Den iranska spionaffären kring Peyman Kia, som i över tio år bl a var anställd på SÄPO och MUST växer nu snabbt. Även en av hans medhjälpare (lillebror) har gripits och experter jämför nu Kia-fallet med Stig Bergling, 70-talets största sovjetiska spionfall i Sverige. Den iranske invandrarens kometkarriär inom den svenska statsförvaltningens allra hemligaste sektorer kan synas förunderlig...
Petterssons Blogg gör en sammanfattning av vad som hittills är känt.
Dalai Lama är inte bara andligt överhuvud för miljoner tibetaner utan även en tung politisk exilledare. Från sin exil i Indien är han ett ständigt politiskt hot mot den kommunistiska regimen i Peking. Ibland välinformerade The Guardian berättar här om hur den tibetanska exil-ledningen ständigt övervakas elektroniskt av kommunisterna och inhyrda kommersiella spionfirmor, bl a det s k Pegasus Projektet.
****
China’s nearest observation posts are hundreds of
miles from Dharamsala, the city in the foothills of the Indian
Himalayas that hosts Tibet’s government-in-exile and its highest
spiritual leader, the Dalai Lama. Still, Tibetans there have often felt closely watched.
Suspected
Chinese spies have regularly been detected in the hill station. A
decade ago, a digital security specialist watched in disbelief as
sensitive files on Tibetan government computers were extracted on the
screen before his eyes – activity that led to the unearthing of a massive cyber-espionage network, known as GhostNet, which was largely traced to Chinese servers.
Surveillance
technology has evolved, and leaked data points to another possible
interest in Tibetan communications – this time from a less obvious
source.
The phone numbers of a top ring of
advisers around the Dalai Lama are believed to have been selected as
those of people of interest by government clients of NSO Group. Analysis strongly indicates that the Indian government was selecting the potential targets.
PEGASUS - What is in the data leak?
The
data leak is a list of more than 50,000 phone numbers that, since 2016,
are believed to have been selected as those of people of interest by
government clients of NSO Group, which sells surveillance software. The
data also contains the time and date that numbers were selected, or
entered on to a system. Forbidden Stories, a Paris-based nonprofit
journalism organisation, and Amnesty International initially had access
to the list and shared access with 16 media organisations including the
Guardian. More than 80 journalists have worked together over several
months as part of the Pegasus project. Amnesty’s Security Lab, a
technical partner on the project, did the forensic analyses.
What does the leak indicate?
The
consortium believes the data indicates the potential targets NSO’s
government clients identified in advance of possible surveillance. While
the data is an indication of intent, the presence of a number in the
data does not reveal whether there was an attempt to infect the phone
with spyware such as Pegasus, the company’s signature surveillance tool,
or whether any attempt succeeded. The presence in the data of a very
small number of landlines and US numbers, which NSO says are
“technically impossible” to access with its tools, reveals some targets
were selected by NSO clients even though they could not be infected with
Pegasus. However, forensic examinations of a small sample of mobile
phones with numbers on the list found tight correlations between the
time and date of a number in the data and the start of Pegasus activity –
in some cases as little as a few seconds.
What did forensic analysis reveal?
Amnesty
examined 67 smartphones where attacks were suspected. Of those, 23 were
successfully infected and 14 showed signs of attempted penetration. For
the remaining 30, the tests were inconclusive, in several cases because
the handsets had been replaced. Fifteen of the phones were Android
devices, none of which showed evidence of successful infection. However,
unlike iPhones, phones that use Android do not log the kinds of
information required for Amnesty’s detective work. Three Android phones
showed signs of targeting, such as Pegasus-linked SMS messages.
Amnesty
shared “backup copies” of four iPhones with Citizen Lab, a research
group at the University of Toronto that specialises in studying Pegasus,
which confirmed that they showed signs of Pegasus infection. Citizen
Lab also conducted a peer review of Amnesty’s forensic methods, and
found them to be sound.
Which NSO clients were selecting numbers?
While
the data is organised into clusters, indicative of individual NSO
clients, it does not say which NSO client was responsible for selecting
any given number. NSO claims to sell its tools to 60 clients in 40
countries, but refuses to identify them. By closely examining the
pattern of targeting by individual clients in the leaked data, media
partners were able to identify 10 governments believed to be responsible
for selecting the targets: Azerbaijan, Bahrain, Kazakhstan, Mexico,
Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab
Emirates. Citizen Lab has also found evidence of all 10 being clients of
NSO.
What does NSO Group say?
You can read NSO Group’s full statement here.
The company has always said it does not have access to the data of its
customers’ targets. Through its lawyers, NSO said the consortium had
made “incorrect assumptions” about which clients use the company’s
technology. It said the 50,000 number was “exaggerated” and that the
list could not be a list of numbers “targeted by governments using
Pegasus”. The lawyers said NSO had reason to believe the list accessed
by the consortium “is not a list of numbers targeted by governments
using Pegasus, but instead, may be part of a larger list of numbers that
might have been used by NSO Group customers for other purposes”. They
said it was a list of numbers that anyone could search on an open source
system. After further questions, the lawyers said the consortium was
basing its findings “on misleading interpretation of leaked data from
accessible and overt basic information, such as HLR Lookup services,
which have no bearing on the list of the customers' targets of Pegasus
or any other NSO products ... we still do not see any correlation of
these lists to anything related to use of NSO Group
technologies”. Following publication, they explained that they
considered a "target" to be a phone that was the subject of a successful
or attempted (but failed) infection by Pegasus, and reiterated that the
list of 50,000 phones was too large for it to represent "targets" of
Pegasus. They said that the fact that a number appeared on the list was
in no way indicative of whether it had been selected for surveillance
using Pegasus.
What is HLR lookup data?
The
term HLR, or home location register, refers to a database that is
essential to operating mobile phone networks. Such registers keep
records on the networks of phone users and their general locations,
along with other identifying information that is used routinely in
routing calls and texts. Telecoms and surveillance experts say HLR data
can sometimes be used in the early phase of a surveillance attempt, when
identifying whether it is possible to connect to a phone. The
consortium understands NSO clients have the capability through an
interface on the Pegasus system to conduct HLR lookup inquiries. It is
unclear whether Pegasus operators are required to conduct HRL lookup
inquiries via its interface to use its software; an NSO source stressed
its clients may have different reasons – unrelated to Pegasus – for
conducting HLR lookups via an NSO system.
Other
phone numbers apparently selected by Delhi were those of the president
of the government-in-exile, Lobsang Sangay, staff in the office of
another Buddhist spiritual leader, the Gyalwang Karmapa, and several
other activists and clerics who are part of the exiled community in India.
NSO’s
Pegasus spyware allows clients to infiltrate phones and extract their
calls, messages and location. The selected Tibetans did not make their
phones available to confirm whether any hacking was attempted or
successful, but technical analysis of 10 other phones on the suspected
Indian client list found traces of Pegasus or signs of targeting related
to the spyware.
Traces of Pegasus were found
on 37 of the 67 phones in the data that were analysed by Amnesty
International’s security lab. Of the 48 iPhones examined that had not
been reset or replaced since they appeared in the records, 33 carried
traces of Pegasus or signs of attempted infection. iPhones log the
information that can reveal infection by the spyware.
The
data may provide a glimpse at the delicate relationship between Tibet’s
exiles and the Indian government, which has provided refuge for the
movement since its leaders fled a Chinese crackdown in 1959, while also
viewing it as leverage – and sometimes a liability – in its own
relationship with Beijing.
The possible
scrutiny of Tibetan spiritual and government leaders points to a growing
awareness in Delhi, as well as in western capitals, of the strategic
importance of Tibet as their relationships with China have grown more
tense over the past five years.
It also
highlights the growing urgency of the question of who will follow the
current Dalai Lama, 86, a globally acclaimed figure whose death is
likely to trigger a succession crisis that is already drawing in world
powers. Last year the US made it a policy to impose sanctions against any government that interfered with the selection process.
The
records suggest Tibetan leaders were first selected in late 2017, in
the period before and after the former US president Barack Obama met the
Dalai Lama privately on a foreign tour that also included earlier stops
in China.
Senior advisers to the Dalai Lama
whose numbers appear in the data include Tempa Tsering, the spiritual
leader’s long-time envoy to Delhi, and the senior aides Tenzin Taklha
and Chhimey Rigzen, as well as Samdhong Rinpoche, the head of the trust
that has been tasked with overseeing the selection of the Buddhist
leader’s successor.
Tempa
Tsering, right, the chief representative of the Dalai Lama in Delhi,
speaks to the media alongside his wife, the Dalai Lama’s sister Jetsun
Pema. Photograph: Yoshikazu Tsuno/AFP/Getty Images
The
Dalai Lama, who has spent the past 18 months isolating in his compound
in Dharamsala, is not known to carry a personal phone, according to two
sources.
Following
the launch of the Pegasus project, India’s IT minister, Ashwini
Vaishnaw, said the project’s claims about Indian surveillance were an
“attempt to malign Indian democracy and its well-established
institutions”. He told parliament: “The presence of a number on the list
does not amount to snooping ... there is no factual basis to suggest
that use of the data somehow amounts to surveillance.”
India
could have several motives for possible spying on Tibetan leaders but
some in Dharamsala have concluded the question of succession may be a
driving force. Naming successors to the Dalai Lama has sometimes taken
years after the death of the title holder, and is usually led by the
monk’s senior disciples, who interpret signs that lead them to the child
next in line.
But China views the next Dalai
Lama as a potential separatist leader who could weaken its authoritarian
grip on Tibet. It has claimed the sole right to control the selection
process, and analysts say it is already pressuring neighbours such as
Nepal and Mongolia to rule out recognising any successor but its own.
Beijing
is also contacting influential Buddhist teachers and clerics around the
world, including some based in India, inviting them to China to try to
lay the groundwork for its choice and muddy support for any candidate
chosen by the Dalai Lama’s followers.
These
entreaties to Buddhist leaders and other interference in the succession
process have been viewed warily by India’s security agencies, who may
have sought to closely monitor an issue with huge implications for
Delhi’s own relationship with China – but where its direct influence and
control is limited.
“India
wants to make sure that Tibetans don’t strike a deal with the Chinese
that involves the Dalai Lama going back to Tibet,” said a former staffer
with the Tibetan administration, who asked not to be named.
India
may also be seeking to monitor continuing informal contact between
Chinese officials and Tibetan leaders. The Dalai Lama revealed two years
ago that India had vetoed his plans to try to meet Xi Jinping when the Chinese president visited India in 2014.
“The
Dalai Lama himself has said several times that he maintains connections
to the Chinese leadership through ‘old friends’,” the former Tibetan
government staffer said. “India is very aware of this and they want to
make sure that no deals are made without their knowing or involvement.”
Delhi officially backs negotiations on the status of Tibet, but a recent Indian thinktank report suggested
the country’s intelligence agencies had not always been supportive of
the Dalai Lama’s “middle way”, a blueprint to resolve the dispute by
recognising Chinese sovereignty over Tibet but granting the province
meaningful autonomy.
Other motives for
possible monitoring of Tibetan leaders may be more straightforward,
including that the Dalai Lama and the community around him are a magnet
for sensitive information about Tibet and regularly meet dignitaries
from around the world.
“I would assume that
India would pay close attention to, for example, western officials
coming to Dharamsala – I think they’d want to monitor that in detail,”
said Prof Robert Barnett, the former director of the Tibet studies
programme at Columbia University. “Perhaps, is the Dalai Lama asking
them for asylum? I think that kind of concern would matter a lot to
them.”
In multiple statements, NSO said
the fact a number appeared on the leaked list was in no way indicative
of whether it was selected for surveillance using Pegasus. “The list is
not a list of Pegasus targets or potential targets,” the company said.
“The numbers in the list are not related to NSO Group in any way.
The
Tibetan movement, like other stateless groups, is vulnerable to
cyber-attacks but not entirely defenceless. The US government has for
more than a decade funded digital security consultants to fortify
Tibetan computer networks. Leaders are briefed that any of their devices
could be breached at any time and they should act accordingly.
Tibetan
leaders closely study security strategies pioneered for other exile and
dissident groups, including flooding their phones and emails with
confusing and contradictory information, which can tie up intelligence
agencies as they try to sift truth from fiction. Other strategies
include setting up “minefields”, servers and devices that appear genuine
but are actually decoys that feed attackers false information and allow
their hacking attempts to be studied.
Just nu skakas Australien av en stor kinesisk spionskandal. En ung akademiker har hoppat av till australiska säkerhetstjänsten och bl a avslöjat intressanta fakta om hur Pekingregimen försöker infiltrera Australien (och andra grannländer) med inflytandeagenter. Liqiang har också överlämnat en lista med 17 sidor kinesiska agenter i Australien, Hongkong, Korea och Taiwan. Australiska experter jämför avhoppet med de sovjetiska KGB-officerarna Petrovs avhopp och avslöjanden på 50-talet. Den gången väcktes politikerna abrupt till det kalla krigets verklighet. Vladimir och Jevdokia Petrov hade tidigare tjänstgjort på sovjetiska ambassaden i Stockholm och kunde därför avslöja en mängd sovjetiska agenter i Sverige...
A Chinese intelligence defector has reportedly given the Australian government information about entire networks of Chinese undercover spies in Hong Kong, Taiwan and Australia, according to reports. The story of Wang “William” Liqiang, made headlines all over Australia during the weekend, culminating in an entire episode of 60 Minutes Australia about him airing on Sunday. The 26-year-old from China’s eastern Fujian province reportedly defected to Australia in October, while visiting his wife and newborn son, who live in Sydney. He is currently reported to be in a safe house belonging to the Australian Security Intelligence Organization (ASIO).
Mr. Wang has provided the ASIO with a 17-page sworn statement, in which he details his work as an undercover intelligence officer. He is also said to have shared the identities of senior Chinese intelligence officers in Taiwan and Hong Kong, and to have explained how they organize and implement espionage operations on behalf of Bejing.
In a leading article published on Saturday, The Sydney Morning Herald referred to Mr. Wang as “the first Chinese operative to ever blow his cover” and claimed that he had given the ASIO “a trove of unprecedented inside intelligence” about Chinese espionage operations in Southeast Asia. The newspaper said that the defector had revealed details about entire networks of Chinese intelligence operatives in Taiwan and Hong Kong. He also reportedly provided identifying information about deep-cover Chinese intelligence networks in Australia.
Meanwhile, in an unrelated development, Australian media said yesterday that the ASIO was examining allegations that a Chinese espionage ring tried to recruit an Australian businessman of Chinese background and convince him to run for parliament. According to reports, the spy ring approached Nick Zhao, a successful luxury car dealer, and offered to fund his political campaign with nearly $700,000 (AUS$1 million) if he run as a candidate for the Liberal Party of Australia. Zhao reportedly told the ASIO about the incident last year, shortly before he was found dead in a Melbourne hotel room. His death remains under investigation.
iska liv. Registret överlämnades till KGB, som använde det för rekrytering. Nutida historiker menar att det lika gärna kunde fungerat som dödslistor vid en sovjetisk ockupation... **
Och sedan tycks arbetet ha
fortsatt ända fram till början
på 50-talet. PET avslöjade
honom 1951, men undvek
ett åtal eftersom det kunde avslöjat en av tjänstens
källor i kommunistkretsar.
