chinese intelligence agencies. He said the company takes “very prompt action to restrict accounts and mitigate and stop any essential damage that can happen” but gave no details.

LinkedIn “is a victim here,” Evanina said. “I think the cautionary tale … is, ‘You are going to be like Facebook. Do you want to be where Facebook was this past spring with congressional testimony, right?'” he said, referring to lawmakers’ questioning of Facebook CEO Mark Zuckerberg on Russia’s use of Facebook to meddle in the 2016 U.S. elections.

China’s foreign ministry disputed Evanina’s allegations.

“We do not know what evidence the relevant U.S. officials you cite have to reach this conclusion. What they say is complete nonsense and has ulterior motives,” the ministry said in a statement.

EX-CIA OFFICER ENSNARED

Evanina said he was speaking out in part because of the case of Kevin Mallory, a retired CIA officer convicted in June of conspiring to commit espionage for China.

A fluent Mandarin speaker, Mallory was struggling financially when he was contacted via a LinkedIn message in February 2017 by a Chinese national posing as a headhunter, according to court records and trial evidence.

The individual, using the name Richard Yang, arranged a telephone call between Mallory and a man claiming to work at a Shanghai think tank.

During two subsequent trips to Shanghai, Mallory agreed to sell U.S. defense secrets – sent over a special cellular device he was given – even though he assessed his Chinese contacts to be intelligence officers, according to the U.S. government’s case against him. He is due to be sentenced in September and could face life in prison.

While Russia, Iran, North Korea and other nations also use LinkedIn and other platforms to identify recruitment targets, the U.S. intelligence officials said China is the most prolific and poses the biggest threat.

U.S. officials said China’s Ministry of State Security has “co-optees” – individuals who are not employed by intelligence agencies but work with them – set up fake accounts to approach potential recruits.

They said the targets include experts in fields such as supercomputing, nuclear energy, nanotechnology, semi-conductors, stealth technology, health care, hybrid grains, seeds and green energy.

Chinese intelligence uses bribery or phony business propositions in its recruitment efforts. Academics and scientists, for example, are offered payment for scholarly or professional papers and, in some cases, are later asked or pressured to pass on U.S. government or commercial secrets.

Some of those who set up fake accounts have been linked to IP addresses associated with Chinese intelligence agencies, while others have been set up by bogus companies, including some that purport to be in the executive recruiting business, said a senior U.S. intelligence official, who requested anonymity in order to discuss the matter.

The official said “some correlation” has been found between Americans targeted through LinkedIn and data hacked from the Office of Personnel Management, a U.S. government agency, in attacks in 2014 and 2015.

The hackers stole sensitive private information, such as addresses, financial and medical records, employment history and fingerprints, of more than 22 million Americans who had undergone background checks for security clearances.

The United States identified China as the leading suspect in the massive hacking, an assertion China’s foreign ministry at the time dismissed as `absurd logic.`

 

UNPARALLELED SPYING EFFORT

About 70 percent of China’s overall espionage is aimed at the U.S. private sector, rather than the government, said Joshua Skule, the head of the FBI’s intelligence division, which is charged with countering foreign espionage in the United States.

“They are conducting economic espionage at a rate that is unparalleled in our history,” he said.

Evanina said five current and former U.S. officials – including Mallory – have been charged with or convicted of spying for China in the past two and a half years.

He indicated that additional cases of suspected espionage for China by U.S. citizens are being investigated, but declined to provide details.

U.S. intelligence services are alerting current and former officials to the threat and telling them what security measures they can take to protect themselves.

Some current and former officials post significant details about their government work history online – even sometimes naming classified intelligence units that the government does not publicly acknowledge.

LinkedIn “is a very good site,” Evanina said. “But it makes for a great venue for foreign adversaries to target not only individuals in the government, formers, former CIA folks, but academics, scientists, engineers, anything they want. It’s the ultimate playground for collection.”

(Reporting by Warren Strobel and Jonathan Landay; Additional reporting by John Walcott; Editing by Kieran Murray and Ross Colvin)

Man arrested in wave of package bombs in Washington, D.C

Thanh Cong Phan, 43, is shown in this undated booking photo provided March 28, 2018. Yolo Country Sheriff's Office/Handout via REUTERS

WASHINGTON (Reuters) – A Washington state man has been arrested in connection with a series of package bombs sent to U.S. military installations and a CIA mail office in the Washington, D.C., area earlier this week, the FBI said on Tuesday.

The suspect, Thanh Cong Phan, 43, was arrested on Monday at his home in Everett, Washington, by federal agents and sheriff’s deputies, the Federal Bureau of Investigation said in a statement.

A U.S. security official said Phan had a history of writing incoherent letters to government officials and was believed to have mental problems. The official declined to be named during an ongoing investigation.

Court documents made public on Tuesday afternoon showed that Phan had been charged in U.S. District Court in Seattle with one count of shipping explosive materials.

Suspicious packages were received on Monday at mail processing sites at Fort Belvoir, Virginia; Joint Base Anacostia-Bolling, which is a Navy-Air Force facility in the District of Columbia; and Fort Lesley J. McNair in the U.S. capital, the agency said.

The packages also turned up at mail facilities at the Naval Surface Warfare Center in Dahlgren, Virginia, and the Central Intelligence Agency in Langley, Virginia. None of them detonated.

“It is possible that further packages were mailed to additional mail processing facilities in the Washington, D.C., metropolitan area,” the FBI said. The packages were being analyzed at the FBI laboratory at Quantico, Virginia.

Ashwin Cattamanchi, a federal public defender representing Phan, declined to comment when reached by phone.

Officials at Fort McNair evacuated a building after one of the packages was delivered, a spokesman said. An Army bomb squad confirmed that the package tested positive for explosive residue and determined a fuse was attached, he said.

Earlier in March in a separate incident at a U.S. military base, a man died after driving a minivan through the gate of Travis Air Force Base in California and igniting propane tanks and gasoline cans.

Several package bombs left on doorsteps and some sent from a Federal Express office detonated in Austin, Texas, leaving two people dead and others injured. The suspected bomber blew himself up as police closed in on him.

(Reporting by Mark Hosenball, Ian Simpson and Dan Whitcomb; editing by Scott Malone, Marguerita Choy and Cynthia Osterman)

Fewer Russian spies in U.S. but getting harder to track

FILE PHOTO: A sign at the gated entrance of the Consulate General of the Russian Federation in Seattle, Washington, U.S., March 26, 2018. REUTERS/Lindsey Wasson/File Photo

By Warren Strobel and John Walcott

WASHINGTON (Reuters) – The U.S. decision to expel 60 alleged spies is unlikely to cripple Russian spying in the United States because others have wormed and hacked their way into American companies, schools, and even the government, current and former U.S. officials said.

Moscow’s spy services still use the cover of embassies and consulates, as Washington does. But they also recruit Russian emigres, establish front companies, dispatch short-term travelers to the United States, recruit Americans, and penetrate computer networks, the officials said.

“Russia used to have one way of doing things. Now, Putin is – let a thousand flowers bloom,” a former senior U.S. official said in a recent interview, describing Moscow’s move to a more multifaceted approach under President Vladimir Putin, a former Soviet spy himself.

The FBI follows the movements and monitors the communications of suspected foreign spies, but the increased Russian presence and the advent of commercially available encrypted communications are an added challenge to the FBI’s counter-espionage force, said the officials, some of whom spoke on condition of anonymity to discuss the sensitive topic.

As one U.S. official put it when asked if Russian spying is a harder target: “It’s more complex now. The complexity comes in the techniques that can be used.”

While the CIA tracks foreign spies overseas and the National Security Agency monitors international communications, the FBI is responsible for spy-catching inside the United States.

The White House on Monday said it would expel 60 Russian diplomats, 12 of them at the U.N. mission, and close the Russian consulate in Seattle as part of a multi-nation response to the Kremlin’s alleged nerve agent attack on a former Russian spy in Britain.

Briefing reporters, a senior U.S. official said there were “well over” 100 Russian spies posing as diplomats in the United States before the expulsion order.

A veteran U.S. official charged with keeping tabs on Russian espionage said the administration downplayed the number of suspected Russian spies working under diplomatic cover to avoid giving the Russians a clearer picture of how many people are under surveillance.

The actual number varies over time, but “it averages more like 150 or so,” the official said.

“We’ve got a very, very, very good counter-intelligence apparatus,” said Robert Litt, a former general counsel for the U.S. Director of National Intelligence. “There are a lot of people in the FBI whose job it is to track these people – and they’re very good at it.”

TAKES TEN TO TANGO

Still, it can take 10 or more U.S. trained FBI and local law enforcement officers to keep tabs on one trained spy for a 24-hour period – covering back entrances to buildings and multiple elevators, and being alert for changes in clothes, cars and even hairpieces, the same official said.

One Russian tactic is sending a large number of people, including just one or two intelligence officers, streaming out of a diplomatic mission at once, making it harder for the FBI to decide whom to follow, said a former U.S. intelligence officer, also speaking on the condition of anonymity.

Microsoft Corp. was one target of the Russian espionage operation in Seattle, U.S. officials familiar with the expulsions said. One goal was identifying targets for recruitment in the company’s coding operations because the company’s products are used in so many applications, they said.

Microsoft declined comment.

In 2010, Alexey Karetnikov, a 23-year-old Russian spy who had worked at testing computer code in Microsoft’s Richmond, Wash., headquarters, was deported by an immigration judge.

Several of the officials traced the Kremlin’s more aggressive spying approach to Putin’s 2012 return to the presidency, and Moscow’s 2014 seizure of Crimea and intervention in eastern Ukraine.

“We observed a commensurate uptick in Russian intelligence and espionage activity in the U.S. and across Europe, although few analysts connected the dots,” said Heather Conley, a former State Department official now at the Center for Strategic and International Studies think tank.

Michael Rochford, a former FBI chief for espionage, said the mass expulsion of suspected spies posing as diplomats will affect Russia’s security services and dent morale at their Moscow headquarters.

After past expulsions, he said, Russian spies have handed their operations over to officers who remain behind, or to “illegals” – long-term agents with no demonstrable connections to the Russian government.

The risk, he said, is that when Moscow replaces the expelled personnel, it will not be clear who the new spies are.

“Sometimes it’s better to know who they are and follow them,” he said.

(Additional reporting by Jonathan Landay; Editing by Mary Milliken and James Dalgleish)

CIA director expects Russia will try to target U.S. mid-term elections

CIA Director Mike Pompeo delivers remarks at "Intelligence Beyond 2018," a forum hosted by the American Enterprise Institute for Public Policy Research, in Washington, U.S., January 23, 2018.

LONDON (Reuters) – CIA Director Mike Pompeo said Russia will target U.S. mid-term elections later this year as part of the Kremlin’s attempt to influence domestic politics across the West, and warned the world had to do more to push back against Chinese meddling.

Russia has been accused of meddling in the 2016 U.S. presidential election and Special Counsel Robert Mueller is investigating the allegations, which Moscow denies, and whether there was any collusion involving President Donald Trump’s associates.

In an interview with the BBC aired on Tuesday, U.S. intelligence chief Pompeo said Russia had a long history of information campaigns and said its threat would not go away.

Asked if Russia would try to influence the mid-term elections, he said: “Of course. I have every expectation that they will continue to try and do that.

“But I am confident that America will be able to have a free and fair election. That we’ll push back in a way that is sufficiently robust that the impact they have on our election won’t be great.”

He also said the Chinese posed a threat of equal concern, and were “very active” with a world class cyber capability.

“We can watch very focused efforts to steal American information, to infiltrate the United States with spies, with people who are going to work on behalf of the Chinese government against America,” he said.

“We see it in our schools, in our hospitals and medical systems, we see it throughout corporate America. These efforts we have to all be more focused on. We have to do better at pushing back against Chinese efforts to covertly influence the world.”

GLOBAL INFLUENCE

The Kremlin, which under Vladimir Putin has clawed back some of the global influence lost when the Soviet Union collapsed, has denied meddling in elections in the West. It says anti-Russian hysteria is sweeping through the United States and Europe.

In the interview, Pompeo also repeated his message that North Korea was close to developing missiles which could be used in a nuclear attack on the United States.

“I think that we collectively, the United States and our intelligence partners around the world, have developed a pretty clear understanding of (North Korean leader) Kim Jong Un’s capability,” he said.

“We talk about him having the ability to deliver a nuclear weapon to the United States in a matter of a handful of months.”

The CIA chief defended Trump over accusations from a book which suggested the president was unfocused, unprepared and unfit for his office.

“It’s absurd, the claim that the president isn’t engaged and doesn’t have a grasp on these important issues is dangerous and false,” Pompeo said.

Asked if Trump’s use of Twitter posed any national security issues, he said: “Hasn’t caused us any trouble.”

He added: “We deliver nearly every day, personally, to the president the most exquisite truth that we know from the CIA. Whatever the facts may be we deliver them unvarnished as accurately and as forcefully as we can.”

(Reporting by Guy Faulconbridge, editing by Michael Holden and Janet Lawrence)