Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘CIA’ Category

SPOOK COUNTRY 2011: HBGary, Palantir, and the CIRC

with 5 comments

 

The establishment of a Corporate Information

Reconnaissance Cell (CIRC) will provide Hunton &

Williams LLP with a full spectrum capability set to

collect, analyze, and affect adversarial entities and

networks of interest.

From: Team Themis pdf


CIRC: The New Private Intelligence Wing of (insert company name here)

The HBGary debacle is widening and the players are beginning to jump ship each day. The HBGary mother company is disavowing Aaron Barr and HBGary Federal today via twitter and press releases. However, if you look at the email spool that was leaked, you can see that they could have put a stop to Aaron’s game but failed to put the hammer down. I personally think that they all saw the risk, but they also saw the dollar signs, which in the end won the day.

What Aaron and HBGary/Palantir/Berico were offering was a new kind of intelligence gathering unit or “cell” as they called it in the pdf they shopped to Hunton & Williams LLP. Now, the idea and practice of private intelligence gathering has been around for a very long time, however, the stakes are changing today in the digital world. In the case of Hunton, they were looking for help at the behest of the likes of Bank of America to fight off Wikileaks… And when I say fight them off, it would seem more in the sense of an anything goes just short of “wet works” operations by what I see in the spool which is quite telling.

You see, Wikileaks has made claims that they have a certain 5 gig of data that belonged to a CEO of a bank. Suddenly BofA is all set to have Hunton work with the likes of Aaron Barr on a black project to combat Wikileaks. I guess the cat is out of the bag then isn’t it on just who’s data that is on that alleged hard drive huh? It would seem that someone lost an unencrypted drive or, someone inside the company had had enough and leaked the data to Wikileaks. Will we ever really know I wonder?

Either way, Barr et al, were ready to offer a new offering to Hunton and BofA, an intelligence red cell that could use the best of new technologies against Anonymous and Wikileaks. Now, the document says nothing about Anonymous nor Wikileaks, but the email spool does. This was the intent of the pitch and it was the desire of Hunton and BofA to make both Anonymous and Wikileaks go away, for surely if Wikileaks were attacked Anonymous would be the de facto response would they not?

A long time ago William Gibson predicted this kind of war of attrition online. His dystopian world included private intelligence firms as well as lone hackers out there “DataCowboy’s” running the gamut of corporate intelligence operations to outright theft of Pharma-Kombinat data. It seems that his prescient writings are coming into shape today as a reality in a way. With the advent of what Barr and company wanted to offer, they would be that new “cowboy” or digital Yakuza that would rid clients of pesky digital and real world problems through online investigation and manipulation.

In short, Hunton would have their very own C4I cell within their corporate walls to set against any problem they saw fit. Not only this, but had this sale been a go, then perhaps this would be a standard offering to every other company who could afford it. Can you imagine the bulk of corporations out tehre having their own internal intelligence and dirty tricks wings? Nixon, EH Hunt, and Liddy would all be proud. Though, Nixon and the plumbers would have LOVED to have the technology that Aaron has today, had they had it, they may in fact have been able to pull off that little black bag job on Democratic HQ without ever having to have stepped inside the Watergate

The Technology:

I previously wrote about the technology and methods that Aaron wanted to use/develop and what he was attempting to use on Anonymous as a group as the test case. The technology is based on frequency analysis, link connections, social networking, and a bit of manual investigation. However, it seemed to Aaron, that the bulk of the work would be on the technology side linking people together without really doing the grunt work. The grunt work would be actually conducting analysis of connections and the people who have made them. Their reasons for connections being really left out of the picture as well as the chance that many people within the mass lemming hoards of Anonymous are just click happy clueless folks.

Nor did Aaron take into account the use of the same technologies out there to obfuscate identities and connections by those people who are capable, to completely elude his system altogether. These core people that he was looking to connect together as Anonymous, if indeed he is right, are tech savvy and certainly would take precautions. So, how is it that he thinks he will be able to use macroverse data to define a micro-verse problem? I am steadily coming to the conclusion that perhaps he was not looking to use that data to winnow it down to a few. Instead, through the emails, I believe he was just going to aggregate data from the clueless LOIC users and leverage that by giving the Feds easy pickings to investigate, arrest, and hopefully put the pressure on the core of Anonymous.

There was talk in the emails of using pressure points on people like the financial supporters of Wikileaks. This backs up the statement above because if people are using digital means to support Wikileaks or Anonymous they leave an easy enough trail to follow and aggregate. Those who are friending Facebook support pages for either entity and use real or pseudo real information consistently, you can easily track them. Eventually, you will get their real identities by sifting the data over time using a tool like Palantir, or for that matter Maltego.

The ANONYMOUS names file

This however, does not work on those who are net and security savvy.. AKA hackers. Aaron was too quick to make assumptions that the core of Anonymous weren’t indeed smart enough to cover their tracks and he paid the price as we have seen.

The upshot here and extending what I have said before.. A fool with a tool.. Is still a fool.

What is coming out though more each day, is that not only was Aaron and HBGary Fed offering Palantir, but they were also offering the potential for 0day technologies as a means to gather intelligence from those targets as well as use against them in various ways. This is one of the scarier things to come out of the emails. Here we have a company that is creating 0day for use by intelligence and government that is now potentially offering it to private corporations.

Truly, it’s black Ice… Hell, I wouldn’t be surprised if one of their 0day offerings wasn’t already called that.

The INFOSEC Community, HBGary, and Spook Country:

Since my last post was put on Infosecisland, I had some heated comments from folks who, like those commenting on the Ligattleaks events, have begun moralizing about right and wrong. Their perception is that this whole HBGary is an Infosec community issue, and in reality it isn’t. The Infosec community is just what the shortened name means, (information security) You all in the community are there to protect the data of the client. When you cross the line into intelligence gathering you go from a farily clear black and white, to a world of grays.

HBGary crossed into the gray areas long ago when they started the Fed practice and began working with the likes of the NSA/DOD/CIA etc. What the infosec community has to learn is that now the true nature of cyberwar is not just shutting down the grid and trying to destroy a country, but it also is the “Thousand Grains of Sand” approach to not only spying, but warfare in general. Information is the currency today as it ever was, it just so happens now that it is easier to get that information digitally by hacking into something as opposed to hiring a spy.

So, all of you CISSP’s out there fighting the good fight to make your company actually have policies and procedures, well, you also have to contend with the idea that you are now at war. It’s no longer just about the kiddies taking credit cards. It’s now about the Yakuza, the Russian Mob, and governments looking to steal your data or your access. Welcome to the new world of “spook country”

There is no black and white. There is only gray now.

The Morals:

And so it was, that I was getting lambasted on infosecisland for commenting that I could not really blame Anonymous for their actions completely against HBGary/Aaron. Know what? I still can’t really blame them. As an entity, Anonymous has fought the good fight on many occasions and increasingly they have been a part of the mix where the domino’s are finally falling all over the Middle East presently. Certain factions of the hacker community as well have been assisting when the comms in these countries have been stifled by the local repressive governments and dictators in an effort to control what the outside world see’s as well as its own people inside.

It is my belief that Anonymous does have its bad elements, but, given what I know and what I have seen, so does every group or government. Take a look at our own countries past with regard to the Middle East and the CIA’s machinations there. Instead of fighting for a truly democratic ideal, they have instead sided with the strong man in hopes of someday making that transition to a free society, but in the meantime, we have a malleable player in the region, like Mubarak.

So far, I don’t see Anonymous doing this. So, in my world of gray, until such time as Anonymous does something so unconscionable that it requires their destruction, I say let it ride. For those of your out there saying they are doing it for the power and their own ends, I point you in the direction of our government and say this; “Pot —> Kettle —> Black” Everyone does everything whether it be a single person or a government body out of a desired outcome for themselves. Its a simple fact.

Conlcusion:

We truly live in interesting times as the Chinese would curse us with. Today the technology and the creative ways to use it are outstripping the governments in ability to keep things secret. In the case of Anonymous and HBGary, we have seen just how far the company was willing to go to subvert the laws to effect the ends of their clients. The same can be said about the machinations of the government and the military in their ends. However, one has to look at those ends and the means to get them and judge just was it out of bounds. In the case of the Barr incident, we are seeing that true intelligence techniques of disinformation, psyops, and dirty tricks were on the table for a private company to use against private citizens throughout the globe.

The truth is that this has always been an offering… Just this time the technologies are different and more prevalent.

If you are online, and you do not take precautions to insure your privacy, then you lose. This is even more true today in the US as we see more and more bills and laws allowing the government and police to audit everything you do without the benefit of warrants and or by use of National Security Letters.

The only privacy you truly have, is that which you make for yourself. Keep your wits about you.

K.

Top Secret America: The Fifth Column, Uncontrolled and Unaccounted For

with 2 comments

The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work.

These are some of the findings of a two-year investigation by The Washington Post that discovered what amounts to an alternative geography of the United States, a Top Secret America hidden from public view and lacking in thorough oversight. After nine years of unprecedented spending and growth, the result is that the system put in place to keep the United States safe is so massive that its effectiveness is impossible to determine.

The investigation’s other findings include:

* Some 1,271 government organizations and 1,931 private companies work on programs related to counterterrorism, homeland security and intelligence in about 10,000 locations across the United States.

* An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances.

* In Washington and the surrounding area, 33 building complexes for top-secret intelligence work are under construction or have been built since September 2001. Together they occupy the equivalent of almost three Pentagons or 22 U.S. Capitol buildings – about 17 million square feet of space.

From Secret America in the Washington Post

PBS Frontline report coming this fall

When this article came out there seemed to be just a collective murmur as a response by the masses. I figured that either people just didn’t care, didn’t get it, or were just too stunned to comment about it. Upon reading up some more and seeing the Frontline piece, I have decided that most people just can’t grasp the sheer import of this report. What this all says to me is that the government has no idea of just who is doing what and how much money is being spent. What’s more, the people certainly have no idea (the people as in the voting public) whats really going on either.

Another factor here I think is that many people just have too much faith in the government and in the corporations. When you really look at it though, once you have worked in the sausage factory and have seen how its made, you really never want to eat sausage again. Its like that with working for the government and or corporations really. Having spent all these years in the information security business working for fortune 500 companies as well as the government, I can say I do not want to “Eat the sausage” Of course perhaps the better thing to say is that I do not trust the government nor corporations because they both are comprised of inept people and red tape.

By far though, the concerns that I have are something a bit more ominous in nature. I fear that these machinations will only lead to greater abuses of power by not only the government but also the corporate entities that they have tasked with performing all this secret work. It used to be that there was government oversight on the intelligence community, but you knew that there was some off books things happening. Now, we have post Iraq and still ongoing in Afghanistan, a contractor proxy war that now includes a civilian intelligence element. An element that now seems to be even more “civilian” because it is being operated by corporations and not wings of the government. It gives a new meaning to “black ops”

Another interesting turn in this “secretification” to steal a Bush-ism is the whole issue of just how far the pendulum has swung from the nations not caring so much about HUMINT and intelligence to suddenly being even more fervent about it it seems than they were during the cold war years. I might also hazard a statement to say that since 9/11 it has generally felt more and more like the 50’s again where paranoia is concerned about the “enemy threat to the homeland”

Are we in danger? Yes. Do we need to have to go back to the 50’s mentality of us and them with a McCarthy-esque twist? No.

Of course all or most of this is aimed at Jihadi terrorists and not a governmental body like the Soviet bloc and this is where the disconnect seems to be the largest for me. It’s rather ironic actually that all this effort is being predicated on fighting a group of people who are not generally known for being easily infiltrated nor as easy to get a grasp on as the Sov’s were. People just knee jerked after 9/11 and really, they have only created even more bureaucracy in which the real INTEL will get lost and another attack likely happen because of it.

Welcome to Washington’s dementia…

Spies Among US

leave a comment »

First of all, when it comes to espionage, nothing in Russia has changed. After all, the real leader of Russia, Vladimir Putin, was as a career KGB agent who came up through the ranks, and not by exhibiting democratic principles but rather by being a steadfast believer in communist ideology and the especially harsh methods of the Soviet regime with which we are all familiar. In fact, let’s not forget, no one presently in a senior leadershipposition in Russia came up through a nursery of democratic institutions, but rather through the vestiges of Stalin, Kruchev, Andropov, the NKVD and the KGB. Putin, true to his breeding, has surrounded himself with trusted KGB cronies who believe as he does at all levels. So don’t expect anything less from Russia than what they are: not our allies. The KGB had illegals in the United States under the Soviet system and the SVRstill does, according to most experts, under the Russian Federation. How many are here? No one knows, but one thing we can be sure of, this is one of their favored ways to penetrate a nation and have a presence there and they are not giving up on this technique.

But why you ask? After all, the Russians have satellites and they can intercept communications and break codes. Yes and more. However, the one thing that Russian intelligence will always rely on is a backup system to their technical expertise in case of war (hostilities). They always want to have a human in the loop who can have access to information and more importantly to other humans.

You see, an illegal that passes as an average American, can have access to things no satellite, phone intercept or diplomat can have access to—every day things, such as a car, a home, a library, neighborhood events, air shows on military bases, location of fiber cables, access to gasoline storage facilities, a basement to hide an accomplice, a neighbor’s son serving in the military, and so on. If you think like an intelligence officer, then you realize in an open society it’s possible to obtain a lot of information. A mere walk in a neighborhood on a Saturday morning can give you access to vehicles parked at a garage sale that have stickers from government installations or high tech companies doing research. These individuals can be tracked or befriended. Neighbors often watch each other’s houses and may even have keys, which give an intelligence officer access to the house, or a car, or a gated community. They get invited to parties, meet people and gain access to individuals with knowledge, influence or information. And that is only the beginning.

Full article HERE

The above is a snippet from a Psychology Today article by a former FBI spycatcher. I bring it to you to perhaps clarify some of the news out there and maybe give some ancillary corroboration to the things I have been saying all along about the 11, now 12 “illegals” that were caught and so quickly deported recently.

It was surprising to see just how many people thought that since the Sov Bloc was gone that the new Russia would be spying on little ol’ us. I guess this says more about our culture than it does about theirs really. Just as the author says above, the Russians still have the “strong man” mentality inculcated within their culture and they are led by none other than Vladimir Putin, KGB down to his boxers… And still in charge. So why would it be so inconceivable that the Russians would have such illegals programs as well as other NOC operatives in country? Its certainly the case and always has been. It’s just that the people of the US are too busy thinking about the latest episode of the Hills instead of perhaps geopolitics huh.

Geopolitics and history aside, the article brings out a key point that I have made on more than a few occasions. HUMINT is ery important. This is something that we learned post 9/11 and have been trying to fix since we fucked it all up back in the 90’s (Sorry Bill Clinton) by reducing the HUMINT capabilities of the likes of the CIA in favor of technological means of spying (ala the NSA) We went too far in the other direction and got caught with our pants around our ankles because we did not have a man on the ground to give us good intel on the 19.

Then we have the 12 illegals pop up… and everyone is surprised that the Russians are spying on us as well as amazed at the old school tradecraft that they are using.

How antiquated…

Antiquated and still quite functional boys and girls.

Expanding it further out though, you can see in the passage that I like the most that;

If you think like an intelligence officer, then you realize in an open society it’s possible to obtain a lot of information. A mere walk in a neighborhood on a Saturday morning can give you access to vehicles parked at a garage sale that have stickers from government installations or high tech companies doing research. These individuals can be tracked or befriended. Neighbors often watch each other’s houses and may even have keys, which give an intelligence officer access to the house, or a car, or a gated community. They get invited to parties, meet people and gain access to individuals with knowledge, influence or information. And that is only the beginning.

THIS is a key thing to pay attention to. Once you are in, you have so much access that you really don’t need all of the arcane spy vs spy stuff to get what you really want here. The illegals were a foothold group sent to burrow in and make lives so they could gather data and make friends. They would be, in states of serious distress between the countries, “inside men” the fifth column to attack the enemy from the inside… Say, does this remind you of anything going on recently? Say, oh Jihadi’s recruiting US citizens for Jihad?

Yep.

Situational Awareness is key.

Russian Kulturny: Espionage Old School Meets the New Tech Comrade

with one comment

But many things shown even in bad movies are unfortunately true: Yes, the Russians like to wear fur hats, drink vodka, eat caviar, take pretty girls to the sauna. And, apart from some modern innovations like ad hoc networks, burst transmissions and steganography, the old proven tradecraft is pretty much the same. It is good and it normally works well (except in cases, when somebody is already being shadowed – then nothing works).

Boris Volodarsky: Former GRU Officer

Los Illegals.. Comrade…

With all of the hubub over the capture of the illegals, and of course all the rattling on about the “swallow” known as Anna Chapman, one has to cut through the dross to get to the real importance of the story. The fact is, that though the wall has fallen (long ago) and W looked into the “soul” of ol’ Pooty Poot and saw teddy bears and rainbows, the reality of it is that the “Bear” never went away or to sleep.

We are still a target, a rather rich one still, for collection of intelligence as well as corporate IP as Putin has pointed out in statements he has made over the years. It was Putin who actually said that Russia needed to step up its game in industrial espionage (I am paraphrasing) and created the means to do so within the new FSB *cough* KGB. This type of infiltration in hopes of collection never went away and I suspect that even with out own dismantling of the HUMINT departments of CIA, we still had a reasonable amount of assets and agents within Russia as they transitioned from the Sov bloc to today’s powerhouse of malware and Russian Mafia run state apparatus.

So, while reading all the news sites, it became clear to me that people really do not have a grasp of the realities surrounding the nature of espionage today. Everyone thinks that its all shiny technologies and protocols within the hacker scene that the next gen of spies are using and that old school techniques called “tradecraft” are outdated and useless.

Nope… It’s not just that. This is said rather well here by Boris again:

The public and writers alike do not really realise that this is NOT a film — a very large group of very experienced FBI agents and watchers spent a very considerable sum of taxpayers’ money and plenty of time to uncover a REAL group of the Russian undercover operators who brazenly operated in the United States, as they had been absolutely sure that no one would ever catch them because their education, training, intelligence tradition, and the belief that the wealth of the country behind them is much superior than the FBI. They forgot that the FBI of 2010 is much different from the Bureau of the 1950s.

It is highly likely that these agents were outed by a defector back in the 90’s. The defector was a Directorate S operative who worked within the UN in the NYC area and it is possible that he gave up the program. The FBI then was tasked with either finding them all blindly, or, they had at least one couple in their sites and steadily built their case by watching the illegals to get at their handlers. You see, the same logic applies to the FBI as does the perception of the KGB. The FBI is seen as slow witted and usually in the media, the blue sedan with guys in suits and sunglasses inside watching you ever so not subtly.

This is not necessarily the case as has been seen in some areas of the FBI’s counterintelligence unit. They really can do a good job at surveillance and counterintel collection.. They are not as bumpkin as they used to be in the 50’s… Nor the 80’s for that matter. Unfortunately though, it really took the Hanssen’s of the world to force them to be better.. But I digress..

Why Were They Here?

I think that there has been a basic misunderstanding in the press and the populace from reading poor press reports on the nature of the “illegals” program. Yes, they were tasked at times with getting data that could be readily available through open source (OSINT) channels such as the news or Google. However, their main task was to insert themselves into our culture, economy, and social strata in order to get “at” people of interest. Basically they were talent spotters.

These people got on to Linkedin and other social networks for the exact reason of making friends and gaining access to those who might be “of use” later on for their handlers and masters. They were facilitators really. You see, like the whole Robin Sage affair that is ongoing now, these folks already knew about the vulnerabilities within social networking and the social nature of human beings from the start. They were trained on this by the SVR and its not something that common people tend to think about. This is where the hacker world and the spy world meet (well they meet in many other places too but go with it for now) The hackers take advantage of the same flaws in our “systems” (cognitive as well as technical) to get what they want.

In this case, these illegals actually did gain some traction and some had access to potential sources that I think, had yet to be plumbed. Perhaps they were getting close to someone and this is what tripped the arrest cycle. Perhaps there are other more arcane reasons for that… As you may be seeing now that there is a prisoner swap with Russia in the works. Once again I direct you to Boris’ comments on their aegis:

What Russian intelligence in striving to get is secret information (political, economic, industrial, military, etc) and have a chance to influence decision-making and public opinion in favor of Russia. This is why agents are recruited or penetrated into sensitive or politically important targets.

The role of illegals is threefold:

  1. to act as cut-outs between important sources and the Centre (directly or via the SVR station);
  2. to serve as talent-spotters finding potential candidates for further intelligence cultivation and possible recruitment (a rather long and complex process, where the illegals only act at its early stage); and
  3. to establish the right contacts that would allow other intelligence operators (members of the SVR station) or the Centre (visiting intelligence officers under different covers, journalists, diplomats or scientists tasked by the SVR) to get intelligence information and/or receive favors that the Centre is interested in.

These illegals are really, like I said, facilitators for the real spies that are sent to our shores.They were practiced in the old school tradecraft of spying and were they not already under surveillance, they may not have been noticed at all by our counterintelligence services. Which brings me to another issue with all the reporting on this espionage round up.

Tradecraft VS High Tech Espionage:

As mentioned by Boris, the tradecraft angle is not only history for the SVR, KGB, or the GRU. Much as I believe that it is still in play for ALL of the intelligence services throughout the world. These practices are tired and true. They have been used to great effect by all spies and only are really heard about in books, film, or news stories like the ones today when the spies were busted.

Since the days of 007 on the screen, we have seen the Q branch and all their toys as a high profile part of “spying” when in reality there is some of that (see H. Kieth Melton’s books) but mostly, it has been the old school that has won the day for spies. The use of things like a Shortwave radio and a “One Time Pad” are still used today because they cannot easily be broken. The use of rapid burst radio transmissions too was a bit of a shock to me in the current case, but once I thought about it, the use of a rapid burst to a local “rezidentura” makes a lot of sense given the amount of RF we have placed into our landscape today. It would easily be lost in the noise and thus, a good way to go about secret communications.

Meanwhile, the use of “Brush Passes” “Chalking”, “Pass Phrases” and other old school techniques for communicating and passing intelligence never have lost their usefulness. Just because one can create an email dead drop on Gmail today pretty easily, does not infer that it is at all safer than meeting someone on the park bench, or leaving a postal stamp on a kiosk as a marker that “somethings up” These things hide within the static of every day life and often, because of “situational awareness” levels, go totally un-noticed. The other means via the “technology” of today’s internet is more circumspect because of so many factors. One of the primary of those being the hacking and cyberwar issues that are ongoing.

Even today, the news is full of “Perfect Citizen” an uber protection plan and technology that the NSA wants to use to protect the national infrastructure. How will it do this? By monitoring ALL of the traffic that it can and look for anomalous behavior. As the technology becomes more prevalent so too are the chances of your secret communications being discovered. It made sense that given the NSA’s power, the illegals and the SVR decided that old school was still the best bet. It was however, that the more technical approaches (i.e. netbooks, crypto, and adhoc networks) failed them, only proving my hypothesis above.

As an aside to LizzieB, the old bury the money under or near the bottle thing.. It still does work *heh*

The Final Analysis:

Much has yet to be told about these illegals as well as the reasons why this group was busted 10 years later. Why now? Why this sudden trade for spies? What tipped the FBI off to these spies in the first place? Was it indeed the defector I spoke of? We may never know. What we can deduce though, is this:

  • Spies never went away
  • Spies aren’t just stealing IP from corporations
  • Hey you, you with the access to the important people… You are a target
  • Technology does not always win the day, sometimes it is the weakest link
  • We have not seen the last of the SVR, KGB, Mossad, MI5 etc etc…
  • Russian spies do like their Vodka and sauna’s but they aren’t all Boris and Natasha caricatures

A full text of the cited Boris interview can be found HERE

CoB

Служба Внешней Разведки: Russian Espionage “The Illegals 1990-2010”

with one comment

Служба Внешней Разведки

“Christ, I miss the Cold War”

M from Casino Royale

The dramatic events unfolding within the last day or so over the “illegals” program caught by the FBI is really the stuff of Le Carre and other writers of espionage fiction. Yet, this is all real….

The reports started coming out yesterday afternoon and having seen a blurb on CNN I went out and got a hold of the complaint by the Federal government against the 10 conspirators and had a sit down. In the end I found myself alternately laughing at the story that unfolded as well as waxing historical about yesteryear during the cold war days. It seems though that one thing has changed a bit since the old days.

Millennial Spies?

It seems the SVR had to remind their operatives that they were in fact here for a reason and being taken care of for that reason, i.e. being spies.

This communique pretty much alludes to the fact that perhaps the “illegals” had been here too long and had begun feeling entitled as opposed to being servants of the state. This is a bit of a difference from the old cold war days. Yes, of course some deep cover operatives might have become “comfortable” in the west, but, they pretty much lived under the fear of reprisals to themselves and family in the old country if they misbehaved. This message and some of the handling that can be seen from the surveillance bespeaks a more millennial attitude by these illegals than old school Sov operatives. in one case an officer remarks that he is glad not to be one of the illegals handler as he is bitching about money… Kinda comical…

It also seems to me that some of these operatives were in fact quite young when they started and even as things progressed, were not as well trained as they could have been. In one case there is a remark of only about 2 weeks of training at the SVR  center, and this is not quite like the old days when the spooks got some serious training before going out in the field. Of course today, post the 1990’s break up of the Soviet Union, I suspect that in some of the minds at “C” we (FBI) have become lax at detection and operations just because we were very Sov oriented back in the cold war period.

However, this group of illegals seems to have been in play since the late 90’s and over time, have become more American than true blood Russian idealogs. With the amounts of money being passed to them over the years, these folks were rather well taken care of. This is something a bit different from the old days and bespeaks a paradigm shift in the SVR’s handling of them and approaches to getting good INTEL out of them. These folks were monetarily motivated which is usually how spies get brought in from other nation states, not the ones being sent to foreign posts by the motherland.

Times are a changing though… Guess you have to roll with it or lose assets.

Technology and OPSEC

The times have changed and with them the technologies of spy-craft do too. In the case of the illegals not only did they engage “AD HOC” wireless networks between laptops in open spaces (ballsy really given the nature of WIFI 802.11 standards and vulnerabilities) but also with the addition of things like the use of “Steganography

For some time now I have been randomly hoovering sites looking for stegged images and so far, I have come up with potential hits (Jihadist sites) but as yet, I haven’t been able to decrypt anything that is alleged to be hidden. In the case of the illegals, they had special software installed on laptops given to them by Moscow Centre. It turns out that these laptops and the schemes that they were using didn’t always work for the agents but, in many cases, had it not been for the surveillance by the FBI, this particular method of data passing might not have been seen.


Overall, the technology today is neat but as in the case of the AD HOC networking over WIFI, I have to wonder about their choice here. I mean it wasn’t all that long ago that the CIA had a fiasco wth a “WIFI” enabled faux rock in a park in Moscow. The rock was supposed to be able to transfer data onto a CF type card from a PDA or phone that the asset would pass by. As the technology failed, the KGB noticed that there were people wandering around looking to connect to this rock. When they did a search they got the rock and later the asset trying to connect to the faulty device. So much for the technological approach.

When it works it works great.. When it fails, you end up in Lubyanka…

Tradecraft: Tried and True

Meanwhile, some of the illegals seem to have perfected the tradecraft side of the work by performing brush passes with operatives from the Russian consulate as well as infiltrate and exfiltrate out of other countries using bogus passports etc. It seems that perhaps though, that the FBI caught on to the group however and exploited poor tradecraft practices to catch onto the whole of the operation. In one case the handler from the consulate took 3 hours of evasion practices to elude any possible surveillance only to be compromised by the fact that the “illegal” already was under surveillance… OOPS.

The meetings that are mentioned in the complaint though show how much tradecraft the group was using to perform their meetings. These included marking, dead drops, and of course the brush passes with pass phrases like “Didn’t I meet you in Bangkok in 1990?” So those of you who think that its just cliche, its not really… Even in todays technological world these practices are kept up BECAUSE the technology is so easily watched from remote ala the NSA. Of course it was that technological FAIL along with the poor practices of basic information security that caught them in the end.

Kinda funny really.. I mean how often do I moan and wail about all of this huh and here it is that very thing that pops a group of spies for Russia.

Funny…

Meanwhile some of the “old school” techniques still pervade…

Numbers Stations and Rapid Burst Transmissions Making a Comeback

When some of the houses/apartments were black bagged, the operatives found that the illegals were not only using “rapid burst” radio technology, but also the old old school technique of “Numbers Stations” to get their orders as well as report their data to Moscow Centre. I imagine that in the case of the rapid burst technology, they were in close proximity of either other operatives that they did not know about, or they were in fact close enough to the consulates that they could burst their data to their arrays on the roof.

This stuff is really old school and I have mentioned before that the number of “numbers” stations has increased over time since the internet age took over because this technology, properly implemented, is sure fire and hard to detect. After all, how many of us have short wave radios in their homes huh? The burst technology though is a little more circumspect and can be detected, but since it has not been in vogue for some time, I doubt many agencies are looking for it. Perhaps a HAM radio operator in the area might have picked up on it but it was the surveillance team that mentions “noise” that seems to be radio transmissions.

It just goes to show that sometimes the new tech just doesn’t cut it. You need to go old school.

Espionage 2010, Pooty Poot, The Bear Never Left

In the end, I expect to be hearing more about this story in the news. There will likely be the expuslions of diplomats from the Russian consulates in the US as well as the ongoing coverage of the trials. What I am wondering about though is that the FBI charged these guys with smaller charges rather than official “espionage”

This makes me think that there is much more to this tale behind the scenes that we will eventually get in dribs and drabs. I personally think that the illegals that we caught really made a dent in the security of the nation. The complaint does not mention any high level connections that would be bad enough to consider this operation as a whole to be damaging. However, if the group is in fact bigger or as we know, there are others out there, just who have they compromised? Remember that in the complaint you can see Moscow Center asking about compromisable assets. What they really wanted was to go old school and get the dirt on someone juicy and turn them… and given Washington’s habit of nasty behavior with pages or toe tapping in airport mens rooms, I can see they had a rich target environment.

All of this also makes it so ironic that the operation had been ongoing since at least the Clinton administration. When “W” looked into the soul of Pooty Poot, he wasn’t in fact seeing anything there. George, he was PWN-ing you as you gave him the reach around.. and liked it. The Bear never left my friends and anyone who thought we were all friends with rainbows and puppies where Russia was concerned is seriously deluded.

The only thing that has changed is that the American conciousness became… Unconcious to conspicuous wealth and reality TV.

I too pine for the cold war…Looks like its back on.

So in conclusion here are some questions that I have:

  • Why was this operation rolled up now?
  • How did the FBI catch on to these illegals?
  • Who is “FARMER”
  • Who is “PARROT”
  • Why the charges of not telling the AG that the illegals were.. well illegal and not actually charged with “espionage”
  • Why did “C” want the operatives to buy ASUS EEE PC’s?
  • What steg program did they have?
  • When will we be expelling the 3 consulate “secretaries” in NYC?

You can read the “almost full” complaint here

CoB

William Gibson’s Future is Here: Keiretsu’s, Phramacom’s, Kombinats, and Private Intelligence

with one comment

World View Change:

I just finished reading “Broker, Trader, Lawyer, Spy” by Eamon Javers moments ago and it has had me thinking for some time now about the private intelligence business. Of course I believe that in many ways, the last 10 years or so of my career has been in an analogous business, that of “Information Security”, a euphemism that covers a portion of what I do on a regular basis for clients by checking their security and trying to circumvent it to steal their data.

Of course in my case and others, we are asked to do so by the targets themselves and to recommend fixes for anything that we find.

However, it seems that since at least the 2000’s a boutique business model for “Private Intelligence” has burgeoned around the globe and now it seems to be at its height in this current economic climate. After all, if you as company A can get an edge on company B by hiring some old intelligence warhorses to spy on B, then all the better eh? I mean, in today’s ethically “gray” world, what’s to stop you? Governmental regulation? HA!

Once, long ago, I was an altruistic sort and believed not only in my government but also in business’ and people’s desire to do the “right thing” Now, 13 years later, I have come to the conclusion that there are no companies, nor people out there who are genuinely looking to do the right thing. After working for fortune 500 companies as well as smaller ones, I am now aware that the only motivation that they all have is to “get ahead” or to “have a good day and not rock the boat” as my last employer proved out in spades.

In short, I have come to the conclusion that there is no black and white.. Only gray areas in which we can choose to hide and learn to live with ourselves.

In the business of “Corporate or Private Intelligence” one can make a good living as long as they don’t suddenly grow a conscience about exactly who they are surveilling or gathering intel on as well as to whom they are providing it to. Though, often these entities who are paying the bill have a middle man (aka a law firm) hiring you out to do the work so as to have a blind spot vis a vis “confidentiality” agreements. So you may never really know what you are up to in the grand scheme. However, in my new world view, I should feel indifferent I think about the whole thing because the base truth is that each of the parties involved (being watched and paying for the service) both likely subscribe to the morays of our current corporate and governmental environment…

“What’s in it for me?”

Stepping Into the Forest of Mirrors:

So it has come that in today’s world, the intelligence agents MUST be technically savvy in order to work. I have seen the articles online about how the CIA and MI5/MI6 have begun large recruitment drives for individuals with technical backgrounds in computing. The problem though that they have is this, their pay grades suck and in today’s world too few are true believers in God and Country. So the private sector seems to be the most logical choice for anyone who wants to make a living and have enough to actually retire when they are too old to work any more.

Of course in the book a chapter is devoted to the idea that many of the agents out there today at the CIA are now “allowed” to moonlight as long as they tell the agency and get approval to do so. I guess in order to keep talent, the CIA decided it was best to allow these activities as long as they were not compromising any operations… Makes sense, after all the largest GS salary one can really get tops out at just over $100,000.00… Not much in today’s salary base huh? So it would seem that many are getting the training from the CIA and other agencies then moving on to the private sector.

Meanwhile, that private sector is not sipping at the private intelligence spigot, they are gulping it down. It seems that not only nation states are the main recipient of corporate intelligence any more. Instead, its the idea of conglomerates and corporations practicing business as war in the best of traditions that harken back to the “Keiretsu” and Sun Tzu. Perhaps my assessment of American business was slightly off in one of my last posts?

Nah, I think instead that they are all practicing this means of corporate warfare, but lack the stability nor forward thinking of the Japanese Keiretsu model. It’s corporate spy vs. spy and the only ones to really profit are the spies themselves. In this I find a certain comfort really, because frankly, the corporations that I have been inside of, do not deserve to get ahead due to their sloth and lack of forward thinking. A certain intransigence and laziness pervades most companies where it comes to being able to fend off such attacks as those used in corporate digital warfare and frankly, its their own fault.

So, where does that leave me? It leaves me thinking that to really make a living and to maximize my talent use, it would be better to walk away from trying to teach these companies anything about securing their data and instead use their weaknesses against them working for such a firm as the Trident Group or any number of others out there. Perhaps to even just start my own agency. After all, who’s job in corporate America is safe today? By being a good soldier and doing your all do you really get any consideration from the company you work for?

Think about it.

Final Analysis:

In the end, I found this book to be quite enlightening. I was rather surprised by the last pages where the author tried to put forth the idea that all corporate intelligence firms should register with the government (ala the SEC) to work. I think he was smoking the proverbial crack pipe when he put that to paper, but I understand his altruistic thrust there. Eamon, that will never happen and it won’t because if you register these places their cover is blown. How would an agency of that type ever really work if the government has them and their employees registered in an ever so safe SQL database on an insecure server somewhere huh?

*Snort*

If you get the chance, read the book. You too will be enlightened as to what is going on out there in the world today. You will not see things in black and white any more, that’s for sure. Oh, and if you are a William Gibson fan, you will undoubtedly have to stop yourselves and think “Shit, he predicted things to the T again!”

CoB

Iran arrests 30 accused of U.S.-backed cyber war

leave a comment »

(CNN) — Iran has arrested 30 people for waging what it called an organized, U.S.-backed cyber war against the nation, Iran’s semi-official Fars news agency reported Saturday.

Iran’s judiciary said those arrested were funded by the United States beginning in 2006 and that they planned to destabilize the country, according to Fars.

A State Department spokesman declined to comment on the report Saturday night.

The Iranian judiciary said that former President George W. Bush supplied $400 million for the cyber war project, Fars reported.

One branch of the project, dubbed the “Iran Proxy,” was capable of infiltrating Iran’s data banks, sabotaging its Web sites, and facilitating contacts between Iranian opposition figures and U.S.-funded media like Voice of America radio and Radio Farda, according to Fars.

The judiciary also said the United States used anti-filtering software during recent demonstrations against the Iranian government to wage psychological war against the nation, Fars reported.

Iranian media reported last month that individuals alleged to have ties with Radio Farda — which means Radio Tomorrow in Iran’s Farsi language — were among seven arrested by the Iranian government.

I just don’t buy any of this crap Mahmoud. I think this is more likely a pitiful attempt to explain away more arrests of dissidents in your country. There are a few reasons why I don’t buy it.. Let me explain;

1) You’re a liar and completely out of touch with reality Mahmoud

2) You and your hard line religious freaks just need excuses to make people who want freedom or more to the point, an honest election, disappear

3) $400 million to fund a program to get comms together for your detractors? Really? All they really would need is TOR and Gmail man

4) Umm if we want to infiltrate your databanks all we need to do is call the NSA

So Mahmoud, your really stretching here aren’t you?

CoB

Written by Krypt3ia

2010/03/14 at 17:30