Page 18 of 19
This is a collection of “spy equipment” we have found for sale around the internet. Everything here is completely real, is sold at online stores, and almost any item listed here costs less than $500, and often times can be bought for less than $200.
What’s interesting to me is less what is available commercially today, but what we can extrapolate is available to real spies.
According to The Guardian:
Five senior Vodafone technicians have been accused of being the operational masterminds of an elaborate eavesdropping scandal enveloping the mobile phone giant’s Greek subsidiary.
The employees, named in a report released last week by Greece’s independent telecoms watchdog, ADAE, allegedly installed spy software into Vodafone’s central systems.
Still no word on who the technicians were working for.
I’ve written about this scandal before: here, here, and most recently here.
Back in February, I wrote about a major wiretapping scandal in Greece. The Wall Street Journal has a really interesting article (link only good for a week, unfortunately) about it:
Behind the bugging operation were two pieces of sophisticated software, according to Ericsson. One was Ericsson’s own, some basic elements of which came as a preinstalled feature of the network equipment. When enabled, the feature can be used for lawful interception by government authorities, which has become increasingly common since the Sept. 11 terror attacks. But to use the interception feature, operators like Vodafone would need to pay Ericsson millions of dollars to purchase the additional hardware, software and passwords that are required to activate it. Both companies say Vodafone hadn’t done that in Greece at the time.
The second element was the rogue software that the eavesdroppers implanted in parts of Vodafone’s network to achieve two things: activate the Ericsson-made interception feature and at the same time hide all traces that the feature was in use. Ericsson, which analyzed the software in conjunction with Greece’s independent telecom watchdog, says it didn’t design, develop or install the rogue software.
The software allowed the cellphone calls of the targeted individuals to be monitored via 14 prepaid cellphones, according to the government officials and telecom experts probing the matter. They say when calls to or from one of the more than 100 targeted phones were made, the rogue software enabled one of the interceptor phones to be connected also.
The interceptor phones likely enabled conversations to be secretly recorded elsewhere, the government said during a February 2006 news conference. At least some of the prepaid cellphones were activated between June and August 2004. Such cellphones, particularly when paid for in cash, typically are harder to trace than those acquired with a monthly subscription plan.
Vodafone claims it didn’t know that even the basic elements of the legal interception software were included in the equipment it bought. Ericsson never informed the service provider’s top managers in Greece that the features were included nor was there a “special briefing” to the relevant technical division, according to a Vodafone statement in March.
But Ericsson’s top executive in Greece, Bill Zikou, claimed during parliamentary-committee testimony that his company had informed Vodafone about the feature via its sales force and instruction manuals.
Vodafone and Ericsson discovered something was amiss in late January 2005 when some Greek cellphone users started complaining about problems sending text messages. Vodafone asked Ericsson to look into the issue. Ericsson’s technicians spent several weeks trying to figure out the problem, with help from the equipment maker’s technical experts at its headquarters in Sweden. In early March of that year, Ericsson’s technicians told Vodafone’s technology director in Greece of their unusual discovery about the cause of the problems: software that appeared to be capable of illegally monitoring calls. It’s unclear exactly how the rogue software caused the text-messaging problem.
Ericsson confirmed the software was able to monitor calls, and Vodafone soon discovered that the targeted phones included those used by some of the country’s most important officials. On March 8, Mr. Koronias ordered that the illegal bugging program be shut down, in a move he has said was made to protect the privacy of its customers. He called the prime minister’s office the next evening.
The head of Greece’s intelligence service, Ioannis Korantis, said in testimony before the parliamentary committee last month that Vodafone’s disabling of the software before authorities could investigate hampered their efforts. “From the moment that the software was shut down, the string broke that could have lead us to who was behind this,” he said. Separately, he distanced his own agency from the bugging effort, saying it didn’t have the technical know-how to effectively monitor cellphone calls.
From the Federation of American Scientists:
A new study published by the CIA Center for the Study of Intelligence calls for a fundamental reconceptualization of the process of intelligence analysis in order to overcome the “pathologies” that have rendered it increasingly dysfunctional.
“Curing Analytic Pathologies” (pdf) by Jeffrey R. Cooper has been available up to now in limited circulation in hard copy only. Like several other recent studies critical of U.S. intelligence, it was withheld from the CIA web site. It has now been published on the Federation of American Scientists web site.
It’s an interesting report. Unfortunately, the PDF on the website is scanned, so it’s hard to copy and paste sections into this blog.
Dead drops have gone high tech:
Russia’s Federal Security Service (FSB) has opened an investigation into a spying device discovered in Moscow, the service said Monday.
The FSB said it had confiscated a fake rock containing electronic equipment used for espionage on January 23, and had uncovered a ring of four British spies who worked under diplomatic cover, funding human rights organizations operating in Russia.
BBC had this to say:
The old idea of the dead-drop (‘letterboxes’ the British tend to call them) – by the oak tree next to the lamppost in such-and-such a park etc – has given way to hand-held computers and short-range transmitters.
Just transmit your info at the rock and your ‘friends’ will download it next day. No need for codes and wireless sets at midnight anymore.
Transferring information to and from spies has always been risky. It’s interesting to see modern technology help with this problem.
Phil Karn wrote to me in e-mail:
My first reaction: what a clever idea! It’s about time spycraft went hi-tech. I’d like to know if special hardware was used, or if it was good old 802.11. Special forms of spread-spectrum modulation and oddball frequencies could make the RF hard to detect, but then your spies run the risk of being caught with highly specialized hardware. 802.11 is almost universal, so it’s inherently less suspicious. Randomize your MAC address, change the SSID frequently and encrypt at multiple layers. Store sensitive files encrypted, without headers, in the free area of a laptop’s hard drive so they’re not likely to be found in forensic analysis. Keep all keys physically separate from encrypted data.
Even better, hide your wireless dead drop in plain sight by making it an open, public access point with an Internet connection so the sight of random people loitering with open laptops won’t be at all unusual.
To keep the counterespionage people from wiretapping the hotspot’s ISP and performing traffic analysis, hang a PC off the access point and use it as a local drop box so the communications in question never go to the ISP.
I am reminded of a dead drop technique used by, I think, the 9/11 terrorists. They used Hotmail (or some other anonymous e-mail service) accounts, but instead of e-mailing messages to each other, one would save a message as “draft” and the recipient would retrieve it from the same account later. I thought that was pretty clever, actually.
This is fascinating:
Among the personal papers bequeathed to the nation by former Prime Minister David Lange is a numbered copy of a top secret report from the organisation that runs the ‘spy domes’ at Waihopai and Tangimoana. It provides an unprecedented insight into how espionage was conducted 20 years ago.
[…]
Much of the GCSB’s work involved translating and analysing communications intercepted by other agencies, “most of the raw traffic used … (coming) from GCHQ/NSA sources”, the British and US signals intelligence agencies.
Its report says “reporting on items of intelligence derived from South Pacific telex messages on satellite communications links was accelerated during the year.
“A total of 171 reports were published, covering the Solomons, Fiji, Tonga and international organisations operating in the Pacific. The raw traffic for this reporting provided by NSA the US National Security Agency).”
The GCSB also produced 238 intelligence reports on Japanese diplomatic cables, using “raw traffic from GCHQ/NSA sources”. This was down from the previous year: “The Japanese government implementation of a new high grade cypher system seriously reduced the bureau’s output.” For French government communications, the GCSB “relied heavily on (British) GCHQ acquisition and forwarding of French Pacific satellite intercept”.
The report lists the Tangimoana station’s targets in 1985-86 as “French South Pacific civil, naval and military; French Antarctic civil; Vietnamese diplomatic; North Korean diplomatic; Egyptian diplomatic; Soviet merchant and scientific research shipping; Soviet Antarctic civil. Soviet fisheries; Argentine naval; Non-Soviet Antarctic civil; East German diplomatic; Japanese diplomatic; Philippine diplomatic; South African Armed Forces; Laotian diplomatic (and) UN diplomatic.”
The station intercepted 165,174 messages from these targets, “an increase of approximately 37,000 on the 84/85 figure. Reporting on the Soviet target increased by 20% on the previous year”.
This fascinating research paper discusses the vulnerabilities of the U.S. Navy Fleet Broadcast System in the 1980s. If you remember, John Walker and cohorts handed the Soviets the secrets that allowed them to eavesdrop on this system.
Fascinating article on A.G. Tolkachev, a Russian who spied for the CIA for almost ten years. I was particularly interested in reading the tradecraft descriptions.
Note that the article was published in the CIA journal Studies in Intelligence, and is unclassified.
The website Cryptome has a list of 276 MI6 agents:
This combines three lists of MI6 officers published here on 13 May 1999 (116 names), 21 August 2005 (74 names), and 27 August 2005 (121 names).
While none of the 311 names appeared on all three lists…35 names appeared on two lists, leaving 276 unique names.
According to Silicon.com:
It is not the first time this kind of information has been published on the internet and Foreign Office policy is to neither confirm nor deny the accuracy of such lists. But a spokesman slammed its publication for potentially putting lives in danger.
On the other hand:
The website is run by John Young, who “welcomes” secret documents for publication and recently said there was a “need to name as many intelligence officers and agents as possible”.
He said: “It is disinformation that naming them places their life in jeopardy. Not identifying them places far more lives in jeopardy from their vile secret operations and plots.”
Discuss.
From the Washington Post:
Web sites in China are being used heavily to target computer networks in the Defense Department and other U.S. agencies, successfully breaching hundreds of unclassified networks, according to several U.S. officials.
Classified systems have not been compromised, the officials added. But U.S. authorities remain concerned because, as one official said, even seemingly innocuous information, when pulled together from various sources, can yield useful intelligence to an adversary….
“The scope of this thing is surprisingly big,” said one of four government officials who spoke separately about the incidents, which stretch back as far as two or three years and have been code-named Titan Rain by U.S. investigators. All officials insisted on anonymity, given the sensitivity of the matter.
Whether the attacks constitute a coordinated Chinese government campaign to penetrate U.S. networks and spy on government databanks has divided U.S. analysts. Some in the Pentagon are said to be convinced of official Chinese involvement; others see the electronic probing as the work of other hackers simply using Chinese networks to disguise the origins of the attacks.
Sidebar photo of Bruce Schneier by Joe MacInnis.