Page 14 of 20
You’d think the country would already have one of these:
Israel is mulling the creation of a counter-cyberterrorism unit designed to safeguard both government agencies and core private sector firms against hacking attacks.
The proposed unit would supplement the efforts of Mossad and other agencies in fighting cyberespionage and denial of service attacks.
Newspapers are reporting that, for about a month, hackers had access to computers “of at least 10 federal ministers including the Prime Minister, Foreign Minister and Defence Minister.”
That’s not much of a surprise. What is odd is the statement that “Australian intelligence agencies were tipped off to the cyber-spy raid by US intelligence officials within the Central Intelligence Agency and the Federal Bureau of Investigation.”
How did the CIA and the FBI know? Did they see some intelligence traffic and assume that those computers were where the stolen e-mails were coming from? Or something else?
This is cool:
Tristan Lawry, doctoral candidate in electrical and computer engineering, has developed equipment which can transmit data at high rates through thick, solid steel or other barriers. Significantly, Lawry’s kit also transmits power. One obvious application here would be transmission through the steel pressure hull of a submarine: at the moment such hulls must have hundreds of penetrations for power and data cables, each one adding expense, weight and maintenance burden.
What’s interesting is that this technology can be used to transmit through TEMPEST shielding.
If you had the through-metal technology now reinvented by Lawry, however, your intruder—inside mole or cleaner or pizza delivery, whatever—could stick an unobtrusive device to a suitable bit of structure inside the Faraday cage of shielding where it would be unlikely to be found. A surveillance team outside the cage could stick the other half of the kit to the same piece of metal (perhaps a structural I-beam, for instance, or the hull of a ship) and they would then have an electronic ear inside the opposition’s unbreachable Faraday citadel, one which would need no battery changes and could potentially stay in operation for years.
Spooks might use such techniques even where there was no Faraday cage, simply to avoid the need for battery changes and detectable/jammable radio transmissions in ordinary audio or video bugs.
Naturally, if you knew how such equipment worked you might be able to detect or block it—hence the understandable plea from the British spooks to BAE to keep the details under wraps.
Unfortunately for the spooks, Lawry has now blown the gaff: his equipment works using ultrasound. His piezo-electric transducers send data at no less than 12 megabytes a second, plus 50 watts of power, through 2.5 inches of steel—and Lawry is confident that this could easily be improved upon. It seems certain that performance could be traded for range, to deal with the circumstances faced by surveillance operatives rather than submarine designers.
Roger Grimes has an article describing “the seven types of malicious hackers.” I generally like taxonomies, and this one is pretty good.
He says the seven types are:
I wrote a lot last year about the assassination of Mahmoud al-Mabhouh in Dubai. There’s a new article by an Israeli investigative journalist that tells the story we already knew, and adds a bunch of interesting details. Well worth reading.
Old—but recently released—document discussing the bugging of the Russian embassy in 1940. The document also mentions bugging the embassies of France, Germany, Italy, and Japan.
An article from The Economist makes a point that I have been thinking about for a while: the modern technology makes life harder for spies, not easier. It used to be the technology favored spycraft—think James Bond gadgets—but more and more, technology favors spycatchers. The ubiquitous collection of personal data makes it harder to maintain a false identity, ubiquitous eavesdropping makes it harder to communicate securely, the prevalence of cameras makes it harder to not be seen, and so on.
I think this an example of the general tendency of modern information and communications technology to increase power in proportion to existing power. So while technology makes the lone spy more effective, it makes an institutional counterspy organization much more powerful.
This is from Atomic Bombing: How to Protect Yourself, published in 1950:
Of course, millions of us will go through our lives never seeing a spy or a saboteur going about his business. Thousands of us may, at one time or another, think we see something like that. Only hundreds will be right. It would be foolish for all of us to see enemy agents lurking behind every tree, to become frightened of our own shadows and report them to the F.B.I.
But we are citizens, we might see something which might be useful to the F.B.I. and it is our duty to report what we see. It is also our duty to know what is useful to the F.B.I. and what isn’t.
[…]
If you think your neighbor has “radical” views—that is none of your or the F.B.I.’s business. After all, it is the difference in views of our citizens, from the differences between Jefferson and Hamilton to the differences between Truman and Dewey, which have made our country strong.
But if you see your neighbor—and the views he expresses might seem to agree with yours completely—commit an act which might lead you to suspect that he might be committing espionage, sabotage or subversion, then report it to the F.B.I.
After that, forget about it. Mr. Hoover also said: “Do not circulate rumors about subversive activities, or draw conclusions from information you furnish the F.B.I. The data you possess might be incomplete or only partially accurate. By drawing conclusions based on insufficient evidence grave injustices might result to innocent persons.”
In other words, you might be wrong. In our system, it takes a court, a trial and a jury to say a man is guilty.
It would be nice if this advice didn’t seem as outdated as the rest of the book.
By Russian spies:
Ricci said the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches.
EDITED TO ADD (7/2): More information.
Sidebar photo of Bruce Schneier by Joe MacInnis.