Spycraft. - LightNovelsOnl.com
You're reading novel online at LightNovelsOnl.com. Please use the follow button to get notifications about your favorite novels and its latest chapters so you can come back anytime and won't miss anything.
"The lens is with the fish, you find it." Her tone was not amused.
The case officer looked at the fish. All were the same, dried, and some nearly translucent. He picked up several and examined. There was no way he could even imagine where the lens might be.
"I can't."
The agent began picking up fish and rubbing each between her fingers.
After handling several, she announced, "Here it is." She peeled off the dry skin and tore open the fish. Out popped the lens.
The lens had been inserted through the mouth into the belly of fish. The expandable cavity was long and large enough to hold the lens but the lens itself was not so thick as to distort the fish's appearance.
"This will be a lot safer than your Band-Aid. They will never inspect these fish which are like what everyone takes into China," the courier a.s.serted.
The case officer could only agree and thought of lyrics from the musical The King and I: The King and I: "When you become a teacher, by your students you'll be taught." In this instance, however, when you become a case officer, by your a.s.set you will be taught. "When you become a teacher, by your students you'll be taught." In this instance, however, when you become a case officer, by your a.s.set you will be taught.
The operation was successful and the lens reached the agent as planned.
TSD produced a more user-friendly microdot viewer, the "114 Reader," that was about the size of two pencil erasers. It unscrewed so that the dot could be placed between the two halves and viewed. The superior optics and larger size of the viewer made it more popular with agents but also more difficult to conceal.
The largest of the CIA's microdot viewers was the "little telescope" (about the size of an unfiltered cigarette) with an internal telescoping section for magnification up to 150 times. The viewer was more powerful and easier for agents to use than its predecessors, but it was much larger. If detected it was clearly recognizable as a piece of spy gear, but the little telescope was still small enough to be concealed in a pack of cigarettes or a modified fountain pen.
In 1983, the CIA recruited Soviet Colonel Vladimir Mikhailovich Vasilyev in Budapest and a.s.signed the codename GTACCORD. GTACCORD. To communicate with him after his return to Moscow, OTS perfected a new technique of sending messages using a Hewlett-Packard computerized laser-engraver. The technique allowed the CIA to etch a microscopic message into the black borders of features inside the February 1983 issue of To communicate with him after his return to Moscow, OTS perfected a new technique of sending messages using a Hewlett-Packard computerized laser-engraver. The technique allowed the CIA to etch a microscopic message into the black borders of features inside the February 1983 issue of National Geographic National Geographic magazine. magazine.34 The hidden message in the ruled line was invisible to the unaided eye, though readable with a 30x magnifier. The hidden message in the ruled line was invisible to the unaided eye, though readable with a 30x magnifier.
The laser-engraver burned away microns of ink to leave a message that had characteristics of a microdot but did not require the additional stages of development and precise handling. By etching the message on an advertis.e.m.e.nt in a popular magazine to which GTACCORD GTACCORD had normal access, there was no link back to a specific agent should the presence of the message be detected. The secret message contained the internal commo plan for had normal access, there was no link back to a specific agent should the presence of the message be detected. The secret message contained the internal commo plan for GTACCORD GTACCORD to contact CIA. It read: "Your package should always be in a waterproof wrapper placed inside a dirty, oily rag tied with string . . ." to contact CIA. It read: "Your package should always be in a waterproof wrapper placed inside a dirty, oily rag tied with string . . ."35 The commo plan worked. Colonel Vasilyev spied for the United States for three years until he was betrayed by CIA officers Edward Lee Howard and Aldrich Ames in 1984 and 1985. Vasilyev was arrested in 1986 and executed in 1987.36 One laser-engraving effort left an enduring olfactory memory with the OTS techs. In this operation, the covert message was placed on a border line of an advertis.e.m.e.nt for fancy chocolates in a gourmet magazine. The advertis.e.m.e.nt was printed with newly developed "chocolate-scented ink" and when the laser-engraver began burning the ink to embed the message, the entire OTS lab took on the smell of fresh-baked chocolate chip cookies.
Another reduced-image technique involved photography that used a sensitive, fragile emulsion layer of film. This plastic wrap-like substance could be separated from the thicker cellulose base of some types of film. Called "soft film" by the KGB, it was one of the most usable methods for clandestine communication even before World War II and saw use extensively throughout the Cold War.37
In the 1980s, OTS developed laser-engraving for clandestine communication. This was used by CIA agent Colonel Vladimir Vasilyev in Moscow. Left: Cover of National Geographic National Geographic magazine. Right: Inside page of the magazine showing location of the line containing micro-engraving, mid-1980s. magazine. Right: Inside page of the magazine showing location of the line containing micro-engraving, mid-1980s.
Typically, a frame of soft film contained the image of a single page of text, which could be produced in a variety of sizes. Although a frame was much larger than a microdot and more vulnerable to detection, it was much easier for the agent to use. Larger examples could be disguised as photo protectors inside a man's wallet or the s.h.i.+ny coating of a postcard such as was used by George Saxe's agent in the late 1960s. Pieces of the pliable film could be rolled into tiny cylinders as small as the size of a matchstick, concealed in such varied household items as a hollow pencil or a ballpoint pen refill, or sewn into the lining of clothing, and then read using a standard magnifying gla.s.s.
Kalvar, a commercial product developed as an alternative to traditional microfilm, represented one of the OTS's most successful special films for reduced-image photography. The company that first manufactured it ceased operations in 1979 but other firms continued making Kalvar for OTS.38 In operational use, the advantage of Kalvar was that it could be handled and processed in normal room light, did not require special chemicals, and was developed in boiling water. In operational use, the advantage of Kalvar was that it could be handled and processed in normal room light, did not require special chemicals, and was developed in boiling water.39 Ultrathin-base (UTB) films were used for the subminiature cameras provided to agents and officers for clandestine photography; the thinner backing (base) allowed a standard film ca.s.sette to contain hundreds of exposures and increased the volume of information pa.s.sed in a dead drop exchange. UTB film could not withstand the rigors of pa.s.sing through automated processing and developing equipment, however, and required OTS techs to hand roll, spool, and later process the exposed film at remote field photo labs. The combination of UTB film and reliable OTS subminiature cameras produced some of CIA's best Cold War intelligence.
For further enhancement of operational security for clandestine photography, TSD developed special processing film (SPR) that looked and performed exactly like a standard ca.s.sette of 35mm film. However, after the film was exposed, any attempt to develop the images by a person without knowledge of the counterintuitive steps required, would result in a completely black or transparent strip on any part of the film that was SPR treated. The advantage of SPR film was that the agent could photograph secret doc.u.ments and keep the film in his camera with the knowledge that even if it should be searched and the film processed, the compromising evidence on the roll would not be discovered.
During operational meetings, both the agent and handler would make and retain written notes for reminders, specific instructions, phone numbers, and names. Because the notes were sensitive and potentially compromising, a means to destroy the notes quickly and thoroughly, if necessary, was required. OTS developed a variety of secure note-taking capabilities for protecting such information.
Water-soluble paper was produced by a small CIA-owned paper-making machine and cut and bound into forms required by operations. Visually, the special paper resembled thin copy or tracing paper although it could also be made in a variety of weights. When dropped in water or any other liquid, the paper, together with the ink or pencil markings, dissolved immediately. Splas.h.i.+ng water on the soluble paper left an instant gooey remainder that could not be restored to recover the original writing.
The CIA agent Ryszard Kuklinski had a pad of water-soluble paper onto which he copied his exfiltration plan to study and memorize. The original plan was pa.s.sed to Kuklinski on a microfilm that he kept hidden. However, by copying the plan on water-soluble paper and taping it beneath his kitchen cabinet, it was more readily accessible and Kuklinski felt confident he could destroy the information quickly if necessary by dropping it into a waiting pan of water in the kitchen sink.40 A case officer driving through a city to identify new dead drop and signal sites would need a way to make notes but also required a quick destruction method if stopped by local police or involved in an automobile accident. Water-soluble paper and a handy bottle of water provided the solution. If a problem arose, the water could be doused on the notes, reducing them to a mushy residue.
An alternative was flash paper, a form of nitrocellulose that burned quickly and completely with a bright flame without smoke or ash. Any printing or writing on the paper would be destroyed when ignited. Because agents and case officers often smoked, a lit cigarette could be used to ignite flash paper carrying operational notes, one-time pads, communications plans, and other sensitive material. The effectiveness of instant destruction was offset by the reality that the "flash" of the ignited flash paper would a.s.suredly attract attention, limiting its operational use.
Another option available to case officers was the so-called more-or-less-invisible (MLI) writing instruments developed by the chemists in OTS's secret-writing program. The abundance of ballpoint pens and other plastic products in the 1960s led the scientists to coat commonly available plastic items with special chemicals. The treated items, when used as a writing instrument, left invisible traces of the chemical residue on paper that could subsequently be developed and read. While a casual observer would see nothing on the paper, professional techniques could detect the presence of secret writing.
Only imagination limited the variety of plastic that could be used. MLI chemistry could be applied to eyegla.s.s frames, caps on ballpoint pens, plastic key fobs, credit cards, and even the plastic toothpick on commercial models of the Swiss Army knife. Case officers using an MLI device to "write" invisibly on a piece of paper could carry those safely until returning to the station where a tech developed the notes.
TSD answered a request from the Directorate of Operations in the early 1970s to provide a secure system that would allow a case officer or tech to record and store operational notes on a tape recorder. OTS modified small commercial Sony stereo tape recorders by adding an additional, or "third track" recording head. In use, the tape recorder would function normally to play tapes filled with local music in two channels of stereo. When an officer wanted to record operational notes, he activated a switch OTS had built into the recorder and turned on the secret recording head for the third track. The audio would be recorded on the tape, but on a track that was unreadable on any nonmodified tape recorder, and only an operational listener would know how to activate the switch to listen to the third track.
In a variation on the concept, the clandestine communication branch of MI6 created a similar covert system. Former MI6 officer Richard Tomlinson described it: .
The essential feature of these gadgets is that they are noncompromising, i.e., they are identical or virtually indistinguishable from commercially available equipment. Pettle recorders were particularly ingenious. Any normal audioca.s.sette has two tracks running parallel to each other, one for each side of the ca.s.sette. Pettle recorders exploit the unused part of the magnetic tape, which lies between the two strips. [We observed] an ordinary personal stereo, which played and recorded on both sides of the tape like an ordinary machine. But turning it upside down tripped a microswitch so that pressing the STOP and RECORD b.u.t.tons together made the machine record over the central track, while pressing STOP and PLAY together made it play back the recording.41 .
Codes and ciphers play essential roles in successful covert communications systems. A code obscures the meaning of a message of any kind by subst.i.tuting words, numbers, or symbols for plaintext (the unencrypted text of the message). A single symbol could represent an idea or an entire message. The signals made with chalk, lipstick, or a thumbtack to initiate a dead drop sequence were examples of codes while the message concealed inside the dead drop had the added protection of a cipher. A cipher represented a particular type of code in which numbers and letters were systematically subst.i.tuted according to a prearranged plan. Ciphers used a key to convert the plaintext message.
Probably no piece of spy gear was more often issued or more reliable than the one-time pad. OTPs, the only cipher system that was known to be theoretically unbreakable, were composed of one or more pages filled with random numbers arranged in groups of five.42 Only two copies of an OTP were produced-one copy for the agent and one for the handler. To maintain the security of communications, the OTP page and all notes from using it were to be destroyed by the agent as soon as the working session was completed. Only two copies of an OTP were produced-one copy for the agent and one for the handler. To maintain the security of communications, the OTP page and all notes from using it were to be destroyed by the agent as soon as the working session was completed.
OTPs had great advantages and were praised by both agents and handlers. One OTS tech who ran operations in Moscow for two decades stated, "OTPs didn't let us down. They didn't leave you or the agent wondering if the communication was secure." OTPs proved to be the best covcom security available during most of the Cold War; agents had immense confidence in the security of the OTP system because they understood that even if the message was discovered, its contents would be illegible and there was no link to the agent. The difficulty with the system was that OTPs were immediately recognized as spy gear if discovered, and since only used once, they had to be constantly resupplied through dead drops.
The one-way voice link described a covert communication system that transmitted messages to an agent's unmodified shortwave radio using the high-frequency shortwave bands between 3 and 30 MHz at a predetermined time, date, and frequency contained in their communications plan. The transmissions were contained in a series of repeated random number sequences and could only be deciphered using the agent's one-time pad. If proper tradecraft was practiced and instructions were precisely followed, an OWVL transmission was considered unbreakable. The agent was able to use OWVL only to receive communications, but it had many advantages over secret writing or agent meetings. OWVL required no spy gear except a one-time pad, was generally reliable and repeatable, and precluded surveillance. As long as the agent's cover could justify possessing a shortwave radio and he was not under technical surveillance, high-frequency OWVL was a secure and preferred system for the CIA during the Cold War.43 The OWVL transmission consisted of a series of numbers, usually in groups of four or five. During the 1950s and 1960s, they were read by a man or woman, and in later years produced by an electronically generated voice.44 The numbers could be spoken in any language, usually timed to begin on the hour, quarter hour, or half hour, and were repeated hours or days later on the same or a different frequency. The numbers could be spoken in any language, usually timed to begin on the hour, quarter hour, or half hour, and were repeated hours or days later on the same or a different frequency.45 Facilities with giant antenna farms to broadcast OWVL signals to every country of operational interest were positioned at strategic locations in the United States and abroad. The sites served the dual purpose of handling CIA staff communications traffic as well messages for agents.
In the late 1970s, OTS and the Office of Communications began upgrading the OWVL system with the development of the interim one-way link (IOWL). This used the same broadcast stations and network as OWVL, but the agent's commercial shortwave radio was replaced by a dedicated IOWL receiver. The self-contained miniature piece of spy gear was a black box about the size of a pack of cigarettes and half as deep, including the internal battery. Its size made concealment relatively easy and it could be plugged into a standard speaker or operated with headphones. The primary benefit to the agent was the speed of receiving a message; the numbers were transmitted at higher speeds and then stored internally in the receiver to be recalled later. Decreasing the time an agent had to spend performing the covert activity of listening to and transcribing shortwave transmissions improved security and his efficiency; messages that previously had required the agent to listen and copy for an hour could be received in ten minutes. IOWL required the agent to possess and hide another piece of spy gear, but because it was technically equal to OWVL and offered advances in reception speed and an improvement in weak-signal reception, the system was widely deployed.
Short-range agent communications, known as SRAC systems, represented a technological revolution for covcom when OTS deployed the first units to agents inside the Soviet Union in the mid-1970s. SRAC enabled the agent and case officer to exchange information without being required to come into close proximity, or conduct a clandestine act such as loading a drop that might be observed. It also eliminated the risk of leaving sensitive material unattended in a dead drop, which might be discovered and traced back to the agent.
The original SRAC systems exchanged short-duration, encrypted radio-frequency messages of a few hundred characters in less than five seconds between two black-box transceivers. An agent carried a pocket-sized SRAC unit in his coat and "shot" his message at designated locations at any time, day or night. He did not need to know, or be concerned about, the location of the SRAC receiver, which could have been located in an emba.s.sy, a residence, or in the handbag of a lady standing in front of a department store. SRAC defeated physical surveillance by eliminating the requirement for agent and case officer ever to be in the same location. It was, however, potentially vulnerable to signal interception if an opposition service was monitoring the SRAC frequency at the time and in the area of a transmission.
Because SRAC could be initiated by the agent, the CIA then had a reliable capability to receive time-sensitive reporting and could immediately retask the agent with follow-up requirements.46 When military tensions between Greece and Turkey were at the flash point during the 1990s, senior CIA officers credited the near-real-time agent reporting through SRAC systems with preventing war between the two countries. SRAC was the princ.i.p.al covcom link between the CIA and General Dimitri Polyakov when the latter actively spied for the United States during the 1970s in Moscow, and later played a critical role in Colonel Kuklinski's successful 1980 exfiltration from Poland. When military tensions between Greece and Turkey were at the flash point during the 1990s, senior CIA officers credited the near-real-time agent reporting through SRAC systems with preventing war between the two countries. SRAC was the princ.i.p.al covcom link between the CIA and General Dimitri Polyakov when the latter actively spied for the United States during the 1970s in Moscow, and later played a critical role in Colonel Kuklinski's successful 1980 exfiltration from Poland.
The SRAC device used by Kuklinski was prepared for him under an OTS project code-named DISCUS and was known at the Warsaw station under the code name ISKRA.47 It was described as follows: It was described as follows: .
The size of a pack of cigarettes, it weighed about half a pound and had a keyboard and memory. Kuklinski could type in a message at home, place the device in his pocket, and carry it somewhere else. There he could push the transmission b.u.t.ton without removing the ISKRA from his pocket. The device had a small window through which a single line of text could be read, from an outgoing or incoming message. If he transmitted directly into the emba.s.sy, an alarm would sound in the Warsaw station. As a rule, Kuklinski was asked to leave a signal in the morning that he would transmit in the night, and an officer would take another ISKRA outside to receive the message.48 .
The OTS SRAC systems were an early form of text messaging. In the 1980s, receive-only digital pagers were introduced to the consumer market, and later enhanced in the 1990s with the capability to both transmit and receive messages. Once text messaging over cell phones was developed, the use exploded globally, with hundreds of millions of messages being sent daily. Both pagers and cell phones offered new potential for covcom and possessed added advantage that the agent did not require dedicated spy gear to communicate. However, these systems were particularly vulnerable to counterintelligence detection if not operated with the disciplined tradecraft needed to maintain their clandestine use.
As early as the mid-1960s, the CIA recognized the potential for using satellites for agent communications. The idea was that an agent with a small handset could beam his information to an orbiting satellite, which, in turn, would relay the data to a receiving site. By combining a satellite-send system with his OWVL, the agent could transmit and receive secret intelligence inside his home country without personal contact with a CIA officer. The capability, first deployed in the late 1960s under the codename BIRDBOOK, used low-earth-orbit satellites as "bent-pipe" relays for the agents' messages.49 Unfortunately, field realities limited the operational use of BIRDBOOK. Agents had only a five-to-seven-minute window to "shoot" the message to the satellite as it arced across the sky. Success also depended on a clear line-of-sight transmission path as well as the precise orientation and positioning of the transmit antenna. 50 50 Hostile counterintelligence services learned of the system and developed means to intercept the signal and triangulate the agent's position using direction-finding techniques. Hostile counterintelligence services learned of the system and developed means to intercept the signal and triangulate the agent's position using direction-finding techniques.
Despite its limitations, BIRDBOOK demonstrated that satellites, signal processing, and component technology could be integrated into a long-range covcom system. Over the next two decades, new generations of government and commercial satellites increased global coverage and signal processing improvements made lower power transmissions possible. Advances in electronic components, combined with an understanding of the tradecraft necessary for securely operating a satellite transmitter, addressed many of the problems at the agent's end of satellite covcom. A decade before satellite phones were available, OTS, with its industry and government partners, had created a similar covert capability for a small number of highly select CIA agents.
While appearing simple in concept, covcom systems, including the most sophisticated and technically advanced, are difficult to design and exacting in their use if they are to be employed successfully. Each technological advance, from the telegraph to the Internet, added another means of communication, but technical officers had to devise means of a.s.suring security and covertness before the technology could be used in clandestine operations. In the end, whether the secret message is written in the disappearing ink of Caesar's day or encoded in a radio-frequency signal transmitted by satellite, covert communication between agent and handler relies on both the technique used and confidence that the exchange cannot be detected or read by anyone except the intended parties. However, as the final decade of the twentieth century unfolded, covcom, like the other pillars of tradecraft, would be revolutionized by the electronic tidal wave of digital technology, steganography, and the Internet.
CHAPTER 25.
Spies and the Age of Information
The electron is the ultimate precision-guided weapon . . .
-DCI John Deutsch in Senate testimony, June 25, 1996 In mid-December 1991, the CIA's Soviet/East European Division held its annual Christmas party. The mood was especially jubilant and attendees, including their OTS colleagues, received a campaign-style lapel b.u.t.ton depicting the red Soviet hammer and sickle; beneath the red star were the words THE PARTY'S OVER.1 Without media coverage, on December 31, 1991, a small detachment of Red Army soldiers marched to the Kremlin walls and replaced the red hammer-and-sickle flag of the USSR with the Russian tricolors not seen since the 1917 revolution. Without media coverage, on December 31, 1991, a small detachment of Red Army soldiers marched to the Kremlin walls and replaced the red hammer-and-sickle flag of the USSR with the Russian tricolors not seen since the 1917 revolution.2 For the CIA and OTS, their main adversary had been vanquished. A year later former DCI James Woolsey stated, "With the end of the Cold War, the great Soviet dragon was slain." Then he wryly noted that in its place the United States faced a "bewildering variety of poisonous snakes that have been let loose in a dark jungle [and] it may have been easier to watch the dragon." For the CIA and OTS, their main adversary had been vanquished. A year later former DCI James Woolsey stated, "With the end of the Cold War, the great Soviet dragon was slain." Then he wryly noted that in its place the United States faced a "bewildering variety of poisonous snakes that have been let loose in a dark jungle [and] it may have been easier to watch the dragon."3 For CIA officers, four transnational intelligence issues had emerged as compet.i.tors for intelligence resources and alongside traditional national targets such as North Korea, Cuba, Iraq, Iran, China, and Russia. These were: For CIA officers, four transnational intelligence issues had emerged as compet.i.tors for intelligence resources and alongside traditional national targets such as North Korea, Cuba, Iraq, Iran, China, and Russia. These were: * Terrorist groups and Middle Eastern Islamic extremist cells * Proliferation of nuclear, biological, and chemical weapons * Criminal and narcotics-trafficking cartels * Regional instability, particularly in Africa and the Middle East Less widely recognized at the time was the oncoming technical revolution in intelligence as the Information Age gave way to the Information Society with the accompanying creation, distribution, diffusion, use, and manipulation of information affecting global economics, politics, and cultures.4 Digital information systems, used in the CIA for more than two decades, ceased being location specific and were now being connected and accessed throughout the world in unsecured s.p.a.ces over an electronic spiderweb named the Internet. Former CIA officer James Gosler observed that because of the emergence of digital technologies in the 1990s, "the conduct of espionage had been irreversibly altered, owing in large part to the rapid expansion of global reliance on information technology." Digital information systems, used in the CIA for more than two decades, ceased being location specific and were now being connected and accessed throughout the world in unsecured s.p.a.ces over an electronic spiderweb named the Internet. Former CIA officer James Gosler observed that because of the emergence of digital technologies in the 1990s, "the conduct of espionage had been irreversibly altered, owing in large part to the rapid expansion of global reliance on information technology."5 These digital technologies, combined with servers, routers, and a terminal at every desk, transformed information at every level-creation, storage, processing, viewing, sharing, and transmission. These digital technologies, combined with servers, routers, and a terminal at every desk, transformed information at every level-creation, storage, processing, viewing, sharing, and transmission.6 Specialized subminiature cameras developed by OTS to photograph doc.u.ments stored in a target's filing cabinet were of limited value when computer networks became the repositories for secrets. Gosler noted, "Clandestine photography is rapidly yielding to sophisticated technical operations that exploit these networks. Spies with authorized access to these networks-an insider-can exfiltrate more than one million pages of sensitive material inside a microelectronic memory device easily concealed within a watch, an ink pen, or even a hearing aid."7 Examples of the rapid obsolescence of Cold War collection devices can be found in some OTS equipment developed in the 1970s to support CIA agent Kuklinski in Poland, who had access to the Soviet war plans. Over the course of nine years, Kuklinski secretly photographed more than 25,000 pages of cla.s.sified Soviet and Polish military planning and capabilities doc.u.ments.8 OTS supplied technology for the operation that included disguises, concealment devices, subminiature cameras, suicide pills, and covert communication devices. OTS supplied technology for the operation that included disguises, concealment devices, subminiature cameras, suicide pills, and covert communication devices.9 Today, the technology for most of Kuklinski's communications and specialized camera equipment is obsolete and the secret doc.u.ments he photographed and dead-dropped to his case officer would likely be imaged, transmitted, and disseminated in electronic form. Today, the technology for most of Kuklinski's communications and specialized camera equipment is obsolete and the secret doc.u.ments he photographed and dead-dropped to his case officer would likely be imaged, transmitted, and disseminated in electronic form.10 The digital revolution did not alter the CIA's goal of clandestine collection of adversaries' secret plans and intentions. However, the role of agents fundamentally s.h.i.+fted from a spy who is supported by clandestine technology to the spy who supports a clandestine technical operation.11 Spy gear had to adjust to the needs of the agent who would become an infiltrator and compromiser of computer networks rather than a reporter of information. In a sense, the technology, just like an agent, would be "recruited" to spy. Spy gear had to adjust to the needs of the agent who would become an infiltrator and compromiser of computer networks rather than a reporter of information. In a sense, the technology, just like an agent, would be "recruited" to spy.
Legendary criminal Willie Sutton was once asked why he robbed banks. He responded, "Because that's where the money is." While some money remains in brick-and-mortar banks, the "mother lode" of wealth is now found in the financial cyberworld. The criminal skills and tools, and tradecraft possessed by a Sutton would be of little value in robbing a cyberbank. The same is true for intelligence collection. Over time, the location and form of secret information changed. Correspondingly, the skills, tools, partners.h.i.+ps, and culture of tradecraft have been forced to evolve.12 To uncover another country's military, political, or economic secrets, targeting an opponent's information technology can be exponentially more valuable than stealing paper doc.u.ments. Thanks to new digital technologies, the covert transfer of vast amounts of information, or clandestine attacks on enemy networks no longer requires a physical presence, and can often be conducted remotely from anywhere on the globe using the Internet.13 Regardless of the era, sound tradecraft has always employed the best available technologies to support clandestine activities. While espionage goals and objectives remain constant, global access to digital systems and information altered time-honored methods and techniques of spying. Emerging information technologies also allowed traditional tradecraft to be applied in new ways.
The Internet and the global availability of personal database information makes the spotting of individuals with potential susceptibility to recruitment independent of geography or personal engagement. Using the Internet for a.s.sessment and as a spotting tool, intelligence services can focus on a smaller pool of potential recruits. Profession and position often indicates access to sensitive information and vulnerabilities are revealed by Internet communications and search habits.
Digital ink never fades and "private" thoughts and comments expressed in obscure publications reside permanently on the Internet as searchable public records. Whether entries are in the form of a blog, posted on a chat site, contained in a circulated e-mail, published in a book or magazine article, or transcribed from a television interview, they become available indefinitely to anyone with Internet access. Opinions and musings from one's youth might provide tantalizing clues to a person's beliefs, values, interests, and vulnerabilities, all of which are immensely valuable in the recruitment process.
Publicly accessible Internet databases enable the remote and anonymous aggregation of comprehensive personal and financial profiles. Types of information readily available include employment, profession, educational history, job-change patterns, health, marital status, address, social security number, driver's license number, income, personal debts, credit card numbers, travel patterns, favorite restaurants, lawsuits, and bankruptcies.
An examination of a computer user's database information can further reveal potential recruitment vulnerabilities. Examples include: * Recurring purchases at a liquor store or bar might suggest problems with alcohol.
* Large expenditures at pharmacies or a hospital might reveal undisclosed health problems.
* Bankruptcy or bad credit reports could indicate financial strain.
* Travel patterns and expenditures might point to extramarital relations.h.i.+ps.
* Frequent job changes could mask failed career expectations.
* Recreational interests in dangerous or thrill-seeking activities such as scuba diving, sky diving, or motorcycle racing, could identify a risk taker who might also be inclined to accept espionage as living even more "on the edge."
For the recruiter of spies, Internet information becomes an efficient tool for identifying targets to develop and discarding those without access or apparent vulnerabilities.
Internet accessibility to commercial databases has made the creation of effective cover and the use of disguise more problematic. The traditional ident.i.ty details of address, profession, and a.s.sociation members.h.i.+p become immediately verifiable using Google or other common search tools. Because the effectiveness of cover and disguise can erode quickly under examination, light commercial cover could be compromised by a curious hotel check-in clerk with Internet access. In the hands of a counterintelligence professional, even a well-backstopped cover can be pierced by identifying anomalies and dates involved with the created ident.i.ty. Because so many details of a person's ident.i.ty are now publicly available, it is difficult to create sufficient supporting records to construct an individual's entire life history including records of education, credit cards, residence, family, children'sschools, neighborhood a.s.sociations, library cards, and driver's licenses. The amount of information needed to legitimize ident.i.ty has made sustaining a cover ident.i.ty over an extended period nearly impossible if a determined adversary has the ability to exploit the Internet.
Light disguises that include fake beards, mustaches, hair coloring, hats, or scars may fool the human eye, but not a camera with face-recognition software that is linked to a database. Biometric data such as iris scans, pa.s.sports with memory chips, digital fingerprinting, and electronic signature matching have all emerged as new industries for commercial security and intelligence requirements.
Digital technology offers options for concealing data in forms never possible during the Cold War. The tens of thousands of pages of sensitive information collected by Kuklinski over his nine-year spy career could be compressed and stored on a memory card much smaller than a postage stamp. Embedded computer chips in toys, cameras, digital music players, calculators, watches, automobiles, and many home consumer products make it possible to alter the memory in any device to conceal secret information. An agent no longer needs to possess compromising concealment devices for hiding film, one-time pads, secret-writing chemicals, and escape instructions, since all of that information can be stored electronically in everyday devices that defy detection. The likelihood of an agent's properly concealed digital information being detected approaches zero.
The remarkable reduction in size of microphones, transmitters, and cameras since 1991 has resulted in easier concealment, less power requirements, and use of smaller batteries with a longer operational life. Tiny collection tools such as digital video cameras and microphones, small enough to be fitted on small robotic "crawlers" the size as a common c.o.c.kroach, can explore, map, and exploit air-conditioning vents, drainpipes, and ventilation shafts for surveillance. It is now possible to convert any image or sound into a digital format, which can then be encrypted and transmitted instantly across the Internet or by satellite on government or commercial communication links.
For example, advanced software recognition programs can link video images to database programs that enable the surveillant to capture real-time images of license plates to build instantly a database of all vehicles and their owners pa.s.sing an observation point. Such information, over time, could reveal the ident.i.ties of security and intelligence personnel involved in activities near the location. Forms of "Face Trace" programs enable video images to be rapidly compared to records in distant databases for identification.
New generations of low-cost radio-frequency identification chips created for the retail industry offer an opportunity to tag an unsuspecting target by embedding a tiny chip in clothing or the sole of a shoe. These embedded pa.s.sive chips can be scanned as targets pa.s.s through electronic choke points and represent a digital version of the Soviet "spy dust."
Astonis.h.i.+ngly small, unmanned aerial vehicles with wingspans of less than one-half inch, carrying cameras and audio sensors, can be remotely piloted to surveil targets from above, or guided into a building to serve as a movable "flying bug." A Defense Advanced Research Projects Agency version is small enough to fit on a thumbnail, yet capable of carrying either audio or video sensors. Ninety percent of its internal power goes toward navigation and propulsion, while 10 percent maintains the sensors. An early CIA version of the flying device from 1976, called the Insectothopter Insectothopter, is on display inside the Agency's Original Headquarters Building alongside a prototype of an advanced Defense Advanced Research Projects Agency (DARPA) model no larger than a black horsefly.
Public awareness of Cold War tradecraft often focused around the communication techniques of brush pa.s.ses, car tosses, and dead drops. Despite their sophistication and usefulness at the time, all of these techniques were vulnerable to surveillance by an alert counterintelligence service. In the United States, the arrests of Navy spy John Walker in 1985, and Aldrich Ames, a KGB mole inside the CIA, in 1994, were precipitated by their actions in communicating with their Soviet handlers .14 The advent of the Internet affected all of the "pillars of tradecraft," but none more so than covcom where it revolutionized clandestine communications. Criminals and terrorists, as well as intelligence services, quickly recognized that the Internet offered unprecedented capabilities to communicate with near impunity. Messages, information, and signals were transmitted in ways that appeared innocuous and defied detection by being interlaced into the burgeoning traffic transiting the Internet. As information flowed through the "Net," both the ident.i.ty and location of the recipient and sender could be masked in a bewildering variety of disguises. A Cold War covcom plan that required weeks to plan, and was dangerous to execute, could be completed safely in seconds over the Internet. Encryption and steganography techniques using the latest advances in technology were developed to protect and conceal data in digital files transmitted globally.
The Internet allowed computer users, including bankers, criminals, merchants, terrorists, and spies, to communicate instantly and easily, from anywhere to anywhere in the wired world. The global popularity and availability of Internet services allowed users who wished to remain undetected to blend their few messages in with billions of daily e-mails and file transfers; the hard-to-find needle in the haystack became the nearly-impossible-to-track electron in terabytes of data. Intelligence agencies recognized the potential to exploit the Internet, as they had with satellites and cell phones in earlier decades. Covert use of the Internet, however, still demanded that traditional requirements for secure and nonattributable message exchange be met. The digital technology made message encryption and steganography far easier, but every successful covcom system, whether based on dead drops, SRAC, satellites, or the Internet, had to meet four conditions.15 The protection of the agent and the integrity of the operation demanded that covert communications be "SPAM" proof: The protection of the agent and the integrity of the operation demanded that covert communications be "SPAM" proof:
Top: Line drawing of the Insectothopter, Insectothopter, an early CIA attempt to develop a miniature unmanned aerial vehicle, disguised as a dragonfly, for intelligence operations, circa 1976. an early CIA attempt to develop a miniature unmanned aerial vehicle, disguised as a dragonfly, for intelligence operations, circa 1976.
Bottom: Two prototypes of the flying Insectothopter Insectothopter created by the CIA, showing variations of wing-propulsion systems, circa 1976. created by the CIA, showing variations of wing-propulsion systems, circa 1976.
Secure: The message content must be unreadable to anyone other than the intended recipient. OTPs and software encryption are different paths to the same end-they protect the meaning of a covert message, even if it should be intercepted.16 .
Personal: The message presence must be inaccessible to anyone other than the intended recipient. A loaded-brick concealment and a video file loaded with digital steganography both provide a host for secret messages that would appear uninteresting and normal for their environment. Only the intended recipient would know to look inside.
Avoid traffic a.n.a.lysis: The existence of a communications link between the agent and handler must be hidden for the same reason that officers and agents traditionally used dead drops to preclude awareness of their covcom. There must not be any record of clandestine activity, including malicious software on the agent's hard drive, to raise suspicions about the agent during a search.17 .
Mask the existence of the fact of communication: The fact that a communication is or has occurred must remain secret. Dead drop sites would be used only once and not approached by either the agent or the case officer if suspicion of surveillance existed. Covert Internet exchanges can use remailers, cutouts, public systems, and digital dead drops for a similar objective.
The two critical components in a successful covert digital communication system are the message and its method of delivery. The message is made secure using digital encryption and secret, or invisible, using digital steganography. Both communication techniques can be used separately or together-first performing the encryption and then hiding within another file to be transmitted over the Internet.
For centuries encryption that protected information was generated by humans and early mechanical ciphers were vulnerable to being broken by other clever humans. The development of the first high-level electromechanical encryption machine took place in 1918 and produced ciphers that were, at the time, "unbreakable" by the unaided human mind alone. Though the electromechanical machines produced secure cipher text, the technology was controlled by governments with an extraordinary need for secrecy. 18 18 In the mid-1970s, however, strong encryption algorithms began migrating from the sole preserve of government agencies into the public domain. By the 1990s, digital encryption algorithms were widely used for protecting Internet e-commerce, mobile telephone networks, and automatic teller machines. The end of the Cold War saw the development and broad distribution via the Internet of sophisticated encryption algorithms to any user anywhere. In the mid-1970s, however, strong encryption algorithms began migrating from the sole preserve of government agencies into the public domain. By the 1990s, digital encryption algorithms were widely used for protecting Internet e-commerce, mobile telephone networks, and automatic teller machines. The end of the Cold War saw the development and broad distribution via the Internet of sophisticated encryption algorithms to any user anywhere.
Phil Zimmermann is credited with developing the first version of a public encryption program, PGP (Pretty Good Privacy), in 1991. He had been a longtime antinuclear activist, and created PGP encryption to provide like-minded people with secure use of computerized bulletin board systems and messages and file storage. There was no charge for the software and the complete source code was included with all copies. PGP encryption found its way onto Usenet and from there onto the Internet. From a security standpoint, there is no publicly known method to break a PGP-generated message by cryptographic, computational means. For the first time in history government-level encryption software was available for free to anyone with access to the Internet.19 Intelligence services with limited financial resources soon adopted PGP and similar encryption software to create powerful and unbreakable agent covcom systems once available only to the major superpowers. The small, but aggressive, Cuban intelligence service used publicly available encryption software to communicate with its agents operating inside the United States. An advanced version of a PGP encryption program was discovered in September of 2001 during the search of the Was.h.i.+ngton, D.C. apartment of Ana Belen Montes. Montes, who the FBI code named BLUE WREN BLUE WREN, was a Defense Intelligence Agency intelligence a.n.a.lyst for Cuban affairs, and a spy for the Cuban intelligence service.
For her covcom, Montes had been instructed to purchase a Tos.h.i.+ba 405CS laptop computer and was provided by her Cuban handlers, a.s.signed to the Cuban Mission at the United Nations, with two diskettes, S-1 and R-1, for encrypting and decrypting messages. Because the possession of high-level encryption software would be alerting if Montes's laptop computer was examined forensically, digital encryption programs (PGP or similar) and one-time keys were embedded on each diskette. When receiving messages transmitted to her Sony shortwave radio by her service, she would copy and enter the ciphertext numbers into her laptop computer and insert diskette R-1 to recover the plaintext. To prepare secret information to be handed over to the Cubans she would enter the plaintext into her laptop and then use the encryption program and key embedded on diskette S-1 to convert it into ciphertext.
Diagram of Cuban agent Ana Belen Montes's one-way voice system for receiving encoded messages from Cuba, 2001.
As long as Montes wiped her laptop hard drive after each covert use (to erase any trace of the process), and concealed her two special diskettes, the messages she was sending and receiving would have been virtually unbreakable. Despite her instructions, Montes did not wipe her hard drive after each use. As a result, during the FBI search of her apartment and computer, plaintext copies of her communications were recovered.20 The weakness was not in the encryption software, but with the faulty tradecraft of Montes. The weakness was not in the encryption software, but with the faulty tradecraft of Montes.
Once a message is encrypted, digital steganography can be used to hide it among the ones and zeros in any electronic transmission. Steganography, while not a form of encryption, protects messages by rendering them invisible. If the existence of a message cannot be discovered, its secrets are not revealed.
Publicly known digital techniques have made the use of steganography available to anyone to hide data and messages in virtually any electronic doc.u.ment and instantly send the secret information to anywhere on the globe over the Internet. Spies used limited digital techniques for hiding information during the Cold War. In the late 1980s, FBI Special Agent Robert Hanssen, a mole for the KGB, sent messages to his handlers on eight-inch floppy computer diskettes. Because the secrets he was selling would likely lead a trail back to him if discovered, Hanssen first encrypted the information and then concealed it on the diskettes using a technique called "40 track encryption." The little-known technical process reformatted the computer diskette and allowed data to be concealed by placing it onto specific tracks on the diskette inaccessible to the computer's internal operating system.21 While the obscure digital techniques used by Hanssen in the 1980s were known only to so-called computer geeks, by the 1990s digital steganography programs for hiding data were readily available to anyone with Internet access. While the obscure digital techniques used by Hanssen in the 1980s were known only to so-called computer geeks, by the 1990s digital steganography programs for hiding data were readily available to anyone with Internet access.
It is possible to conceal data digitally inside music or video files in ways that make them sound and appear to be unaltered. Audio files can conceal information by altering digital bits of the file that are inaudible to the human ear. Graphic images allow the redundant bits that make up the colors to be altered in a way that appears identical to the human eye.22 The secret messages are concealed within the bits of data. If someone does not have the original, or host file to serve as a comparison, the altered covert files with hidden messages can be very difficult to detect-especially so when combined with millions and millions of e-mails and file attachments that are sent daily over the Internet. Steganographic software uses an algorithm to embed data in a host image or sound file, and a pa.s.sword scheme for retrieving the information as ill.u.s.trated in the graphic on page 454. The secret messages are concealed within the bits of data. If someone does not have the original, or host file to serve as a comparison, the altered covert files with hidden messages can be very difficult to detect-especially so when combined with millions and millions of e-mails and file attachments that are sent daily over the Internet. Steganographic software uses an algorithm to embed data in a host image or sound file, and a pa.s.sword scheme for retrieving the information as ill.u.s.trated in the graphic on page 454.23 Professional intelligence services may use advanced steganography programs to incorporate encryption programs for additional security in case the message should be discovered. Professional intelligence services may use advanced steganography programs to incorporate encryption programs for additional security in case the message should be discovered.24 Digital technology has also reformed the cla.s.sic microdot technique of using tiny pieces of film less than 1 mm square to conceal a page of text. It is now possible to create and embed large quant.i.ties of digital information inside tiny e-mail electronic "dots." Once created, "digital dots" can be concealed in a variety of unconventional methods that defy detection. Virtually any type of digital file can be modified to conceal information, rendering the counterintelligence task not one of finding a needle in one haystack, but rather that of searching millions of haystacks without even the aid of a magnet.
Dead drops were used extensively during the Cold War as hiding places for information and money exchanges between the spy and handler, but subjected both to the risk of exposure and arrest.25 Using the Internet, it becomes possible to create e-mail accounts to send and receive digital files and messages anonymously. Using the Internet, it becomes possible to create e-mail accounts to send and receive digital files and messages anonymously.
A secure digital dead drop e-mail account can be easily created from a personal laptop computer by anonymously signing up with an Internet service provider who offers a period of free access without requiring a credit card. From that newly created intermediate account, the user can log on to any similar service and create a second anonymous account to serve as the dead drop. Anyone can send digital files to the dead drop account and, with knowledge of the primary account pa.s.sword, content can be downloaded from anywhere in the world. To protect the security of the dead drop, users log on anonymously from the intermediate access account. America On Line and other Internet service providers also allow users to save an uncompleted e-mail or doc.u.ment onto the provider's hard drive to be retrieved later. This feature lets conspirators possessing the primary account pa.s.sword communicate by retrieving and editing the stored doc.u.ment without ever sending it as an e-mail or attachment. Regardless of the techniques used, for greatest security, the hard drive of the laptop would be wiped after each Internet session.
The options for covert communications using digital technology appear endless and remain a persistent problem for counterintelligence. Intelligence services anonymously establish e-mail accounts under fictional individual or business names and use them to receive coded messages and digital files from sources. The e-mail addresses, similar to a postal accommodation address, have no public a.s.sociation with the intelligence service and if necessary can be only once and discarded. Use of such an account would not be for agents in high-risk countries, but offers a method of anonymous communication elsewhere. A simple e-mail to a "notional account" could mask a coded communication, which would be unbreakable if used only once. For example, a Cuban agent recruited abroad and returning to Havana might send a seemingly innocuous e-mail to a friend in which he discusses his pa.s.sion for stamp collecting. In reality, the "friend's" e-mail address arrives at a computer in the intelligence service and is a signal that the agent is ready to begin work. With limited use and selection of a topic consistent with the agent's lifestyle and interests, such communications defy discovery.
An unmodified computer's operating system leaves "tracks" that allow counterintelligence forensic specialists to recover plaintext copies of encrypted e-mails, regular e-mails, deleted files, cookies, temporary Internet files, Web site history, chat room conversations, instant messages, pictures viewed, recycle bin, and recent doc.u.ments. Wiping the hard drive by permanently erasing its contents eliminates evidence of clandestine activity, but is often impractical for an agent using his business or family computer. As a solution, a covert operating system can be installed on a tiny concealable USB storage device smaller than the tip of one's pinkie finger. When the device is connected, the computer boots from the covert operating system inside the USB without leaving a trace of its activities of the computer's internal hard drive. The agent can then use the computer's keyboard, monitor, printer, and Internet connection without fear of leaving a forensic trail. The covert USB system is small enough to be portable and easily concealed.
The routing of voice conversations over the Internet or through any other Internet provider-based network also creates an opportunity for clandestine communication while bypa.s.sing telephone networks. Voice Over Internet Protocol (VOIP) encryption techniques scramble the conversations to render them meaningless if intercepted. Future advances in encryption techniques offer the potential to provide secure and unbreakable voice communication. However, until encrypted VOIP communication becomes more common for businesses and individuals, the presence of such software on an agent's computer will be alerting to a counterintelligence service.
Low-cost mobile telephones, available in many countries, offer opportunities for anonymous communication. If the mobile phones are purchased for cash at randomly selected retail locations such as convenience and discount stores, there is no linkage to the user and calls made on phones with preloaded minutes cannot be traced. If the phone is discarded after one-time use, any link with the user is destroyed.