Sunday, March 12, 2006

The new Spy vs Spy


If you wanted to pass a message to a friend on the internet without actually sending an email, or posting a message on a forum website or writing a blog, how easy do you think it would be, and how secure could you make it?

The answer is: very, very easy and it's relatively secure. You never actually "send" an email. You just leave it unsent in "draft". A free online web-based email account is all you need.

By employing one of the various web-based email systems, such as Hotmail® or Yahoo!®, you can easily leave uninterceptable email for anyone you wish. The only thing you have to do is give your login and password to whomever it is you wish to provide access to your account. They go to the "draft" section and read, edit or create new information, as the case may dictate. They save any new information in draft and the message is never actually sent. It just stays on the server, away from the prying eyes and big ears of the NSA, GCHQ or CSE because hacking a server is highly illegal. (I know. We'll get to that.)

While it may sound like a simple trick, it is exactly one of the methods employed by al Qaeda and other jihadis to communicate plans, training and philosphy.

The jihadis are employing the internet to a degree which has shocked intelligence agencies and military operators worldwide into the realization that a tool, which has become the prima global information exchange, is successfully being used as a weapon. It is the same as if the disciples of Hitler's Germany had found a way to securely and safely employ open television signals to adapt their plans and survive during the 1950s.

While this may not surprize many people, consider that French counter-terrorism officers, after breaking up a network of jihadis last fall, discovered a bomb and detonator training facility in Lebanon, operated by al Qaeda leader Abu Musab al Zarqawi. The facility had developed the use of web-capable cell-phones as detonating devices. They could be triggered remotely from anywhere in the world employing the internet as the means to initiate the detonating sequence. If it sounds sophisticated and complicated, all you have to do is reduce it to text messaging. Log on to a website and send the same text message to any number of devices, causing simultaneous explosions in hundreds of global locations from, for example, an internet cafe in Hamburg, Germany.

The US Department of Defence is acutely aware of the jihadi use of the internet. In a report issued by Adam Brookes of BBC in late January, the plans of the US military were revealed after he acquired a DOD document entitled Information Operations Roadmap (large PDF) from the National Security Archive at George Washington University using the Freedom of Information Act.

The document is stunning. It contains a multitude of points relating to fighting with and against global information with a great deal of emphasis on computer and telecommunications networks. It views the internet as an enemy weapons system and the line "fight the net" appears several times through the paper. As one reads it, an assumption could be made that the DOD emphasis is on defending the US cyber-network system against hackers and spies.

However, recommendation 45 and 46 of the Information Operations Roadmap state that Electronic Warfare capabilities should include an architecture providing a future capability which will provide total control of the electromagnetic spectrum.

The DOD is intent on advancing cyber-warfare to both defend against attack and use it in offensive operations. The internet figures largely in this plan, including the ability to prevent what the jihadis are doing now. Intelligence agencies are already involved, as is obvious from NSA intercept operations.

Response to the DOD paper from the public was expressed as a fear that government was making a run at controlling the internet and, far from regulating content, the ability to destroy entire networks. Given the nature of the web, destroying one network would have a devastating effect on all others. While the DOD stated intention is restricted to warfare, history suggests that they would not limit intelligence and operations to a purpose sworn enemy. They have a habit of going deep on people they simply don't like.

The US Justice Department's subpoena, in January, of major search engines seeking massive amounts of data was couched in an attempt to track down the distributors and viewers of child pornography. However, it was a fishing trip and it indicated that despite the huge data pile that would arrive at Justice, if the companies had complied, a capability to sort and recompile the information exists. It would be easier for them, however, if they didn't have to ask at all.

Earlier I pointed to the fact that government agencies hacking servers is highly illegal. It's just as illegal to hack a person's computer without a warrant. However, in today's internet world spyware is a fact of life and it has become highly sophisticated. Private companies are engaged in relentless campaigns to acquire information on everything from websites visited to your personal bank account number. Spyware is readily available to various groups which will monitor your computer and your keystrokes. Remote Access Trojans (RATs) are becoming a growing problem and are increasingly more difficult to detect.

Here we have to look at the NSA and its purpose and capabilities. The NSA has a broad mandate, including cryptologic management. They design codes, programs and ciphers, all at a level of sophistication that far exceeds what most people can imagine. They also break codes and it is not a stretch to suggest that the NSA is fully capable of producing, distributing and employing spyware.

Would they do it? Absolutely. Is it legal? Without a doubt - as long as it is aimed at foreign computers, for example, the hotbed of al Qaeda internet cafes on the Pakistan-Afghanistan border.

However, given the unearthing of the Bush administration's illegal domestic surveillance program, believing it isn't happening or won't happen close to home is difficult to accept. The US government is clearly willing to cross all lines to see everything about everybody.

Call it collateral damage.

No comments: