An interesting story worthy of inspiring books and TV shows is unfolding in Norway. The Minister of Fisheries, Per Sandberg (born 1960), from the Progress Party (a populist right party), spent his summer holiday in Iran together with his new girlfriend, a 28-year old former beauty queen who fled to Norway do escape forced marriage when she was 16. The minister brought his smartphone, where he has access to classified information systems. He forgot to inform the prime minister before after he left, a breach of security protocol. He ignored security advice from the Norwegian security police, responsible for national security issues and counter-intelligence. He is still a member of the cabinet. This post is an attempt at making sense of this, and what the actual risk is. A lot of people in Norway have had their say in media about this case, both knowledgeable voices, and less reasonable ones.

Some context: Norwegian-Iranian relations

Traditionally there has been little trade between Iran and Norway. Recently, following the nuclear agreement between Iran and the US, UK, France, China, Russia and Germany this has started to change. Norway has seen significant potential for exports to Iran of fish and aquaculture technologies. In the last year or so, Minister Sandberg has been central to this development (see timeline further down on Sandberg’s known touch points with Iran).

In the Norwegian public skepticism of the Iranian regime is high, and there has been vocal criticism of establishing trade relationships over human rights concern.

The Norwegian Iranian interest spheres are also intersecting in the Middle East. Iran has established tighter relations with Russia since 2016 when it started to allow Russian bombers to take off from Iranian air force bases for bombing missions inside Syria. The Norwegian-Russian relations are strained, following the response of NATO and the EU to Russian operations in the Ukraine, influencing of western elections and a general intensification of cyber operations against Norwegian targets (see open threat assessment from Norwegian military intelligence: https://forsvaret.no/fakta/undersokelser-og-rapporter/fokus2018/rapport (in Norw.). Operations against Norwegian government officials by Iranian services may thus also be driven by other interests of Iran than direct Norwegian-Iranian relations.

Sandberg: who is he and what could make him a viable target for intelligence operations?

This is a presentation of Sandberg taken from the web page of the Ministry of Trade, Industry and Fisheries (https://www.regjeringen.no/no/dep/nfd/organisation/y-per-sandberg/id2467677/). Note that his marital status is “married” – but he separated from his wife in May 2018. Sandberg is a vocal figure in Norwegian politics. He has been known to be against immigration and a supporter of strict immigration laws. He has repeatedly been accused of racism, especially by the opposition. He has long held top positions in the Progress Party, which has been a part of a coalition cabinet together with the conservatives (Høyre), and more recently also with the moderately liberalist party “Venstre” (meaning left but it is not a socialist party). Sandberg is known for multiple controversies, summarized on this Wikipedia page: https://en.wikipedia.org/wiki/Per_Sandberg#Controversies. This involves addressing the parliament after having too much to drink, losing his driver’s license due to speeding and finally he was also convicted for violence against an asylum seeker in 1997.

Sandberg has been married since 2010 to 2018 to Line Miriam Sandberg, who has been working as a state secretary for the Ministry of Health since 2017. They recently separated.

His new girlfriend

Sandbergs new girlfriend came to Norway when she was 16 (or 13/14 the first time according to some sources) to flee forced marriage to a 60-year old man in Iran. She is now a Norwegian citizen and is 28 years old. She has participated in several beauty contests in 2013-2014. After she first came to Norway, she was not granted asylum and returned to Iran. Iran sent her back to Norway again because she did not have any identification papers when arriving, and she was adopted by a Norwegian family. A summary of known facts about Letnes and how she gained access to Iran after being returned to Norway without ID papers when she was a teenager was written in Norwegian by Mahmod Fahramand (https://www.nettavisen.no/meninger/farahmand/per-sandbergs-utfordring/3423519653.html). Farahmand is currently a consultant with the auditing and consulting firm BDO and has background from the Norwegian armed forces. He often writes opinion pieces about security related topics. To summarize some of Farahmand’s points.

• Letnes was returned to Norway and was later adopted by her foster family
• She has been a “go-to-person” for journalists wanting to get in touch with Iranian officials and has been known to have close relationships with the Iranian embassy in Oslo
• Iran does not allow Iranian-born indivdiuals to enter Iran without an Iranian passport. If they do not have this, they will need to get access to their birth certificate or otherwise prove to the Iranian government that they in fact have a right to an Iranian passport. Since Letnes fled Iran to seek protection from the threat of her family, it seems she must have gotten access to this without contacting her family, Farahmand argues.

Letnes had her application for asylum turned down 3 times before getting it approve. The reason for the change of the decision of the immigration authorities in 2008 is not known (Norw: https://www.nrk.no/trondelag/–jeg-er-kjempeglad-1.6236578). In addition, it has become known in media in the last few days that Letnes applied for a job with Sandberg’s ministry, suggesting she could act as a translator and guide for Sandberg’s communications with Iran in matters related to fishery and aquaculture trade, which she did not get. Sandberg denied any knowledge of this prior to media inquiring about it. The job application was sent in 2016. She also registered a sole proprietorship in January this year, B & H GENERAL TRADING COMPANY. BAHAREH LETNES, a company to trade with Iran in fish, natural gas, oil and technology (corporate registration information: https://w2.brreg.no/enhet/sok/detalj.jsp?orgnr=920188095). The company has according to Letnes not had any activity so far, according to media reports.

A honeytrap? Possibly. A security breach? For sure.

The arguments from Farahmand’s article above, together with the fact that Letnes tried to get a job for Sandberg in 2016, could easily indicate that Letnes sought to get close to Sandberg. She has sought multiple touchpoints with him since he was appointed Minister of Fisheries in 2015.

This would be a classical honeytrap, although a relatively public one. Sandberg has failed to follow security protocol on many occasions in his dealings with Letnes and Iran. Obvious signs of poor security awareness on behalf of the Minister:

• He brought his government issued cell phone to Iran and left it unattended for longer periods of time where they stayed at the time
• He did not tell the office of the Prime Minister about his travel to Iran before leaving. This is a breach of security protocol for Norwegian ministers
• His separation from his wife became known in May this year
• He has announced his “original vacation plans got smashed, so the trip to Iran was a last-minute decision”. He was supposed to go on holiday to Turkey, which he had also reported to his Ministry and the office of the Prime Minister, in accordance with security protocol (Norw: https://www.aftenposten.no/norge/politikk/i/e1xzJO/Fiskeriminister-Per-Sandberg-bekrefter-at-han-reiste-til-Iran-uten-a-informere-departementet-eller-statsministeren )
• The Norwegian government was made aware of Sandberg’s presence in Iran when they received an e-mail from the Iranian embassy in Oslo, requesting official meetings with Minister Sandberg while he was in Iran

Iranian TTP

According to Kjell Grandhagen, former head of Norwegian military intelligence, Iran has a very capable and modern intelligence organization. He holds it as highly likely that Sandberg’s government issued phone, which he left unattended a lot of the time while in Iran, has been hacked (https://www.digi.no/artikler/tidligere-sjef-for-e-tjenesten-tror-per-sandbergs-mobil-har-blitt-hacket/442930). According to this CSO summary, Iran has serious capabilities within both HUMINT and cyber domains. Considering the known cyber capabilities of Iran, and the looming sanctions from the Trump administration, getting both information and leverage over a key politician in a NATO country becomes even more interesting, not only to Iran but also to Russia.

Coming back to Iran’s more recent tighter cooperation with Russia, it is not unlikely that they are also initiating a closer relationship when it comes to intelligence gathering. The use of honey traps has been a long-standing Russian tactic for information gathering and getting leverage over decision makers. In 2015, Norwegian police warned against Russian intelligence operations targeting politicians, including the use of honey traps (https://finance.yahoo.com/news/norwegian-police-warning-citizens-against-195510994.html).

A summary: why is he still in office?

The facts and arguments presented above should indicate two things very clearly:

• Based on publicly known information, it is clearly possible that Iranian intelligence is targeting Per Sandberg. They may have an asset close to him, as well as having had physical access to his smartphone that has direct access to classified information systems.
• Further, Sandberg has broken established security protocol, and although admitting this, he does not seem to appreciate the potential impact

The effect of a top leader not taking security seriously is very unfortunate. Good security awareness in an organization depends heavily on the visible actions of its people at the top – in business as well as in politics. A breach of security policy without getting any personal consequences on this level sends a very poor message to other politicians and government officials. It also sends a message to adversaries that targeting top-level politicians is likely to work, even if there are numerous indicators of a security breach. There should be no other possible conclusion of this than relieving Mr. Sandberg of his position – which would set him free to further develop his relationship with the Iranian beauty queen.