US government publicly admits existence of rogue phone-tapping devices in DC

Embassy RowThe United States government has for the first time admitted publicly that it has detected devices known to be used by foreign intelligence services to spy on cellular communications in the nation’s capital. Known commonly as Stingrays, after a leading hardware brand, these devices are primarily used by government agencies, including law enforcement. But they can be purchased by anyone with anywhere from $1,000 to $200,000 to spare. They work by simulating the activity of legitimate cell towers and tricking cell phones into communicating with them. That allows the users of these cellphone-site simulators to monitor the physical whereabouts of targeted cell phones. Some of the more expensive Stingray models can intercept the actual content of telephone conversations and can even plant Trojans on the compromised phones of unsuspecting users.

Many governments have expressed concerns about the use of these devices, which are known to be used by intelligence agencies to monitor cellular communications on foreign soil. Major cities around the world, including Washington, are major targets of cellphone-site simulators, which are frequently located inside foreign embassies. However, the US government has never publicly commented on this issue, despite intense rumors that government agencies headquartered in Washington are major targets of Stingray devices. This changed recently, however, after Senator Ron Wyden (D-OR) wrote a letter to the Department of Homeland Security seeking information about the use of such devices in Washington. Wyden received a written response from Christopher Krebs, who heads the DHS’ National Protection and Programs Directorate. In the letter, dated March 26, Krebs confirmed that the DHS detected a number of active Stingrays in the DC area in 2017, which he referred to as “anomalous activity consistent with Stingrays”. But he added that the DHS lacks both funding and equipment needed to detect the full number of the devices and the full spectrum of Stingrays that are active in the nation’s capital.

The Associated Press, which published Krebs’ letter, said it acquired it from Wyden’s office in the US Senate. The news agency noted that the letter from DHS did not provide the technical specifications of the cellphone-site simulators, and did not enter into speculation about who might be employing them. Additionally the letter did not provide the exact number of Stingrays detected in DC in 2017, nor did it provide the exact locations in DC where Stingray activity was traced. In response to Krebs’ letter, Senator Wyden’s office released a statement blaming the US Federal Communications Commission for having failed to hold the cellular telecommunications industry accountable for the lack of security against Stingrays. “Leaving security to the phone companies has proven to be disastrous”, Senator Wyden’s statement concluded.

Author: Joseph Fitsanakis | Date: 4 April 2018 | Permalink

Advertisements

Report from Holland: Cable-bound interceptions and ‘dragnets’

Wet op de Inlichtingen- en VeiligheidsdienstenFor the past year, the Netherlands has had a new law governing its two secret services, the AIVD and the MIVD. The new Intelligence and Security Services Act (Wet op de inlichtingen- en veiligheidsdiensten or Wiv) was and still is heavily criticized, especially because it allows untargeted access to cable-bound telephone and internet traffic. Under the previous law, which dates from 2002, the intelligence services were only allowed to conduct bulk interception of wireless transmissions, like satellite and radio communications —besides of course the traditional targeted telephone and internet taps aimed at individual targets.

That prohibition of bulk cable tapping is not the only thing that makes Dutch intelligence services different from those of many other countries. Probably the biggest difference is the fact that the Wiv applies to both foreign and domestic operations, as if the two secret services were responsible for both domestic security and foreign intelligence.

The General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, or AIVD) covers the civilian domain, and focuses at Jihadist terrorism, radicalization, rightwing and leftwing extremism, counter-intelligence and countering cyber threats. This is mostly domestic, but the AIVD also has a small branch that gathers foreign intelligence from and about a select range of countries. The Military Intelligence and Security Service (Militaire Inlichtingen- en Veiligheidsdienst, or MIVD) covers military issues, and is therefore more foreign-orientated than its civilian counterpart. The MIVD is responsible for the security of Dutch armed forces and for collecting foreign intelligence in military matters, while at the same time providing support of Dutch military missions abroad, like for example in Mali. When it comes to Signals Intelligence (SIGINT), the AIVD and MIVD combined their efforts in a joint unit called the Joint SIGINT Cyber Unit (JSCU), which became operational in 2014. The JSCU is responsible for most of the technical interception capabilities, from traditional wiretaps to cyber operations. The JSCU is not allowed to conduct offensive cyber operations. The latter are conducted by the Defence Cyber Command (DCC) of the Dutch armed forces. Read more of this post

Lebanese spy agency used Android app to spy on thousands, say researchers

GDGS EFF LookoutThe spy agency of Lebanon used a virus designed for the Android mobile operating system to compromise the cell phones of thousands of people in at least 20 countries, according to a new mobile security report. The 50-page report was published on Thursday by a team of researchers from Lookout, a mobile security company, and the Electronic Frontier Foundation in Washington, DC. In an accompanying press release, the researchers said that the virus, which they named Dark Caracal, has been in existence for at least six years. They added that it was traced to a building in Beirut belonging to the General Directorate of General Security (GDGS), Lebanon’s primary external intelligence agency.

According to the Lookout/EFF research team, the trojanized phone application was camouflaged as a secure messaging service, resembling popular applications like Signal or WhatsApp. However, once an Android user downloaded it, it gave remote users access to the compromised phone’s cameras and microphone, thus turning it into a bugging device. The virus also stole email and text messages, pins and passwords, lists of contacts, call logs, photographs, as well as video and audio recordings stored on the compromised device. The report states that compromised devices were found in over 20 countries, including Lebanon, France, Canada, the United States and Germany. The majority of those targeted by the virus were civilian and military officials of foreign governments, defense contractors, and employees of manufacturing companies, financial institutions and utility providers.

On Thursday, Reuters contacted Major General Abbas Ibrahim, who serves as director general of GDGS. He insisted that the GDGS is known for collecting intelligence using human sources, not cyber technologies. “General Security does not have these type[s] of capabilities. We wish we had these capabilities”, General Ibrahim told the news agency.

Author: Joseph Fitsanakis | Date: 19 January 2018 | Permalink

Pristine Cold War-era wiretapping rooms uncovered in Slovenian hotel

Hotel JamaFour hidden communications-surveillance compartments which are believed to date back to the Cold War, have been found in one of the most prestigious hotels of the former Yugoslavia. The discovery was made during an extensive renovation project that was recently completed in the Hotel Jama. The hotel is located in the southeastern Slovenian city of Postojnska, near the Italian border. For over a century, Postojnska has been famous for its network of limestone caves, which are among the largest in the world. Eager to cater to Italian, Austrian and other Western tourists, the government of Yugoslavia began construction on Hotel Jama in 1969. The hotel opened its doors in 1971, amidst much publicity and fanfare. It eventually became known as one of the most luxurious hotels in the communist world.

As the hotel’s reputation soared, the government of Yugoslavia began hosting foreign dignitaries there. Though socialist, the government of Yugoslavia never became an integral member of the communist bloc, preferring a policy of nonalignment. Because of that, it was courted by both East and West, with many Western leaders and other officials visiting the country regularly. On many occasions, they would use Hotel Jama as a retreat. Numerous world leaders stayed there with their entourage, escorted by Yugoslavia’s longtime communist leader Josip Broz, known commonly as Tito.

Today the hotel is situated on the territory of Slovenia, a small mountainous state of two million people, which declared its independence from Yugoslavia in 1991. The regional instability caused by the Yugoslav Wars of the 1990s nearly demolished Slovenia’s tourism industry, and Hotel Jama was forced to declare bankruptcy. In 2010, under new ownership, the hotel underwent major renovations. These were completed in 2016, when the hotel opened its doors to the public once again. It was during these renovations that construction crews discovered the surveillance rooms. The four compartmented rooms were found behind a large door made of steel at the back of the hotel, and are adjacent to a network of limestone caves, for which the area is famous.

News reports said the four rooms feature 1970s-era wiretapping equipment, most of which appears to be in pristine condition. There is a thick layer of dust over all the surfaces, which indicates that the rooms have not been used in several decades. The construction crews also found sets of cables that run from the surveillance compartments to several guest rooms in the hotel’s original wing that dates to the early 1970s.

Experts suggest that the rooms were built in the early stages of the hotel’s construction in the late 1960s. The equipment was probably operated by the State Security Service (SDB), Yugoslavia’s internal security police. It is believed that the surveillance facilities were used to facilitate the systematic wiretapping of foreign dignitaries and delegations that frequented the hotel during the Cold War. Hotel Jama’s administration said on Wednesday that there are plans to turn the surveillance rooms into part of an exhibit on the Cold War history of the establishment.

Author: Joseph Fitsanakis | Date: 13 April 2017 | Permalink

Did domestic snooping by Canadian spy agency increase 26-fold in a year?

CSE Canada - IAThe volume of domestic communications that were intercepted by Canada’s spy agency increased 26 times between 2014 and 2015, according to a recently released report by a government watchdog. The same report states that intercepted information about Canadian citizens, which is given to Canada’s spy agency by the intelligence organizations of other Western countries, has increased so much that it now requires an elaborate mechanism to analyze it. When asked to explain the reasons for these increases, Canadian government officials said they could not do so without divulging secrets of national importance.

Information about these increases is contained in the latest annual report by the Office of the Commissioner of the Communications Security Establishment. The body was set up in 1996 to review the operations of the Communications Security Establishment (CSE). Founded in 1946, CSE is Canada’s primary signals intelligence agency. It is responsible for interception foreign communications while at the same time securing the communications of the Canadian government. The Office of the Commissioner monitors CSE’s activities and ensures that they conform with Canadian law. It also investigates complaints against the CSE’s conduct of and its officers.

Canadian law forbids the CSE from intercepting communications in which at least one of the parties participating in the exchange is located in Canada. If that happens, the message exchange is termed “private communication” and CSE is not allowed to intercept it, unless it gets written permission from Canada’s National Defense minister. Such permission is usually given only if the interception is deemed essential to protect Canadian national security or national defense. If a “private communication” is inadvertently intercepted, CSE is required to take “satisfactory measures” to protect the personal privacy of the participant in the exchange that is located inside Canada.

According to the CSE commissioner’s report for 2015, which was released in July, but was only recently made available to the media, CSE intercepted 342 “private communications” in 2014-2015. The year before, the spy agency had intercepted just 13 such exchanges. The report states that all 342 instances of interception during 2014-2015 were either unintentional or critical for the protection of Canada’s security. It further states that the reason for the huge increase is to be found in “the technical characteristics of a particular communications technology and of the manner in which private communications are counted”.

Canadian newspaper The Ottawa Citizen asked the CSE commissioner, Jean-Pierre Plouffe, to explain what he meant by “technical characteristics of a particular communications technology” in his report. His office responded that the commissioner could not explain the subject in more detail, because doing so would “reveal CSE operational capabilities” and thus hurt Canada’s national security. The newspaper also contacted CSE, but was given a similar answer. Some telecommunications security experts speculate that the increase in intercepted “private communications” may be due to exchanges in social media, whereby each message is counted separately.

Author: Ian Allen | Date: 25 August 2016 | Permalink

German spy agency tapped Finnish phone lines in early 2000s

FinlandGerman intelligence, possibly with the collaboration of the United States, monitored communications lines connecting Finland with at least five countries in the early 2000s, according to leaked documents. The documents, aired this week by Yle Uutiset, the main news program of the Finnish Broadcasting Company (Yle), is based on information contained in “leaked German intelligence documents” that were first made public in May 2015. As intelNews reported at the time, the intelligence collection was described as a secret collaboration between Germany’s BND (Bundesnachrichtendienst) and America’s National Security Agency (NSA). According to Austrian politician Peter Pilz, who made the initial allegations, the BND-NSA collaboration was codenamed EIKONAL and was active from 2005 to 2008. Pilz said at the time that many European phone carriers and Internet service providers were targeted by the two agencies. Belgium and Switzerland have already launched investigations into EIKONAL.

Now new information provided by Yle seems to show that the secret BND-NSA collaboration targeted Finnish communications as well, focusing on at least six separate communications transit lines. The lines are believed to carry telephone call and possibly Internet traffic from Finnish capital Helsinki to a number of cities in France, Belgium, Hungary, Luxemburg, and China, said Yle Uutiset. Although the targeted lines are known to carry telephone and Internet traffic, it is unknown at this time whether EIKONAL targeted both kinds. But Yle said the interception lasted for most of the first part of the 2000s and involved large amounts of communications data.

The station contacted Tuomas Portaankorva, Inspector General of SUPO, the Finnish Security Intelligence Service. He told Yle that, speaking broadly, he was not surprised to be told that Finnish telecommunications lines had been monitored by foreign intelligence agencies, Western or otherwise. He went on to caution that, even though Finnish lines had been targeted, it was not possible to conclude that Finland was indeed the target of the surveillance operation. Yle also spoke to Vesa Häkkinen, spokesman for the from Finland’s Ministry of Foreign Affairs, who told the station that SUPO, and not the ministry, was the proper official body to be consulted about EIKONAL. “If there is reason to suspect that these actions were directed at the Finnish state”, said Häkkinen, “we would undertake appropriate action”.

Author: Ian Allen| Date: 20 January 2016 | Permalink | News tip: Matthew Aid

Dutch technical experts helped US bug foreign embassies in Cold War

Great Seal bugA tightly knit group of Dutch technical experts helped American spies bug foreign embassies at the height of the Cold War, new research has shown. The research, carried out by Dutch intelligence expert Cees Wiebes and journalist Maurits Martijn, has brought to light a previously unknown operation, codenamed EASY CHAIR. Initiated in secret in 1952, the operation was a collaboration between the United States Central Intelligence Agency and a small Dutch technology company called the Nederlands Radar Proefstation (Dutch Radar Research Station).

According to Dutch website De Correspondent, which published a summary of the research, the secret collaboration was initiated by the CIA. The American intelligence agency reached out to the Dutch technical experts after interception countermeasures specialists discovered a Soviet-made bug inside the US embassy in Moscow. The bug, known as ‘the Thing’, had been hidden inside a carved wooden ornament in the shape of the Great Seal of the United States. It had been presented as a gift to US Ambassador W. Averell Harriman by the Young Pioneer organization of the Soviet Union in 1945, in recognition of the US-Soviet alliance against Nazi Germany in World War II. But in 1952, the ornament, which had been hanging in the ambassador’s office in Moscow for seven years, was found to contain a cleverly designed listening device. The bug had gone undetected for years because it contained no battery and no electronic components. Instead it used what are known as ‘passive techniques’ to emit audio signals using electromagnetic energy fed from an outside source to activate its mechanism.

Wiebes and Martijn say the CIA reached out to the Dutch in 1952, soon after the discovery of ‘the Thing’, in fear that “the Soviets were streets ahead of the Americans when it came to eavesdropping technology”. According to the authors, the approach was facilitated by the BVD, the Cold War predecessor of the AIVD, Holland’s present-day intelligence agency. In the following years, technical specialists in the Netherlands produced the West’s answer to ‘the Thing’ —a device which, like its Soviet equivalent, used ‘passive techniques’ to emit audio signals. Moreover, the Americans are believed to have used the Dutch-made device to but at least two foreign embassies in The Hague, the Soviet Union’s and China’s, in the late 1950s and early 1960s.

The work by Wiebes and Martijn was initially published in Dutch by De Correspondent in September of last year. An English-language version of the article, which was published in December, can be read here.

Author: Joseph Fitsanakis | Date: 06 January 2016 | Permalink