C.I.A.’s Venture Capital Arm, In-Q-Tel 

In-Q-Tel (IQT), formerly Peleus and known as In-Q-It, is an American not-for-profit venture capital firm based in Arlington, Virginia. It invests in high-tech companies for the sole purpose of keeping the Central Intelligence Agency, and other intelligence agencies, equipped with the latest in information technology in support of United States intelligence capability. The name, “In-Q-Tel” is an intentional reference to Q, the fictional inventor who supplies technology to James Bond.

q

The firm is seen as a trend-setter in the information technology industry, with the average dollar invested by In-Q-Tel in 2012 attracting nine dollars of investment from other companies.

Originally named Peleus and known as In-Q-It, In-Q-Tel was founded by Norm Augustine, a former CEO of Lockheed Martin and by Gilman Louie, who was In-Q-Tel’s first CEO. In-Q-Tel’s mission is to identify and invest in companies developing cutting-edge technologies that serve United States national security interests. Origins of the corporation can be traced to Dr. Ruth A. David, who headed the Central Intelligence Agency Directorate of Science & Technology in the 1990s and promoted the importance of rapidly advancing information technology for the CIA. In-Q-Tel now engages with entrepreneurs, growth companies, researchers, and venture capitalists to deliver technologies that provide superior capabilities for the CIA, DIA, NGA, and the wider intelligence community. In-Q-Tel concentrates on three broad commercial technology areas: software, infrastructure and materials sciences.

Former CIA director George Tenet says,

We [the CIA] decided to use our limited dollars to leverage technology developed elsewhere. In 1999 we chartered … In-Q-Tel. … While we pay the bills, In-Q-Tel is independent of CIA. CIA identifies pressing problems, and In-Q-Tel provides the technology to address them. The In-Q-Tel alliance has put the Agency back at the leading edge of technology … This … collaboration … enabled CIA to take advantage of the technology that Las Vegas uses to identify corrupt card players and apply it to link analysis for terrorists [cf. the parallel data-mining effort by the SOCOM-DIA operation Able Danger ], and to adapt the technology that online booksellers use and convert it to scour millions of pages of documents looking for unexpected results.

In-Q-Tel sold 5,636 shares of Google, worth over $2.2 million, on November 15, 2005. The stocks were a result of Google’s acquisition of Keyhole, the CIA funded satellite mapping software now known as Google Earth.

As of August 2006, In-Q-Tel had reviewed more than 5,800 business plans, invested some $150 million in more than 90 companies, and delivered more than 130 technology solutions to the intelligence community. In 2005 it was said to be funded with about $37 million a year from the CIA.

iqt1

In-Q-Tel is a Virginia-registered corporation, legally independent of the CIA or any other government agency. The corporation is bound by its Charter agreement and annual contract with the CIA, which set out the relationship between the two organizations. In-Q-Tel’s mission to support the Intelligence Community’s technical needs is promoted by the In-Q-Tel Interface Center (QIC), an office within the CIA that facilitates communication and relationships between In-Q-Tel and government intelligence organizations. While In-Q-Tel is a nonprofit corporation, it differs from IARPA (Intelligence Advanced Research Projects Activity) and other models in that its employees can profit from its investments.

Many companies listed on In-Q-Tel’s investment website page are secret. In-Q-Tel functions partially in public; however, what products it has and how they are used is strictly secret. According to the Washington Post, “virtually any U.S. entrepreneur, inventor or research scientist working on ways to analyze data has probably received a phone call from In-Q-Tel or at least been Googled by its staff of technology-watchers.”

The CIA has its tentacles in so many things it’s mind-boggling. I just discovered the existence of In-Q-Tel today. It was laying low, keeping its profile below the radar. What other things is the CIA, NSA, DIA etc. involved in and with? Many secrets in the labyrinth that is the world of intelligence and espionage.

iqtcia

In-Q-Tel headquarters in Arlington, Virginia.

iqt2

Alert: The Most Northern Settlement in The World

Located just over eight hundred kilometers away from the North Pole, the community of Alert, on the northeastern tip of Ellesmere Island, in Nunavut, Canada, is the most northerly permanent settlement in the world. The nearest populated place is another 540 kilometers south, in Greenland, while the nearest Canadian city is over two thousand kilometers away. The place is so close to the North Pole that it can’t connect with communication satellites because their orbit lies below the horizon.

For four months, Alert exist in total darkness. For another four months, the sun never leaves the sky, but rising no more than 30 degrees above the horizon at noon. The land remains frozen and snow covered for almost ten months of the year. Winters are harsh and cold with temperatures regularly dropping thirty degrees below zero. Peak summer temperatures are just a couple of degrees above freezing.

alert-nunavut-canada-11

At any time in this godforsaken place, you’ll find several dozen people living. Thankfully, Alert is not their permanent home; they are merely here on work. These cold and miserable people, nicknamed “The Frozen Chosen”, include members of the Canadian Armed Forces —which maintains a signals intelligence intercept facility called CFS Alert— and scientific personnel working at the two research facilities here —the Environment Canada weather station and a Global Atmosphere Watch (GAW) atmosphere monitoring observatory.

In July 2019, during a global heat wave Alert recorded the highest ever temperature—an unprecedented 21 degrees Celsius, about 14 degrees higher than normal.

The community of Alert is named after HMS Alert, a British ship which set up camp near Alert in the winters of 1875–76. The ship’s captain, George Nares, and his crew were the first recorded people to reach the northern end of Ellesmere Island.

The weather station was established here in 1950. The military station came eight years later. During the Cold War, Alert was strategically important because it was the only point in North America that was closest to the northwestern area of the Soviet Union. In fact, Alert is closer to Moscow (2,500 miles or 4,000 km) than it is to Ottawa (2,580 miles or 4,150 km). Alert’s proximity to the Soviet Union allowed the US-Canada-UK-Australia-New Zealand intelligence sharing alliance, also known as the Five Eyes, to eavesdrop on the Russian communication network. The station soon became a key asset in the global ECHELON network.

At its peak, CFS Alert had upwards of 215 personnel posted at any one time. But after budget cuts in the 1990s, CFS Alert was downsized to approximately 74 personnel, but during summers, its population can rise to over hundred.

A Sun newspaper article dated November 14, 2004, provides readers with a glimpse of life at Alert:

The soldiers, a lot of them volunteers, serve six month postings — divided by a three week vacation. Today, the food is as good as it ever was.  TV’s in various rooms show four channels of live television and another four of movies, played from the stations stock of 4,500 video and DVDs. Listening to the base’s CHAR-FM 105.9 trivia shows are another popular pastime. Much of the station is devoted to recreation, with two gyms, a darkroom, a bowling alley and a theatre. Evenings are filled with activities — multi-player computer games, woodworking, bingo, euchre and trivia. Most personnel volunteer to come here. Like a crew inside a submarine, the isolation and uniqueness of Alert pull people together and drive others apart — earning them all the 50-year-old nickname of  ‘The Frozen Chosen.”.

The only way to transport anything here is by air. Every year, the RCAF makes about 225 Hercules flights to Alert to bring in around two million litres of fuel and 300 tonnes of cargo. In addition to the weekly flights, supplies are shuttled in twice a year in massive operations involving dozens of flights to and from the nearest deep-water port, Thule, Greenland. The problem is, much of the time Canada’s Hercules C-130 aircraft aren’t flying. The resupply flights are routinely delayed 24 hours or cancelled altogether when planes are grounded by mechanical problems or diverted elsewhere by military priority.

Military physicians note most people gain weight after arriving. Those who aren’t able to deal with the remoteness are weeded out before they touch down on the gravel and snow runway. “It’s great to be here, but you must keep yourself busy all the time,” says  Station Warrant Officer Serge Oullet in 2004. “We try to get people to socialize with each other in off hours.”

alert-map
alert-nunavut-canada-1

United States Ambassador Jacobson in front of CSB Alert welcome sign.

alert-nunavut-canada-2

Danish sled dogs in Alert, Nunavut.

alert-nunavut-canada-3

Canadian Rangers training camp near CSB Alert, Nunavuk.

alert-nunavut-canada-4

Snow transport in Alert, Nunavut.

alert-nunavut-canada-15

A memorial commemorating the men who died in a 1950 plane crash in Alert.

alert-nunavut-canada-6

The graves of the crew who died in the 1950 crash remains buried at Alert.

alert-nunavut-canada-16

The wreckage of an airplane. There were actually three crashes on Alert. The photographer doesn’t mention to which crash this wreckage belongs to.

alert-nunavut-canada-7

Ice crystals.

alert-nunavut-canada-8

Frost flowers.

alert-nunavut-canada-9
alert-nunavut-canada-10
alert-nunavut-canada-12
alert-nunavut-canada-14

Sun rise at 2am.

alert-nunavut-canada-17

Satellite photo of Alert. Photo credit: Google Maps

At any given time there are roughly 60-80 personnel at the base. This includes military and contractors.

C-17 resupply aircraft landing at Alert.

Some signals intelligence spy equipment.

Mr. Yves Gauthier guides Master Corporal Marty Stride and Corporal Graeme Ross (CFS LEITRIM) through the maintenance program on one of the High Arctic Data Communication Systems Line of Sight Systems (HADCS LOS) Sites. (lt (N) clayton erickson, joint task force north, dnd)

Spy Bases: Secretive HQs of the World’s Intelligence Agencies 

danger

Architecture is a language, one used by institutions to say something about themselves.

The same basic principle is true for the world’s spy agencies. All show their secrecy in their buildings, while some may appear starkly utilitarian, and some may even be frightening and alienating. But they also have their quirks and differences, whether it be an isolated complex hidden by trees, in a location that’s never been officially disclosed, or a prominent complex built by superstar architects and put on prominent display in the middle of a capital city.

United States: Central Intelligence Agency

ciax1

If John Brennan becomes the next CIA director — a likely event — he’ll be working from inside a complex that could blend into a business park anywhere in America. But this park contains the headquarters of America’s foreign intelligence agency.

Protected from prying eyes by a wooded belt in suburban Langley, Virginia, just northwest of Washington, D.C., the complex is actually two sets of buildings connected to a central core, with each set built at different times. The first half of the building and designed by New York architecture firm Harrison and Abramovitz — who had a role in designing the United Nations headquarters — dates back to 1963. It’s a sign of its times, and built from sterile pre-fabricated concrete.  But by the 1980s, the agency was running out of space. Today, the complex is much larger, with an added west wing of two glass office towers, designed by Detroit architects Smith, Hinchman & Grylls in the 1980s.

The CIA also has a penchant for art and assorted knick-knacks. The agency has a chunk of the Berlin Wall on display, and an A-12 Oxcart spy plane. There’s a museum inside the building with all sorts of weird memorabilia inside, from a robotic fish to a Cold War-era mini-submarine. Outside the cafeteria on the grounds of the headquarters’ new wing is the copper sculpture Kryptos, containing 869 encrypted characters on four plates. The final plate, with its 97 characters, is still unbroken. The cafeteria is remarkably pleasant and airy for a government building, actually, with enormous windows and green views. (The food, however, is not quite as pleasing.)

danger1

United States: National Security Agency

There are clear views of the National Security Agency’s headquarters off the Patuxent Freeway, just skirting Fort Meade, Maryland, about 15 miles southwest of Baltimore. But we wouldn’t advise getting any closer, as the NSA is the highly secretive agency responsible for the U.S. government’s codebreaking and collecting communications from around the world. The NSA’s headquarters also fits the part, rising blank and expressionless above a desert of parking lots. Completed in 1986, it resembles a collection of stubby, black, reflective monoliths like from 2001: A Space Odyssey. And according to the Center for Land Use Interpretation, the complex has an estimated 10 acres of underground space.

But like the CIA during the Cold War, the NSA in recent years has outgrown its own building. Fort Meade altogether has grown extremely rapidly as defense agencies relocate there and the NSA boosts its Cyber Command headquarters. Defense and government contractors now have offices surrounding the place, and contract and government jobs have surged, largely due to growth at the base more generally, and partly because of growth at the NSA. The Baltimore Business Journal reported that the base is expected to add an eye-popping 42,500 jobs by the end of the decade. The Defense Department even paved over part of the base’s golf course for the headquarters of the Defense Media Activity organization, the Pentagon’s media wing. Hopefully the Pentagon and the NSA will include a lot more parking.

danger2

United Kingdom: Secret Intelligence Service

There’s perhaps no spy headquarters more recognizable than the SIS Building, headquarters of the British Secret Intelligence Service, or MI6. It’s not only smack-dab in the middle of London, but has been featured in six James Bond movies, and blown up in two of them. Designed by architect Terry Farrell, the structure has been compared to a cross between a Babylonian ziggurat and a power plant. And it’s built like a veritable fortress, capable of withstanding bomb attacks. There are also reportedly extensive underground areas.

It’s also put its defenses to use. In September 2000, militants suspected to be from the Real Irish Republican Army — a splinter faction of the Irish paramilitary group — fired a rocket-propelled grenade round at the building’s eighth floor, causing no injuries. In a demonstration of just how heavily armored the building is, the rocket reportedly bounced off a glass window.

danger3

Russia: Federal Security Service

The Lubyanka building — the yellow, neo-Baroque former headquarters of Russia’s spies — is still the most recognizable symbol of Russian secrecy, even if the bulk of their office space has moved elsewhere. Dating to 1897, the building once housed an insurance company before becoming the headquarters for the feared Soviet spy agency KGB. It was remodeled by Stalin. (The basement contained a KGB prison.) The building was then transferred to the KGB’s successor agency, the Federal Security Service (FSB), after the collapse of the USSR.

According to cybersecurity analyst Jeffrey Carr’s book Inside Cyberware: Mapping the Cyber Underworld, the building today houses the FSB’s Communications Security Center, which oversees and encrypts Russian government computer security systems; and the Center for Licensing, Certification, and Protection of State Secrets, which handles export licenses for cryptographic and surveillance technology. Twin suicide bombing attacks in 2010 also came close to the building — one of the blasts exploded at the nearby Lubyanka metro station.

CDU-Innenexperte Bosbach rechnet mit 1,5 Milliarden fuer BND-Neubau

Germany: Federal Intelligence Service

Germany’s chief spy agency, which in German goes by the name Bundesnachrichtendienst (BND), is proud of its spiffy new headquarters. ABC has reported that it’s “set to be one of the most technologically sophisticated buildings in the world” once it opens in 2014. Located within walking distance of the Reichstag building in Berlin and on the site of a former East German soccer stadium, the BND has even gone online to show off of its facades of “natural stone, render, fair-faced concrete, brick or metal.” It has room for 4,000 employees, and has weird blob art. The agency is also touting its architect, Jan Kleihues, the son of famous architect Josef Paul Kleihaus, who was known for museums in Germany and Chicago.

But the design is also perhaps more open than the Germans would like. In July 2011, Munich news magazine Focus reported that the building’s blueprints were stolen from the construction site. According to Focus, the blueprints contained “the exact function of every single room, the thickness of each wall, the exact position of every toilet and every emergency exit and every security checkpoint.” The theft hasn’t ended Berlin’s plans. However, it was reported to have forced an estimated $1.8 billion interior redesign.

danger7

France: Directorate-General for External Security

This walled compound doesn’t stand out — because it’s not supposed to. It would be an ordinary and undistinguished complex of buildings, that is, if you ignore the high walls topped with spikes and a tall sensor tower. Located on the eastern edge of the Paris city limits is the headquarters for the French Directorate-General for External Security (DGSE), the agency responsible for France’s overseas intelligence works. It’s headquarters also nicknamed “the swimming pool” for its proximity to a facility used by the French Swimming Federation, and Google Maps has even blurred its image in satellite photographs.

danger8

China: Ministry of State Security

The building seen above is not the main headquarters for the Chinese Ministry of State Security (MSS), but a regional office in China’s central Hubei Province. The official headquarters is a little harder to spot. Attempts to track it down have led to frequent — but mistaken — associations with the Ministry of Public Security: the giant Borg-like structure in downtown Beijing which houses China’s national police command. A closer bet for the main MSS offices is a low-key compound in Beijing’s northwest.

The MSS is also different from many Western intelligence agencies because it handles both foreign and domestic intelligence, instead of splitting them up like the CIA and FBI. Hence the reason why it has regional offices inside China, in addition to carrying out Chinese espionage overseas. The Hubei office also sends something of a statement, with its imposing columns, wedding cake facade, sensor dishes and observation perch. Another photo shows what appears to be a police officer on duty, in case anyone gets the wrong idea and wanders a little too closely.

U.S. Intelligence Utah Data Center

The Utah Data Center (UDC), also known as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, is a data storage facility for the United States Intelligence Community that is designed to store data estimated to be on the order of exabytes or larger. Its purpose is to support the Comprehensive National Cybersecurity Initiative (CNCI), though its precise mission is classified. The National Security Agency (NSA) leads operations at the facility as the executive agent for the Director of National Intelligence. It is located at Camp Williams near Bluffdale, Utah, between Utah Lake and Great Salt Lake and was completed in May 2014 at a cost of $1.5 billion.

Critics believe that data center has the capability to process “all forms of communication, including the complete contents of private emails, cell phone calls, and Internet searches, as well as all types of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter’.” In response to claims that the data center would be used to illegally monitor email of U.S. citizens, in April 2013 an NSA spokesperson said, “Many unfounded allegations have been made about the planned activities of the Utah Data Center, … one of the biggest misconceptions about NSA is that we are unlawfully listening in on, or reading emails of, U.S. citizens. This is simply not the case.”

In April 2009, officials at the United States Department of Justice acknowledged that the NSA had engaged in large-scale overcollection of domestic communications in excess of the United States Foreign Intelligence Surveillance Court’s authority, but claimed that the acts were unintentional and had since been rectified.

In August 2012, The New York Times published short documentaries by independent filmmakers titled The Program, based on interviews with former NSA technical director and whistleblower William Binney. The project had been designed for foreign signals intelligence (SIGINT) collection, but Binney alleged that after the September 11 terrorist attacks, controls that limited unintentional collection of data pertaining to U.S. citizens were removed, prompting concerns by him and others that the actions were illegal and unconstitutional. Binney alleged that the Bluffdale facility was designed to store a broad range of domestic communications for data mining without warrants.

Documents leaked to the media in June 2013 described PRISM, a national security computer and network surveillance program operated by the NSA, as enabling in-depth surveillance on live Internet communications and stored information. Reports linked the data center to the NSA’s controversial expansion of activities, which store extremely large amounts of data. Privacy and civil liberties advocates raised concerns about the unique capabilities that such a facility would give to intelligence agencies. “They park stuff in storage in the hopes that they will eventually have time to get to it,” said James Lewis, a cyberexpert at the Center for Strategic and International Studies, “or that they’ll find something that they need to go back and look for in the masses of data.” But, he added, “most of it sits and is never looked at by anyone.”

The UDC was expected to store Internet data, as well as telephone records from the controversial NSA telephone call database, MAINWAY, when it opened in 2013.

In light of the controversy over the NSA’s involvement in the practice of mass surveillance in the United States, and prompted by the 2013 mass surveillance disclosures by ex-NSA contractor Edward Snowden, the Utah Data Center was hailed by The Wall Street Journal as a “symbol of the spy agency’s surveillance prowess”.

Binney has said that the facility was built to store recordings and other content of communications, not only for metadata.

According to an interview with Snowden, the project was initially known as the Massive Data Repository within NSA, but was renamed to Mission Data Repository due to the former sounding too “creepy”.

An article by Forbes estimates the storage capacity as between 3 and 12 exabytes in the near term, based on analysis of unclassified blueprints, but mentions Moore’s Law, meaning that advances in technology could be expected to increase the capacity by orders of magnitude in the coming years.

Toward the end of the project’s construction it was plagued by electrical problems in the form of “massive power surges” that damaged equipment. This delayed its opening by a year.

The finished structure is characterized as a Tier III Data Center, with over a million square feet, that cost over 1.5 billion dollars to build. Of the million square feet, 100,000 square feet are dedicated to the data center. The other 900,000 square feet are utilized as technical support and administrative space.

Super Spyware That Can Take Total Control of Smartphones

NSO Group Technologies (NSO standing for Niv, Shalev and Omri, the names of the company’s founders) is an Israeli technology firm whose spyware called Pegasus enables the remote surveillance of smartphones. It was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio. It employed almost 500 people as of 2017, and is based in Herzliya, near Tel Aviv, Israel.

Pegasus is spyware developed by the Israeli cyberarms firm NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. The 2021 Project Pegasus revelations suggest that current Pegasus software is able to exploit all recent iOS versions up to iOS 14.6. According to the Washington Post and other prominent media sources, Pegasus not only enables the keystroke monitoring of all communications from a phone (texts, emails, web searches) but it also enables phone call and location tracking, while also permitting NSO Group to hijack both the mobile phone’s microphone and camera, thus turning it into a constant surveillance device.

Pegasus was discovered in August 2018 after a failed attempt at installing it on an iPhone belonging to a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. As of 2016, Pegasus was capable of reading text messages, tracking calls, collecting passwords, tracking location, accessing the target device’s microphone and camera, and harvesting information from apps. News of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever, and was the first time that a malicious remote exploit using jailbreak to gain unrestricted access to an iPhone had been detected.

On August 23, 2020, according to intelligence obtained by the Israeli newspaper Haaretz, the NSO Group was reported to have sold Pegasus spyware software for hundreds of millions of US dollars to the United Arab Emirates and the other Gulf States, for surveillance of anti-regime activists, journalists and political leaders from rival nations, with Israeli government encouragement and mediation. Later, in December 2020, Al Jazeera investigation show The Tip of the Iceberg, Spy partners, showed exclusive footage about Pegasus and its penetration into the phones of media professionals and activists, used by Israel to eavesdrop on its opponents and even its allies.

The spyware can be installed on devices running certain versions of iOS, Apple’s mobile operating system, as well as some Android devices. Rather than being a specific exploit, Pegasus is a suite of exploits that uses many vulnerabilities in the system. Infection vectors include clicking links, the Photos app, the Apple Music app, and iMessage. Some of the exploits Pegasus uses are zero-click—that is, they can run without any interaction from the victim. Once installed, Pegasus has been reported to be able to run arbitrary code, extract contacts, call logs, messages, photos, web browsing history, settings, as well as gather information from apps including but not limited to communications apps iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype.

Misuse
Although Pegasus is stated as intended to be used against criminals and terrorists, use by authoritarian governments to spy on critics and opponents has often been reported.

Use by India
In late 2019, Facebook initiated a suit against NSO, claiming that Pegasus had been used to intercept the WhatsApp communications of a number of activists, journalists, and bureaucrats in India, leading to accusations that the Indian government was involved.

Phone numbers of Indian ministers, opposition leaders, ex-election commissioners and journalists were allegedly found on a database of NSO hacking targets by Project Pegasus in 2021.

Independent digital forensic analysis conducted on 10 Indian phones whose numbers were present in the data showed signs of either an attempted or successful Pegasus hack. The results of the forensic analysis threw up shows sequential correlations between the time and date a phone number is entered in the list and the beginning of surveillance. The gap usually ranges between a few minutes and a couple of hours.

11 phone numbers associated with a female employee of The Supreme Court of India and her immediate family, who accused the former Chief Justice of India, Ranjan Gogoi, of sexual harrasment, are also allegedly found on a database indicating possibility of their phones being snooped.

Records also indicate that phone numbers of some of the key political players in Karnataka appear to have been selected around the time when an intense power struggle was taking place between the Bharatiya Janata Party and the Janata Dal (Secular)-Congress-led state government in 2019.

It was reported that the Indian government used Pegasus to spy on Pakistan Prime Minister Imran Khan and diplomats from Iran, Afghanistan, China, Nepal and Saudi Arabia.

Use by Mexican drug cartels
Reversing the intended use against criminals, Pegasus has been used to target and intimidate Mexican journalists by drug cartels and cartel-entwined government actors.

Use by Saudi Arabia
Pegasus software, whose sales are licensed by the government of Israel to foreign governments, helped Saudi Arabia spy on Jamal Kashoggi, who was later killed in Turkey.

Pegasus was also used to spy on Jeff Bezos after Mohammed bin Salman, the crown-prince of Saudi Arabia, exchanged messages with him that exploited then-unknown vulnerabilities in WhatsApp.

Race for Coronavirus Vaccine Pits Spy Against Spy

New York Times

The intelligence wars over vaccine research have intensified as China and Russia expand their efforts to steal American work at both research institutes and companies.

WASHINGTON — Chinese intelligence hackers were intent on stealing coronavirus vaccine data, so they looked for what they believed would be an easy target. Instead of simply going after pharmaceutical companies, they conducted digital reconnaissance on the University of North Carolina and other schools doing cutting-edge research.

They were not the only spies at work. Russia’s premier intelligence service, the S.V.R., targeted vaccine research networks in the United States, Canada and Britain, espionage efforts that were first detected by a British spy agency monitoring international fiber optic cables.

Iran, too, has drastically stepped up its attempts to steal information about vaccine research, and the United States has increased its own efforts to track the espionage of its adversaries and shore up its defenses.

In short, every major spy service around the globe is trying to find out what everyone else is up to.

The coronavirus pandemic has prompted one of the fastest peacetime mission shifts in recent times for the world’s intelligence agencies, pitting them against one another in a new grand game of spy versus spy, according to interviews with current and former intelligence officials and others tracking the espionage efforts.

Nearly all of the United States’ adversaries intensified their attempts to steal American research while Washington, in turn, has moved to protect the universities and corporations doing the most advanced work. NATO intelligence, normally concerned with the movement of Russian tanks and terrorist cells, has expanded to scrutinize Kremlin efforts to steal vaccine research as well, according to a Western official briefed on the intelligence.

The contest is reminiscent of the space race, where the Soviet Union and America relied on their spy services to catch up when the other looked likely to achieve a milestone. But where the Cold War contest to reach the Earth’s orbit and the moon played out over decades, the timeline to help secure data on coronavirus treatments is sharply compressed as the need for a vaccine grows more urgent each day.

“It would be surprising if they were not trying to steal the most valuable biomedical research going on right now,” John C. Demers, a top Justice Department official, said of China last month during an event held by the Center for Strategic and International Studies. “Valuable from a financial point of view and invaluable from a geopolitical point of view.”

China’s push is complex. Its operatives have also surreptitiously used information from the World Health Organization to guide its vaccine hacking attempts, both in the United States and Europe, according to a current and a former official familiar with the intelligence.

It was not clear how exactly China was using its influential position in the W.H.O. to gather information about vaccine work around the globe. The organization does collect data about vaccines under development, and while much of it is eventually made public, Chinese hackers could have benefited by getting early information on what coronavirus vaccine research efforts the W.H.O. viewed as most promising, according to a former intelligence official.

American intelligence officials learned about China’s efforts in early February as the virus was gaining a foothold in the United States, according to current and former American officials. The C.I.A. and other agencies closely watch China’s moves inside international agencies, including the W.H.O.

The intelligence conclusion helped push the White House toward the tough line it adopted in May on the W.H.O., according to the former intelligence official.

Besides the University of North Carolina, Chinese hackers have also targeted other universities around the country and some may have had their networks breached, American officials said. Mr. Demers said in his speech that China had conducted “multiple intrusions” beyond what the Justice Department revealed in an indictment in July, which accused two hackers of working on behalf of China’s Ministry of State Security spy service to pursue vaccine information and research from American biotechnology companies.

The F.B.I. warned officials at U.N.C. in recent weeks about the hacking attempts, according to two people familiar with the matter. The Chinese hacking teams were trying to break into the computer networks of the school’s epidemiology department but did not infiltrate them.

A U.N.C. spokeswoman, Leslie Minton, said that the school “regularly receives threat alerts from U.S. security agencies.” She directed further questions to the federal government, but said the school had invested in “around-the-clock monitoring” to “help guard against advanced persistent threat attacks from state sponsored organizations.”

Besides hacking, China has pushed into universities in other ways. Some government officials believe it is trying to take advantage of research partnerships that American universities have forged with Chinese institutions.

Others have warned that Chinese intelligence agents in the United States and elsewhere have tried to collect information on researchers themselves. The Trump administration ordered China on July 22 to close its consulate in Houston in part because Chinese operatives had used it as an outpost to try to make inroads with medical experts in the city, according to the F.B.I.

Chinese intelligence officials are focused on universities in part because they view the institutions’ data protections as less robust than those of pharmaceutical companies. But spy work is also intensifying as researchers share more vaccine candidates and antiviral treatments for peer review, giving adversaries a better chance of gaining access to formulations and vaccine development strategies, said an American government official briefed on the intelligence.

So far, officials believe that foreign spies have taken little information from the American biotech companies they targeted: Gilead Sciences, Novavax and Moderna.

At the same time the British electronic surveillance agency G.C.H.Q. was learning about the Russian effort and American intelligence learned of the Chinese hacking, the Department of Homeland Security and F.B.I. dispatched teams to work with American biotech teams to bolster their computer networks’ defenses.

The Russian effort, announced by British, American and Canadian intelligence agencies in July, was primarily focused on gathering intelligence about research by Oxford University and its pharmaceutical corporate partner, AstraZeneca.

The Russians caught trying to get vaccine information were part of the group known as Cozy Bear, a collection of hackers affiliated with the S.V.R. Cozy Bear was one of the hacking groups that in 2016 broke into Democratic computer servers.

Homeland security officials have warned pharmaceutical companies and universities about the attacks and helped institutions review their security. For the most part, officials have observed the would-be vaccine hackers using known vulnerabilities that have yet to be patched, not the more exquisite cyberweapons that target unknown gaps in computer security.

No corporation or university has announced any data thefts resulting from the publicly identified hacking efforts. But some of the hacking attempts succeeded in at least penetrating defenses to get inside computer networks, according to one American government official. And hackers for China and Russia test weaknesses every day, according to intelligence officials.

“It is really a race against time for good guys to find the vulnerabilities and get them patched, get those patches deployed before the adversary finds them and exploits them,” said Bryan S. Ware, the assistant director of cybersecurity for the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency. “The race is tighter than ever.”

While only two teams of hackers, one each from Russia and China, have been publicly identified, multiple hacking teams from nearly all the intelligence services of those two countries have been trying to steal vaccine information, according to law enforcement and intelligence officials.

Russia announced on Aug. 11 that it had approved a vaccine, a declaration that immediately aroused suspicion that its scientists were at least aided by its spy agencies’ work to steal research information from other countries.

American officials insist their own spy services’ efforts are defensive and that intelligence agencies have not been ordered to steal coronavirus research. But other current and former intelligence officials said the reality was not nearly so black and white. As American intelligence agencies try to find out what Russia, China and Iran may have stolen, they could encounter information on those countries’ research and collect it.

Officials expressed concerns that further hacking attempts could hurt vaccine development efforts. Hackers extracting data could inadvertently — or purposefully — damage research systems.

“When an adversary is doing a smash-and-grab, there is even more likely a chance of not just stealing information but somehow disrupting the victim’s operations networks,” Mr. Ware said.

While some of Russia’s and China’s spying may have been aimed at checking their own research or looking for shortcuts, some current and former officials raised the possibility that the countries sought instead to sow distrust in an eventual vaccine from Western countries.

Both Russia and China have already spread disinformation about the virus, its origins and the American response. Russian intelligence services in particular are laying the groundwork for a more aggressive effort to escalate the anti-vaccine movement in the West and could use the allegations of spying to give its narrative greater traction.

Russia has a long record of trying to amplify divisions in American society. Current and former national security officials said they expect Russia to eventually spread disinformation about any vaccine approved in the West.

“This case seems to be a throwback to the old Soviet Union,” said Fiona Hill, the former National Security Council official and Russia expert who testified in the impeachment hearings against President Trump. “Russia and the Chinese have been out there on disinformation campaigns. How better to create confusion and weaken the U.S. further than to whip up the antivax movement? But you make sure all your guys are vaccinated.”

Super Secure Secret Shield Entrance

Maxwell Smart entering the headquarters of CONTROL.

Get Smart is an American comedy television series parodying the secret agent genre that became widely popular in the first half of the 1960s with the release of James Bond films. The program was created by Mel Brooks and Buck Henry and had its television premiere on NBC on September 18, 1965. The show stars Don Adams (who also worked as a director on the series) as agent Maxwell Smart (Agent 86), Barbara Feldon as Agent 99, and Edward Platt as Thaddeus the Chief. Henry said that they created the show at the request of Daniel Melnick to capitalize on James Bond and Inspector Clouseau, “the two biggest things in the entertainment world today”. Brooks described it as “an insane combination of James Bond and Mel Brooks comedy.”

How the CIA Stole a Soviet Satellite

In a scheme worthy of Mission Impossible, CIA agents hijacked a Soviet spacecraft and probed its secrets.

When did this happen? That’s classified, as is the country where the caper occurred. In the declassified article on the subject in Studies in Intelligence, a CIA journal, much of the text has been blacked out by the agency’s censors.

But the article, released by the National Security Archive watchdog group, is full of tantalizing clues. Not to mention, it’s a great spy yarn.

The theft occurred when the Soviets sent one of their Lunik—also known as Lunasatellites for an exhibition tour of several nations in the early days of the Space Race. The CIA naturally was interested in the Luna probes, of which more than 40 attempted to orbit or land on the moon between 1958 and 1974.

The article in the winter 1967 issue Studies in Intelligence refers to the incident happening “a number of years ago,” so it probably occurred in the early 1960s. The Soviets were scoring propaganda points from their technological prowess by displaying a Luna satellite.

The CIA figured the Soviets weren’t crazy enough to send a real Luna overseas, but they decided to take a peek anyway at an exhibition in one city. With commendable discretion, the article recalls that after the exhibition closed, “a group of intelligence officers had unrestricted access to the Lunik for some 24 hours.”

In other words, American spies sneaked in for an unauthorized private viewing.

American agents were surprised to discover that it was indeed a real Luna, minus its engine and electrical components. Eager to get another look, the CIA sent its industrial experts on another black operation to photograph the craft’s equipment markings, which they hoped would divulge clues about Soviet space production.

But when the exhibition moved to yet another city—one source says it was in Mexico—the satellite had a 24-hour Soviet guard. So much for breaking into the exhibit again.

Ah, but U.S. spies discovered that after the show, the Luna would be transported by a truck to a railroad station and then on to the next city. Could this the break they needed? Maybe divert the freight car onto a railroad siding for a night? Nope, not feasible.

Then how about hijacking the truck on the way to the rail station?

The CIA arranged for the Luna to be on the last truck leaving the exhibition that night. After making sure that Soviet guards weren’t escorting the vehicle, “the truck was stopped at the last possible turn-off, a canvas was thrown over the crate, and a new driver took over.”

What happened to the original truck driver? The CIA history only says that he was “escorted to a hotel room and kept there for the night.” How he was “detained” isn’t clear, but it wouldn’t be surprising if money, liquor or prostitutes were involved.

Fortunately, the Soviet representative at the rail yard waited a little while and then went to his hotel room without raising an alarm.

Now the CIA technicians got to work. Standing on ladders, they broke into the 14-foot-high crate, partially disassembled the spacecraft—including removing 130 bolts from a hatch to the engine compartment—and photographed the insides.

The work began at 7:30 PM. At 5:00 AM, Luna was back on the truck and the original driver delivered it to the rail yard.

When the Soviet representative returned at 7:00 that morning, he found the truck and the spacecraft waiting for him, with no one the wiser.

What did this covert operation obtain? Analysis of the factory markings revealed the “probable identification of this Luna stage, the fact that it was the sixth one produced [and] identification of three electrical producers who supplied components,” as well as other clues to the Soviet space program, according to the CIA article.

Did it make a difference to the outcome of the Space Race? Probably not. By 1967, the Soviet Union was already falling behind, as the U.S. prepared for the Apollo landings two years later.