Entries Tagged "operational security"

Page 7 of 7

Deep Throat Tradecraft

The politics is certainly interesting, but I am impressed with Felt’s tradecraft. Read Bob Woodward’s description of how he would arrange secret meetings with Felt.

I tried to call Felt, but he wouldn’t take the call. I tried his home in Virginia and had no better luck. So one night I showed up at his Fairfax home. It was a plain-vanilla, perfectly kept, everything-in-its-place suburban house. His manner made me nervous. He said no more phone calls, no more visits to his home, nothing in the open.

I did not know then that in Felt’s earliest days in the FBI, during World War II, he had been assigned to work on the general desk of the Espionage Section. Felt learned a great deal about German spying in the job, and after the war he spent time keeping suspected Soviet agents under surveillance.

So at his home in Virginia that summer, Felt said that if we were to talk it would have to be face to face where no one could observe us.

I said anything would be fine with me.

We would need a preplanned notification system — a change in the environment that no one else would notice or attach any meaning to. I didn’t know what he was talking about.

If you keep the drapes in your apartment closed, open them and that could signal me, he said. I could check each day or have them checked, and if they were open we could meet that night at a designated place. I liked to let the light in at times, I explained.

We needed another signal, he said, indicating that he could check my apartment regularly. He never explained how he could do this.

Feeling under some pressure, I said that I had a red cloth flag, less than a foot square — the kind used as warnings on long truck loads — that a girlfriend had found on the street. She had stuck it in an empty flowerpot on my apartment balcony.

Felt and I agreed that I would move the flowerpot with the flag, which usually was in the front near the railing, to the rear of the balcony if I urgently needed a meeting. This would have to be important and rare, he said sternly. The signal, he said, would mean we would meet that same night about 2 a.m. on the bottom level of an underground garage just over the Key Bridge in Rosslyn.

Felt said I would have to follow strict countersurveillance techniques. How did I get out of my apartment?

I walked out, down the hall, and took the elevator.

Which takes you to the lobby? he asked.

Yes.

Did I have back stairs to my apartment house?

Yes.

Use them when you are heading for a meeting. Do they open into an alley?

Yes.

Take the alley. Don’t use your own car. Take a taxi to several blocks from a hotel where there are cabs after midnight, get dropped off and then walk to get a second cab to Rosslyn. Don’t get dropped off directly at the parking garage. Walk the last several blocks. If you are being followed, don’t go down to the garage. I’ll understand if you don’t show. All this was like a lecture. The key was taking the necessary time — one to two hours to get there. Be patient, serene. Trust the prearrangements. There was no fallback meeting place or time. If we both didn’t show, there would be no meeting.

Felt said that if he had something for me, he could get me a message. He quizzed me about my daily routine, what came to my apartment, the mailbox, etc. The Post was delivered outside my apartment door. I did have a subscription to the New York Times. A number of people in my apartment building near Dupont Circle got the Times. The copies were left in the lobby with the apartment number. Mine was No. 617, and it was written clearly on the outside of each paper in marker pen. Felt said if there was something important he could get to my New York Times — how, I never knew. Page 20 would be circled, and the hands of a clock in the lower part of the page would be drawn to indicate the time of the meeting that night, probably 2 a.m., in the same Rosslyn parking garage.

The relationship was a compact of trust; nothing about it was to be discussed or shared with anyone, he said.

How he could have made a daily observation of my balcony is still a mystery to me. At the time, before the era of intensive security, the back of the building was not enclosed, so anyone could have driven in the back alley to observe my balcony. In addition, my balcony and the back of the apartment complex faced onto a courtyard or back area that was shared with a number of other apartment or office buildings in the area. My balcony could have been seen from dozens of apartments or offices, as best I can tell.

A number of embassies were located in the area. The Iraqi Embassy was down the street, and I thought it possible that the FBI had surveillance or listening posts nearby. Could Felt have had the counterintelligence agents regularly report on the status of my flag and flowerpot? That seems highly unlikely, if not impossible.

Posted on June 2, 2005 at 4:31 PMView Comments

Company Continues Bad Information Security Practices

Stories about thefts of personal data are dime-a-dozen these days, and are generally not worth writing about.

This one has an interesting coda, though.

An employee hoping to get extra work done over the weekend printed out 2004 payroll information for hundreds of SafeNet’s U.S. employees, snapped it into a briefcase and placed the briefcase in a car.

The car was broken into over the weekend and the briefcase stolen — along with the employees’ names, bank account numbers and Social Security numbers that were on the printouts, a company spokeswoman confirmed yesterday.

My guess is that most readers can point out the bad security practices here. One, the Social Security numbers and bank account numbers should not be kept with the bulk of the payroll data. Ideally, they should use employee numbers and keep sensitive (but irrelevant for most of the payroll process) information separate from the bulk of the commonly processed payroll data. And two, hard copies of that sensitive information should never go home with employees.

But SafeNet won’t learn from its mistake:

The company said no policies were violated, and that no new policies are being written as a result of this incident.

The irony here is that this is a security company.

Posted on May 10, 2005 at 3:00 PMView Comments

1 5 6 7

Sidebar photo of Bruce Schneier by Joe MacInnis.