The CIA and the online dead drop disaster

According to press reports, the CIA used inconspicuous websites to communicate with spies in Iran and China. Many of these online dead drops are said to have been exposed – with disastrous consequences. 

Deutsche Version

Andreas and Heidrun Anschlag lived an inconspicuous life for two decades. He worked as an engineer, she was a housewife. The couple last lived in Marburg and had a daughter together.

But in reality, the Anschlags led a double life. As investigators from the Federal Office for the Protection of the Constitution discovered after receiving a tip from the CIA, the two worked as agents for the Russian foreign intelligence service SWR. They were arrested in October 2011. Both were sentenced to several years in prison, released early and then deported to Russia.

 

Secret communication via YouTube

Apparently, SWR used a tried and tested method to reach the attackers: a numbers transmitter. One can receive such a transmitter inconspicuously via a standard radio set. The Anschlags did it a bit more modern: They connected a shortwave receiver to their home computer. They also used a software called Kelchblatt.

Communication in the opposite direction was via YouTube. On May 8, 2011, Heidrun Anschlag allegedly opened a user account there under the name “Alpenkuh1” to comment on others’ videos – sometimes in English, sometimes in German. Until her arrest, Heidrun Anschlag alias Alpenkuh1 left comments on five different films. The Russian agent had a preference for the Portuguese footballer Cristiano Ronaldo. The comments contained secret messages to an agent leader in Russia.

Quelle/Source: YouTube

This agent leader also wrote comments under the videos himself – under the pseudonym “Cristianofootballer”. What these comments looked like is described in a Welt article:

Alpenkuh1: “It is a very nice video and the song is also very good”.

Cristianofootballer: “A great dribble artist and footballer in the world.”

Alpenkuh1: “He runs and plays like hell.”

Cristianofootballer: “Well of course it is not real, but very good advertising.”

The sequence of punctuation marks, according to the Welt article, could be translated into a sequence of numbers. Behind each number was an agreed message. Possibly this is the somewhat amateurish description of a jargon code. One such provides for an innocuous-sounding phrase or word for each of a number of predetermined messages. “It’s a very nice video”, for example, could mean “The dead mailbox is filled” or “No special incidents”.

Unfortunately, that’s all I’m aware of. Perhaps a reader has more information on this form of steganography.

 

Online dead drops

Communicating via a public comment forum can be called an “online dead drop”. I suspect that this method is commonly used by intelligence agencies because it works well and is unobtrusive.

In recent years, I have always wondered if there are other publicly known examples of online dead-drops. Unfortunately, I have never found any.

However, a few days ago I came across an interesting article in the Guardian (other news portals have reported similar things). It says, first of all, that between 2004 and 2013 the US intelligence agency CIA worked with online dead-drops (though they are not called that here) to communicate with agents in Iran and China. Hundreds of news, weather, health, and other websites were allegedly used for this purpose.

Presumably, in this case, agents and agent leaders also exchanged messages via comments. It is also conceivable that the CIA was able to influence the particular website itself. So maybe information was hidden steganographically in the weather map or in an article on a news portal. Unfortunately, the article does not give any details on this. Maybe a reader knows more.

The only stupid thing is that intelligence services of the countries concerned apparently saw through the secret exchange of data via public websites. Over two dozen U.S. agents in China and several in Iran are said to have been exposed and executed.

A new research paper by scientists at the University of Toronto has now revealed the extent of the disaster, according to the Guardian. Although the communication system in question has been out of use since 2013, the researchers still found a total of 885 websites that were most likely used by the CIA as online dead drops. Apparently, it was not particularly difficult to track down these sites and the messages exchanged through them. The researchers did not want to reveal details of their work so as not to put more agents under the knife.

If the press reports are true, the CIA has done a rather amateurish job here and thus caused enormous damage. I would of course be interested to know how exactly these online dead drops worked, but understand that those responsible do not want to make this public. Let’s see what else becomes known about this topic in the near future.

If you want to add a comment, you need to add it to the German version here.


Further readingIntelligence coup of the century: Swiss crypto company was owned by CIA and BND

Linkedin: https://www.linkedin.com/groups/13501820
Facebook: https://www.facebook.com/groups/763282653806483/

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.