New in SpyWeek: That Mysterious CIA School and More
Double agents, assassinations, Iranian and Chinese spies also lead the intel news
Welcome to our new weekly newsletter, where we look at the latest news from the intersection of intelligence, foreign policy and military operations.
Double Agent Deal? Back in June, SpyTalk revealed that the Biden administration had spurned a previously unreported offer by Venezuelan President Nicolas Maduro to release nine jailed Americans, as a well as a fugitive defense contractor and a group of imprisoned opposition figures, all in exchange for one man —Colombian businessman Alex Saab, Maduro’s top financial fixer who was awaiting trial in Miami on money-laundering charges. “This wouldn’t constitute a real, let alone good faith offer, because it includes Saab, whom we had already made very clear is off limits,” a White House source familiar with Maduro’s proposal told us. Well, it turns out that Maduro’s offer wasn’t the nonstarter that the White House had claimed. On Dec. 20, following six months of quiet negotiations mediated by Qatar, President Joe Biden granted clemency to Saab, who returned to Venezuela the same day. It also turns out that Saab was more than Maduro’s fixer. According to court papers, he had worked as a spy for the U.S. Drug Enforcement Agency, providing intelligence about the inner workings of the Maduro regime. Some experts suspect Saab was a double agent who kept Maduro fully informed of his work for the DEA and may have even helped the Venezuelan leader foil a U.S.-backed coup attempt against him in 2019.
In any event, on Dec. 20, ten Americans, six of whom the U.S. State Department had classified as wrongfully detained, were flown back to the United States, and some 20 opposition figures were released from prison in Venezuela. Separately, Venezuela also handed over Leonard Glenn Francis, better known as “Fat Leonard,” the central figure in the U.S. Navy’s largest ever corruption scandal. In 2015, the Malaysian fugitive was convicted here of bribing dozens of uniformed officers of the Navy’s Pacific-based Seventh fleet with cash, prostitutes and other favors in exchange for classified information on fleet movements that helped him win lucrative U.S. Navy service contracts for his Singapore-based ship servicing company. Last year, he fled house arrest in San Diego and made his way via Mexico and Cuba to Venezuela, where he was detained. Biden said he okayed the swap after Maduro agreed to meet U.S. demands for fair elections in Venezuela in 2024.
Israel’s Forever War: Much of the past week’s intelligence news came out of the Middle East, where Christmas brought no let-up to the three-month war between Israel and Hamas. The Biden administration’s fears of a wider regional war prompted intense diplomacy to find moderate Palestinians who will govern Gaza and the West Bank once the fighting ends, presumably with Hamas’ defeat. This got us musing last week about previous efforts in history to find a so-called “third force” and their ultimate failures.
Meanwhile, the fighting only intensified throughout the region, with Lebanon’s Hezbollah stepping up its missile attacks on northern Israel, Yemen’s Houthi rebels opening fire on Israel-bound shipping in the Red Sea, and Iranian-supported Shiite militias in Iraq continuing their attacks on U.S. forces there, all in a show of solidarity with Hamas. In response, U.S. warplanes on Christmas Day carried out airstrikes in Iraq, destroying three bases used by Kataib Hezbollah, an Iranian proxy, and killing several of its members. On the same day, Israeli warplanes struck a suburb outside the Syrian capital Damascus, killing Brig. Gen. Sayed Razi Mousavi, the senior Iranian Revolutionary Guard commander who oversaw the military alliance between Iran and Syria. In a statement read on Iranian state TV, the Islamic Revolutionary Guard Corps said that the “usurper and savage Zionist regime will pay for this crime.” The following day, Israeli Defense Minister Yoav Gallant responded: “We are in a multi-front war and are coming under attack from seven arenas: Gaza, Lebanon, Syria, Judea and Samaria (West Bank), Iraq, Yemen, and Iran,” he said, adding: “We have already responded and acted in six of these areas.” Gallant declined to specify which six he was referring to.
Iranian Spy Ship: The Houthis’ drone and missile attacks on commercial ships in the Red Sea have prompted many of the world’s biggest shipping companies and oil exporters who utilize the Suez Canal at the northern end of the waterway to reroute their vessels around the southern tip of Africa, adding days in transit time and dollars to insurance rates and oil prices. Late last week, as the Pentagon announced the formation of a multinational naval force to protect commercial shipping in the Red Sea, the White House declassified intelligence that showed Iran was operating a surveillance vessel in the Red Sea that was providing the Houthis with real-time intelligence on merchant shipping that facilitated their attacks, the Wall Street Journal reported. The paper said the release of the intelligence could lay the groundwork for military action against the Houthis by the multinational force.
Cyber Attacks: It now appears that Israel is widening the war into the digital sphere, targeting Iran itself in response to its support for Hamas and its other Arab proxy forces. On Dec. 18, a group of pro-Israel hackers calling themselves “Predatory Sparrow” launched a cyber attack that knocked more than two thirds of Iran’s gasoline stations out of commission, according to the English-language Israeli daily Haaretz. “This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region," Predatory Sparrow wrote on its Persian-language Telegram channel. The message ended with a warning addressed personally to Iran's supreme leader, Ayatollah Ali Khamenei: "Playing with fire has a price. This is just a taste of what we have in store." So far, Palestinian cyber attacks have temporarily shut down some Israeli news sites, but Haaretz cites the global cybersecurity firm CheckPoint as saying these attacks have failed to cause any lasting damage. The same can’t be said for Iran’s more sophisticated cyber warriors, who hacked the cellphone of the wife of Mossad chief David Barnea last year and distributed its photos and documents on an anonymous Telegram channel. Since the war in Gaza began in October, Hezbollah-linked hackers have targeted Israeli hospitals, disrupting their operations in response to the Israeli army’s attacks on Gaza hospitals.
Turkey-Israel intelligence war: Turkey’s National Intelligence Organization (Milli İstihbarat Teşkilatı, or MIT), has established a special new unit to target Mossad operations, according to the Sabah daily, a media outlet owned by the family of Turkish President Recep Tayyip Erdogan and widely regarded as a government mouthpiece. The Christmas Eve claim was made by Sabah journalist Abdurrahman Şimşek, described by the Middle East Forum, a conservative foreign policy think tank based in Philadelphia, as a MIT propagandist and trusted recipient of the spy agency’s leaks. "Within the organization [MIT] is a highly active and experienced unit engaged in the fight against Mossad,” Şimşek said in an interview posted by Sabah on YouTube. “There are teams that are quite skilled. . . . They are aware of every step Mossad takes." Last month, Sabah reported that the MIT was instrumental in foiling a Mossad operation in Malaysia to capture a Palestinian hacker who had developed software capable of penetrating Israel’s Iron Dome air defense system. In May, Sabah reported that the MIT had rolled up 11 members of an alleged Mossad ring who were charged with spying on Iranian targets in Turkey. Earlier this month, Erdogan, an outspoken supporter of Hamas, publicly warned Israel against plans to assassinate Hamas members in Turkey. "If they dare to take such a step against Turkey and the Turkish people, they will be doomed to pay a price from which they cannot recover," Erdogan told reporters. He was responding to Ronen Bar, the head of Israel’s Shin Bet domestic intelligence agency, who said Israel was determined to kill Hamas's leaders "in every location" in the world, including Qatar, Turkey and Lebanon, even if it takes many years.
The Continuing U.S.-China Spy War: While the wars in Gaza and Ukraine gobble up much of the U.S. intelligence community’s attention these days, China still remains the IC’s top priority. Not surprisingly, the feeling is mutual in China, where the Ministry of State Security (MSS), the country’s main intelligence agency, continues to be focused primarily on the United States. Ellen Nakashima, a veteran national security reporter at The Washington Post, said on SpyTalk’s Dec. 15 podcast that the MSS is not only continuing to conduct “massive espionage, cyber espionage and commercial espionage” in the United States and other countries, but China’s military hackers also have wormed their way inside cyber systems of a major port on the West Coast, a water utility in Hawaii and at least one U.S. oil and gas pipeline. The idea, Nakashima and co-author Joseph Menn reported in the Post, is to lay low inside such critical elements of America’s civilian infrastructure and then, in the event a war erupts between China and the United States, take them out of commission, sowing chaos and panic. The addition of cyber sleeper agents to China’s intelligence playbook is just one of the many challenges America’s intelligence community faces as it works to bolster its ability to penetrate China’s government, military and high-tech industries. Washington suffered a massive intelligence setback a decade ago, when China’s spycatchers rounded up a network of Chinese agents working for the CIA and executed or imprisoned as many as two dozen, all but blinding U.S. China watchers.. According to the The Wall Street Journal, the CIA is still struggling to rebuild its human intelligence capabilities in China, a difficult task in the best of times but an even greater challenge today, when China has an artificial intelligence program that can pump out instant dossiers on suspected spies, as well as scores of cameras that record car license plate and software that steals cell phone data. The New York Times quoted U.S. officials as saying the intelligence community still needs to recruit people with a deeper knowledge of China’s technological and commercial ambitions if it is to blunt Beijing’s drive to rival Washington as the world’s preeminent military and economic power. SpyTalk’s China hand, Matt Brazil, adds that “abroad they’re seeking a sharper focus on American and allied nation targets, including the so-called "chokepoint" technologies, such as microchips, that Washington strives to deny them. Back in the motherland, they’re massively applying cutting-edge surveillance technology to a wide range of people, particularly foreign diplomats. The reader also learns what the CIA is up to in response — and of a yawning gap that may remain unaddressed.” Speaking of (air) gaps, NBC News reports that “U.S. intelligence officials have determined that the Chinese spy balloon that flew across the U.S. this year used an American internet service provider” to send and receive “messages to and from China.” Clever, that.
A School For Spycatchers: One item in the Fiscal 2024 National Defense Authorization Act, signed into law by President Biden the day after Christmas, caught our eye. It instructs the CIA Director to “maintain the Benjamin Tallmadge Institute as the primary entity within the Central Intelligence Agency for education and training related to all aspects of counterintelligence,” but it doesn’t say where it is or why it’s necessary. A CIA spokesperson also declined to provide the institute’s location. And there’s this: In addition to developing courses to certify agency personnel in counterintelligence, insider threats and investigations—normally the province of the FBI— the law also instructs the CIA director to make these courses available to federal agencies that are not part of the intelligence community, as well as state, local and Tribal governments, private sector entities, and “such other personnel and entities as appropriate.” This provision suggests some confusion on Congress’ part in distinguishing between counterintelligence, a highly specialized mission focused on thwarting foreign adversary intelligence activities , and security, which is a defensive responsibility broadly distributed among federal, state and local authorities. Also unclear is why the CIA is being given this tutoring responsibility when the National Intelligence University exists for this purpose. And why did Congress find it necessary to write the CIA’s counterintelligence training course, named a few years ago after Revolutionary War spymaster Benjamin Tallmadge, into law, anyway? The House Intelligence Committee, which authored the provision, did not respond to SpyTalk’s request for clarification.
SpyTalk is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.