Schneier on Security: Tagged undercover

Entries Tagged "undercover"

Page 2 of 2

Even More on the al-Mabhouh Assassination

This, from a former CIA chief of station:

The point is that in this day and time, with ubiquitous surveillance cameras, the ability to comprehensively analyse patterns of cell phone and credit card use, computerised records of travel documents which can be shared in the blink of an eye, the growing use of biometrics and machine-readable passports, and the ability of governments to share vast amounts of travel and security-related information almost instantaneously, it is virtually impossible for clandestine operatives not to leave behind a vast electronic trail which, if and when there is reason to examine it in detail, will amount to a huge body of evidence.

A not-terribly flattering article about Mossad:

It would be surprising if a key part of this extraordinary story did not turn out to be the role played by Palestinians. It is still Mossad practice to recruit double agents, just as it was with the PLO back in the 1970s. News of the arrest in Damascus of another senior Hamas operative though denied by Mash’al seems to point in this direction. Two other Palestinians extradited from Jordan to Dubai are members of the Hamas armed wing, the Izzedine al-Qassam brigades, suggesting treachery may indeed have been involved. Previous assassinations have involved a Palestinian agent identifying the target.

There’s no proof, of course, that Mossad was behind this operation. But the author is certainly right that the Palestinians believe that Mossad was behind it.

The Cold Spy lists what he sees as the mistakes made:

1. Using passport names of real people not connected with the operation.

2. Airport arrival without disguises in play thus showing your real faces.

3. Not anticipating the wide use of surveillance cameras in Dubai.

4. Checking into several hotels prior to checking in at the target hotel thus bringing suspicion on your entire operation.

5. Checking into the same hotel that the last person on the team checked into in order to change disguises.

6. Not anticipating the reaction that the local police had upon discovery of the crime, and their subsequent use of surveillance cameras in showing your entire operation to the world in order to send you a message that such actions or activities will not be tolerated on their soil.

7. Not anticipating the use of surveillance camera footage being posted on YouTube, thus showing everything about your operation right down to your faces and use of disguises to the masses around the world.

8. Using 11 people for a job that one person could have done without all the negative attention to the operation. For example, it could have been as simple as a robbery on the street with a subsequent shooting to cover it all up for what it really was.

9. Using too much sophistication in the operation showing it to be a high level intelligence/hit operation, as opposed to a simple matter using one person to carry out the assignment who was either used as a cutout or an expendable person which was then eliminated after the job was completed, thus covering all your tracks without one shred of evidence leading back to the original order for the hit.

10. Arriving too close to the date or time of the hit. Had the team arrived a few weeks earlier they could have established a presence in the city thus seeing all the problems associated with carrying out said assignment thus calling it off or having a counter plan whereby something else could have been tried elsewhere or in another country.

11. And to take everything to 11 points, not even noticing (which many on your team did in fact notice) all the surveillance you were under, and not calling the entire thing off because of it, and because you failed to see all of your mistakes made so far and then not calling it off because of them.

I disagree with a bunch of those.

My previous two blog posts on the topic.

EDITED TO ADD (3/22): The Israeli public believes Mossad was behind the assassination, too.

EDITED TO ADD (4/13): The Cold Spy responds in comments. Actually, there’s lots of interesting discussion in the comments.

Posted on March 22, 2010 at 9:10 AM • View Comments

Deconfliction

This is well worth watching.

Posted on January 29, 2010 at 1:13 PM • View Comments

MI6 and a Lost Memory Stick

Oops:

The United Kingdom’s MI6 agency acknowledged this week that in 2006 it had to scrap a multi-million-dollar undercover drug operation after an agent left a memory stick filled with top-secret data on a transit coach.

The general problem. The general solution.

Posted on May 7, 2009 at 1:27 PM • View Comments

Sloppy CIA Tradecraft

CIA agents exposed due to their use of frequent-flier miles and other mistakes:

The man and woman were pretending to be American business executives on international assignments, so they did what globe-trotting executives do. While traveling abroad they used their frequent-flier cards as often as possible to gain credits toward free flights.

In fact, the pair were covert operatives working for the CIA. Thanks to their diligent use of frequent-flier programs, Italian prosecutors have been able to reconstruct much of their itinerary during 2003, including trips to Brussels, Venice, London, Vienna and Oslo.

[…]

Aides to former CIA Director Porter Goss have used the word “horrified” to describe Goss’ reaction to the sloppiness of the Milan operation, which Italian police were able to reconstruct through the CIA operatives’ imprudent use of cell phones and other violations of basic CIA “tradecraft.”

I’m not sure how collecting frequent-flier miles is a problem, though. Assuming they’re traveling under the cover of being business executives, it makes sense for them to act just like other business executives.

It’s not like there’s no other way to reconstruct their travel.

Posted on July 26, 2006 at 1:22 PM • View Comments

Googling for Covert CIA Agents

It’s easy to blow the cover of CIA agents using the Internet:

The CIA asked the Tribune not to publish her name because she is a covert operative, and the newspaper agreed. But unbeknown to the CIA, her affiliation and those of hundreds of men and women like her have somehow become a matter of public record, thanks to the Internet.

When the Tribune searched a commercial online data service, the result was a virtual directory of more than 2,600 CIA employees, 50 internal agency telephone numbers and the locations of some two dozen secret CIA facilities around the United States.

Only recently has the CIA recognized that in the Internet age its traditional system of providing cover for clandestine employees working overseas is fraught with holes, a discovery that is said to have “horrified” CIA Director Porter Goss.

Seems to be serious:

Not all of the 2,653 employees whose names were produced by the Tribune search are supposed to be working under cover. More than 160 are intelligence analysts, an occupation that is not considered a covert position, and senior CIA executives such as Tenet are included on the list.

Covert employees discovered

But an undisclosed number of those on the list—the CIA would not say how many—are covert employees, and some are known to hold jobs that could make them terrorist targets.

Other potential targets include at least some of the two dozen CIA facilities uncovered by the Tribune search. Most are in northern Virginia, within a few miles of the agency’s headquarters. Several are in Florida, Ohio, Pennsylvania, Utah and Washington state. There is one in Chicago.

Some are heavily guarded. Others appear to be unguarded private residences that bear no outward indication of any affiliation with the CIA.

A senior U.S. official, reacting to the computer searches that produced the names and addresses, said, “I don’t know whether Al Qaeda could do this, but the Chinese could.”

There are more articles.

Posted on March 13, 2006 at 11:02 AM • View Comments

State-Sponsored Identity Theft

In an Ohio sting operation at a strip bar, a 22-year-old student intern with the United States Marshals Service was given a fake identity so she could work undercover at the club. But instead of giving her a fabricated identity, the police gave her the identity of another woman living in another Ohio city. And they didn’t tell the other woman.

Oddly enough, this is legal. According to Ohio’s identity theft law, the police are allowed to do it. More specifically, the crime cannot be prosecuted if:

The person or entity using the personal identifying information is a law enforcement agency, authorized fraud personnel, or a representative of or attorney for a law enforcement agency or authorized fraud personnel and is using the personal identifying information in a bona fide investigation, an information security evaluation, a pretext calling evaluation, or a similar matter.

I have to admit that I’m stunned. I naively assumed that the police would have a list of Social Security numbers that would never be given to real people, numbers that could be used for purposes such as this. Or at least that they would use identities of people from other parts of the country after asking for permission. (I’m sure people would volunteer to help out the police.) It never occurred to me that they would steal the identity of random citizens. What could they be thinking?

Posted on April 18, 2005 at 3:02 PM • View Comments

←Previous 1 2

Sidebar photo of Bruce Schneier by Joe MacInnis.