Monday, July 2, 2012

Top 5 Things Only Spies Used To Do (But Everyone Does Now)

There has been a good bit of recent evidence that the gap between what spies do and what we all do is narrowing -- and the spies are clearly worried about it.

GEN David Petraeus, Director of the CIA, started the most recent round of hand-wringing back in March when he gave a speech at the In-Q-Tel CEO Summit:

"First, given the digital transparency I just mentioned, we have to rethink our notions of identity and secrecy...We must, for example, figure out how to protect the identity of our officers who increasingly have a digital footprint from birth, given that proud parents document the arrival and growth of their future CIA officer in all forms of social media that the world can access for decades to come."
Richard Fadden, the Director of the Canadian Security Intelligence Service (CSIS), added his own thoughts in a speech only recently made public:
"In today's information universe of WikiLeaks, the Internet and social media, there are fewer and fewer meaningful secrets for the James Bonds of the world to steal," Fadden told a conference of the Canadian Association of Professional Intelligence Analysts in November 2011. "Suddenly the ability to make sense of information is as valued a skill as collecting it."
Next I ran across a speech given by Robert Grenier, a former case officer, chief of station and 27 year veteran of the clandestine service, given at a conference at the University of Delaware.  In it, he describes the moment he realized that the paradigm was shifting (and not in his favor):
"Grenier said he came to realize the practice of espionage would have to change when he received a standard form letter at a hotel overseas, while undercover, thanking him for visiting again.  When he realized electronic records now tracked where he had been for certain date ranges, he said he knew the practice of espionage was going to have to change.  “It was like the future in a flash that opened up before my eyes,” Grenier said."
(Note:  While I could not embed the video here, the entire one hour speech is well worth watching.  The part of particular relevance to this post begins around minute 8 in the video.   This is, by the way, fantastic stuff for use in an intelligence studies class).

Finally  (and what really got me thinking), one of my students made an off-handed comment regarding his own security practices.  I needed to send him a large attachment and I asked for his Gmail account. In response, he gave me his "good" address, explaining that he only used his other Gmail address as a "spam account", i.e. when he had to give a valid email address to a website he suspected was going to fill his in-box with spam.

That's when it hit me.  Not only is it getting harder to be a traditional spy, it is getting easier (far easier) to do the kinds of things that only spies used to do.  The gap is clearly closing from both ends.

With all this exposition in mind, here is my list of the Top 5 Things Only Spies Used To Do (But Everyone Does Now) -- Don't hesitate to leave your own additions in the comments:

#5 -- Have a cover story.  That is precisely what my student was doing with his spam account.  In fact, most people I know have multiple email accounts for various aspects of their lives.  This is just the beginning, though.  How many of us use different social media platforms for different purposes?  Take a look at someone you are friends with on Facebook and are connected to on LinkedIn and I'll bet you can spot all the essential elements of a cover story.  Need more proof?  Watch the video below:


The only reason we think this ad is funny is because we intuitively understand the idea of "cover" and we understand the consequences of having that cover blown.

#4 -- Shake a tail.   It used to be that spies had to be in their Aston Martins running from burly East Germans to qualify as someone in the process of "shaking a tail."  Today we are mostly busy running from government and corporate algorithms that are trying to understand our every action and divine our every need, but the concept is the same.  Whether you are doing simple stuff like using a search engine like DuckDuckGo that doesn't track you or engaging "porn mode" on your Firefox or Chrome browser, or more sophisticated stuff like enabling the popular cookie manager, NoScript, or even more sophisticated stuff like using Tor or some other proxy server service to mask your internet habits, we are using increasingly sophisticated tools to help us navigate the internet without being followed.

#3 -- Use passwords and encrypt data.  Did you buy anything over the internet in the last week or so?  Chances are good you used a password and encrypted your data (or, if you didn't, don't be surprised when you wind up buying a dining room set for someone in Minsk).  Passwords used to be reserved for sturdy doors in dingy alleyways, for safe houses or for entering friendly lines.  Now they are so common that we need password management software to keep up with them all.  Need more examples? Ever use an HTTPS site?  Your business make you use a Virtual Private Network?  The list is endless.

#2 -- Have an agent network.  Sure, that's not what we call them, but that is what they are:  LinkedIn, Yelp, Foursquare and the best agent network of all -- Twitter.  An agent network is a group of humans who we have vetted and recruited to help us get the information we want.   How is that truly different from making a connection on LinkedIn or following someone on Twitter?  We "target" (identify people who might be useful to us in some way), "vet" their credentials (look at their profiles, websites, Google them), "recruit" them (Easy-peasy!  Just hit "follow"...), and then, once the trust relationship has been established, "task" them as assets ("Please RT!" or "Can you introduce me?" or "Contact me via DM").  Feel like a spy now (or just a little bit dirtier)?

#1 -- Use satellites.  Back in 2000, I went to work at the US Embassy in The Hague.  I worked on a daily basis with the prosecutors at the International Criminal Tribunal For the Former Yugoslavia.  That collaboration, while not always easy, bore results like the ones that led US Judge Patricia Wald to say, "I found most astounding in the Srebrenica case the satellite aerial image photography furnished by the U.S. military intelligence  (Ed. Note:  See example) which pinpointed to the minute movements on the ground of men and transports in remote Eastern Bosnian locations. These photographs not only assisted the prosecution in locating the mass grave sites over hundreds of miles of terrain, they were also introduced to validate its witnesses’ accounts of where thousands of civilians were detained and eventually killed."  It is hard to believe that only 12 years ago this was state of the art stuff.

Today, from Google Earth to the Satellite Sentinel Project, overhead imagery combined with hyper-detailed maps are everywhere.  And that is just the start.  We use satellites to make our phone calls, to get our television, and to guide our cars, boats and trucks.  We use satellites to track our progress when we work out and to track our packages in transit.  Most of us carry capabilities in our cell phones, enabled by satellites, that were not even dreamed of by the most sophisticated of international spies a mere decade ago.

-----------------------

If this is today, what will the future bring?  Will we all be writing our own versions of Stuxnet and Flame?  Or, more likely, will we be using drones to scout the perfect campsite?  Feel free to speculate in the comments!

4 comments:

BK Price said...

All Source Analysis: When an important news story pops up (like the Free Gaza Flottilla going to Israel), I use a social media monitoring "dash board" like "netvibes" to pull together a variety of sources.

I get Twitter feeds for real time updates of the ship's movement. I get images of the Israeli's stopping vessels. I get blog posts providing (rough) analysis of what is going on.

I can also go to "Social Mention" and get the "pulse" of the web to see if the stories are generally positive or negative.

What used to require a dedicated intelligence staff, I can now just pull up at a whim.

sandhawk said...

Actually, all this means is that "top shelf" national state intelligence agencies will have to be more sophisticated about those cover stories. The everyday example, that one author pointed out in a declassified essay regarding the utility of a clandestine service (written by someone with the CIA in the 90s) is a married person having an affair. As long as the pieces fit (to outsiders), the person doing the espionage or whatever is unlikely to be discovered. It's not terribly hard for someone to keep their same name (and job title, even) while performing intelligence operations. Maybe they don't work that way anymore, or only a minority did during the Cold War, but the Soviet (and latter Russian) agencies are famous for their use of moles or sleepers.

With respect to analysis, it really is a new world - as BK Price points out, we have access to much more current information and it allows us armchair analysts lots and lots of fodder to put together what we think is happening. On the other hand, I would still bet that the CIA or FSB has a more accurate picture, since presumably they are both monitoring the same sources (and more, if we throw in multiple language reporting) and have people on the ground to verify the veracity of the reporting.

Pat said...

Biometrics are making discreet travel more difficult as well. What sort of faux persona can you adopt if your fingerprints or retina are on file abroad somewhere? I've noticed the term Identification Intelligence being bandied about recently. You might consider an article about it if you can dig up some details.

Many of my friends routinely avoid revealing that they are on vacation if their home will be unoccupied while they are away. A form of OPSEC, I suppose. Perhaps they give too much credit to burglars, but who knows, they might be taking intel studies classes online? ;-)

Even our cell phones are encrypted these days. A form of COMSEC. And we use video phones like George Jetson -- Skype. Certainly not your father's Oldsmobile.

You didn't mention anti-virus software and how we routinely defend our computers using INFOSEC.

gcb said...

One other thing that only spies used to do but we all do now - use small, easily-concealable devices that carry vast amounts of information. A 32Gb micro-SD card, for instance, carries way more information than the same amount of microfilm!