The Null Device
Posts matching tags 'tradecraft'
In the US, the FBI recently arrested ten alleged Russian spies, who had been sent to the US in the 1990s, assuming American identities and attempting to befriend influential businessmen and weapons scientists. More details on the alleged spies (and more here); by all accounts, it seems that they weren't spectacularly successful at stealing secrets; one or two of them were better at milking their expense accounts, but others seemed to have lost the trust of their handlers; their tradecraft also seemed rather old-school, with the addition of a few new twists such as uploading data to surreptitious WiFi access points in cars. Meanwhile, David Wolstencroft, the creator of BBC spy series Spooks, describes the incident as Smiley's People with a laughtrack.
Some of the alleged spies took the cover of married couples; apparently they were paired up in Russia by their handlers and given their identities, before moving to America and actually having children together as part of their cover. The children are now in state custody, and their parents, should they end up in federal supermax prison or deported to Russia, are unlikely to see them again. I wonder whether hypothetical American sleeper agents abroad would go to quite that extent to maintain a cover or whether that degree of acceptance of individual sacrifice (both on the agents' part and that of the children brought into the world essentially as cover props) for a collective goal is specific to Russian culture.
Meanwhile, according to MI5, the number of Russian spies in London is up to cold war levels.
A 1978 article on how to identify a CIA agent under diplomatic cover; back then, it was fairly easy to do so by simple techniques such as looking at US embassy personnel records and seeing who hangs out with whom at diplomatic dos.
Of course, they may well have tightened things up in the past 32 or so years.
- The CIA usually has a separate set of offices in the Embassy, often with an exotic-looking cipher lock on the outside door. In Madrid, for example, a State Department source reports that the Agency occupied the whole sixth floor of the Embassy. About 30 people worked there; half were disguised as "Air Force personnel" and half as State "political officers." The source says that all the local Spanish employees knew who worked on what floor of the Embassy and that visitors could figure out the same thing.
- CIA personnel usually stick together. When they go to lunch or to a cocktail party or meet a plane from Washington, they are much more likely to go with each other than with legitimate diplomats. Once you have identified one, you can quickly figure out the rest.
- The CIA has a different health insurance plan from the State Department. The premium records, which are unclassified and usually available to local employees, are a dead giveaway.
- The Agency operative is taught early in training that loud background sounds interfere with bugging. You can be pretty sure the CIA man in the Embassy is the one who leaves his radio on all the time.
A piece on counter-surveillance tactics used by terrorist suspects. In summary, they go out of their way to appear assimilated and un-religious, discuss plans in remote wilderness locations or online pornography sites (what, no Second Life/World of Warcraft?), use Skype (which is difficult to tap) and speak in code:
Wiretap transcripts and other court records show that the cell of North African immigrants tried hard to blend into Italian society, working regular jobs, sending their children to public schools and taking pains not to appear unusually religious. When they did talk on the phone, they often adopted a roundabout or obtuse manner that masked their real meaning.
"Taxi drivers," Redouane el Habab said, referred to suicide bombers; explosives were "dough." Anybody who had to go to "the hospital," he added, had been taken to jail, while those visiting "China" were really attending training camps in Sudan.
After alleged British spies were caught in Russia using a wireless receiver hidden inside a rock to communicate with recruits (though it has been suggested that the story was partly if not wholly made up by Russian government agencies to justify a crackdown on non-government organisations), security guru Bruce Schneier's blog discusses the possibility of wireless "dead drops"; and, if anything, there would be less easily detectable ways of doing it than hiding a device in a rock:
Even better, hide your wireless dead drop in plain sight by making it an open, public access point with an Internet connection so the sight of random people loitering with open laptops won't be at all unusual.
To keep the counterespionage people from wiretapping the hotspot's ISP and performing traffic analysis, hang a PC off the access point and use it as a local drop box so the communications in question never go to the ISP.And various commenters propose other suggestions for undetectable ways of passing spy information to otherwise innocent-looking WiFi access points, and receiving it afterwards:
Replace one access point at a support provider for Starbucks and then have someone figure out which one it is after it's up. Use an asic mac filter to send traffic to a special part of the access point itself.
Port knocking on that dangling PC. The PC stays in stealth mode and only replies (briefly) when knocked upon.
Even better, how about hacking one's wireless configuration manager to hide the contraband data in unused header fields, passing it to a similarly hacked access point that would be an otherwise functional dead end. The spy's laptop wifi antenna could be accidentally left activated and innocently trying to associate with whatever WAP it sees (like my wife's does in our neighborhood). Hit the right WAP(s) and the data is passed.And then there is this suggestion:
All that spam you get in your in-box is merely steganography. The word "viagra" isn't mis-spelled to get around the spam filters, it's a complicated encoding allowing the spammers and their prospective recipients to exchange messages without anyone suspecting that there are people who want the message in the message. That's why spammers don't care if they send it to people who don't want it, their goal is to make people think of their communications as discardable trash, rather than something that may have a value.
A fascinating article from the CIA describing, in some detail, the working career of a spy in the Soviet Union, from his volunteering to help the US in the late 1970s, through his delivery of key details of Soviet aircraft technology, and ultimately to his arrest in 1985 (he was subsequently found guilty of high treason and executed), and describing points of tradecraft such as methods of covert communication under the noses of the KGB, as well as mundane details of his daily life and psychological motivations:
Another technique that was used to defeat KGB surveillance was to disguise the identity of the case officer being sent out to meet with Tolkachev. This technique was first used in this operation in June 1980. John Guilsher drove to the US Embassy building at about 7:20 p.m., ostensibly having been invited to dinner at the apartment of an Embassy officer who lived there. Once inside, he disguised himself so that when he later left the compound in another vehicle, he would not be recognized by KGB surveillants waiting outside. Checking to ensure that he was free of surveillance, Guilsher, while still in the vehicle, changed out of his western clothes and made himself look as much as possible like a typical, working-class Russian by putting on a Russian hat and working-class clothes, taking a heavy dose of garlic, and splashing some vodka on himself. Guilsher then left his vehicle and proceeded on foot and by local public transportation to a public phone booth, where he called the agent out for a meeting at a prearranged site.
The periodically heavy KGB surveillance on various case officers, often without any apparent logic, did, however, force the CIA to become more creative in its personal-meeting tradecraft. A new countersurveillance technique that was used for this operation involved what was called a "Jack-in-the-Box" (JIB). A JIB (a popup device made to look like the upper half of a person) allowed a case officer to make a meeting with an agent even while under vehicular surveillance.
Typically, a JIB would be smuggled into a car disguised as a large package or the like. Subsequently Tolkachev's case officer and other station personnel would set out in the car many hours before a planned meeting with the agent. Following a preplanned route, the driver at some point would make a series of turns designed to provide a brief period when the trailing surveillance car would lose sight of the car containing the case officer and other CIA personnel. After one of these turns, Tolkachev's case officer would jump from the slowly moving vehicle, at which time the driver would activate the JIB. The JIB would give the appearance to any trailing surveillance team of being the missing case officer. The car would then continue its route, eventually arriving at a given destination, usually the home of one of the other CIA personnel in the car. The JIB, again concealed in a large package, would then be removed from the car.
One of Tolkachev's former case officers recalls that Tolkachev would periodically brainstorm on the subject, suggesting wildly improbable scenarios, such as having the CIA fly a specially made light aircraft into a rural area of the Soviet Union, where Tolkachev and his family could be picked up. When discussing that particular possibility, he noted that the only problem might be that such an aircraft designed to evade Soviet aircraft detection systems might have trouble accommodating his wife, due to her weight!The piece concludes, quoting grudging praise from KGB officers for the way the CIA ran this model agent, and noting that his son is apparently now a prominent architect in Russia, suggesting that he successfully protected his family from the consequences of his capture.
A good piece looking at how Bin Laden's terrorists organised and communicated. And no, it doesn't include encrypted messages in pornographic JPEGs and pirated MP3s. (Or, indeed, much in the way of encryption at all.)
The hijackers, many of whom lived in the United States for years, obeyed. They shaved their beards and wore western clothes. They hid their Korans. Some joined gyms and chatted about sports to neighbours. They took flying lessons and even military courses at US academies. Some brought their families to stay, warning them to flee at the last possible moment before the carnage began. They ate western food, and some even drank. No doubt they shopped at Walmart, and watched the Simpsons on TV. The Manchester terror manual even warned them "don't break parking regulations".
Even now, as US forces move in for the kill, bin Laden's satellite phone has not been cut off. But calls to the terrorist leader are going unanswered. His international phone number - 00873 682505331 - was disclosed during a trial, held in New York earlier this year. Caller to his once-active satellite link now hear only a recorded messages saying he is "not logged on".