felipe rodriquez on Mon, 15 Oct 2001 20:52:22 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> Activists and Spooks - about covert activities against activist groups |
For HTML version see http://www.xs4all.nl/~felipe/articles/infiltration_lecture.htm ACTIVISTS AND SPOOKS A lecture about covert activities against activist groups, given at TILT conference, Sydney Australia (c) Felipe Rodriquez - 27 September 2001 With special thanks to Eveline Lubbers for her insightful comments and inspiration for this article and in general. INTRODUCTION Activists worldwide are scrutinized by government agencies and corporate intelligence activities. Numerous organizations have been the object of surveillance and infiltration. These organizations include activist groups that advocate sabotage and violence. But most are peaceful organizations that do not advocate violence. Organizations around the world that have been targets of government surveillance and infiltration include Greenpeace and Amnesty International. Other groups include gay and lesbian rights organizations, socialist and Communist organizations, environmental groups, animal rights groups, middle east organizations, unions, peace activist organizations and human rights groups [1]. Western world intelligence organizations work on the basis of a counter insurgency model developed by British intelligence expert Frank Kitson. In his book, Low Intensity Operations he defines various stages of development of political organizations. He advices that the primary work of an intelligence agency should occur in the earliest phase of the creation of an organization, when the it is small and vulnerable. It outlines the necessity for continuous covert operations, insisting that infiltration and "psychological operations" be mounted against dissident groups in "normal times," before any mass movement can develop. [2] Officially the primary functions of government intelligence activities consist of giving information and warning of potentially hostile political plans of organizations, and the research and analysis of that information. Unofficially it includes the manipulation of organizations and people, in order to disrupt, weaken, compromise and control them. There is a need for activist groups to be concerned with surveillance and infiltration: governments and corporations observe, and sometimes manipulate, these groups to discover what they know, who their sources are, and what their future activities will be. One word of warning; you should not let this lecture make you feel too paranoid; governments have limited resources, and therefore they are unlikely to use many of the techniques that I will mention in this lecture if you are not an important suspect to them. WHO ARE THE SPOOKS ? Organizations involved in infiltration and surveillance activities include police organizations, local and foreign human intelligence organizations, local and foreign signal intelligence organizations and global corporations. A large US based religion, The Church of Scientology, has also been accused numerous times of infiltration and surveillance activities, apparently to weaken and destroy their perceived enemies. A large number of government infiltrations of activist groups have been reported worldwide. An example is reported infiltration and surveillance activity by the Victorian police Operations Intelligence Unit, in Australia, in the early nineties. This unit monitored 316 organizations and had files on more than 700 people in the state of Victoria [1]. Exceptional about this was not the amount of organizations and individuals that where monitored, but the fact that these covert activities where exposed. Similar activities by police forces and intelligence organizations happen around the world, but remain covert. Often we only get to see single pieces of the intelligence puzzle. Some of the examples of puzzle pieces that where found are: - the infiltration into the US organization 'Students for Economic Justice' [3] - undercover police activities during protests [4] - failed attempts to recruit informers [5] - informants or agents that have been discovered and volunteered information about their previous covert activities. Such activities need not be limited to domestic government agencies. In the early 90s a US agency tried to infiltrate a hacker group in the Netherlands by setting up a hackers bulletin board to lure and entrap hackers. He created multiple personalities on his bulletin board to create an impression that there was genuine activity and communication going on. But in reality he was trying to extract information from Dutch hackers about their activities, and possibly try to infiltrate those hacker groups. The operator of this bulletin board later turned out to be an employee at the US embassy in The Hague. In 1995 he was fired by the US embassy because he had become a security threat, and in 1996 he started posting elaborate stories about his intelligence activities [6] for the CIA. Various corporations have also engaged in surveillance and infiltration activities. And they do not only spy on their competitors. Activities against activist groups have been reported. Such as the case of McDonalds, that employed private investigation agencies to infiltrate London Greenpeace [7,8]. In the case of Greenpeace London, Mc Donald's had hires more than one investigators to infiltrate that group. The infiltrators did not know the identity of the other infiltrators. Corporations have an increasing need to gather intelligence to protect their interests. Governments can often not provide the information and intelligence products that corporations need. Various corporations have therefore used private intelligence companies, such as a company called Control Risks. Control Risks is a so called international business risk consultancy. Services include political and security risk solutions, investigations, security consultancy and crisis management and response. The essence of companies like Control Risks, is to function like a privatized intelligence organizations. In January this year a person called Manfred Schlickenrieder was exposed as a corporate spy that was doing work for shell and possibly other corporations. This person has been spying on activist groups for a period of more than twenty years. He collected information and photographs on hundreds of people. He also offered to sell guns to people. The founder of the company he worked for, a former MI6 agent, said in the Financial Times that his company tried to do the same thing for corporations as they had done before for the government. A number of espionage activities by freelance agents that sell their product to corporations have been reported. In the Netherlands there was a case involving a detective agency that collected paper from activist groups. The agency employee, posing as an activist, told organizations that the old paper would be sold to a recycling company, and the proceeds would be donated to a school. As a result many sensitive documents ended up on the desk of corporate managers, to whom they where sold by the agency [9]. Another freelance agent was Adrian Franks, who infiltrated numerous activist groups, collected information about them, and tried to sell this information to corporations around the world [10]. METHODS OF SURVEILLANCE Much has been written about the Echelon surveillance network. Echelon has the capacity to carry out total communications surveillance. Satellite receiver stations and spy satellites in particular are alleged to give it the ability to intercept any telephone, fax, Internet or e-mail message sent by any individual. Echelon operates worldwide on the basis of cooperation among the UK, the USA, Canada and Australia. These states place their interception systems at each others disposal, and make joint use of the resulting information [11]. A former Canadian secret service employee says the service routinely received communications concerning environmental protests by Greenpeace vessels on the high seas [12]. Echelon is coordinated by the National Security Agency, or NSA, in the United States. This is an agency has a budget of approximately 4 billion dollars a year. This budget is magnified by the cooperation with other intelligence agencies, and assets are pooled with these agencies. Examples are the spy base in Pine Gap, based in Australia, with mixed Australian and US staff. There are numerous speculations about the capabilities of the NSA, they have been known to top into undersea communications cables, and the United States have a special submarine equipped for these operations. There have been messages about the NSA tapping undersea fiber optic cables, by splicing them. The problem does not seem tapping into these cables, but processing the unimaginable amounts of information that such tapping provides. In space the NSA has specially equipped spy satellites, such as the Mercury signals intelligence spacecraft. These satellites are designed to intercept transmissions from broadcast communications systems such as radios, as well as radars and other electronic systems. They have a very large deployable antennae with a diameter of approximately 100 meters. Carnivore is a computer-based system that is designed to allow the FBI to collect information about emails or other electronic communications to or from a specific user. It has the capability to capture all the network traffic to and from a specific user or IP address [13]. Other countries are developing similar devices, and the legislation needed to implement them. In the Netherlands legislation has already been implemented that will force ISPs to make their Internet network traffic available to police and secret service surveillance, when served with an order to do so [14]. In the Netherlands there was a legal case where a former hacker, that now works for the police, provided evidence that the Dutch police had created a black box device that was capable of tapping specific internet traffic at a provider, and had the capability to reconstruct the entire session of the user that was the target of surveillance. There are currently a lot of news items about intelligence services trying to uncover messages that have been hidden using steganography. This is a technique to hide a message inside another message. It is alleged that terrorists use steganography to hide messages that are sent to other terrorists. Several Internet providers around the world have been asked to provide information about this, and to cooperate with the intelligence community to uncover these hidden messages. Government contracts have been granted to companies to develop techniques that enable the analysis of content on the Internet, in order to uncover messages that are hidden using steganography. If you are concerned about the security of your computer network, then stay away from wireless network equipment, such as the Apple Airport and Lucent Orinoco wireless access points. Wireless network communication has been compromised, and it is relatively easy even for an amateur to eavesdrop and penetrate a wireless computer network. In the United States it has become a bit of a fashion to drive around in a car, equipped with a computer, a wireless Ethernet device, and a special antenna. This enables one to pick up network traffic from most wireless networks, especially the ones that are not secure. This new fashion has a name, it is called war driving, and is derived from the old hacker activity of war-dialing In Australia laws have been passed that give ASIO, Australia's domestic spy organization, powers to hack into computers. They can now enter and modify computers remotely. [15] The FBI has been reported to have rigged a computer used by a suspected criminal in order to be able to monitor every keystroke. [16] The suspect was using encryption to protect the data on his computer, and it was impossible for the FBI to crack this encryption. By tapping his keystrokes they where able to find the password of his encryption software, and decrypt all the secret information on his computer. Less high-tech ways of spying on activist communication include a phone tap, or a pen register. A phone tap eavesdrops on the activist's telephone calls, recording the oral communications on tape. A pen register tracks all the numbers of inbound telephone calls. Phone taps are used extensively in some countries, and less in other countries. The Netherlands is notorious for its use of phone taps; it has among the highest amount per 1000 population of phone taps in the world. Also in the Netherlands it has been reported more than once that public phones where being tapped by the police, because they where allegedly being used by criminals that tried to circumvent government tapping of their phone. A government phone tap is impossible to detect, don't believe the marketing hype that spy shops give you about anti bug devices. These devices are only effective for very low-end surveillance equipment as employed by mediocre freelance spooks. The danger of bug detection devices is that they'll give a false sense of security. A very rare way of detecting a phone tap is when a mistake is made. In 1992 a tap was placed on a computer line of the Dutch hacker group HackTic network. This disrupted normal network email operations. The inverse signal of the tapped line was connected to another line by mistake. Social engineering of the phone company engineer responsible for the switch disclosed that something odd was done to the wiring that he was not allowed to disclose [17]. In some cases microphones (bugs) are installed in a premises, to record conversations in a room. Before such a device can be placed, surveillance by the agency is initiated in order to determine the best time and place to install it. Be wary of electricians and plumbers at the door with whom you have no appointment, they may be checking out the best location for a bug, and may be trying to find security problems for later covert entry into your house. Often there is no need for the spooks to install any microphones in your home, there already is one there, its called the telephone ! Built into the international CCITT telephone protocol is the ability to take phones 'off hook' and listen into conversations occurring near the phone, without the user being aware that it is happening [18]. This effectively makes the telephone into a room monitoring device. Do you believe only street cats are interested in your garbage bin ? You're wrong ! Garbage can be a primary source of intelligence. This may sound smelly, but look at what people throw away. Often draft versions of documents end up in the trash. These may give away vital information. Oracle paid private investigators to go through the trash of a trade group with ties to arch-rival Microsoft. [19] A case that already mentioned before occurred in the Netherlands, where a private investigation company collected the trash of numerous activist organizations. Shredding documents is an option, but may provide a false sense of security. When the Iranian revolutionaries occupied the US embassy in Tehran they found big pile of shredded secret US government documents. The Iranians managed to recover the shredded items and systematically reassemble them. They then published facsimiles of the documents in a series that currently numbers over 70 volumes. The information that was uncovered by the Iranians contained the identity of the CIA station chief in Beirut, William Buckley, who was kidnapped and assassinated by a group calling itself Islamic Holy War. Why do you think Osama Bin Laden switched his satellite phone off ? Because following people around has become very easy if they use a cellular or satellite phone. A mobile phone network always knows in what cell of the network the phone is at any given time. Police and intelligence organizations can access this information to locate someone, or to find out the history of a person's movements. Another way of finding out where a person has been in the past, is by checking credit card transactions; purchase anything with a credit card, and the transaction is logged on the mainframe of the credit card company, including the location of the merchant, and therefore your location at the time of purchase. During demonstrations and protests the government often uses photo and video surveillance, to record the presence and activities of individuals. Some police forces have specially equipped command and control vehicles with video camera's on their roof, and video terminals inside. Video and photographic surveillance of specific locations, such as an office of an activist organization, has been documented in the past. With the right optical equipment such surveillance can be done from a mile or so away, defeating any chance of discovery. INFILTRATION An infiltrator tries to penetrate an organization with the intention of collecting information that is otherwise not available. Surveillance of communications is called Sigint, an acronym for Signals Intelligence. The use of informers, or actual infiltration of groups is called Humint. Sigint often does not provide adequate information about the motives and future plans of people and organizations, therefore government agencies often engage in Humint activities. Infiltration is also used to manipulate and compromise activists and their organizations. Undercover infiltration is a specialist job, and can be hard to detect. There are some recurring signs that have been turning up in reports about past infiltrations. An infiltrator needs to gain trust in the target organization, and will sometimes offer secret information to gain trust and respect. An infiltrator will seek a leadership, or close to leadership, position. It is important for an infiltrator to become an information hub, and infiltrators often maintain extensive contacts with other organizations. Infiltrators often create conflict and intrigues in their environment. Infiltrators often extensively copy archived documents of the activist organization and take these copies with them. Another important sign that has come up repeatedly in reports about different infiltrations by government agencies is that the infiltrator will often promote the use of illegal activities, and may encourage others to participate in illegal activities. Infiltrators have been reported that offered arms and explosives to activists [20]. In the Netherlands there have been two reported cases of infiltrators that where offering guns and explosives. Another case has been documented in Germany. I have had some personal experience with a person working for the US embassy in the Netherlands that tried to incriminate me in a crime, apparently with the intention to use that against me to discredit me, or worse. Fortunately we reported this to the press and police before the case came to its climax; and this person consequently lost his job at the embassy. The reasoning behind this activity of offering weapons is that governments want to know who is willing to use violence or illegal activities to achieve their activist goal [21]. An element of entrapment is often blended into this; the infiltrator promotes the use of violent or illegal activity, and when the illegal activity takes place the people involved are arrested. After such an arrest an attempt can be made by the government agency to pressure the participating activist into becoming an informer with threats of punishment and prison. The African National Congress manual for covert actions [22] used the following list to identify infiltrators: * they try to win your confidence by smooth talk and compliments; * they try to arouse your interest by big talk and promises; * try to get information and names from you which is no business of theirs; * try to get you to rearrange lines of communication and contact points to help police surveillance; * may show signs of nervousness, behave oddly, show excessive curiosity; * may pressurize you to speed up their recruitment or someone they have recommended; * ignore instructions, fail to observe rules of secrecy; Spies that work for corporate intelligence organizations often work in a different way than government organizations. Corporations want information of a more general nature, such as the results of voting sessions, the intentions of campaigns and what contacts exist with other activist organizations. The main function of this information for the corporation is the creation of damage assessments and to develop public relations responses to actions like a consumer boycotts. Because of their different nature, corporate spies are more low-key. They are less likely to promote violence or to offer weapons and explosives for sale. Therefore they are harder to detect and isolate. Cases have been reported, such as the one mentioned before in this lecture, where corporate spies have been active for many years. INFORMERS An informer reveals confidential information in return for money or other benefits. Recruiting informers often ends in failure, and therefore there are many reports available about the recruitment process. Informers can have a range of motives to turn against the organization they are informing about. They can be disenchanted members who volunteer their services. An activist may be overheard by someone not of the group, who in turn informs police. Someone may have been arrested and may try to avoid prosecution by agreeing to infiltrate a group and obtain information about activist activities. Or someone may have been targeted for recruitment by the police. [23] Recruitment by police or intelligence agencies is usually preceded by extensive background checks. Activists that have weak spots are singled out for recruitment attempts. A weak spot may be financial trouble, immigration status, pending prosecution and a range of other possibilities. The activist may be threatened and/or offered money. Other offers that may be made to coerce the activist into becoming an informer may include a permanent visa offer, or a settlement to prevent prosecution. Family members and friends of the recruitment prospect may be pressured, to convince the activist to become an informer. WHAT TO DO ? If you believe you, or your organization, are the target of infiltration of surveillance, the best thing you can do is start building up documentation and evidence. Create a small group of trusted individuals, and start to planning and researching the case. Try to find out all the facts, try to remember every detail that can be remembered. It is no use to have suspicions that cannot be backed up with hard facts. If evidence has been collected, it is often useful to double-check it first, and then publish the evidence. Please try to always be extremely careful about paranoia and unfounded allegations. Because that can cause as much, or more, harm to an organization as any intelligence activity. The best defense, if you have nothing to hide anyway, is to be extremely transparent. If transparency does not deter intelligence agencies, it will at least diminish your own feelings of paranoia and persecution. Second best is to have a high degree of awareness about security and knowledge about surveillance methodology. That helps in developing secure communication mechanisms, such as using encryption, steganography and maintaining anonymity. It is always useful to use encryption to protect your Email. Sending an unencrypted email is the same as sending a postcard without an envelope, any hacker or system engineer can read your email. There are various encryption software programs available on the Internet, PGP, Pretty Good Privacy, is probably a good choice. If you want to hide the fact that you are communicating, you may want to use some steganographic program, that hides a message within another message. Security is one thing, paranoia another. The summary of technologies and activities in this article is extensive, and some may find it scary. The fact that all these things are possible, does not mean that they happen right now in your organization. For most people it is unlikely to be extensively targeted by most of the methods that I have described. Police and intelligence organizations have limited resources, and very extensive surveillance will only be done on high priority targets. One also has to be mindful of the fact that intelligence and law enforcement agencies have limited resources. Priorities change, and what one day seemed important, may not be important the next day. An recent example would be increased attention by the intelligence community for the anti-globalization protestors, that may not seem as important today in light of the global fight against terrorism. The intention of this article is not to make you feel paranoid, or to make you feel permanently watched by the government. Such extreme focus on an individual or group is rare and only happens in extreme cases where suspects are very important. Most intelligence operations against activists are likely to be low intensity intelligence operations with the aim of tracking developments and collecting information. But if you have been trained in some Al Qaeda camp in Afghanistan, then you probably have a credible reason to feel watched at this particular moment. The intention of this lecture is also to instill a certain level of security awareness in people. You could compare it to an insurance policy. You never know when we will have a need to know about these surveillance and infiltration techniques; one day in the future we may find ourselves living in a totalitarian state. It would be useful in those circumstances if some information about government surveillance and infiltration activities is available. Another reason to create this lecture, is that most of us live in democratic states. Therefore it is important to have some insight in the covert activities that our governments engage in, because they do so in the name of the electorate, and therefore in our name. Thanks, Felipe Rodriquez ------------ SOURCES: [1] Operations Intelligence Unit Victorian police data base files at: http://home.vicnet.net.au/~neils/PoliceWatch/spec1.html [2] Low-intensity Operations - General Sir Frank Kitson Faber and Faber; ISBN: 0571161812 [3] Activist group exposes undercover officer http://www.statenews.com/article.phtml?pk=3519 [4] Undercover troopers among those arrested during GOP convention http://europe.cnn.com/2000/ALLPOLITICS/stories/11/16/convention.protests.ap/ [5] Koerden geïnfiltreerd (dutch) http://www.xs4all.nl/~evel/koerd.htm [6] Snorri Helgarsson - My Story http://groups.google.com/groups?q=snorri+cia+parker&hl=en&rnum=19&selm=4omak u%24b6%40enterprise.cistron.nl [7] Special Branch Help McDonald's http://www.mcspotlight.org/media/press/squall_aut96.html [8] Mag ik u infiltreren? (dutch) http://www.xs4all.nl/~evel/mcspy.htm [9] Liefdewerk Oudpapier (dutch) http://www.xs4all.nl/~evel/onzewer.htm [10] Infiltrator in A SEED, Earth First!, ENAAT - and where else? http://www.xs4all.nl/~respub/artikelen/adrian/ [11] European parliament report on the existence of Echelon http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf [12] Jim Bronskill, Canada a key snooper in huge spy network, Ottawa Citizen, 24.10.2000 [13] Carnivore FAQ http://www.robertgraham.com/pubs/carnivore-faq.html [14] opentap.org http://www.opentap.org/documents.php3 [15] EFA newsletter - ASIO hacking legalised http://www.efa.org.au/News/issue5_2.html#asio [16] Mafia trial to test FBI spying tactics http://www.theregister.co.uk/content/4/15268.html [17] Hack-Tic afgeluisterd ? Hack-Tic 18/19 (dutch) http://www.hacktic.nl/magazine/1811.htm [18] SGR Newsletter, No.4, 1993 And also in Hack-Tic 18/19 at http://www.hacktic.nl/magazine/1824.htm (dutch site) [19] Oracle's Private Eyes Hit Microsoft Trail http://www.pcworld.com/news/article/0,aid,17470,00.asp [20] Operatie Homerus - papieren tijger uitgeverij (dutch) ISBN 906728100X [21] Verslag van de speurtocht naar de infiltrant Adrian Franks (dutch) http://www.xs4all.nl/~evel/adrian.htm [22] African National Congress manual for covert actions http://cryptome.org/anc-manual.htm [23] POLICE UNDERCOVER OPERATIONS (2) by Mollie Maguire http://www.cat.org.au/a4a/police2.html (C) Felipe Rodriquez Copyright Notice; You may copy and distribute verbatim copies of this article for non-commercial use without the author's permission. --- Felipe Rodriquez http://www.xs4all.nl/~felipe # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime@bbs.thing.net