Spy Planet – Tinker, Taylor, Soldier, People!

1659 0

The world of Spying and Espionage are in the mainstream considered to be very much associated with deep Military Intelligence and Secretive Levels Government Agencies activities. However, what often gets overlooked about such covert operations is they can and do implicate many more targets than one would consider to be a reality outside the pages of a good John le Carré novel. Now prior to me setting key-to-screen, I need to make it clear that all the following outlines are from my own personal experiences serving and entering the world of Counter Intelligence/Espionage post the directives out of, what was known as the Mr. David Calcutt QC Enquiry (Cyprus Secret Trails 1986).  The following observations are also from my travels and employment with big brand name Global Companies, and/or from a selection of assignments within Government institutions – I have however taken care not to move into the open path of the OSA (Official Secrets Act) thus avoiding some of the closer detail which may either expose or lead to other issues.

In my own case my CV is a little unconventional with my pursuits in the industry of IT (now Cyber) being born out of my RAF Service in which I operated within two highly sensitive areas concerned with SIGINT, COMINT and Satalite Intelligence. One in which I operated as the Systems Security Officer for CIA Secure Accredited Systems, up-to and including B1 Certification (remember that from the old Orange Book days). I was also lucky enough to visit in-country Agency Offices Washington DC on numerous occasions, and even found myself in one of the most secure SOC Complexes on the planet – NORAD located in deep within Cheyanne Mountain, Colorado – as well as some other activities which I will refer to, but not disclose in detail – See Fig 1 – NORAD.

Fig 1 – NORAD

The Mirror Tiles – Military HUMINT Targets:

Reading a book written by Luke Harding prompted my reflection from the past about the Russian MO (Modus Operandi) of compromising their targets in the fashion of Black PR – the fact of the matter is however, anyone who has any value, be that Military, Governmental, Academic, or Commercial are a potential prospect target. In the case of the Mirror Tiles, I had a short-term attachment to a team working in the area of down-town Berlin which was in close proximity to a very sensitive RAF Signals Unit. Thus, the potential to entrap and compromise an individual in the truest sense of HUMINT (Human Intelligence) was a potential high gain operation. In those days around the time the Berlin Wall was under deconstruction there were many bars and outlets providing ‘services’ to the passerby Serviceman. For example, the then, infamous Mon Cherie Bar located in the heart of Berlin. However, on this visit, the location of interest was a little seedy place located on a side-road which hosted a bar, and several other activities of interest. Upon paying the entrance fee, and entering the premises, the guests ticket stub was entered a raffle – the prize was to spend some private time with the young lady tending the bar. As it happens, when the draw took place a number of those in our party won the prize – which was not taken up. But given we were in a room of mixed nationalities, it was clear we had been specially selected as the Bar Manager was overheard to comment ‘fu….ing English’. Later that evening when the bar was busy, we managed to get a look into the room which was accommodated with a mattress on the floor, but of more interest to us was the recording devices hidden behind the mirrored tiles! Make no mistake here, those days of KGB activities have not gone away, they have just migrated into the ownership of the FSB – and they are very active!

The Honey Trap – Economic HUMINT:

Whilst I was working in a security role for a large Commercial organization located within the Financial Service Sector, I again had occasion to brush shoulders with the activities of the Russian MO. On this occasion, my company was looking to work with several Russian Banks and had thus deployed a Territory Manager (ex-services) into the region to take up the pivotal role. The project started off to suggest it was going to be problematic with several, what seemed to be at the time, opportunist snatch-thefts on the Russian Metro Systems of Laptops. However, the regular frequency soon inferred otherwise. From this point onward, our Territory Manager took to storing all the business-related documents on a USB Thumb Drive which was safely hung around the neck. However, the levels of cunning never ceased – after an extended term on site in Russia, at the end of one fact-finding mission, the Territory Manager was to be taken out to lunch on the last day on site. Given the concern for the sensitive information held on the, now in hand laptop, it was placed in a locked room within the facility for safekeeping whilst they attended their lunch – Upon return the Laptop was missing. At the end of this corporate venture, our man-on-the-ground would seem to have been still in the cross-hair of the local security community, and thus was compromised by some form of Honey Trap and was recalled back to the UK – In fact, after our traveler returned, they commented that on more than one occasion they had felt that they were under surveillance whenever out in the open. As far as I was aware at that time, soon after the representative returned to the UK, the venture in that region closed. Remembering here that, one of the main targets for Russian Intelligence focuses is that of the Economic and Financial interests.

The Noisy Laptop – Hacking Government Targets: 

In one of my privileged roles, we had an MP who was traveling to China on some form of Trade Mission. As sort of a localized Pressure Brief this very Senior MP was advised of the many dangers associated with traveling and working within that region – one of which was the collocated Cyber Risk to any assets they were carrying with them on their visit. Some time later, one of the Network Engineers noticed that there was a very aggressive polling taking place on the in-house network, sending out what looked to be malicious packets. The source was tracked down, and as it happens it was our Senior MP who had just returned from his overseas visit and had connected their Laptop to get their updated communications. At juncture one of the Security Team was dispatched to investigate the matter and asked the MP in question why they had ignored the instructions they were given prior to their visit. The answer was a revelation, when the reply was ‘I never took my laptop out of the bag at any time, when in that region’. Work it out for yourself, but whilst the Laptop had been left alone in the Hotel Room, it had clearly been a technical subject of investigation for a member of the Hotel Team who had access to the room, and skills to place on the device the required malicious package!

Who Moved my Stuff – Commercial Espionage:

Here we are looking to a joint venture between a large US Company, and that of an organization located in France. This joint venture was classified as sensitive from the outset, as both sides had some valuable IPR they wished to protect, and to say the least, the element of trust (to be later confirmed) was not all it should have been. However, the US Team had been again briefed, and made aware of the potential and implied dangers associated with this task, and so basic Counter Surveillance measures were taken to assess if such in-country dangers existed. After a day or so on the site of the in-country office, one of the team returned to their room, and checked the proximity for any indications of tampering, or to put it politely nosiness – and a number of placement-traps had been sprung, as well as some other minute invisible markers that had been placed in notebooks (which were only visible when dropped onto a black mat (they were in form of particle)). So, here again, proof that even in the most of opaque of commercial ventures, the other side may always be looking to gain the commercial advantage and get something for nothing.

Beijing Olympics – The Travelling Public:

Way back in 2008, I got myself into a lot of hot water when I was the first person to come out in the open, and to blame China for its activities post the Titan Rain Attacks:

https://wiki.nus.edu.sg/display/cs1105groupreports/China+Blamed+for+Cyber-terrorism

On that occasion I was giving a presentation at the British Library in London when a question was posed as to the possible culpability of the Chinese Government in relation to the Titan Rain attacks on London, Germany and the US. My response was ’Given that China has one of the most monitored, watched technical environments on the planet, it must follow that there are only two considerations here:

  1. The activities are being conducted under State Sponsorship
  2. That the activities are allowed in the form of a State Turned Blind Eye Operation

The problem was however, my untimely announcement, whilst receiving the gratitude from a member of the then, Computer Crime Unit who thanked me for the public revelation – added it was politically sensitive as it was prior to the Beijing Olympics and so had upset the Chinese Government.  Now as we know, the danger out of the region is widely known and discussed, but I can assure you to be the one that ‘outs’ such dangers carry baggage!

As a spin of from this, my contact in the Computer Crime Unit shared with me the fact that, they were concerned that there were many British, and other Internationals traveling to that region who had a high probability of being compromised through Public WiFi Access Points – but then, once again, politics were allowed to override security at the potential expense of the masses!

Dark Hotels and Public Access Points:

There has been much speculation about Dark Hotels. AKA public places offering up free or paid-for WiFi services which may be leveraged to spy on their user base. However, from conversations I have had with end-users, this seems to be a logical danger they are not well versed in, and in most cases, as far as the end user was aware, have never experienced such a personal exposure. And yet, in my own travels, with the employment of some very basic tools, I have located such exploitative outlets in the City of London, and other locations who are boasting 4 Star ratings, with their guests ranging from UK Residents to International travelers all of which are using the in-house hotel wireless infrastructures to carry out their personal, and business related browsing.  At Fig 2 below is an example of such a Dark Hotel Access Point which ran into 32 pages of the hosted collocated malicious applications, remote login applications, and many other tools which should be deemed inappropriate to be installed on such a wireless network being hosted for the use of the Hotels clients. For example, Back Orifice, Deception Toolkit, and here, one example of a Background File Transfer Program. The targets here represented by, anyone and everyone who have, or who are utilizing this service. If I can give but just one tip here, always, always use a reliable and robust VPN when using Public WiFi environments – e.g. ProtonVPN (https://protonvpn.com/)  

Fig 2 – Dark Hotel – Public Access Point

Everybody is a Target:

 In 2018 it was discovered that at least half a million end-point routers in homes, and offices had been injected with the malicious agent known as VPNFilter which originated from the hacking group Fancy Bear out of Russia. The objective of this malicious agent is to Spy on the infected device, to glean personal user information, block network traffic, and to, on occasions render the router inoperable. So here we see that, no matter the social or technological position, everyone is of potential interest! The good news is, to remove this malicious code, simply turn off your router at the mains for just 30 seconds, and the adverse misconfiguration will be removed.  

So, what is the real level of risk? Well with the backdrop of the known knowns of State Sponsored Cyber Activities falling under the Russian Flag of the FSB, in the form of their very active Information Security Center (TsIB) we should all be concerned. Add to this the doctrine of the Chinese written in 1999 by two Colonels Army, Qiao Liang and Wang Xiangsui of the People’s Liberation Army entitled Unrestricted Warfare – a book outlining the military strategy, and the leverage of technologies to defeat a superior opponent through a variety of means. On this basis, we should at least start to appreciate the global implications – and that said, this outline is without even introducing the speculation relation to the Trump/Putin relationship and the associated global geopolitical implications. But I hope one may start to get the image of a world of economic, and other associated snooping dangers which are in place which may cause an imbalance of Corporate, Political or Economic stability, forced by the acquisition and leverage of information, including in the most flexible friend-format of all – Black PR (extortion).

There are several other very interesting cases I could share with you, but fear that the inside of the Tower of London may still have room to accommodate at least one person in secrecy, so I shall refrain in the interest of personal liberty. But just remember, any form of Intelligence, albeit Military (obviously), Economic, or Commercial will always have a value that is not completely understood by the owing entity – which means that, no matter how unimportant you feel your assets are, someone, somewhere may have other ideas – so take care.   

 

Professor John Walker
john_walkerVisiting Professor at the School of Science and Technology at Nottingham Trent University (NTU), Visiting Professor/Lecturer at the University of Slavonia [to 2015], Independent Consultant, Practicing Expert Witness, ENISA CEI Listed Expert, Editorial Member of the Cyber Security Research Institute (CRSI), Fellow of the British Computer Society (BCS), Fellow of the Royal Society of the Arts (RSA), Board Advisor to the Digital Trust, Writer for SC Magazine UK, Originator of DarkWeb Threat Intelligence, CSIRT, Attack Remediation and Cyber Training Service/Platform, Accreditation Assessor and Academic Practitioner and Accredited Advisor to the Chartered Society of Forensic Sciences in the area of Digital/Cyber Forensics.
Twitter: @SBLTD 
John Walker is also our Expert Panel member.  To find out more about our panel members visit the biographies page.

Professor John Walker Web Site
In this article


Join the Conversation

Join the Conversation