A lecture about covert activities against activist groups, given
at TILT
conference, Sydney Australia
(c) Felipe Rodriquez - 27 September 2001
With special thanks to Eveline Lubbers for her insightful comments
and
inspiration for this article and in general.
INTRODUCTION
Activists worldwide are scrutinized by government agencies and
corporate
intelligence activities. Numerous organizations have been the
object of
surveillance and infiltration. These organizations include activist
groups
that advocate sabotage and violence. But most are peaceful organizations
that do not advocate violence.
Organizations around the world that have been targets of government
surveillance and infiltration include Greenpeace and Amnesty
International.
Other groups include gay and lesbian rights organizations, socialist
and
Communist organizations, environmental groups, animal rights
groups, middle
east organizations, unions, peace activist organizations and
human rights
groups [1].
Western world intelligence organizations work on the basis of
a counter
insurgency model developed by British intelligence expert Frank
Kitson. In
his book, Low Intensity Operations he defines various stages
of development
of political organizations. He advices that the primary work
of an
intelligence agency should occur in the earliest phase of the
creation of an
organization, when the it is small and vulnerable. It outlines
the necessity
for continuous covert operations, insisting that infiltration
and
"psychological operations" be mounted against dissident groups
in "normal
times," before any mass movement can develop. [2]
Officially the primary functions of government intelligence activities
consist of giving information and warning of potentially hostile
political
plans of organizations, and the research and analysis of that
information.
Unofficially it includes the manipulation of organizations and
people, in
order to disrupt, weaken, compromise and control them.
There is a need for activist groups to be concerned with surveillance
and
infiltration: governments and corporations observe, and sometimes
manipulate, these groups to discover what they know, who their
sources are,
and what their future activities will be.
One word of warning; you should not let this lecture make you
feel too
paranoid; governments have limited resources, and therefore
they are
unlikely to use many of the techniques that I will mention in
this lecture
if you are not an important suspect to them.
WHO ARE THE SPOOKS ?
Organizations involved in infiltration and surveillance activities
include
police organizations, local and foreign human intelligence organizations,
local and foreign signal intelligence organizations and global
corporations.
A large US based religion, The Church of Scientology, has also
been accused
numerous times of infiltration and surveillance activities,
apparently to
weaken and destroy their perceived enemies.
A large number of government infiltrations of activist groups
have been
reported worldwide. An example is reported infiltration and
surveillance
activity by the Victorian police Operations Intelligence Unit,
in Australia,
in the early nineties. This unit monitored 316 organizations
and had files
on more than 700 people in the state of Victoria [1]. Exceptional
about this
was not the amount of organizations and individuals that where
monitored,
but the fact that these covert activities where exposed. Similar
activities
by police forces and intelligence organizations happen around
the world, but
remain covert.
Often we only get to see single pieces of the intelligence puzzle.
Some of
the examples of puzzle pieces that where found are:
- the infiltration into the US organization
'Students for Economic
Justice' [3]
- undercover police activities during protests
[4]
- failed attempts to recruit informers [5]
- informants or agents that have been discovered
and volunteered
information about their previous covert activities.
Such activities need not be limited to domestic government agencies.
In the
early 90s a US agency tried to infiltrate a hacker group in
the Netherlands
by setting up a hackers bulletin board to lure and entrap hackers.
He
created multiple personalities on his bulletin board to create
an impression
that there was genuine activity and communication going on.
But in reality
he was trying to extract information from Dutch hackers about
their
activities, and possibly try to infiltrate those hacker groups.
The operator
of this bulletin board later turned out to be an employee at
the US embassy
in The Hague. In 1995 he was fired by the US embassy because
he had become a
security threat, and in 1996 he started posting elaborate stories
about his
intelligence activities [6] for the CIA.
Various corporations have also engaged in surveillance and infiltration
activities. And they do not only spy on their competitors. Activities
against activist groups have been reported. Such as the case
of McDonalds,
that employed private investigation agencies to infiltrate London
Greenpeace
[7,8]. In the case of Greenpeace London, Mc Donald's had hires
more than one
investigators to infiltrate that group. The infiltrators did
not know the
identity of the other infiltrators.
Corporations have an increasing need to gather intelligence to
protect their
interests. Governments can often not provide the information
and
intelligence products that corporations need. Various corporations
have
therefore used private intelligence companies, such as a company
called
Control Risks. Control Risks is a so called international business
risk
consultancy. Services include political and security risk solutions,
investigations, security consultancy and crisis management and
response. The
essence of companies like Control Risks, is to function like
a privatized
intelligence organizations.
In January this year a person called Manfred Schlickenrieder
was exposed as
a corporate spy that was doing work for shell and possibly other
corporations. This person has been spying on activist groups
for a period of
more than twenty years. He collected information and photographs
on hundreds
of people. He also offered to sell guns to people. The founder
of the
company he worked for, a former MI6 agent, said in the Financial
Times that
his company tried to do the same thing for corporations as they
had done
before for the government.
A number of espionage activities by freelance agents that sell
their product
to corporations have been reported. In the Netherlands there
was a case
involving a detective agency that collected paper from activist
groups. The
agency employee, posing as an activist, told organizations that
the old
paper would be sold to a recycling company, and the proceeds
would be
donated to a school. As a result many sensitive documents ended
up on the
desk of corporate managers, to whom they where sold by the agency
[9].
Another freelance agent was Adrian Franks, who infiltrated numerous
activist
groups, collected information about them, and tried to sell
this information
to corporations around the world [10].
METHODS OF SURVEILLANCE
Much has been written about the Echelon surveillance network.
Echelon has
the capacity to carry out total communications surveillance.
Satellite
receiver stations and spy satellites in particular are alleged
to give it
the ability to intercept any telephone, fax, Internet or e-mail
message sent
by any individual. Echelon operates worldwide on the basis of
cooperation
among the UK, the USA, Canada and Australia. These states place
their
interception systems at each others disposal, and make joint
use of the
resulting information [11]. A former Canadian secret service
employee says
the service routinely received communications concerning environmental
protests by Greenpeace vessels on the high seas [12].
Echelon is coordinated by the National Security Agency, or NSA,
in the
United States. This is an agency has a budget of approximately
4 billion
dollars a year. This budget is magnified by the cooperation
with other
intelligence agencies, and assets are pooled with these agencies.
Examples
are the spy base in Pine Gap, based in Australia, with mixed
Australian and
US staff. There are numerous speculations about the capabilities
of the NSA,
they have been known to top into undersea communications cables,
and the
United States have a special submarine equipped for these operations.
There
have been messages about the NSA tapping undersea fiber optic
cables, by
splicing them. The problem does not seem tapping into these
cables, but
processing the unimaginable amounts of information that such
tapping
provides. In space the NSA has specially equipped spy satellites,
such as
the Mercury signals intelligence spacecraft. These satellites
are designed
to intercept transmissions from broadcast communications systems
such as
radios, as well as radars and other electronic systems. They
have a very
large deployable antennae with a diameter of approximately 100
meters.
Carnivore is a computer-based system that is designed to allow
the FBI to
collect information about emails or other electronic communications
to or
from a specific user. It has the capability to capture all the
network
traffic to and from a specific user or IP address [13]. Other
countries are
developing similar devices, and the legislation needed to implement
them. In
the Netherlands legislation has already been implemented that
will force
ISPs to make their Internet network traffic available to police
and secret
service surveillance, when served with an order to do so [14].
In the
Netherlands there was a legal case where a former hacker, that
now works for
the police, provided evidence that the Dutch police had created
a black box
device that was capable of tapping specific internet traffic
at a provider,
and had the capability to reconstruct the entire session of
the user that
was the target of surveillance.
There are currently a lot of news items about intelligence services
trying
to uncover messages that have been hidden using steganography.
This is a
technique to hide a message inside another message. It is alleged
that
terrorists use steganography to hide messages that are sent
to other
terrorists. Several Internet providers around the world have
been asked to
provide information about this, and to cooperate with the intelligence
community to uncover these hidden messages. Government contracts
have been
granted to companies to develop techniques that enable the analysis
of
content on the Internet, in order to uncover messages that are
hidden using
steganography.
If you are concerned about the security of your computer network,
then stay
away from wireless network equipment, such as the Apple Airport
and Lucent
Orinoco wireless access points. Wireless network communication
has been
compromised, and it is relatively easy even for an amateur to
eavesdrop and
penetrate a wireless computer network. In the United States
it has become a
bit of a fashion to drive around in a car, equipped with a computer,
a
wireless Ethernet device, and a special antenna. This enables
one to pick up
network traffic from most wireless networks, especially the
ones that are
not secure. This new fashion has a name, it is called war driving,
and is
derived from the old hacker activity of war-dialing
In Australia laws have been passed that give ASIO, Australia's
domestic spy
organization, powers to hack into computers. They can now enter
and modify
computers remotely. [15] The FBI has been reported to have rigged
a computer
used by a suspected criminal in order to be able to monitor
every keystroke.
[16] The suspect was using encryption to protect the data on
his computer,
and it was impossible for the FBI to crack this encryption.
By tapping his
keystrokes they where able to find the password of his encryption
software,
and decrypt all the secret information on his computer.
Less high-tech ways of spying on activist communication include
a phone tap,
or a pen register. A phone tap eavesdrops on the activist's
telephone calls,
recording the oral communications on tape. A pen register tracks
all the
numbers of inbound telephone calls. Phone taps are used extensively
in some
countries, and less in other countries. The Netherlands is notorious
for its
use of phone taps; it has among the highest amount per 1000
population of
phone taps in the world. Also in the Netherlands it has been
reported more
than once that public phones where being tapped by the police,
because they
where allegedly being used by criminals that tried to circumvent
government
tapping of their phone.
A government phone tap is impossible to detect, don't believe
the marketing
hype that spy shops give you about anti bug devices. These devices
are only
effective for very low-end surveillance equipment as employed
by mediocre
freelance spooks. The danger of bug detection devices is that
they'll give a
false sense of security.
A very rare way of detecting a phone tap is when a mistake is
made. In 1992
a tap was placed on a computer line of the Dutch hacker group
HackTic
network. This disrupted normal network email operations. The
inverse signal
of the tapped line was connected to another line by mistake.
Social
engineering of the phone company engineer responsible for the
switch
disclosed that something odd was done to the wiring that he
was not allowed
to disclose [17].
In some cases microphones (bugs) are installed in a premises,
to record
conversations in a room. Before such a device can be placed,
surveillance by
the agency is initiated in order to determine the best time
and place to
install it. Be wary of electricians and plumbers at the door
with whom you
have no appointment, they may be checking out the best location
for a bug,
and may be trying to find security problems for later covert
entry into your
house.
Often there is no need for the spooks to install any microphones
in your
home, there already is one there, its called the telephone !
Built into the
international CCITT telephone protocol is the ability to take
phones 'off
hook' and listen into conversations occurring near the phone,
without the
user being aware that it is happening [18]. This effectively
makes the
telephone into a room monitoring device.
Do you believe only street cats are interested in your garbage
bin ? You're
wrong ! Garbage can be a primary source of intelligence. This
may sound
smelly, but look at what people throw away. Often draft versions
of
documents end up in the trash. These may give away vital information.
Oracle
paid private investigators to go through the trash of a trade
group with
ties to arch-rival Microsoft. [19] A case that already mentioned
before
occurred in the Netherlands, where a private investigation company
collected
the trash of numerous activist organizations.
Shredding documents is an option, but may provide a false sense
of security.
When the Iranian revolutionaries occupied the US embassy in
Tehran they
found big pile of shredded secret US government documents. The
Iranians
managed to recover the shredded items and systematically reassemble
them.
They then published facsimiles of the documents in a series
that currently
numbers over 70 volumes. The information that was uncovered
by the Iranians
contained the identity of the CIA station chief in Beirut, William
Buckley,
who was kidnapped and assassinated by a group calling itself
Islamic Holy
War.
Why do you think Osama Bin Laden switched his satellite phone
off ? Because
following people around has become very easy if they use a cellular
or
satellite phone. A mobile phone network always knows in what
cell of the
network the phone is at any given time. Police and intelligence
organizations can access this information to locate someone,
or to find out
the history of a person's movements.
Another way of finding out where a person has been in the past,
is by
checking credit card transactions; purchase anything with a
credit card, and
the transaction is logged on the mainframe of the credit card
company,
including the location of the merchant, and therefore your location
at the
time of purchase.
During demonstrations and protests the government often uses
photo and video
surveillance, to record the presence and activities of individuals.
Some
police forces have specially equipped command and control vehicles
with
video camera's on their roof, and video terminals inside. Video
and
photographic surveillance of specific locations, such as an
office of an
activist organization, has been documented in the past. With
the right
optical equipment such surveillance can be done from a mile
or so away,
defeating any chance of discovery.
INFILTRATION
An infiltrator tries to penetrate an organization with the intention
of
collecting information that is otherwise not available.
Surveillance of communications is called Sigint, an acronym for
Signals
Intelligence. The use of informers, or actual infiltration of
groups is
called Humint. Sigint often does not provide adequate information
about the
motives and future plans of people and organizations, therefore
government
agencies often engage in Humint activities. Infiltration is
also used to
manipulate and compromise activists and their organizations.
Undercover infiltration is a specialist job, and can be hard
to detect.
There are some recurring signs that have been turning up in
reports about
past infiltrations. An infiltrator needs to gain trust in the
target
organization, and will sometimes offer secret information to
gain trust and
respect. An infiltrator will seek a leadership, or close to
leadership,
position. It is important for an infiltrator to become an information
hub,
and infiltrators often maintain extensive contacts with other
organizations.
Infiltrators often create conflict and intrigues in their environment.
Infiltrators often extensively copy archived documents of the
activist
organization and take these copies with them.
Another important sign that has come up repeatedly in reports
about
different infiltrations by government agencies is that the infiltrator
will
often promote the use of illegal activities, and may encourage
others to
participate in illegal activities. Infiltrators have been reported
that
offered arms and explosives to activists [20]. In the Netherlands
there have
been two reported cases of infiltrators that where offering
guns and
explosives. Another case has been documented in Germany. I have
had some
personal experience with a person working for the US embassy
in the
Netherlands that tried to incriminate me in a crime, apparently
with the
intention to use that against me to discredit me, or worse.
Fortunately we
reported this to the press and police before the case came to
its climax;
and this person consequently lost his job at the embassy.
The reasoning behind this activity of offering weapons is that
governments
want to know who is willing to use violence or illegal activities
to achieve
their activist goal [21]. An element of entrapment is often
blended into
this; the infiltrator promotes the use of violent or illegal
activity, and
when the illegal activity takes place the people involved are
arrested.
After such an arrest an attempt can be made by the government
agency to
pressure the participating activist into becoming an informer
with threats
of punishment and prison.
The African National Congress manual for covert actions [22]
used the
following list to identify infiltrators:
* they try to win your confidence by smooth
talk and
compliments;
* they try to arouse your interest by big talk and promises;
* try to get information and names from you
which is no
business of theirs;
* try to get you to rearrange lines of communication
and
contact points to help police surveillance;
* may show signs of nervousness, behave oddly,
show excessive
curiosity;
* may pressurize you to speed up their recruitment
or someone
they have recommended;
* ignore instructions, fail to observe rules of secrecy;
Spies that work for corporate intelligence organizations often
work in a
different way than government organizations. Corporations want
information
of a more general nature, such as the results of voting sessions,
the
intentions of campaigns and what contacts exist with other activist
organizations. The main function of this information for the
corporation is
the creation of damage assessments and to develop public relations
responses
to actions like a consumer boycotts.
Because of their different nature, corporate spies are more low-key.
They
are less likely to promote violence or to offer weapons and
explosives for
sale. Therefore they are harder to detect and isolate. Cases
have been
reported, such as the one mentioned before in this lecture,
where corporate
spies have been active for many years.
INFORMERS
An informer reveals confidential information in return for money
or other
benefits. Recruiting informers often ends in failure, and therefore
there
are many reports available about the recruitment process.
Informers can have a range of motives to turn against the organization
they
are informing about. They can be disenchanted members who volunteer
their
services. An activist may be overheard by someone not of the
group, who in
turn informs police. Someone may have been arrested and may
try to avoid
prosecution by agreeing to infiltrate a group and obtain information
about
activist activities. Or someone may have been targeted for recruitment
by
the police. [23]
Recruitment by police or intelligence agencies is usually preceded
by
extensive background checks. Activists that have weak spots
are singled out
for recruitment attempts. A weak spot may be financial trouble,
immigration
status, pending prosecution and a range of other possibilities.
The activist
may be threatened and/or offered money. Other offers that may
be made to
coerce the activist into becoming an informer may include a
permanent visa
offer, or a settlement to prevent prosecution. Family members
and friends of
the recruitment prospect may be pressured, to convince the activist
to
become an informer.
WHAT TO DO ?
If you believe you, or your organization, are the target of infiltration
of
surveillance, the best thing you can do is start building up
documentation
and evidence. Create a small group of trusted individuals, and
start to
planning and researching the case. Try to find out all the facts,
try to
remember every detail that can be remembered. It is no use to
have
suspicions that cannot be backed up with hard facts. If evidence
has been
collected, it is often useful to double-check it first, and
then publish the
evidence. Please try to always be extremely careful about paranoia
and
unfounded allegations. Because that can cause as much, or more,
harm to an
organization as any intelligence activity.
The best defense, if you have nothing to hide anyway, is to be
extremely
transparent. If transparency does not deter intelligence agencies,
it will
at least diminish your own feelings of paranoia and persecution.
Second best
is to have a high degree of awareness about security and knowledge
about
surveillance methodology. That helps in developing secure communication
mechanisms, such as using encryption, steganography and maintaining
anonymity.
It is always useful to use encryption to protect your Email.
Sending an
unencrypted email is the same as sending a postcard without
an envelope, any
hacker or system engineer can read your email. There are
various encryption
software programs available on the Internet, PGP, Pretty Good
Privacy, is
probably a good choice. If you want to hide the fact that you
are
communicating, you may want to use some steganographic program,
that hides a
message within another message.
Security is one thing, paranoia another. The summary of technologies
and
activities in this article is extensive, and some may find it
scary. The
fact that all these things are possible, does not mean that
they happen
right now in your organization. For most people it is unlikely
to be
extensively targeted by most of the methods that I have described.
Police
and intelligence organizations have limited resources, and very
extensive
surveillance will only be done on high priority targets. One
also has to be
mindful of the fact that intelligence and law enforcement agencies
have
limited resources. Priorities change, and what one day seemed
important, may
not be important the next day. An recent example would be increased
attention by the intelligence community for the anti-globalization
protestors, that may not seem as important today in light of
the global
fight against terrorism.
The intention of this article is not to make you feel paranoid,
or to make
you feel permanently watched by the government. Such extreme
focus on an
individual or group is rare and only happens in extreme cases
where suspects
are very important. Most intelligence operations against activists
are
likely to be low intensity intelligence operations with the
aim of tracking
developments and collecting information. But if you have been
trained in
some Al Qaeda camp in Afghanistan, then you probably have a
credible reason
to feel watched at this particular moment.
The intention of this lecture is also to instill a certain level
of security
awareness in people. You could compare it to an insurance policy.
You never
know when we will have a need to know about these surveillance
and
infiltration techniques; one day in the future we may find ourselves
living
in a totalitarian state. It would be useful in those circumstances
if some
information about government surveillance and infiltration activities
is
available.
Another reason to create this lecture, is that most of us live
in democratic
states. Therefore it is important to have some insight in the
covert
activities that our governments engage in, because they do so
in the name of
the electorate, and therefore in our name.
Thanks,
Felipe Rodriquez
------------
SOURCES:
[1] Operations Intelligence Unit Victorian police data base files
at:
http://home.vicnet.net.au/~neils/PoliceWatch/spec1.html
[2] Low-intensity Operations - General Sir Frank Kitson Faber
and Faber;
ISBN: 0571161812
[3] Activist group exposes undercover officer
http://www.statenews.com/article.phtml?pk=519
[4] Undercover troopers among those arrested during GOP convention
http://europe.cnn.com/2000/ALLPOLITICS/stories/11/16/convention.protests.ap/
[5] Koerden geÔnfiltreerd (dutch)
http://www.xs4all.nl/~evel/koerd.htm
[6] Snorri Helgarsson - My Story
http://groups.google.com/groups?q==snorri+cia+parker&hl==en&rnum=&selm==4omak
u%24b6%40enterprise.cistron.nl
[7] Special Branch Help McDonald's
http://www.mcspotlight.org/media/press/squall_aut96.html
[8] Mag ik u infiltreren? (dutch)
http://www.xs4all.nl/~evel/mcspy.htm
[9] Liefdewerk Oudpapier (dutch)
http://www.xs4all.nl/~evel/onzewer.htm
[10] Infiltrator in A SEED, Earth First!, ENAAT - and where else?
http://www.xs4all.nl/~respub/artikelen/adrian/
[11] European parliament report on the existence of Echelon
http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf
[12] Jim Bronskill, Canada a key snooper in huge spy network,
Ottawa
Citizen, 24.10.2000
[13] Carnivore FAQ
http://www.robertgraham.com/pubs/carnivore-faq.html
[14] opentap.org
http://www.opentap.org/documents.php3
[15] EFA newsletter - ASIO hacking legalised
http://www.efa.org.au/News/issue5_2.html#asio
[16] Mafia trial to test FBI spying tactics
http://www.theregister.co.uk/content/4/15268.html
[17] Hack-Tic afgeluisterd ? Hack-Tic 18/19 (dutch)
http://www.hacktic.nl/magazine/1811.htm
[18] SGR Newsletter, No.4, 1993
And also in Hack-Tic 18/19 at http://www.hacktic.nl/magazine/1824.htm
(dutch
site)
[19] Oracle's Private Eyes Hit Microsoft Trail
http://www.pcworld.com/news/article/0,aid,17470,00.asp
[20] Operatie Homerus - papieren tijger uitgeverij (dutch)
ISBN 906728100X
[21] Verslag van de speurtocht naar de infiltrant Adrian Franks
(dutch)
http://www.xs4all.nl/~evel/adrian.htm
[22] African National Congress manual for covert actions
http://cryptome.org/anc-manual.htm
[23] POLICE UNDERCOVER OPERATIONS (2) by Mollie Maguire
http://www.cat.org.au/a4a/police2.html
(C) Felipe Rodriquez Copyright Notice; You may copy and distribute
verbatim
copies of this article for non-commercial use without the author's
permission.
---
Felipe Rodriquez http://www.xs4all.nl/~felipe