With worldwide news leading with elaborate but anonymous hacking operations that have interfered with recent elections in the US and France – and pose a threat to the upcoming one in the UK – many are wondering how a foreign intelligence agency can conduct a surveillance or hacking operation without engaging with local law enforcement.
Many have speculated why Ireland had been spared the terrorist attacks seen in other countries across Europe. It is possible there is a form of ‘Entente Cordiale’ between Islamic extremists and Irish law enforcement ensuring we remained untouched. In such circumstances a foreign agency would naturally be suspicious of any shared information and might look to conduct operations in a more ‘independent’ manner.
Finding Targets
Surveillance requires getting close to chosen targets to establish behaviour patterns and movements with the ultimate goal of eavesdropping on meetings and conversations to establish their intentions.
The initial challenge would be to actually find a person of interest. There are many technologies that can be brought to bear on this problem including surveillance satellites, but there are far easier ways.
Extremists need to hide where there is a large population, which immediately limits the choice of locations to one of only three or four cities in Ireland. Assuming an Islamic extremist is also somewhat devout, this narrows the search down to locations around our few mosques. They don’t need to live close by, merely to attend.
Peppered around our target mosques will be mobile-phone-network antennae. Whenever a phone is powered on, when leaving religious services in a mosque for example, it reaches out to a number of mobile phone antennae to establish a connection.
There would be two pieces of information of interest to our agency here, the initial connection information and the call detail records – more on those a little later. The initial connection information allows specific mobile phones to be identified. From this our agency might establish an initial group of targets, and start tracking on a rudimentary level. The phones don’t have to be smartphones with fancy GPS units, although that would make the process easier: the information is fundamental to the operation of the network and it is generated by every phone.
Each phone has a unique identity that is used to tie it with all sorts of interesting information. Of particular interest is the call detail record, or CDR, used by telephone companies and hackable using illegal software. The CDR is a little nugget of information that underpins billing on mobile networks. It identifies, among other things, the number that is making a call, the number that is receiving the call, how long the call lasts and information on the telephone exchanges from which a general location of the caller and receiver could be largely established. From a CDR our agency could now track down a billing address and also a range of associates. Now it can start to infiltrate the homes of its targets.
Through the Front Door
Many extremists like the Internet, for its propaganda-spreading potential, sharing videos and pictures of their beliefs, ideals and manifestos, sometimes with abandon. Watching ISIS videos in a public place is not the best way to stay hidden so they have Internet connections to their homes. With the details from the CDR in hand, our agency could target Facebook, Twitter, Google and all of the other multiple Internet hangouts frequented by our extremists. With very little information a user’s Internet Protocol, or IP, address can be established. The IP address, while not unique, is enough to identify an Internet Service Provider; from there it’s a short hop for an intelligence agency to get to the Internet router, the anonymous device with the flashing lights connecting the extremist’s house, and probably yours, to the Internet. Suddenly, and invisibly, the agency can penetrate the perimeter of the target’s house.
Closing the Noose
The Internet router represents an extraordinary vulnerability in a house if not properly protected. Every Internet-enabled gadget connects through this single device and, to a sufficiently well-trained operative, it provides a digital potpourri of surveillance opportunities.
There are three things to note at this stage, first the router cannot be properly protected, second even the poorest of intelligence agencies have sufficiently-well-trained operatives and finally routers can be compromised for weeks and months before raising any suspicion.
Using the router as a stepping-stone, laptops, smart phones, tablets and increasingly ‘smart’ televisions all with microphones and cameras that can be turned on remotely and silently become available to the agency. The extremist has literally brought the surveillance device into their home and opened the door through which it can be accessed.
Phishing for fun and Electoral Disruption
The recent attacks on election campaign candidates fall into the realm of ‘phishing attacks’, bait-and-hook attacks with bad spelling. Phishing attacks present emails, instant messages and websites under a false flag. They look legitimate, but their entire purpose is to have the target reveal sensitive information such as passwords or bank account details.
In the case of Macron, a mysterious Russian cyber espionage group, ‘Fancy Bear’ aka APT28, possibly associated with the Russian military intelligence agency GRU, last month registered decoy domain names, the addresses that drive the internet, which resembled the name of En Marche. Using these domain names, a flood of communications would have been issued, often, ironically, containing a security warning requesting password verification leading back to the false-flag domain. With this simple step, a user’s credentials are obtained, leaving access to the legitimate systems utterly compromised.
In the case of Macron, those domains include onedrive-en-marche.fr and mail-en-marche.fr. OneDrive of course is the name of the cloud-based document service offered by Microsoft.
The attackers’ standard mode of operation is to access these systems to download sensitive documents and materials, releasing it to the internet via Wikileaks or other leak sites, or through their own sites, to an agog international public.
The Next Domestic Surveillance Device
What do Siri, Alexa, Cortana, Amy, Bixby and Google Home all have in common? First, given current trends, you will have one or more of them move into your house, and your life, within the next two years. That’s the way things go with ubiquitous evolving technologies. Second they all operate by voice activation. That’s right, they’re listening to you all the time, waiting for your every command. There is an aspect to this mode of operation that is rarely mentioned in the marketing bumf: they’re listening to you when you’re not giving them a command and, when they receive anything they interpret as a command, it is immediately transmitted back to their manufacturer. This is because the voice recognition isn’t on the device; it’s on the cloud. You are inviting an open microphone into your home and relying on the terms and conditions of the supplier not to abuse the device, and the good graces and motivations of the intelligence agencies not to use it to eavesdrop on your conversations.
One of the more amusing stories that travelled the Internet soon after the release of Amazon’s Echo aka. Alexa maintained that it shuts down when questioned about its connections with the CIA.
What about Warrants?
All this makes for interesting speculation, but how likely is it? Well, unfortunately for the extremists, and any other person of interest, it’s all too real.
CDRs have existed since the dawn of the cellular network, and have been the subject of a number of court cases in various jurisdictions where they have been determined to constitute ‘metadata’ and therefore not to be protected by privacy laws. They constitute a river of information that is regularly tapped by numerous agencies around the globe.
The nature of cellular communications allows for a broad location to be established that, with a little analysis, can be tied to its owner’s residence. With some rudimentary digital-attack techniques that address can be verified. The real challenge for any suitably-equipped agency is to limit the amount of information they discover.
Jumping from there into a house via an Internet connection is equally straightforward, and actually surprisingly well documented on the public Internet – as is compromising a laptop or other device such as a phone or tablet.
Every police force in the developed world now operates a cybercrime unit that comprises skilled security professionals trained in the techniques discussed here. It certainly could be done, and depending on your opinion on the initial premise of collaboration, may already be taking place, regularly.
Written by David Waldron