11th
According to the BBC the 11th person has been arrested in Cyprus.
The FBI's case against an alleged deep cover Russian spy ring relies heavily on surveillance of their use of ad hoc Wi-Fi networks, bespoke software, encryption and the web. After a counter-espionage operation lasting several years, 10 people were accused on Monday of being covert agents of the SVR, Russia's foreign …
In the same way that we can ask for the arrest of somebody who has committed a serious crime here and then left the country, so can the Americans.
Achieving extradition is another matter entirely because evidence will have to be presented to show sufficient proof that this person would be charged with a crime. Unless of course you are subject to our wonderful, balanced 'agreement' with the Yanks, or the extradition is between EEC member states. In either case it would appear that extradition is all too easy and without sufficient safeguards in place.
It does sound completely daft giving this guy bail though. There can be few people more capable of getting out of the country after having their passport confiscated than a spy. And if there is any truth to the allegations (which seem fairly substantive) then you can also imagine that the Russians will be keen to ensure that he is nowhere to be found. Or they might be happy for him to be found once they've arranged for him to stop breathing.
"In the same way that we can ask for the arrest of somebody who has committed a serious crime here and then left the country, so can the Americans". What serious crime is this? None of them have been charged with espionage, only being "unregistered representatives of a foreign government", which is not even an offence in most countries; if the Americans choose to make it so that is their privilege but they shouldn't expect anyone else to humour them. ("Espionage" is generally not an extradictable offence either, but we'll let that pass.)
It's simply a trumped up load of propaganda. If I followed US politics I would probably be able to identify the domestic news story that this has been released to distract public attention from. Maybe the ten-thousandth death in Afghanistan or something.
Maybe the Americans asked friendly nations to detain him on the basis that he is wanted in the USA. Cyprus would probably expect similar cooperation in the event that they wished to catch someone who had broken their laws and then left the island. Ronnie Biggs went to Brazil precisely because they had no extradition agreement with the UK.
It's a shame when one country gets to decide its national interests are important to everyone.
Not that I condone what Ronnie Biggs did -- but at least, unlike a lot of other criminals, we didn't have to pay to keep him here. Is it cheaper to jail someone for life than to let them get away with it?
I should have mentioned @jake below that the spook motto "Never judge a book by its cover" has been co-opted by the Tabloids - "Never judge a News Organization by tits, covered."
Nice work El Reg setting everyone straight, if you will pardon the expression, well half of us, oh never mind.
1) Can that agent that is pictured please be my honeytrap?
No - she was already assigned to another guy but will now likely spend some years in the company of other women. There are others in Russia though but it may be best to avoid those wanting a career in espionage.
2) This is a little more James Bond than the usual spy guff. Where do I sign up and see point 1.
You did notice they all got caught, didn't you?
in this case the obvious is less obvious.
If some super encrypted non standard ad-hoc Wi-Fi network popped up every time two people get within 200 ft of each other it would stand out like a nuke at midnight.
However, using a USB Wi-Fi dongle for this, and only this, application would have been a better plan, or at least changing the MAC to a random/different value for the "secret" communications and then resetting it when done to avoid this kind of tracking. Using a one time MAC address predetermined according to a cipher key from another communications channel, like a FaceBook status message or other chat forum with a set of keywords and then the pass phrase would be even better.
Remember, the really smart ones never get caught.
Mine's the one with the USB dongle in the pocket. Hurry please, I need to get a cup of coffee in 20 minutes.
Though you would need to be clever as the first 3 octets in the address uniquely ID the manufacturer of the NIC (as they are issued in blocks like IPs). So to be plausible you would only want to change to trailing octets otherwise mister counterspy who can see who makes your laptop will know something fishy is up.
So much work for nothing: the ruskies could have just offered chocolate bars to the administration staff who work for the target company or departments and they'd have gladly given them their passwords. Simples.
They were a bit lack in their procedures though. If the laptop was configured as a standard vanilla windows system, it would have been open to the world and that's an easy defence of "I had no idea what windows was doing". The contact taking the info should have used a different MAC address rather than a fixed one or just passively recorded to the communications rather than establishing a connection. Amateurs.
So now we know what google was doing with their street-view wi-fi spy scanning global network!
But it's not so strange. It was only for buying a phone, I put down stuff like that all the time. Still it's probably not a great idea if you're trying to keep a low profile.
Though it also occurs to me that the clerk could have put that in after she declined to provide an address.
A Google search turned up the fact that an even prettier blonde named Anna Chapman is the girlfriend of an American billionaire. So at least the Russian spy network, if such it is, has not infiltrated that far.
Of course, it was discovering Russian spies trying to get their hands on the A-bomb that kicked off the last Cold War, and since the invasion of Georgia, we've been somewhat overdue for another one in any event.
She was apparently using her job as a "Venture Capitalist" as a front to get Silicon Valley contacts. All the sweet russian girls on her page will certainly get a nice little FBI visit the next days.
How the fsck can you be so stupid to pretend to be named "Chapman" and have 25 russian friends on facebook. Merkin spooks might be stupid, but not that stupid.
Yes, my name is Chapman, by the way and my facebook page contains 75 friends from Paris and three Merkins. I live in San Francisco and I am a venture capitalist. Want to submit any biz ideas ? I am specialising in funding ELINT and SIGINT startups. Also, I know the best frogfoot restaurant in SF.
The BBC reported her as being a divorcée. She didn't seem to be trying not to be Russian; her facebook name "chapmanania" suggests that Anna is just an anglicised version of Anna. She also posts in Russian quite a lot.
If her cover for being a Russian spy is being a Russian who isn't a spy...
Though the Beeb also said that none of the 'deep cover agents' have been charged with spying. They've been charged with being unregistered representatives of a foreign government. It's like James Bond meets The Office.
... FTW.
Or, try better procedures, such as going to different, busy, open Wi-Fi hot spots and sending each other steganographised holiday pictures via Skype?
If something works once, they get complacent and keep doing it without thought for possible countermeasures. These people need El-Reg commentards to act as consultants.
Or more to the point, they don't have to pay for spies, as sadly our corrupt officials in power just send our data to them to process as they want. e.g. http://www.theregister.co.uk/2010/06/29/swift_agree_approved/
Then again who do our corrupt short sighted idiots in power really work for? ... They act like they don't work for the people who vote them into power and they certainly are not protecting voters privacy, so they certainly don't have our interests at heart. So who do they really work for?
The art being that of an early (lean and hungry) Woody Allen contributing to the script of the original (and IMHO the best) version of the James Bond film Casino Royale. (Best beciause in all subsequent Bond films pretty much the only ones not taking it seriously were the actors).
Were it not for the fact that the action is occurring in America, I would say the FBI was having a private joke. Surely no-one else is trying to take down the FBI with this...?
"Fake Street is a street name used by Marge . After she cut off Homer's thumb, Marge called the police but Chief Wiggum jumped to the conclusion that Marge was a homicidal maniac and immediately asked for her address. Marge made up "123 Fake Street" on the spot in order to avoid arrest and hung up. Later, during Bart's skit, Bart and Milhouse get some firecrackers from a cave and hide in a building that happens to have the real address "123 Fake Street", leading to their arrest by the police as they follow up Marge's tip. "
http://simpsons.wikia.com/wiki/Fake_Street
Seems to have been some stenographic software for burying and recovering messages in pictures which was apparently not commercially available
Everything else seems to have been pretty much off the shelf.
Perhaps they should have sub contracted it all out to the sort of people of run botnets.
Nicholas Lyndhurst's bumbling MI6 operative character in the comedy The Piglet FIles, was called Peter Chapman!
Them damn Ruskies obviously wanted to avoid the usual James Bond cliches, so they watched an altogether more realistic portrayal of British espionage, The Piglet Files!
> Standard WiFi? No top secret technolongy in a USB stick from Qski's lab?
Believe it or not, it's actually a zillion times better to use hardware that is easily available, it's a little hard to explain away your uber cool flashy encryption device when the authorities find it.
Look up 'Number stations' for an example of low tech is still being used in Spy work (I pick up E08 from time to time):
http://home.luna.nl/~ary/
http://www.mikeandsniffy.co.uk/thesecretsiteofmike/num/russia/russian.htm
It's entertaining to speculate about what kind of software you would use to outsmart the FBI but as far as I've seen, none of the information released so far explains what tipped the feds off to the existence of these spies in the first place. It could just as easily have been some unrelated leak, or even info from a US spy in Russia. To me it sounds like they were actually doing a pretty good job of keeping a low profile.
It's just possible that the FBI routinely tails Russian government officials in the USA and take notes of other people who regularly feature in their surveillance.
It is also possible that they decided to check up on Vicky Paleaz, the Peruvian journalist who had regularly expressed opinions against US foreign policy and in support of Castro, Chavez, etc. She was filmed meeting a Russian government official in South America back in 2000.
Another nasty rumour was that the Russians gave up these people on purpose because they were getting expensive, had not found out anything not readily available off the Internet and were showing signs of becoming a bit too American. This way, the FBI would be kept busy and pleased with themselves following this lot about whilst missing some other rather more secretive and successful spies.
...that makes you want to divulge every last item about international relations? ><
Aww enough with the cloak-and-dagger games, though, didn't that all knock off with the Iron Curtain already?
But hey, alright, maybe it's kinda "retro" to see it coming up again - Russian spies in the US, I'm sure future game developers will be duly inspired by as much.
this balls up almost certainly came unglued via human factors. I.e., the way they monitored her WiFi connections was meaningless - because by that time they already HAD her and her Russian handler under physical surveillance, which is how they co-located them. And rumbling the steg programs only happened AFTER the FBI did a complete search of their houses - meaning they were already compromised. In short, the cool tech bits seem like mere evidence to prove what they already knew.
So the REAL spy story here is: how the the FBI get the human intelligence needed to get search warrants and conduct the expensive shadowing operation on the group? And where does that undercover FBI agent fit into all this? And did he get to get Chapman? These are the real stories...
Black helicopters, with hush rotors and laser doppler mics,,,because, well, it's obvious...
"...how the the FBI get the human intelligence needed to get search warrants and conduct the expensive shadowing operation on the group?"
Obviously, you are not aware of the proper procedures and safeguards in place for issuing warrants and initiating surveillance for counter-espi... sorry, counter-terrorism.
No warrant is required - unnecessary paperwork in the War Against Stuff, you know. Only domestic police forces investigating non-national security crimes need warrants (unless there are huge amounts of cash involved or political retribution). "National security" comes under the FISA board, whose proceedings are typcially not public.
In answer to your question - Foreign diplomats are routinely (but *passively*) monitored, especially if they find that a wireless AP moves around with the Assistant Under-Assistant to Honourable Ambassador X (note: just made that up). All they had to do was see who/what connected, and when the person just stands there across the street from a Starbucks for 1/2 hour at a time... well... Notice that the "foreign gov officials" are not named - diplomatic immunity, you know.
How could we do better, class?
How about wireless AP in suitcase while (known, diplomatically protected) operative walks around town across SEVERAL networks on different routes daily/weekly. Stenographic images are embedded in image sets "randomly" or huge sequential blocks downloaded from 0-day posts (or possibly pr0n) on overseas image servers. Download MUCH more than you really wanted, and never duplicate the images. TOR would be a good addition, too, as long as you set the exit point outside jurisdiction. Extra points if netbook generates random MAC adresses between connections (remember Orinoco Golds?). Bonus points if you set it up so two browsers both use TOR (or another encrypted proxy) but with separate exit points, giving the (casual) illusion that its the same session.
Exchanges could also be done using TrueCrypt (with hidden containers?). How about "image" files that are "corrupted" by having the last 1/2 or 3/4 of the image a small (150K or so) TrueCrypt container (which would appear to be garbage data)? Creating the file would simply be cutting the original off at a certain point, and "copy x + y z", allowing the same simple file cutter program to strip off the beginning of the "image" when ready to read...
Location of the starting point would be transmitted off-band (0-day posts to blogs, etc) as well as passwords (but not the same place, of course). Extra points if the other images in the "set" downloaded actually have (false) stenographic messages for counter-counter-espionage to those investigating. Bonus points if you pointed out that off-band locations could also include containers in spliced up image/pdf/video files. If you suggested that these lists of file urls would also be transmitted in images with embedded containers distributed in SPAM messages, you get a gold star. ;-)
And don't forget obvious distribution channels like "False Results Links Off a Phony Search Engine"(tm), linking to any location images might be uploaded that could include stenography or "corruption" - well known auction sites, holiday snaps, social networking, etc. Simply having a message in the comments, etc. saying "for more information contact [insert real cryptographically secure email here]" and using the email address for the password would suffice.
Of course, having a non-public, non-commercial stenographic package (as found by the FBI) used for false messages on the same or other files with other stenographic (true) messages encoded from a publically available stenographic site (accessed through TOR, etc) would also draw away attention from the real messages...
This is all just off the top of my head, mind. Of course, I may be available for consulting :-). But why advertise if I am "anonymous"? - if you are in a position to pay me, you would know who I am, anyway.
The fine folks at Gazprom likely have a much more effective network that is extensively greased with cash, natural gas, and oil. They have large portions of Europe and Asia on a short leash. The former oligarchy is controlled by Putin, et al. Do they truly take this sort of operation seriously these days? It's a wonderful way to generate headlines, certainly, but I can't see it being something other than part of very large and old machine being maintained by life support, should it need to be resurected.
Hmmm... combine the two, and then we're talking. A wonderful creature like big red (pictured), cash, lots of oil, we'll forgive any natural gas incidents, et voila! As soon as Berlusconi becomes the US president, it's a done deal.
Oh, and of course, I for one, welcome my new KGB handler-ette... ahem.
.. or does this sound like people trying to get caught. I'm guessing that if they didn't get picked up by the feds this time she would have brought a phone under the name 'Anna Spy' and an address of ' 1 Spy Street, Spy City, Russia'.
I mean, they didn't do live transfers in Smiley's day why start now. And for Christ's sake taking a laptop to Russia to get it 'seen to'. Never heard of Gotomypc?
Decoys perhaps?
Are we not (most of us at any rate) taking the FBI's account at face value? There are often several aspects to this kind of game and one of them is that there are people in both Washington and Moscow who for their own seperate reasons do not like the fact that Medvedev and Obama have decided to improve the atmosphere between Moscow and Washington. Another aspect is the sheer incompetance (alleged) of these long term sleepers. The Russian secret service is after all simply the Russian section of the old KGB about whom one could of course say a great deal. However, they were not exactly known for being incompetant dickheads like this gang apparently were. The whole thing looks like some kind of game of charades. Who is playing and why....., well your guess is as good as mine.
Just as an example of what I mean by "charades" in this context is the following possibility. We know that there are forces in both Moscow and Washington who (each for their own politcal reasons) do not want an improvement in the relationship between Russia and the US. It is certain that they would know perfectly well how to get in contact with one another and would be equally capable of arranging an "incident" (on a devil's alliance basis) that served both their interests. The whole thing could perfectly well be that kind of stunt.
I really hope the FBI aren't using NetStumbler - that's an active scanner. It sends packets out at regular intervals. I'd pick up that someone was using it in a jiffy.
Kismet is a much much better option for this sort of thing. Fully passive. Plug in a wifi card to your PCMCIA slot and set kismet to put it into RFMON mode and scan and record every packet within range and monitor the activity (it'll see shit like NetStumbler no problems bumbling around like the active muppet it is). Then use your regular wifi card to do the spy SIGINT stuff.
I assume that el reg was just having a guess about NetStumbler - because surely the FBI/NSA know what I've just said in much greater detail than I do.
I'd tell a commenter who said that to RTFA, but I gather you were the one who WTFA. ;-p
"On one occasion in April, the Russian government official, who was based at the UN, rumbled his surveillance team, according to the court documents. He returned to his office and only one of the usual MAC addresses, allegedly belonging to Chapman's laptop, was observed trying to communicate."
Clever Russian official -- he spotted Netstumbler without even booting up his laptop! This Russian technology is incredible. Where can I get some?
...or perhaps he just spotted the person tailing him.
In the years between the collapse of communism and the realisation that Russian has something the US might want (Duh! Oil), lots of Russians found imaginative ways of skipping grinding poverty.. especially the pretty ones.
Ask an average Mexican illegal if they’d spy for Mexico and you’d get the same response.. come to think of it.. ask the average Sex-in-the-City wanabe if they’d do someing more dangerous than causal sex…
Isn’t this just Heisenberg Uncertainty principle.. or maybe the spooks are up to something else completely
But one of the SciFi shows around that time had an episode with Larry Crabbe (the original Buck Rogers from the washing up liquid bottle and fireworks days) as a guest star. Logically it would have been Buck Rogers but could have been Battlestar Galactica.
Yes it is *very* sad that I can still recall stuff like this. I shall take my anorak down the pub. I may be gone for some time.
In all I have heard and read about this young woman, she certainly appears to be very attractive, wealth-motivated, and not a little vain (with a remarkable talent for embellishing the truth) but I fail to see how that makes her 'saucy'.
Is this just an El Reg thing - as in, "She's a young woman therefore she must be 'saucy'"? I assume Vicky Peláez isn't 'saucy' - for reasons that arise from an equally honourable chain of logic?
I'm almost tempted to apply a Paris icon to this comment, with a message to the effect of "Paris, because I gather that she's a woman, too", but having never used a Paris icon, yet, I'd hate to break a winning run.
Ad-hoc wifi? That's almost as bad as using signal flags - no regular humans use it, so it would stand out pretty obviously.
And not using something along the lines of macchanger? Even in Windows you can generally change your MAC address trivially.
And then there are about 9000 more covert ways to communicate with wifi - how about you get some Apple laptops, and craft custom MDNS/Bonjour packets to encode your data over a standard public hotspot. Any given Apple device spews those packets continually to the local broadcast address - nobody knows the intended destination!
Or how about you get Windows machines and encode information in wifi probe request packets, which the average Windows laptop also spews constantly when not connected to a network.
And yes, I hope that the feds were using Kismet... but I wouldn't be surprised if they were trying to pull this sort of thing off using Windows.
Just a quick update, I'm from Cyprus and on the latest evening news the guy has jumped bail (which was expected) and the police have issued an arrest warrant.
My guess is that he's either sought refuge in the RU embassy (which is right across the street from the US embassy by the way) or trying to escape through the occupied north.
Letting that guy out on bail may have been a superb idea! According to the world service, he's already disappeared. Ooops!
Those sounding surprised that spies may be surprisingly lax in security should read some spy history. Kim Philby sent reports by post to a safe-house in Paris. He was over there one day and decided to take a look at the place (already poor trade craft). To his shock, it turned out to be the Soviet embassy! The KGB were too cheap to rent somewhere, even for one of their best ever agents.
It seems that redhair is a spook requirement.
"It has also been reported that Metsos spent his time on the island before being arrested with an attractive, red-headed lady. The receptionist at the Atrium Zenon hotel apartments where he was initially staying said the two acted like any tourist couple, mostly going to the beach."
And in true Bond fashion, maybe there was a Russian submarine off the coast as well involving clandestine underwater intelligence exchanges. (along with obligatory scuba-spear gun fights)
http://www.cyprus-mail.com/cyprus/vanished-spy-jumps-bail/20100701
Russian girls often use Henna as hair colouring - hence the popularity of that red colour. You may also have noticed that Anna Chapman was also blond in one of the popular photos from her Facebook pages.
BTW A few people seem confused about her surname. The big surprise is that she changed her name when she got married (apparently to an English guy) - her maiden name was Kuschenko. As for the first name, the transliteration of Russian into English or other non-Cyrillic languages tends to leave some flexibility about the exact spelling - hence Anna, Anja, Anya, etc.
Perhaps this 'gang' were all decoys. It's a simple enough process - get the FBI to waste all its time and resources on a bunch of apparently hopeless spies, in the hope that they don't notice the real spies operating under their noses...
It's a similar method to that used by Nicholas Owen, the priest hold builder back in the days when English Catholics were persecuted. First, you build a 'fake' priest hole, which is cleverly concealed but also 'safe' to discover. The searchers would find it, open it up, find no-one there, and continue on their way. But unbeknown to them, this priest hole concealed the entrance to another... For example: a fake fireplace in a room. Investigators would notice the fireplace without a fire or chimney, so climb up it into the attic, where they would (hopefully) fail to notice the attic had a fake end wall...
"....the new machine was needed "due to [Zottoli's] laptop "hanging"/"freezing" ..."
and not single comment about "....should have been running Ubuntu 15.6 Secret Squirrel...." or " ...wouldn't have happened on the Apple i-spi..."
Are you sure the comments pages haven't been hacked?
Now look here, el Reg. It would have been perfectly possible to report the story without demeaning references to the physical appearance of one of the spies in question. Nothing in the story depends upon her comliness, or even her gender at all. It is completely irrelevant to the facts.
But I would not have missed it for the world. Phoarr. Keep it up, lads!
Need to clear up a few misconceptions people have. Not going to bother to list the poster's id's.
1) Use of USB stick
Pointless. The whole point about the exchanges that took place between the agent and her handler are that it was intended to be non contact based.
A USB stick would have required very close interaction (physical proximity) between the two parties or exchanged in the form of a dead letter drop.
WiFi is a great way to exchange the information at a distance.
2) Use of an adhoc wifi network didn't catch them, didn't cause them to be caught.
Wifi is very limited range.
They must have been on the radar (watch list) of the FBI first, and then having suspicions, intel on them already, then go to the coffeshop with a wifi -sniffer.
Not spoofing MAC address's wasn't the cause of them being caught, it just helped make things easier for the FBI and helps build a stronger case by demonstrating that it was the same two people (or laptops) that repeatedly set the network up.
3)Encryption over Wifi
Wasn't particularly necessary, as it's such short range and time duration was very limited: it was an adhoc wifi. Highly unlikely anyone would have tried to connect to it, highly unlikely anyone would have been running packet sniffers in the coffeeshop or within the vicinity of it - except the spooks.
Using technology (and not taking sufficient precautions) in this instance was't the cause of the people being caught..they must have been under investigation already by the FBI.
"On nearly every occassion the FBI observed the same two MAC addresses communicating via ad hoc Wi-Fi."
No shit? Not a word about amount or quality of so called communication while some of us know that any windows-machine put in any network broadcasts several times in a second and all machines which hear, respond. That's "communication" as FBI tells us, but totally automatic and no data to user level is exchanged.
Standard FBI word play where they can't prove anything but have to publish results due the political pressure. Just like Soviet Union: We suspect you thus you are guilty, we are not suspecting innocent people.
I was listening to this on the car radio (broadcast by a commercial radio station, nothing sinister) going home yesterday and they had this snippet from Chapman’s arraignment.
She had been give a fake passport by an FBI undercover agent, and told to deliver the passport to somebody; instead she went to the police and handed over the passport to the police.
This, the prosecution claimed, was proof she was a spy, as she only handed over the passport to the police to try and prove she was not a spy. Presumably if she had delivered the passport to where she was supposed to deliver it would have also proved she was a spy.
BB would be proud of logic like that
Of course the other shocking news to come out of this story is that someone exaggerated their work experience on their CV (resume to 'merkins).
looks a bit older than the rest of this bunch.
*If* he really is some kind of intelligence officer (IO's are *employees* who get a payslip, agents are recruited. Might get paid, might not, might believe in the cause, might be being black mailed. Like the Mafia, if the fecal matter hits the air distribution system and you're not a made man it's a case of good bye and good luck). He looks like someone from the old school with a backup passport and a bag of cash handy just in case.
BTW What happened to the cell system with no one knowing more than 2 others? On the arrest total there are nearly 4 cells here. Given they *should* be completely separate the only ways the FBI could have bagged them all would be through their comms or an informer on the inside. That is the conspiracy view.
Unless of course their security was so bad they all knew/met/ hung out together. This is the cockup theory.
Of course then there is the *really* paranoid conspiracy theory.
They are all *innocent* and this is either a US provocation (by a faction hostile to improved relations) to annoy the Russians or a Russian provocation (by a faction in Russia) to annoy the White House.
Mine will be the one with "The Tears of Autumn" in the side pocket.