Schneier on Security

Vulnerability Researcher • May 20, 2015 12:56 PM

@Andrew Wallace

The “Cyber Cold War” has been going on since the Cold War, the eighties. eg, ‘Cuckoo’s Egg”. Before then sci tech espionage was going on all along, eg, Russia would implant or hire people at IBM in Europe a long ways back to try and get information about computing systems and steal the technology.

From the 90s on it was very much hot.

Manhattan Project for Cyber Security, 1995:
https://news.google.com/newspapers?id=hKRSAAAAIBAJ&sjid=m28DAAAAIBAJ&pg=6819,244612&dq=clinton+manhattan-project+computer+cyber&hl=en

This was not just Russia and the US, however, it also engaged China and other countries.

In the 2000s, it became very hot, with China attacking the US WhiteHouse with the Code Red virus. (This was attributed to Chinese non-government, however it happened at the same time China was beginning to ramp up attacks on US Government and Corporations. China often used plausibly deniable actors, including hackers whom they hired, and plausibly deniable attack code. Eventually this got bad enough that counterintelligence in the US went forward with disclosing details and encouraging some businesses to make public disclosures on the attacks.)

Right now, many countries are hacking each other regularly, and this has been increasingly intense since the 2000s. It was regularly big news, however, even ten years ago.

Vulnerability Researcher • May 20, 2015 3:35 PM

@Z.Lozinski

The published evidence suggests that it was East Germany and Japan that conducted operations against IBM in the 1980s.

The Sword and the Shield: The Mitrokhin Archive and the …
https://books.google.com/books?isbn=0465003125
Christopher Andrew, ‎Vasili Mitrokhin – 2000 – ‎History
The KGB’s main source of computer S&T was, almost certainly, IBM, which manufactured over half the computers in use around the world in the mid-1960s.

Google search: “Sword and the Shield” IBM

Google search: Mitrokihn IBM would likely reveal even more documentation. As ‘the Sword and the Shield’ series was three massive volumes, and, if I recall, there was documentation about S&T operations through them all.

I am not saying Japan and East Germany did not. I am not surprised they were engaged in these activities. At the time East Germany was a satellite country of Russia, they took orders, shared intelligence, and were funded.

An enlightening return can be found by the following search: “Sword and Shield” East Germany.

Military intelligence and “civilian” intelligence often do not cross wires. They do tend to have some very interesting cases, however. But I do not consider them anywhere near as effective as CIA. CIA has more resources and a strong game plan of operating agent/informant networks, which tends to be a highly effective means of operation though prone to high “false positive” rates due to the ‘double agent’ problem… and especially the problem of relying on sources working for money. Paid testimony is very often suspect. Though there will always be those with clear political and religious beliefs that run contrary to their mothering regime, and relatively, these are easy to find out and difficult to fake.

Russia did rely extensively on S&T espionage. The reasons for this are obvious: their system was extremely poor for being conducive for innovation. Many of their great advances were simply clones from the US and European sources. They were frequently far behind the times, however. It took a long time for them to process the intelligence product they achieved. So they were very often ten and more years behind, even if their intelligence was often fresh.

Vulnerability Researcher • May 20, 2015 3:55 PM

@Slime Mold with Mustard

A far more interesting prospect is that, should the object of such tracing become aware of it, they could use it against their watchers in myriad devastating ways; Throw a little on to the tires of lead missile researcher, put a bit where that Central Committee member often has lunch, sprinkle some in that café just off Dzerzshinski Square…If this sounds like a mere prank, please recall Beria and the Red Army Purge of 1941.

It seems it would be invaluable to protect an asset where their cover was considered blown but they were allowed to walk around. At least one case this happened, and the Brits were intent on getting them out of Moscow. They were aware of the possibility of spy dust being applied to the individual. How interesting it would have been had they been able to dust a wide variety of people around where he had foot traffic, to throw them off.

Moscow showtrials did not require much evidence, but yes, planting evidence can be very serious and making moles where there are none is an excellent tactic to use.

Entirely necessary, at times, to protect real moles.

Very good for exhausting resources of counterintelligence.

In tyrannical regimes, the more isolated and tyrannical they are, the more rabid they are in tracking down traitors… and the more willing they are in persecuting innocents, loyal members of their own team.

They are also very eager to blame anything and everything on their enemy, so getting them to attribute blame where there is none is a highly effective strategy for loosening the screws that connect their mind to their body. 🙂

Good examples, I think my favorite is when some nations were saying the US has an ‘earthquake ray gun’, publicly.

Lol, they could not have more severely undermined what little credibility they had left on the world stage. 🙂

Mossad, Shin Bet, and US intelligence forces especially profit from these sorts of endeavors because their worst enemies are so inclined, naturally, to the most absurd sort of conspiracy theories. While that sort of slander typically is negative and destructive, in the end game, it works against the slanderers more then they could ever possibly imagine.

Vulnerability Researcher • May 20, 2015 5:15 PM

@Z.Lozinski

Thank-you for the reference and the links. Looking at the bookmark, seems I got interrupted when reading Mitrokihn. Time to re-read it … thanks for the prompt

Aye, and thank you, again. Picked up that Stasi book. Was especially interesting to read from you that opened archives helped comprise a lot of that content.

Yes you are right, but I think the truth is more complex. If you look at the design of nuclear weapons Kharilton and Sakharov had clearly worked it our for themselves, but Joe-I was a copy of the Manhattan Project Fat-Man design for political reasons. For computing, we are now seeing publications on early computing behind the Iron Curtain. Some of the early designers did their own thing before the ES EVM clones of the IBM 360/370 range

Yes, I am aware they were making independent research into that area, and were, for instance, far more along already then the Germans were.

I should note: my perception of Russian culture is – for whatever reason – highly conducive to significant intellectual accomplishments. But, like China, they have been in a mire for centuries due to poor government.

Russian hackers tend to be among the most sophisticated, from their vulnerability analysts to those who actually break into systems. Their intelligence services have a multi-century record of really scary activity. In many ways they were far more advanced then any of the other Western intelligence services.

From my reading on the nuclear project, the consensus of the sources cited seems to have been it was a consistent, neck and neck race. The successful Russian penetration of the Manhattan Project is one of the most daring and successful espionage programs ever enacted.

I am not too much up on Russian technological advances, but one of my favorite examples, is the work performed in some eavesdropping devices, especially the one employed in the great seal of the US at the Moscow embassy.

That was a staggering advance in technology, and has an interesting back story.

There are, though, many points of failure through it all. But, to be fair, they attempted and achieved staggering results through the Cold War. And up to this day.

Not so impressed with the implementation of their Directorate S program. Asians have been far more successful at implementing those manner of programs. eg, Vietnam and China.

But it is the only western example which is known of even attempting to do anything like that. 🙂 And, from a respect level, one must give them a hat tip for at least trying.