Feeds

back to article Russian spy ring bust uncovers tech toolkit

The FBI's case against an alleged deep cover Russian spy ring relies heavily on surveillance of their use of ad hoc Wi-Fi networks, bespoke software, encryption and the web. After a counter-espionage operation lasting several years, 10 people were accused on Monday of being covert agents of the SVR, Russia's foreign intelligence …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

fake street

Surely this means that the clerk who sold her the phone is also on the hook.....right?

0
0
Bronze badge

Namesake

A Google search turned up the fact that an even prettier blonde named Anna Chapman is the girlfriend of an American billionaire. So at least the Russian spy network, if such it is, has not infiltrated that far.

Of course, it was discovering Russian spies trying to get their hands on the A-bomb that kicked off the last Cold War, and since the invasion of Georgia, we've been somewhat overdue for another one in any event.

0
0

Facebook

http://www.facebook.com/search/?flt=1&q=Anna+Chapman&o=2048&s=10#!/chapmananya?ref=search

This appears to be her FB page, although not with the photo in the article, but she is wearing the same dress in her photos.

0
0
Anonymous Coward

time to update her status page

change her current location from New York to Hoover Building, DC

3
0

Thanks

Are her friends part of the story ? Seven out of eight have Russian type names.

0
0
Anonymous Coward

Oh, the stuff I miss out on

...By not having a facebook account!

1
0
FAIL

Oh shi--

Why did I go there? Now I've got myself on a watch list, haven't I?

2
0
FAIL

Very Interesting

She was apparently using her job as a "Venture Capitalist" as a front to get Silicon Valley contacts. All the sweet russian girls on her page will certainly get a nice little FBI visit the next days.

How the fsck can you be so stupid to pretend to be named "Chapman" and have 25 russian friends on facebook. Merkin spooks might be stupid, but not that stupid.

Yes, my name is Chapman, by the way and my facebook page contains 75 friends from Paris and three Merkins. I live in San Francisco and I am a venture capitalist. Want to submit any biz ideas ? I am specialising in funding ELINT and SIGINT startups. Also, I know the best frogfoot restaurant in SF.

3
0
Bronze badge

pretend to be named Chapman?

Is this a common syndrome, in your experience? I've known at least two persons over the years who claimed to be named Chapman, but it never occurred to me that this might have been a plot against US security.

1
0
Thumb Down

Status'

She posts her FaceBook status in Russian too

1
0
Silver badge

@James Chapman

I haven't checked facebook - no access - but being married would be one way for a Russian with Russian friends to have an Anglo surname.

0
0
Thumb Up

Divorced

The BBC reported her as being a divorcée. She didn't seem to be trying not to be Russian; her facebook name "chapmanania" suggests that Anna is just an anglicised version of Anna. She also posts in Russian quite a lot.

If her cover for being a Russian spy is being a Russian who isn't a spy...

Though the Beeb also said that none of the 'deep cover agents' have been charged with spying. They've been charged with being unregistered representatives of a foreign government. It's like James Bond meets The Office.

1
0
Go

Good To See

..that the merkins and the russkies are kicking each other's shin again, after fooling the whole world on the russian-merkin "sat collision" last year.

If this whole story is true. Maybe all fabricated.

0
0
Silver badge
FAIL

MAC address spoofing.....

... FTW.

Or, try better procedures, such as going to different, busy, open Wi-Fi hot spots and sending each other steganographised holiday pictures via Skype?

If something works once, they get complacent and keep doing it without thought for possible countermeasures. These people need El-Reg commentards to act as consultants.

8
0
Joke

If the CIA need the data packets

...they should just ask Google

4
0
Paris Hilton

judge not by tits contents

If you fall for fake data packets you get what you deserve ... oh wait ... I see what you're saying ...

0
0
Big Brother

At least America doesn't have to spy on Europe...

Or more to the point, they don't have to pay for spies, as sadly our corrupt officials in power just send our data to them to process as they want. e.g. http://www.theregister.co.uk/2010/06/29/swift_agree_approved/

Then again who do our corrupt short sighted idiots in power really work for? ... They act like they don't work for the people who vote them into power and they certainly are not protecting voters privacy, so they certainly don't have our interests at heart. So who do they really work for?

5
0

Life imitates art

The art being that of an early (lean and hungry) Woody Allen contributing to the script of the original (and IMHO the best) version of the James Bond film Casino Royale. (Best beciause in all subsequent Bond films pretty much the only ones not taking it seriously were the actors).

Were it not for the fact that the action is occurring in America, I would say the FBI was having a private joke. Surely no-one else is trying to take down the FBI with this...?

1
0

D'oh

"Fake Street is a street name used by Marge . After she cut off Homer's thumb, Marge called the police but Chief Wiggum jumped to the conclusion that Marge was a homicidal maniac and immediately asked for her address. Marge made up "123 Fake Street" on the spot in order to avoid arrest and hung up. Later, during Bart's skit, Bart and Milhouse get some firecrackers from a cave and hide in a building that happens to have the real address "123 Fake Street", leading to their arrest by the police as they follow up Marge's tip. "

http://simpsons.wikia.com/wiki/Fake_Street

0
0
Big Brother

I'm guessing she anglicised her name,

because her name on her FB link is quite clearly 'Anya'

http://www.facebook.com/chapmananya

Not trying to hide her background too much, I guess.

P.S. Posted Anonymously as I'd rather not get introduced to any Russian umbrella tips....

2
0

Possibly the opposite

I have a polish friend called Anna, which is pronounced as Anya, so the Anya may be the anglicisation (at least for pronunciation) and Anna the original name

0
0
Silver badge
Boffin

Anya

Is the diminutive form of Anna in Eastern Europe and Russia, in much the same way as we would call someone called William 'Billy'.

0
0

This post has been deleted by a moderator

"uncovers tech toolkit"

"the same way as we would call someone called William 'Billy'" -

The same way. OMG, someone would say.

Hmm, anyone knows how to define the proper jpeg? ((-;

0
0
Happy

Anna Chapman...

....My arse - that's definitely Amy Pond .

5
0
FAIL

Steganography?

It can't have been very good steganography if someone found it!

0
1
Gold badge
Happy

Q'skis contribution

Seems to have been some stenographic software for burying and recovering messages in pictures which was apparently not commercially available

Everything else seems to have been pretty much off the shelf.

Perhaps they should have sub contracted it all out to the sort of people of run botnets.

0
0
Bronze badge
Thumb Up

Chapman?! Piglet Files!

Nicholas Lyndhurst's bumbling MI6 operative character in the comedy The Piglet FIles, was called Peter Chapman!

Them damn Ruskies obviously wanted to avoid the usual James Bond cliches, so they watched an altogether more realistic portrayal of British espionage, The Piglet Files!

1
0
Joke

Re: Chapman?! Piglet Files!

I knew there'd be a Piglet Files connection! Did anyone involved work for Radio Rentals?

0
0

@Peter Simpson 1

> Standard WiFi? No top secret technolongy in a USB stick from Qski's lab?

Believe it or not, it's actually a zillion times better to use hardware that is easily available, it's a little hard to explain away your uber cool flashy encryption device when the authorities find it.

Look up 'Number stations' for an example of low tech is still being used in Spy work (I pick up E08 from time to time):

http://home.luna.nl/~ary/

http://www.mikeandsniffy.co.uk/thesecretsiteofmike/num/russia/russian.htm

2
0

@Sara

Please tell me the relation between that prophet and this story. Judging from the number of yanked postings, there must be one !

1
0
Bronze badge
IT Angle

Entertaining but...

It's entertaining to speculate about what kind of software you would use to outsmart the FBI but as far as I've seen, none of the information released so far explains what tipped the feds off to the existence of these spies in the first place. It could just as easily have been some unrelated leak, or even info from a US spy in Russia. To me it sounds like they were actually doing a pretty good job of keeping a low profile.

2
0
Silver badge

@Pablo

Could have been from routine monitoring of diplomatic staff and officials - it seems common for instructions to filter through them - to someone shoulder surfing in a coffee shop and seeing something suss and reporting it.

0
0
Anonymous Coward

Who's meeting all the spies?

It's just possible that the FBI routinely tails Russian government officials in the USA and take notes of other people who regularly feature in their surveillance.

It is also possible that they decided to check up on Vicky Paleaz, the Peruvian journalist who had regularly expressed opinions against US foreign policy and in support of Castro, Chavez, etc. She was filmed meeting a Russian government official in South America back in 2000.

Another nasty rumour was that the Russians gave up these people on purpose because they were getting expensive, had not found out anything not readily available off the Internet and were showing signs of becoming a bit too American. This way, the FBI would be kept busy and pleased with themselves following this lot about whilst missing some other rather more secretive and successful spies.

2
0
Thumb Up

Doesn't she just have a face...

...that makes you want to divulge every last item about international relations? ><

Aww enough with the cloak-and-dagger games, though, didn't that all knock off with the Iron Curtain already?

But hey, alright, maybe it's kinda "retro" to see it coming up again - Russian spies in the US, I'm sure future game developers will be duly inspired by as much.

0
0
Bronze badge
Paris Hilton

FORGET the tech...

this balls up almost certainly came unglued via human factors. I.e., the way they monitored her WiFi connections was meaningless - because by that time they already HAD her and her Russian handler under physical surveillance, which is how they co-located them. And rumbling the steg programs only happened AFTER the FBI did a complete search of their houses - meaning they were already compromised. In short, the cool tech bits seem like mere evidence to prove what they already knew.

So the REAL spy story here is: how the the FBI get the human intelligence needed to get search warrants and conduct the expensive shadowing operation on the group? And where does that undercover FBI agent fit into all this? And did he get to get Chapman? These are the real stories...

Black helicopters, with hush rotors and laser doppler mics,,,because, well, it's obvious...

1
0
Boffin

Re: Human intelligence - And a Better Way?

"...how the the FBI get the human intelligence needed to get search warrants and conduct the expensive shadowing operation on the group?"

Obviously, you are not aware of the proper procedures and safeguards in place for issuing warrants and initiating surveillance for counter-espi... sorry, counter-terrorism.

No warrant is required - unnecessary paperwork in the War Against Stuff, you know. Only domestic police forces investigating non-national security crimes need warrants (unless there are huge amounts of cash involved or political retribution). "National security" comes under the FISA board, whose proceedings are typcially not public.

In answer to your question - Foreign diplomats are routinely (but *passively*) monitored, especially if they find that a wireless AP moves around with the Assistant Under-Assistant to Honourable Ambassador X (note: just made that up). All they had to do was see who/what connected, and when the person just stands there across the street from a Starbucks for 1/2 hour at a time... well... Notice that the "foreign gov officials" are not named - diplomatic immunity, you know.

How could we do better, class?

How about wireless AP in suitcase while (known, diplomatically protected) operative walks around town across SEVERAL networks on different routes daily/weekly. Stenographic images are embedded in image sets "randomly" or huge sequential blocks downloaded from 0-day posts (or possibly pr0n) on overseas image servers. Download MUCH more than you really wanted, and never duplicate the images. TOR would be a good addition, too, as long as you set the exit point outside jurisdiction. Extra points if netbook generates random MAC adresses between connections (remember Orinoco Golds?). Bonus points if you set it up so two browsers both use TOR (or another encrypted proxy) but with separate exit points, giving the (casual) illusion that its the same session.

Exchanges could also be done using TrueCrypt (with hidden containers?). How about "image" files that are "corrupted" by having the last 1/2 or 3/4 of the image a small (150K or so) TrueCrypt container (which would appear to be garbage data)? Creating the file would simply be cutting the original off at a certain point, and "copy x + y z", allowing the same simple file cutter program to strip off the beginning of the "image" when ready to read...

Location of the starting point would be transmitted off-band (0-day posts to blogs, etc) as well as passwords (but not the same place, of course). Extra points if the other images in the "set" downloaded actually have (false) stenographic messages for counter-counter-espionage to those investigating. Bonus points if you pointed out that off-band locations could also include containers in spliced up image/pdf/video files. If you suggested that these lists of file urls would also be transmitted in images with embedded containers distributed in SPAM messages, you get a gold star. ;-)

And don't forget obvious distribution channels like "False Results Links Off a Phony Search Engine"(tm), linking to any location images might be uploaded that could include stenography or "corruption" - well known auction sites, holiday snaps, social networking, etc. Simply having a message in the comments, etc. saying "for more information contact [insert real cryptographically secure email here]" and using the email address for the password would suffice.

Of course, having a non-public, non-commercial stenographic package (as found by the FBI) used for false messages on the same or other files with other stenographic (true) messages encoded from a publically available stenographic site (accessed through TOR, etc) would also draw away attention from the real messages...

This is all just off the top of my head, mind. Of course, I may be available for consulting :-). But why advertise if I am "anonymous"? - if you are in a position to pay me, you would know who I am, anyway.

3
0
Welcome

Reverse-double-speak... erm, boobies!

The fine folks at Gazprom likely have a much more effective network that is extensively greased with cash, natural gas, and oil. They have large portions of Europe and Asia on a short leash. The former oligarchy is controlled by Putin, et al. Do they truly take this sort of operation seriously these days? It's a wonderful way to generate headlines, certainly, but I can't see it being something other than part of very large and old machine being maintained by life support, should it need to be resurected.

Hmmm... combine the two, and then we're talking. A wonderful creature like big red (pictured), cash, lots of oil, we'll forgive any natural gas incidents, et voila! As soon as Berlusconi becomes the US president, it's a done deal.

Oh, and of course, I for one, welcome my new KGB handler-ette... ahem.

0
0
Anonymous Coward

"macchanger -r", motherfucker ...

... have you heard of it!?

(ok no, obviously not).

0
0
Bronze badge
Big Brother

wifi rocks!

Oh, wait... the British did that and it didn't work

0
0
Silver badge

Am I being dumb...

.. or does this sound like people trying to get caught. I'm guessing that if they didn't get picked up by the feds this time she would have brought a phone under the name 'Anna Spy' and an address of ' 1 Spy Street, Spy City, Russia'.

I mean, they didn't do live transfers in Smiley's day why start now. And for Christ's sake taking a laptop to Russia to get it 'seen to'. Never heard of Gotomypc?

Decoys perhaps?

0
0
Silver badge
Alien

Hang on a minute...

Are we not (most of us at any rate) taking the FBI's account at face value? There are often several aspects to this kind of game and one of them is that there are people in both Washington and Moscow who for their own seperate reasons do not like the fact that Medvedev and Obama have decided to improve the atmosphere between Moscow and Washington. Another aspect is the sheer incompetance (alleged) of these long term sleepers. The Russian secret service is after all simply the Russian section of the old KGB about whom one could of course say a great deal. However, they were not exactly known for being incompetant dickheads like this gang apparently were. The whole thing looks like some kind of game of charades. Who is playing and why....., well your guess is as good as mine.

2
1
Silver badge

Just a small speculation

Just as an example of what I mean by "charades" in this context is the following possibility. We know that there are forces in both Moscow and Washington who (each for their own politcal reasons) do not want an improvement in the relationship between Russia and the US. It is certain that they would know perfectly well how to get in contact with one another and would be equally capable of arranging an "incident" (on a devil's alliance basis) that served both their interests. The whole thing could perfectly well be that kind of stunt.

1
1
Big Brother

LinkedIn

Turns out I'm three steps removed from Anna Chapman according to LinkedIn. What's your score?

0
0

3rd

Also three.

0
0
Flame

Don't believe them too much

Colliding sats, mining mangane, spies on FB, yeah, absolutely.

See this:

http://www.fas.org/irp/program/collect/jennifer.htm

0
0

Netstumbler

I really hope the FBI aren't using NetStumbler - that's an active scanner. It sends packets out at regular intervals. I'd pick up that someone was using it in a jiffy.

Kismet is a much much better option for this sort of thing. Fully passive. Plug in a wifi card to your PCMCIA slot and set kismet to put it into RFMON mode and scan and record every packet within range and monitor the activity (it'll see shit like NetStumbler no problems bumbling around like the active muppet it is). Then use your regular wifi card to do the spy SIGINT stuff.

I assume that el reg was just having a guess about NetStumbler - because surely the FBI/NSA know what I've just said in much greater detail than I do.

0
0
(Written by Reg staff)

Re: Netstumbler

It's a guess, but given the complaint tells us the Russian official detected the surveillance on one occassion, perhaps not a bad one.

- Chris

0
0
Bronze badge

@Chris Williams

I'd tell a commenter who said that to RTFA, but I gather you were the one who WTFA. ;-p

"On one occasion in April, the Russian government official, who was based at the UN, rumbled his surveillance team, according to the court documents. He returned to his office and only one of the usual MAC addresses, allegedly belonging to Chapman's laptop, was observed trying to communicate."

Clever Russian official -- he spotted Netstumbler without even booting up his laptop! This Russian technology is incredible. Where can I get some?

...or perhaps he just spotted the person tailing him.

1
0
Bronze badge

commercially available tool

Given that the complaint filings refer several times to "a commercially available tool that can detect the presence of wireless networks", it seems likely that they purchased something (may be something like Omnipeek) rather than using Open Source or other freebies.

0
0
This topic is closed for new posts.