
The battle to save America’s undercover spies in the digital age - carrozo
https://news.yahoo.com/shattered-inside-the-secret-battle-to-save-americas-undercover-spies-in-the-digital-age-100029026.html
======
magicsmoke
> Singapore was one example, recall three former intelligence officials. By
> the early 2000s, the agency ceased running certain types of operations in
> the Southeast Asian city-state, because of the sweeping digital surveillance
> there. The Singaporeans had developed a database that incorporated real-time
> flight, customs, hotel and taxicab data. If it took too long for a traveler
> to get from the airport to a hotel in a taxi, the anomaly would trigger an
> alert in Singaporean security systems. “If there was a gap, they’d go to the
> hotel, they could flip on the TVs and phones and monitor what was going on”
> in the room of the suspicious traveler, says the same former senior
> intelligence official. “They had everything so wired.”

Tbf Singapore is a city state and integrating surveillance infrastructure on a
smaller scale is easier, but that's still pretty impressive.

~~~
gruez
>By the early 2000s, the agency ceased running certain types of operations
[...] The Singaporeans had developed a database that incorporated real-time
flight, customs, hotel and taxicab data. If it took too long for a traveler to
get from the airport to a hotel in a taxi, the anomaly would trigger an alert
in Singaporean security systems

I don't get it. Why don't the agents act normal until after they got to the
hotel?

~~~
PhilWright
Later in the article it points out that an undercover person would arrive on a
passport under a name but then check into a hotel under a different name. In
that case it would trigger the alert that the passport name never arrived at a
hotel. It also says that the practice had to change so that an undercover
person used only a single persona for a country instead of having multiple
personas and switching between them.

------
WalterBright
> stole data on nearly 22 million former and current American civil servants

I see this time and again. All the data in a single database where one
compromised access can get it all. Data should be compartmentalized, and rate
limited.

~~~
joe_the_user
The whole article is weird for barely mentioning compartmentalization as a
standard intelligence approach (they mention as a few things but as
innovations). And for speaking as if the programs that they knew about were
all that was happening.

That said, the compromised database was from a civilian, non-intelligence
agency. Of course, logically, CIA agents shouldn't have been in that database
but it seems they were.

And the other thing is that you have CIA, NSA etc working hard to spy on
everyone but none of them were willing and able to keep the larger Federal
Government from having terrible security practices. Which comes from the
intelligence agencies being more about catching people and learning secrets
than about protecting the US as such.

~~~
WalterBright
> That said, the compromised database was from a civilian, non-intelligence
> agency.

Yet they had fingerprints, meaning they must have gotten the data from the
government.

But it does lead to a larger question. Articles by cybersecurity people always
seem to focus on preventing unauthorized access. I've never read one that
talked about given the inevitability of unauthorized access, how to avoid
losing everything?

After all, we have ships with watertight compartments. Even spy networks are
organized into "cells" to limit the damage from compromised agents.

Why is security not talking about compartmentalization?

~~~
joe_the_user
_Why is security not talking about compartmentalization?_

Well, this is one article and it's always possible this is one of those "write
down official X's talking points" articles, and official X doesn't talk about
compartmentalization because the impression they are aiming for is "look us,
we're helpless, _helpless_ against these threats, please give us unlimited
money and power and might be able to fix things, if we're lucky."

------
Jerry2
FTA:

> _Even a switch of employer, or an unexplained gap in one’s résumé, can be a
> giveaway to a foreign intelligence service, say former officials. In
> response, the agency has also shifted to recruiting individuals within the
> companies they already work at, and, with the approval of corporate
> leadership, secretly transitioning those persons onto the CIA payroll, and
> training them intermittently and clandestinely, far from any known CIA
> facility._

...

> _“There is a serious legal and policy process” in place at the CIA to manage
> these relationships, says a former official. Otherwise, “you could break
> industries.”_

This is going to be the end of multinational companies. Once a company starts
providing cover to CIA officers, those companies will be blacklisted from many
countries around the world. This policy will also raise suspicion of pretty
much every US company operating abroad.

~~~
sneak
It is my belief that there is presently a joint public relations storytelling
campaign underway between the US intelligence agencies and the large US
internet companies to restore faith in these companies abroad following the
Snowden revelations that the NSA is spying on everybody via these services.

------
remote_phone
Facebook and Instagram have guaranteed that spies can be identified before
they even decide to become spies. There will be decades of facial recognition
data and social media presence as adolescents and adults before the thought of
becoming a spy crosses their minds. If you don’t think that governments have
already mined this data or have agents in all of the major companies and
extracting data that would be extremely naive.

~~~
jorblumesea
Unless foregin governments continuously poll and save data from FB and IG apis
(which is possible) all of that can be faked or deleted. The US intelligence
community has deep pockets and relationships to tech companies. You scan a
face, and up pops a legit looking FB account.

I think the article makes it clear that data from many sources is being used
and that there's no one "source of truth". It also points out that there's an
increasing sophistication to the creation of online presences.

~~~
mr__y
>Unless foregin governments continuously poll and save data from FB and IG
apis (which is possible) all of that can be faked or deleted.

Given how simple and relatively cheap that is I would be very suprised if they
don't. This is a kind of operation that a few people with their private
budgets could pull off (I mean just scraping the contents and storing a single
copy , not the analysis part) so don't expect powerful and not-so-powerful
organizations or goverments restraining themselves from doing so. This is
neither expensive nor difficult while being extremely valuable

~~~
jorblumesea
It would be interesting to see if the NSA/CIA whomever would hack into
external DBs of data and insert fake people into them, so when they check
against polled api data, everything checks out. Cyber is an offensive world,
after all. I wonder if, thinking in a post truth manner, ambiguous or grey is
enough for the intel world.

~~~
mr__y
Assuming that the _average adult citizen_ is nowadays using social networks
for more than a decade you could cross-reference the persons photo with many
snapshots of your scraped data expecting the person to show in most of them,
not just one. With such approach, the fake profiles would have to be created
with many years advance to succeed. Now given that using cryptography it is
relatively easy to verify if our reference data was not tampered with this
insertion of fake profiles would be kind of hard. Hacking such systems in one
way or another could be a "solution" depending on how such systems operate
(and if they actually exist or are just a theoretical possibility imagined by
hn community)

~~~
caseysoftware
> _With such approach, the fake profiles would have to be created with many
> years advance to succeed._

That's called building a legend and YES, the intelligence agencies have been
doing it for years. But more importantly, in professional networks (mostly
LinkedIn) generally you wouldn't have to. Most people don't use it the same
way as Facebook or Twitter with regular updates and it doesn't show others
when you connected so if you create a profile and fill in details, the system
takes care of most of the rest.

The most likely place that would leak the age of the profile is whatever
internal profile id that might be embedded in the urls or the page itself. If
it's too high, it would be more recent than claimed.

Here are some of the details you can explore:
[https://caseysoftware.com/blog/open-source-intelligence-
link...](https://caseysoftware.com/blog/open-source-intelligence-linkedin)

~~~
mr__y
>and it doesn't show others when you connected

if I actually scraped all the profiles in 2009, then in 2014 and then in 2019
I could tell whether an account is a 10+-year old account by simply checking
if it is available in my 2009 snapshot. Does not matter if the social network
displays or leaks profile age in one way or another. If it's not in my 2009
and not in 2014 snapshots then that profile is 5- years old. With frequent
enough snapshots I would get even better timing resolotion. Now given that
it's neither that hard nor that expensive to scrape or store that amounts of
data, such an approach would actually be feasible.

~~~
caseysoftware
Valid points. With the (no longer available) index pages on LI, you could get
to most of the profiles too.

The drawbacks are:

a) Not having a profile isn't definitive. You could have missed it, it could
have been locked down, or the person joined late.

b) You can't go back to build your baseline. You had to have the foresight to
scrape it then _or_ count on one of the breaches to establish who had accounts
when.

The primary mitigation here would be LinkedIn (or any social network) itself.
Whatever controls they had to block spidering, limit further than immediate
contacts, etc would have to kick in.

~~~
mr__y
>Whatever controls they had to block spidering, limit further than immediate
contacts, etc would have to kick in.

On the other hand their business requires the ability to discover candidates
by HR people so I guess that completely disabling search/discovery is out of
question. Of course a simple limit to a number of queries or their reach would
still be a huge problem for the scraper while not being a problem for most of
the users and therefore not hurting the business.

Then considering that such massive scraping is probably already illegal and
additionally the operation is being done by some intelligence agency meaning
that legality is not an issue we can do a lot more that simple scraping using
some proxies. This could include use of botnets (free resources, mich wider
and more realistic pool of IPs) and/or hacked accounts (to scrape as a
verified reputable user).

This all of course makes such a scrape a lot harder and probably not something
that a single person with just a personal budget could do,but I believe this
is still within the reach of even a small organization. And I'm 100% certain
that this does not require multi-billion black budgets or large datacenters
hidden underground.

>a) Not having a profile isn't definitive. You could have missed it, it could
have been locked down, or the person joined late.

of course you are right with that, but then I could have full-scrapes being
done once a year or even more often. While missing a profile once is obviously
quite realistic and actually expected I assume that it would be unlikely that
the same profile is ommited 20 times in a row given that the scraping has
generally been proven to be effective.

Additionally I was initially thinking about using such data as one of the
metrics not as a definitive spy-detector. Your account missing in my 2009-2017
scrapes and appearing just recently does not make you a spy but does increase
a likelihood of you being so.

>You can't go back to build your baseline. You had to have the foresight to
scrape it then or count on one of the breaches to establish who had accounts
when.

Thats true. And even with data available from breaches might not be accurate
or even be intentionally altered. But then again not everyone runs an
intelligence agency

------
nimbius
its not just the digital age, its the growing technological incompetence of
our spy agencies in general. China executed nearly 30 agents and informants in
the country in 2010 as they easily sidestepped the CIA's mediocre
communications system

[https://foreignpolicy.com/2018/08/15/botched-cia-
communicati...](https://foreignpolicy.com/2018/08/15/botched-cia-
communications-system-helped-blow-cover-chinese-agents-intelligence/)

------
rdtsc
> Those clues, they surmised, could have come from access to the OPM data,
> possibly shared by the Chinese, or some other way, say former officials.

Why would the Chinese do that? Here is this treasure trove of information why
share it with anyone. But I do see the Chinese being hacked by the Russians
scenario after they figured out the Chinese had that kind of info.

~~~
caseysoftware
There are numerous reasons.

\- The simplest but least likely is money. Reselling some portions of the data
or even running it as a "Go Fish" service is immensely valuable.

\- The more likely scenario is an enemy of my enemy situation where the value
of screwing up US operations is useful to a) show you have the power or b)
build a more amicable relationship with Russia.

But realistically, all of that was probably unnecessary. Google Robin Sage and
check out how much sensitive information people share entirely by accident OR
that is not sensitive by itself but when combined with other aspects can
become weaponized.

That's why whenever _anyone_ says "none of this data was classified!" it's an
almost meaningless statement. None of us understand what missing puzzle piece
will put it all together.

* Both my wife and I were included in the breach. When the new broke, I wrote it up here: [https://caseysoftware.com/blog/why-this-security-breach-is-w...](https://caseysoftware.com/blog/why-this-security-breach-is-worse-than-all-the-others-combined)

~~~
caseysoftware
On the "but none of the data was classified!" part, a colleague made this
video to make it a little more concrete:
[https://www.youtube.com/watch?v=nbgQ1V2BLEs](https://www.youtube.com/watch?v=nbgQ1V2BLEs)

------
ransom1538
Imagine your life rests in the balance with the correct S3 bucket permissions.

Also! I would also hate to be the person that copies
iranian_secret_spy_ssns.json over to the wrong bucket.

~~~
jessaustin
This will happen for any manual process.

~~~
ransom1538
Yes! Ensure it will work correctly with thousands of lines of bash + jenkins +
ec2 machines + all through a docker container + slack notifications.

~~~
jessaustin
Better yet, never collect the SSNs of secret spies. Or of anyone else, for
that matter.

------
iamthepieman
The "other guys" are all generating the same information though. And everyone
is generating potentially actionable information even when they aren't on an
operation, actively practicing tradecraft or in-country on assignment.
Eventually intelligence is going to be akin to high frequency trading where
small differences in timing, degree of automation and insider
information/insights will be deciding factors.

~~~
creato
I think there are significant differences between the level of capabilities of
surveillance in the US and some of the countries mentioned in the article, and
those differences are likely to persist or grow larger in the foreseeable
future.

------
mirimir
This is vastly amusing.

Privacy in meatspace is dead. 100% dead. Never coming back.

Until we have body transplants, anyway.

~~~
Red_Leaves_Flyy
Netflix has a wonderful show with this concept, Altered Carbon. Season 2
coming soon!

~~~
mirimir
Hey thanks :)

I gotta say, though, that I was disappointed by it.

I much preferred the books. They censored too much stuff, such as the torture
sequence, where he was a little Arab girl being tortured, and then back as
himself went on an impressive rampage, killing most all of the medical staff.

And then they changed too many characters.

~~~
Gustomaximus
Changing 'charatars' was part of the brilliance and how that confuses your
brain. I was a fan so glad to hear there is a season 2.

------
est31
This reminds me of the instance where data from a sports app used by US
soldiers revealed army bases world wide, including secret ones. The main
reason why this was found out is because it was available to everyone. But how
many apps used by soldiers today have similar abilities to determine their
location?

In general, it's getting harder to smuggle humans into different countries,
but the vast deployment of hardware with questionable security properties
world wide has led to major opportunities for intelligence agencies. The
Internet of Things is the newest opportunity to collect data in large
quantities.

~~~
gbmor
For those wondering, the app was Strava. Through the heat map they publish, it
revealed, among other things, patrol routes of military members wearing
Fitbits.

[https://www.nytimes.com/2018/01/29/world/middleeast/strava-h...](https://www.nytimes.com/2018/01/29/world/middleeast/strava-
heat-map.html)

~~~
Red_Leaves_Flyy
Paywalled

~~~
Sebguer
A fitness app that posts a map of its users’ activity has unwittingly revealed
the locations and habits of military bases and personnel, including those of
American forces in Iraq and Syria, security analysts say.

The app, Strava, which calls itself “the social network for athletes,” allows
millions of users to time and map their workouts and to post them online for
friends to see, and it can track their movements at other times. The app is
especially popular with young people who are serious about fitness, which
describes many service members.

Since November, the company has published a global “heat map” showing the
movements of people who have made their posts public. In the last few days,
after the app’s oversharing was identified on Twitter by a 20-year-old
Australian university student, security analysts have started to take note of
that data, and some have argued that the map represents a security breach.

Strava “is sitting on a ton of data that most intelligence entities would
literally kill to acquire,” Jeffrey Lewis of the Middlebury Institute of
International Studies at Monterey, Calif., warned on Twitter.

Some analysts have taken to social media to warn that, although the map does
not name the people who traced its squiggles and lines, individual users can
easily be tracked, by cross-referencing their Strava data with other social
media use. That could put individual members of the military at risk, even
when they are not in war zones.

The perfect gift for everyone on your list. Gift subscriptions to The Times.
Starting at $25. The outlines of known military bases around the world are
clearly visible on the map, especially in countries like Afghanistan, Iraq and
Syria, where few locals own exercise tracking devices. In those places, the
heat signatures on American bases are set against vast dark spaces. Tobias
Schneider, a security analyst, wrote on Twitter that “known Coalition (i.e.
US) bases light up the night.”

In Afghanistan, for instance, two of the largest coalition bases in the
country — Bagram Airfield, north of Kabul; and Kandahar Airfield, in southern
Afghanistan — can easily be picked out. The same is true for smaller bases
around the country whose existence has long been public.

But there also appear to be other airstrips and base-like shapes in places
where neither the American-led military forces nor the Central Intelligence
Agency are known to have personnel stations.

Perhaps more problematic for the military are the thin lines that appear to
connect bases. Those lines seem likely to trace the roads or other routes most
commonly used by American forces when traveling between locations, and their
exposure could leave troops open to attack when they are most vulnerable.

The Pentagon did not directly address whether the heat map had revealed any
sensitive location data. But Maj. Audricia Harris, a Pentagon spokeswoman,
said that the Defense Department recommends that all its personnel limit their
public social media profiles and that it was reviewing the situation.

“Recent data releases emphasize the need for situational awareness when
members of the military share personal information,” Major Harris said. The
Pentagon “takes matters like these very seriously and is reviewing the
situation to determine if any additional training or guidance is required,”
the major added.

The Central Intelligence Agency declined to comment.

The threat also extends to countries where the app is more popular. Dr. Lewis
of the Middlebury Institute wrote in The Daily Beast that the pattern of
movements clearly showed the location of Taiwan’s supposedly secret missile
command center.

Strava is not the first program to collect far more information, including
location data, than users realize, nor is it the first to make some of that
information available to prying eyes, intentionally or not.

Researchers at Kyoto University revealed in 2016 that they could find the
precise locations of people who used popular dating sites, even when the users
took steps to disguise that information. Last year, data was found online that
would allow anyone to track more than half a million cars with GPS devices.

But the Strava app, which works with wearable technology, goes even further in
tracing people’s locations with precision and sharing that information with
the world. The map’s settings show the extent to which routes are traveled,
and whether on foot, by bicycle or in a vehicle.

Strava, which is based in San Francisco, claims tens of millions of users, in
almost every country. The app can be used on Apple and Android phones, and
wearable activity trackers like Fitbit devices, the Apple watch, and Garmin
and Suunto sports watches.

The company released a statement on Sunday noting that the app has privacy
settings that can exclude users from the map and hide their activities from
the general public. It urged people to read a blog post from last year about
how to use those settings.

The map “excludes activities that have been marked as private and user-defined
privacy zones,” the company said. “We are committed to helping people better
understand our settings to give them control over what they share.”

~~~
waste_monk
Thank

------
trhway
It just sounds like the undercover spying in its old classical form falls
victim to the paradigm shift and has to adapt and evolve ("digital
transformation") like many other professions.

------
codeisawesome
The US Govt. cannot keep _information about their own SPIES sent to FOREIGN
SOIL_ safe.

We’re supposed to trust them with encryption skeleton-keys that can open any
phone or web traffic in the world and trust them to keep it safe.

Do they know that we live in a world where Nations burglarise from
individuals?

North Korea for example funded their missile program from criminal activity on
the internet. Can you imagine what will happen when they steal the skeleton
key to intercept credit card traffic worldwide??

Sigh.

------
jorblumesea
This ignores a bit of history, at least in the Cold War for Russia and China.
Assets were basically use once and burn. Agents could realistically last maybe
12 months in either place and could never return. The youngest would get
deployed because they had the cleanest records. Russia mostly knew who the
experienced spooks in the consulate were, even using cover.

------
catern
How infuriating. The intelligence agencies have done almost nothing to defend
the privacy and security of US citizens and systems, and now the constant
leaks and incredible frailty is hurting them just like they hurt everyone else
who wants privacy and anonymity. What a lack of foresight.

------
Lutzb
I am still convinced that creating social networks aka gigantic databases of
our own population was a mistake on an unheard level of idiocy. Foreign
intelligence must be shaking their heads in disbelief what we handed to them
voluntarily. What took months if not years to generate for foreign
intelligence can now be gathered, tested on confirmed in a plethora of public,
leaked or infiltrated systems.

------
ilaksh
I don't see any solution to this type of problem ever, aside from creating a
paradigm where countries can trust each other and their citizens. At the rate
we are currently going we might actually be more likely to have some kind of
human extinction event before that happens.

It's strange that no one even mentions the possibility of a paradigm like that
though.

------
sroussey
Just add the NYT location data set and why leave the office as a spy? It’s all
about analysts now?

------
secfirstmd
This is a very good article but it misses a few things.

-One of the techniques these days is to borrow an already existing identity for a period of time. If person A has lived a normal life, their story exists but if they haven't gone through biometrics in country B before then it's easier to get person C in (but obviously it's still harder than before). The identify is then returned

-People with potential for dual nationality have gone up in importance. Especially if they are legally allowed also to change their name.

-Equipment and database owners are key. Watch how popular 3M systems are in the world for example

~~~
frandroid
> borrow an already existing identity

Undone by biometrics. It's not just about biometrics in other countries, it's
also about biometrics leaks.

> People with potential for dual nationality have gone up in importance

...and are also highly suspicious.

> legally allowed also to change their name.

That's public record. Not helping.

------
KorematsuFred
It is probably a good thing if it is getting harder to send your spies in
foreign country. Should not this be considered a win win scenario for everyone
?

~~~
lobotryas
Absolutely not. Spying, even on America’s friends, is important for our
foreign policy and for staying on top.

I think you are confusing the world of geopolitics with concepts like “fair”
and “good” and forgetting Lord Palmerston’s quote: “ Nations have no permanent
friends or allies, they only have permanent interests.”

~~~
frfcccc
Ok, but since I’m not American and don’t care if US is Number 1 and I really
don’t like it when yankee spooks kidnap people in my country a supposedly
close US ally...

... I don’t care if US spooks lives are more difficult or in peril?

~~~
lobotryas
Did you just make a new account to reply to me...?

Even if you are not from the US you care because because other world powers
(China and in a much smaller way Russia) will be much worse for you.

------
mindfulplay
Why would an American government database ever need access from outside the
US? Under what circumstances couldn't a simple IP rule prevent such a silly
transfer of data?

I could never wrap my head around government databases (that need to be
secured) using using AWS or other cloud with default security.

~~~
nine_k
Cost-saving.

Governmental contracting is a lowest-bidder game, and budgets are variously
limited.

~~~
celticninja
Yes but security requirements are usually inckuded

------
jessaustin
I'm not a spook myself, but ISTM this should always have been disqualifying:

 _Now you show up at the border of Russia, they’ve got your high school
yearbook out there where you wrote about your lifelong ambitions to work for
the CIA._

~~~
fivre
In practice, you show up at the border of Russia and are detained (in my case,
because virtually no Americans cross this particular border). A nice, younger
FSB agent with some English skills asks you a battery of questions but doesn't
really care about their job, asking if they can just fill in your address
again when given your parents' address, because it's more work than it's worth
to transcribe another address that no one will ever read. Later, an older,
saltier, more senior FSB agent harangues you over some missing documents
before getting bored and letting you go.

We have some amusing preconceptions of Russia that rarely survive the reality
of Russia.

~~~
Red_Leaves_Flyy
Realistically, if you've been stopped by Russian border police and complied
with their requests you've done everything right. Russia then has three
options:

A: detain you and spur an international incident with complaints to the U.N.
re human rights abuses and everything else.

B: refuse entry.

C: delay you long enough to get a follow team deployed so they can see what
you do without inciting a lot of bad press, or delaying your travels more.

------
seibelj
I mean, shouldn't we assume that our phones, TVs, laptops, bedrooms, and
bathrooms are bugged and monitored by every major government? Isn't this what
governments have always wanted? It's for our safety, I thought.

~~~
mr__y
Why bother with bugging a bathroom when most people will carry a wiretap
device with geolocation there willingly? And continue to do so despite the
evidence that device is actually listening? Then, why bother bugging a bedroom
if people would put another listening-all-the-time device there too? But then
why bother even with that when most people will handle the most private
conversations through one app or another that stores all the conversation
history in a datacenter you have access to? And then, to make analysis of
those conversations easier you get a generation that prefers texting over
voice. I can't really imagine making it even easier to wiretap everyone and
everything.

