Anna Chapman and the Russian Spy Ring
In June of 2010 the FBI publicized the arrests of ten individuals who had been working as covert agents for the Russian government. Although the nature of any sensitive information passed to their Russian handlers remains unclear to the public (as does their ability to even gain access sensitive or classified government information), what is known are the communication methodologies that the spies utilized with their associates, as well as the mistakes they made that blew the cover of their operation.
Commentators have criticized the spies’ apparent carelessness and lack of precautionary measures taken to remain off the FBI’s radar. ABC News ran a story quoting ex-KGB members who called the spy ring “laughable amateurs”. Arstechnica calls them “dumb”; Slate calls them “dopes”. However, the fact remains that that U.S. authorities only discovered the spy network as a result of a tip-off received from a Russian traitor. Had the traitor (named as Alexander Poteyev) not alerted the FBI about the spies’ activities, it’s likely that they would still be in operation today.
Nevertheless, what interests me from an ethical hacking standpoint is 1) how the spies operated and passed information and 2) what they did or neglected to do that blew their cover.
Not surprisingly the best resource to get the details on the foiled Russian spy network is Wikipedia. Below are some interesting quotes from the “Illegals Program” entry there.
The criminal complaints later filed in various federal district courts allege that the Russian agents in the U.S. passed information back to the SVR by messages hidden inside digital photographs, written in disappearing ink, ad hoc wireless networks and shortwave radio transmissions, as well as by agents swapping identical bags while passing each other in the stairwell of a train station. Messages and materials were passed in such places as Grand Central Terminal and Central Park.
The FBI read their emails, decrypted their intel, read the embedded coded texts on images posted on the Net, bugged their mobile phones, videotaped the passing of bags of cash and messages in invisible ink from one agent to another…
Chapman’s prior meetings with her Russian handlers had been … to pass information via encrypted private computer networks at Barnes & Noble or at Starbucks.
Many former agents have publicly said that some of the slip-ups exposed by the FBI were downright humiliating. In perhaps the most famous example, Chapman registered the cellphone using a fictitious name and address (99 Fake Street) and the FBI retrieved the receipt, which Chapman had thrown away in a public garbage bin.
Kutsik and Pereverzeva received specially coded radio transmissions from their high-rise Seattle apartment, and the FBI secretly entered their home where they found random numbers used to decode the “radiograms”.
Semenko was first noted by the FBI on June 5 when he used a computer in a restaurant to send encrypted messages presumably to a car parked in the restaurant lot that had Russian diplomatic plates and was parked for about 20 minutes, driven by a Russian official who was known to have transferred money to other Russian sleeper agents in 2004.
In its summary of the spies’ communication techniques Wikipedia states:
The Russian agents used private Wi-Fi networks, flash memory sticks, and text messages concealed in graphical images to exchange information. Custom steganographic software developed in Moscow was used where concealed messages were inserted into otherwise innocuous files. This program was initiated by using the Control-Alt-E keys and entering a 27-character password, which the FBI found written down. Coded bursts of data sent by a shortwave radio transmitter were also used. Using invisible ink and exchanging identical bags in public places were also used.
Chapman used her laptop at a New York coffee shop on 47th Street in January 2010 and electronically transferred data to a Russian official driving by. Two months later, Chapman used a private Wi-Fi network, possibly at a Barnes and Noble store on Greenwich Street in New York, to communicate with the same Russian official, who was nearby. Chapman used a range extender for her laptop.
There are several lessons to be learned here which other spy networks doubtlessly will have taken into consideration. As I read up on Anna Chapman & Co., the following observations came to mind.
1. Suspicious names for Russian immigrants. Ms. Chapman must have raised some eyebrows when she, in her stark Russian accent, introduced herself as “Anna Chapman”. Surely many who met her must have found it odd that a Russian woman had such a non-Russian surname. And even if she explained that Chapman was her former married name, this would only have led to further speculation because she was divorced and had no children with her ex-husband. One would suspect that her choice not to revert back to her maiden name would mean that she was trying to hide her former Russian identity.
Other spies’ aliases include Donald Heathfield, Tracey Ann Foley, Richard Murphy, Cynthia Murphy, and Patricia Mills…seriously? If an American immigrated to Russia and introduced himself as Alexei Yaroslav Kozlov, wouldn’t this rightfully provoke suspicion?
2. Suspicious lifestyle and occupation. In 2006, a 24-year-old Anna Chapman takes up residence in New York’s pricy Financial District, one block from Wall Street. There she founds her own real estate business, which her ex-husband stated was continually in the red for the first couple of years, and then suddenly in 2009, Chapman had as many as fifty employees and a successful business. How many Russian female immigrants in their mid-20’s would engage in such a lifestyle and career path, unless they were being directed and financed by another party?
3. The discreet bag/package swap in crowded public spaces…not as sneaky as you think. Apparently the FBI had no problem trailing the suspects and witnessing them exchanging bags even in busy environments like crowded train stations. Undercover agents are going to have to come up with new ways to transfer items. Entering public bathrooms simultaneously comes to mind.
4. The only safe place for passwords is in your head. FBI agents found passwords/encryption keys written down in the suspects’ residences.
5. Shore up the home front’s defenses. FBI agents were apparently able to enter the suspects’ residences and snoop around without alerting the spies to their presence. If the spies knew that they possessed highly sensitive files that could incriminate them, there are many steps they could have taken to prevent their discovery but apparently failed to do so. Their handlers should have advised them to:
- Move into a residence with one entry way, such as a condo or townhouse above the first floor.
- Install multiple locking mechanisms in the door.
- Install cameras to monitor areas such as the entrance and computer area while the residents are away.
- Store sensitive files only on easily transportable media, such as removable internal hard drives, external hard drives, and thumb drives, and always keep these drives on your person. The contents of these drives must be kept encrypted using a tool such as TrueCrypt.
5. Encrypted wireless ad hoc networks set off red flags. Although the data transferred via encrypted wireless networks would be difficult to impossible to obtain while in transit, the very presence of such networks is highly suspicious. A better way to transfer secret files is to do so in such a covert manner that the actual transfer itself would be very difficult to detect. Nearly all laptop users in airports and coffee shops are going to be connecting to the wireless access point (infrastructure mode) to gain Internet access. If there is an encrypted ad hoc wireless network between two users (probably who aren’t even sitting together), there is definitely something shady going on. Plus the fact that a Russian diplomat is sitting outside in a car owned by the Russian embassy…
6. You feel you’re being tailed…no excuse to get sloppy. Anna Chapman felt law enforcement closing in and bought a new cell phone to phone home to Daddy…when purchasing it she listed her address as “99 Fake Street”, and then dropped the receipt in a public waste bin where it was retrieved. The Russian intelligence service should have mandated a ‘no exception’ shred policy for all documents their assets acquired…sales receipts, postal mail, Internet print-outs, etc.