News about the CIA’s online dead drop disaster
A few days ago I reported about a steganographic communication system of the US intelligence agency CIA, which turned out to be insecure. Thanks to my readers, today I can present more information about it.
How does a spy communicate inconspicuously with his agent leader? In the age of the Internet, inconspicuous websites are suitable for this purpose. As I reported a few days ago, Mr. and Mrs. Anschlag, who lived in Germany and spied for the Russian secret service SWR, used the comment box under Cristiano Ronaldo videos on YouTube to exchange coded messages. This is also known as an “online dead drop.”
Say it with flowers
Recently, I came across another example of online dead drops. In 2010, the FBI arrested ten spies in the US who were working for Russia. Among them, Anna Chapman is most remembered for her career as a model and television host after being deported to Russia.
Quelle/Source: FBI
Apparently, the Russian spies used, among other things, inconspicuous photos to communicate. They embedded hidden messages in them using special steganography software. In a presentation by Jennifer Wilcox, the following flower pictures are shown (at 19:25), which are said to have been used for this purpose.
Quelle/Source: NSA
Presumably, the spies and their communication partners exchanged such pictures on photo websites. Unfortunately, I have no information about this. Perhaps a reader knows more.
The CIA’s faulty online dead drops
Not surprisingly, the US intelligence agency CIA also works with online dead drops. This could be read, for example, in an article in the Guardian. Specifically, it said that this form of communication was used between 2004 and 2013 with agents in Iran and China. Hundreds of news, weather, health and other websites had been used for this purpose.
Here’s the catch: intelligence agencies in the countries involved saw through the secret exchange of data via public websites. More than two dozen US agents in China and several in Iran are said to have been exposed and executed. Unfortunately, I could not find details about this on the Internet at first.
Instead, my readers found what they were looking for. Thomas Bosbach, for example, pointed me to a Reuters article. According to this article, the news, weather and health sites in question were operated by the CIA itself – of course with the help of cover companies or cover persons. The following screenshots show a few examples. Among others, sports sites were popular:
Quelle/Source: CIA
The following page is about the US presenter Johnny Carson:
Quelle/Source: CIA
Unfortunately, my language skills are not sufficient for this page:
Quelle/Source: CIA
Here is another soccer page:
Quelle/Source: CIA
Unlike the Anschlags, communication on these pages did not take place via the comment field. Instead, each page contained a search field into which the respective agent had to enter an agreed password. If he did so, then an application started that allowed sending text messages to the agent leader as well as receiving corresponding messages.
Presumably, this system of communication was not unusual. What was unusual, however, were the weak security precautions that the CIA took. This started with the fact that in the HTML code of the corresponding pages, the data type “type = “password” was specified in the search field.
Quelle/Source: CIA
The viewer was thus virtually shown that a password had to be entered here. In addition, the CIA obviously bought the web space for the various pages in blocks from the same provider. This led to the fact that the IP addresses directly followed each other, which facilitated the discovery of further pages once one was uncovered. The names of the individual pages were also similar – for example, in addition to Iraniangoals.com for one spy, there was Iraniangoalkicks.com for another.
In 2013, the CIA noticed the error and shut down the insecure online dead drops. Although this communication system has not been used since, researchers recently still found a total of 885 websites that were most likely used for this purpose. Apparently, only lesser agents were allowed to work with these sites. For top spies, the CIA provided better methods, about which nothing is publicly known.
As usual with intelligence topics, much on this subject is still in the dark. All the more reason I would appreciate any leads from my readers.
If you want to add a comment, you need to add it to the German version here.
Follow @KlausSchmeh
Further reading: Intelligence coup of the century: Swiss crypto company was owned by CIA and BND
Linkedin: https://www.linkedin.com/groups/13501820
Facebook: https://www.facebook.com/groups/763282653806483/
Letzte Kommentare