Page 5 of 7
By Russian spies:
Ricci said the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches.
EDITED TO ADD (7/2): More information.
This, from a former CIA chief of station:
The point is that in this day and time, with ubiquitous surveillance cameras, the ability to comprehensively analyse patterns of cell phone and credit card use, computerised records of travel documents which can be shared in the blink of an eye, the growing use of biometrics and machine-readable passports, and the ability of governments to share vast amounts of travel and security-related information almost instantaneously, it is virtually impossible for clandestine operatives not to leave behind a vast electronic trail which, if and when there is reason to examine it in detail, will amount to a huge body of evidence.
A not-terribly flattering article about Mossad:
It would be surprising if a key part of this extraordinary story did not turn out to be the role played by Palestinians. It is still Mossad practice to recruit double agents, just as it was with the PLO back in the 1970s. News of the arrest in Damascus of another senior Hamas operative though denied by Mash’al seems to point in this direction. Two other Palestinians extradited from Jordan to Dubai are members of the Hamas armed wing, the Izzedine al-Qassam brigades, suggesting treachery may indeed have been involved. Previous assassinations have involved a Palestinian agent identifying the target.
There’s no proof, of course, that Mossad was behind this operation. But the author is certainly right that the Palestinians believe that Mossad was behind it.
The Cold Spy lists what he sees as the mistakes made:
1. Using passport names of real people not connected with the operation.
2. Airport arrival without disguises in play thus showing your real faces.
3. Not anticipating the wide use of surveillance cameras in Dubai.
4. Checking into several hotels prior to checking in at the target hotel thus bringing suspicion on your entire operation.
5. Checking into the same hotel that the last person on the team checked into in order to change disguises.
6. Not anticipating the reaction that the local police had upon discovery of the crime, and their subsequent use of surveillance cameras in showing your entire operation to the world in order to send you a message that such actions or activities will not be tolerated on their soil.
7. Not anticipating the use of surveillance camera footage being posted on YouTube, thus showing everything about your operation right down to your faces and use of disguises to the masses around the world.
8. Using 11 people for a job that one person could have done without all the negative attention to the operation. For example, it could have been as simple as a robbery on the street with a subsequent shooting to cover it all up for what it really was.
9. Using too much sophistication in the operation showing it to be a high level intelligence/hit operation, as opposed to a simple matter using one person to carry out the assignment who was either used as a cutout or an expendable person which was then eliminated after the job was completed, thus covering all your tracks without one shred of evidence leading back to the original order for the hit.
10. Arriving too close to the date or time of the hit. Had the team arrived a few weeks earlier they could have established a presence in the city thus seeing all the problems associated with carrying out said assignment thus calling it off or having a counter plan whereby something else could have been tried elsewhere or in another country.
11. And to take everything to 11 points, not even noticing (which many on your team did in fact notice) all the surveillance you were under, and not calling the entire thing off because of it, and because you failed to see all of your mistakes made so far and then not calling it off because of them.
I disagree with a bunch of those.
My previous two blog posts on the topic.
EDITED TO ADD (3/22): The Israeli public believes Mossad was behind the assassination, too.
EDITED TO ADD (4/13): The Cold Spy responds in comments. Actually, there’s lots of interesting discussion in the comments.
The January 19th assassination of Mahmoud al-Mabhouh reads like a very professional operation:
Security footage of the killers’ movements during the afternoon, released by police in Dubai yesterday, underlines the professionalism of the operation. The group switched hotels several times and wore disguises including false beards and wigs, while surveillance teams rotated in pairs through the hotel lobby, never hanging around for too long and paying for everything in cash.
Folliard and another member of the party carrying an Irish passport in the name of Kevin Daveron were operating as spotters on the second floor of the hotel when the murder was committed. Both switched hotels that afternoon and dressed smartly to pose as hotel staff. The bald Daveron donned a dark wig and glasses, while Folliard appears to have removed a blonde wig to reveal dark hair.
Throughout the operation, none of the suspects made a direct call to any another. However, Dubai police traced a high volume of calls and text messages between three phones carried by the assassins and four numbers in Austria where a command centre had apparently been established.
To co-ordinate their movements on the ground, the team used discreet, sophisticated short-range communication devices as they tracked their victim.
And this:
The Dubai authorities claim there were two teams: one carried out surveillance of the target, while the other—which appears to be a group of younger men, at least as far as the camera shots show—carried out the killing.
Contrary to reports, the squad did not break into Mabhouh’s hotel room, nor did they knock on the door. They entered the room using copies of keys they had somehow acquired.
Read the whole thing—and watch (in three parts) this video compilation of all the CCTV cameras in the hotels and airprort. It’s impressive. And the professionalism leads pretty much everyone to suspect Mossad.
There are a few things I wonder about. The team didn’t know what hotel Mabhouh would be staying in, nor whether he would be alone or with others. The team also didn’t use any guns. How much of the operation was preplanned, and how much was created on the fly? Was that why there were so many people involved?
The team booked the hotel room directly across the hallway from Mabhouh. That seems like the part of the plan most likely to arouse suspicion. It’s unusual to reserve a particular room, and not unreasonable to think that the hotel desk staff might wonder who else is booked nearby.
How did they get into Mabhouh’s hotel room. The video shows evidence of them trying to reprogram the door. Given that they didn’t know the hotel until they got there, what kind of general hotel-key reprogramming devices do they have?
I wonder if any of those fake passports had RFID chips?
Dubai’s police chief said six of the suspects had British passports, three were Irish, one French and one German.
The passports are believed to be fakes.
And Mabhouh was discovered in his room, the door locked and barred from the inside. Is it really that easy to do that to a hotel room door?
Note: Please limit comments to the security considerations and lessons of the assassination, and steer clear of the politics.
EDITED TO ADD (2/19): Interesting analysis:
Investigators believe the assassins tried to reprogram the electronic lock on al-Mabhouh’s door to gain entry. Some news reports say the assassins entered the room while the victim was out and waited for him to return, while others say they were thwarted from entering the room when a hotel guest stepped off the elevator on al-Mabhouh’s floor. They then had to resort to tricking al-Mabhouh into opening his door to them after he returned.
[…]
He said the number of people involved in the operation indicates that it may have been put together in a rush.
“The less time you have to plan and carry out an operation, the more people you need to carry it out [on the ground],” he said. “The more time you have to plan . . . there’s a lot of things you eliminate.”
If you know that you can stop the elevator in the basement, for example, you don’t then need people guarding the elevator lobby on the victim’s floor to make sure no one steps off the elevator, he said.
He says it was likely that the Mossad’s second in command for operations was in the hotel or the area when the assassination took place and has gone unnoticed by the Dubai authorities.
[…]
Ostrovsky said although the operatives scattered to various parts of the world after the operation was completed, he believes they’re all back in Israel now. He says other countries are likely sifting through their airport surveillance tapes now to track the final destination of the team members.
He added that the Mossad was likely surprised by how the Dubai authorities pieced everything together so well and publicized the video and passport photos of the suspects.
[…]
Ostrovsky said that despite the Dubai operation’s success, it was amateurish at moments. He points to the bad disguises the suspects used—wigs, glasses and moustaches—and the fact that suspects seemed changed their disguises in the same place. He also points to two of the suspects who followed the victim to his hotel room while dressed in tennis outfits and didn’t seem to know what they were doing.
The two seemed to confer momentarily while the victim exited the elevator, as if deciding who would follow the victim to his room. A hotel employee accompanying the victim to his room even glanced back at the two, as if noticing their confusion.
“A lot of people in the field make those mistakes and they never come up because they’re never [caught on tape],” he said.
Oops:
The United Kingdom’s MI6 agency acknowledged this week that in 2006 it had to scrap a multi-million-dollar undercover drug operation after an agent left a memory stick filled with top-secret data on a transit coach.
The general problem. The general solution.
Here’s a tip: when walking around in public with secret government documents, put them in an envelope.
A huge MI5 and police counterterrorist operation against al-Qaeda suspects had to be brought forward at short notice last night after Scotland Yard’s counter-terrorism chief accidentally revealed a briefing document.
[…]
The operation was nearly blown when Assistant Commissioner Bob Quick walked up Downing Street holding a document marked “secret” with highly sensitive operational details visible to photographers.
The document, carried under his arm, revealed how many terrorist suspects were to be arrested, in which cities across the North West. It revealed that armed members of the Greater Manchester Police would force entry into a number of homes. The operation’s secret code headed the list of action that was to take place.
Now the debate begins about whether he was just stupid, or very very stupid:
Opposition MPs criticised Mr Quick, with the Liberal Democrats describing him as “accident prone” and the Conservatives condemning his “very alarming” lapse of judgement.
But former Labour Mayor of London Ken Livingstone said it would be wrong for such an experienced officer to resign “for holding a piece of paper the wrong way”.
It wasn’t just a piece of paper. It was a secret piece of paper. (Here’s the best blow-up of the picture. And surely these people have procedures for transporting classified material. That’s what the mistake was: not following proper procedure.
He resigned.
Used against the IRA:
One of the most interesting operations was the laundry mat [sic]. Having lost many troops and civilians to bombings, the Brits decided they needed to determine who was making the bombs and where they were being manufactured. One bright fellow recommended they operate a laundry and when asked “what the hell he was talking about,” he explained the plan and it was incorporated—to much success.
The plan was simple: Build a laundry and staff it with locals and a few of their own. The laundry would then send out “color coded” special discount tickets, to the effect of “get two loads for the price of one,” etc. The color coding was matched to specific streets and thus when someone brought in their laundry, it was easy to determine the general location from which a city map was coded.
While the laundry was indeed being washed, pressed and dry cleaned, it had one additional cycle—every garment, sheet, glove, pair of pants, was first sent through an analyzer, located in the basement, that checked for bomb-making residue. The analyzer was disguised as just another piece of the laundry equipment; good OPSEC [operational security]. Within a few weeks, multiple positives had shown up, indicating the ingredients of bomb residue, and intelligence had determined which areas of the city were involved. To narrow their target list, [the laundry] simply sent out more specific coupons [numbered] to all houses in the area, and before long they had good addresses. After confirming addresses, authorities with the SAS teams swooped down on the multiple homes and arrested multiple personnel and confiscated numerous assembled bombs, weapons and ingredients. During the entire operation, no one was injured or killed.
According to a massive report from the National Research Council, data mining for terrorists doesn’t work. Here’s a good summary:
The report was written by a committee whose members include William Perry, a professor at Stanford University; Charles Vest, the former president of MIT; W. Earl Boebert, a retired senior scientist at Sandia National Laboratories; Cynthia Dwork of Microsoft Research; R. Gil Kerlikowske, Seattle’s police chief; and Daryl Pregibon, a research scientist at Google.
They admit that far more Americans live their lives online, using everything from VoIP phones to Facebook to RFID tags in automobiles, than a decade ago, and the databases created by those activities are tempting targets for federal agencies. And they draw a distinction between subject-based data mining (starting with one individual and looking for connections) compared with pattern-based data mining (looking for anomalous activities that could show illegal activities).
But the authors conclude the type of data mining that government bureaucrats would like to do—perhaps inspired by watching too many episodes of the Fox series 24—can’t work. “If it were possible to automatically find the digital tracks of terrorists and automatically monitor only the communications of terrorists, public policy choices in this domain would be much simpler. But it is not possible to do so.”
A summary of the recommendations:
- U.S. government agencies should be required to follow a systematic process to evaluate the effectiveness, lawfulness, and consistency with U.S. values of every information-based program, whether classified or unclassified, for detecting and countering terrorists before it can be deployed, and periodically thereafter.
- Periodically after a program has been operationally deployed, and in particular before a program enters a new phase in its life cycle, policy makers should (carefully review) the program before allowing it to continue operations or to proceed to the next phase.
- To protect the privacy of innocent people, the research and development of any information-based counterterrorism program should be conducted with synthetic population data… At all stages of a phased deployment, data about individuals should be rigorously subjected to the full safeguards of the framework.
- Any information-based counterterrorism program of the U.S. government should be subjected to robust, independent oversight of the operations of that program, a part of which would entail a practice of using the same data mining technologies to “mine the miners and track the trackers.”
- Counterterrorism programs should provide meaningful redress to any individuals inappropriately harmed by their operation.
- The U.S. government should periodically review the nation’s laws, policies, and procedures that protect individuals’ private information for relevance and effectiveness in light of changing technologies and circumstances. In particular, Congress should re-examine existing law to consider how privacy should be protected in the context of information-based programs (e.g., data mining) for counterterrorism.
Here are more news articles on the report. I explained why data mining wouldn’t find terrorists back in 2005.
EDITED TO ADD (10/10): More commentary:
As the NRC report points out, not only is the training data lacking, but the input data that you’d actually be mining has been purposely corrupted by the terrorists themselves. Terrorist plotters actively disguise their activities using operational security measures (opsec) like code words, encryption, and other forms of covert communication. So, even if we had access to a copious and pristine body of training data that we could use to generalize about the “typical terrorist,” the new data that’s coming into the data mining system is suspect.
To return to the credit reporting analogy, credit scores would be worthless to lenders if everyone could manipulate their credit history (e.g., hide past delinquencies) the way that terrorists can manipulate the data trails that they leave as they buy gas, enter buildings, make phone calls, surf the Internet, etc.
So this application of data mining bumps up against the classic GIGO (garbage in, garbage out) problem in computing, with the terrorists deliberately feeding the system garbage. What this means in real-world terms is that the success of our counter-terrorism data mining efforts is completely dependent on the failure of terrorist cells to maintain operational security.
The combination of the GIGO problem and the lack of suitable training data combine to make big investments in automated terrorist identification a futile and wasteful effort. Furthermore, these two problems are structural, so they’re not going away. All legitimate concerns about false positives and corrosive effects on civil liberties aside, data mining will never give authorities the ability to identify terrorists or terrorist networks with any degree of confidence.
Oops:
The USB stick, outlining training for 70 soldiers from the 3rd Battalion, Yorkshire Regiment, was found on the floor of The Beach in Newquay in May.
Times, locations and travel and accommodation details for the troops were included in files on the device.
It’s not the first time:
More than 120 USB memory sticks, some containing secret information, have been lost or stolen from the Ministry of Defence since 2004, it was reported earlier this year.
Some 26 of those disappeared this year == including three which contained information classified as “secret”, and 19 which were “restricted”.
I’ve written about this general problem before: we’re storing ever more data in ever smaller devices.
The point is that it’s now amazingly easy to lose an enormous amount of information. Twenty years ago, someone could break into my office and copy every customer file, every piece of correspondence, everything about my professional life. Today, all he has to do is steal my computer. Or my portable backup drive. Or my small stack of DVD backups. Furthermore, he could sneak into my office and copy all this data, and I’d never know it.
The solution? Encrypt them.
Oops. At least they were found and returned.
Keith Vaz MP, chairman of the powerful Home Affairs select committee told the BBC: “Such confidential documents should be locked away…they should not be read on trains.”
You think?
Oops:
As many as 400 of the unaccounted for laptops belong to the department’s Anti-Terrorism Assistance Program, according to officials familiar with the findings.
Bet you anything those laptops weren’t encrypted.
Sidebar photo of Bruce Schneier by Joe MacInnis.