ACTIVISTS AND SPOOKS
about covert activities against activist
groups
(c) Felipe Rodriquez - 27 September 2001
With special
thanks to Eveline Lubbers for her insightful comments and inspiration for this article
and in general. .
INTRODUCTION
Activists worldwide are
scrutinized by government agencies and corporate intelligence activities.
Numerous organizations have been the object of surveillance and infiltration.
These organizations include activist groups that advocate sabotage and violence.
But most are peaceful organizations that do not advocate
violence.
Organizations around the world that have been targets of
government surveillance and infiltration include Greenpeace and Amnesty
International. Other groups include gay and lesbian rights organizations,
socialist and Communist organizations, environmental groups, animal rights
groups, middle east organizations, unions, peace activist organizations and
human rights groups [1].
Western world intelligence organizations work on
the basis of a counter insurgency model developed by British intelligence expert
Frank Kitson. In his book, Low Intensity Operations he defines various stages of
development of political organizations. He advices that the primary work of an
intelligence agency should occur in the earliest phase of the creation of an
organization, when the it is small and vulnerable. It outlines the necessity for
continuous covert operations, insisting that infiltration and "psychological
operations" be mounted against dissident groups in "normal times," before any
mass movement can develop. [2]
Officially the primary functions of
government intelligence activities consist of giving information and warning of
potentially hostile political plans of organizations, and the research and
analysis of that information. Unofficially it includes the manipulation of
organizations and people, in order to disrupt, weaken, compromise and control
them.
There is a need for activist groups to be concerned with
surveillance and infiltration: governments and corporations observe, and
sometimes manipulate, these groups to discover what they know, who their sources
are, and what their future activities will be.
One word of warning; you should not let this lecture make you
feel too paranoid; governments have limited resources, and therefore they are
unlikely to use many of the techniques that I will mention in this lecture if
you are not an important suspect to them.
WHO ARE THE SPOOKS
?
Organizations involved in infiltration and surveillance activities
include police organizations, local and foreign human intelligence
organizations, local and foreign signal intelligence organizations and global
corporations. A large US based religion, The Church of
Scientology, has also been accused numerous times of infiltration and
surveillance activities, apparently to weaken and destroy their perceived
enemies.
A large number of government infiltrations of activist groups
have been reported worldwide. An example is reported infiltration and
surveillance activity by the Victorian police Operations Intelligence Unit, in
Australia, in the early nineties. This unit monitored 316 organizations and had
files on more than 700 people in the state of Victoria [1]. Exceptional about
this was not the amount of organizations and individuals that where monitored,
but the fact that these covert activities where exposed. Similar activities by
police forces and intelligence organizations happen around the world, but remain
covert.
Often we only get to see single pieces of the intelligence
puzzle. Some of the examples of puzzle pieces that where found
are:
- the infiltration into the US organization
'Students for Economic Justice' [3]
- undercover
police activities during protests [4]
- failed attempts to
recruit informers [5]
- informants or agents that
have been discovered and volunteered information about their previous covert
activities.
Such activities need not be limited to domestic
government agencies. In the early 90s a US agency tried to infiltrate a hacker
group in the Netherlands by setting up a hackers bulletin board to lure and
entrap hackers. He created multiple personalities on his bulletin board to
create an impression that there was genuine activity and communication going on.
But in reality he was trying to extract information from Dutch hackers about
their activities, and possibly try to infiltrate those hacker groups. The
operator of this bulletin board later turned out to be an employee at the US
embassy in The Hague. In 1995 he was fired by the US embassy because he had
become a security threat, and in 1996 he started posting elaborate stories about
his intelligence activities [6] for the CIA.
Various corporations have
also engaged in surveillance and infiltration activities. And they do not only
spy on their competitors. Activities against activist groups have been reported.
Such as the case of McDonalds, that employed private investigation agencies to
infiltrate London Greenpeace [7,8]. In the case of Greenpeace London, Mc
Donald's had hired more than one investigators to infiltrate that group. The
infiltrators did not know the identity of the other infiltrators.
Corporations have an increasing need to gather intelligence to protect
their interests. Governments can often not provide the information and
intelligence products that corporations need. Various corporations have
therefore used private intelligence companies, such as a company called Control
Risks. Control Risks is a so called international business risk consultancy.
Services include political and security risk solutions, investigations, security
consultancy and crisis management and response. The essence of companies like
Control Risks, is to function like a privatized intelligence
organizations.
In January this year a person called Manfred
Schlickenrieder was exposed as a corporate spy that was doing work for shell and
possibly other corporations. This person has been spying on activist groups for
a period of more than twenty years. He collected information and photographs on
hundreds of people. He also offered to sell guns to people. The founder of the
company he worked for, a former MI6 agent, said in the Financial Times that his
company tried to do the same thing for corporations as they had done before for
the government.
A number of espionage activities by freelance agents that
sell their product to corporations have been reported. In the Netherlands there
was a case involving a detective agency that collected paper from activist
groups. The agency employee, posing as an activist, told organizations that the
old paper would be sold to a recycling company, and the proceeds would be
donated to a school. As a result many sensitive documents ended up on the desk
of corporate managers, to whom they where sold by the agency [9]. Another
freelance agent was Adrian Franks, who infiltrated numerous activist groups,
collected information about them, and tried to sell this information to
corporations around the world [10].
METHODS OF
SURVEILLANCE
Much has been written about the Echelon surveillance
network. Echelon has the capacity to carry out total communications
surveillance. Satellite receiver stations and spy satellites are
alleged to give it the ability to intercept any telephone, fax, Internet or
e-mail message sent by any individual. Echelon operates worldwide on the basis
of cooperation among the UK, the USA, Canada and Australia. These states place
their interception systems at each others disposal, and make joint use of the
resulting information [11]. A former Canadian secret service employee says the
service routinely received communications concerning environmental protests by
Greenpeace vessels on the high seas [12].
Echelon is coordinated by the
National Security Agency, or NSA, in the United States. This agency has a
budget of approximately 4 billion dollars a year. This budget is magnified by
the cooperation with other intelligence agencies, because assets are pooled with
these agencies. Examples are the spy base in Pine Gap, based in Australia, with
mixed Australian and US staff. There are numerous speculations about the
capabilities of the NSA, they have been known to tap into undersea
communications cables, and the United States have a special submarine equipped
for these operations. There have been rumors about the NSA tapping undersea
fiber optic cables, by splicing them. The problem does not seem tapping into
these cables, but processing the unimaginable amounts of information that such
tapping provides. In space the NSA has specially equipped spy satellites, such
as the Mercury signals intelligence spacecraft. These satellites are
designed to intercept transmissions from broadcast communications systems such
as radios, as well as radars and other electronic systems. They have a very
large deployable antennae with a diameter of approximately 100
meters.
Carnivore is a
computer-based system that is designed to allow the FBI to collect information
about emails or other electronic communications to or from a specific user. It
has the capability to capture all the network traffic to and from a specific
user or IP address [13]. Other countries are developing similar devices, and the
legislation needed to implement them. In the Netherlands legislation has already
been implemented that will force ISPs to make their Internet network traffic
available to police and secret service surveillance, when served with an order
to do so [14]. In the Netherlands there was a legal case where a former hacker,
that now works for the police, provided evidence that the Dutch police had
created a black box device that was capable of tapping specific internet traffic
at a provider, and had the capability to reconstruct the entire session of the
user that was the target of surveillance.
There are
currently a lot of news items about intelligence services trying to uncover
messages that have been hidden using steganography. This is a technique to hide
a message inside another message. It is alleged that terrorists use
steganography to hide messages that are sent to other terrorists. Several
Internet providers around the world have been asked to provide information about
this, and to cooperate with the intelligence community to uncover these hidden
messages. Government contracts have been granted to companies to develop
techniques that enable the analysis of content on the Internet, in order to
uncover messages that are hidden using steganography.
If you are
concerned about the security of your computer network, then stay away from
wireless network equipment, such as the Apple Airport and Lucent Orinoco
wireless access points. Wireless network communication has been compromised, and
it is relatively easy even for an amateur to eavesdrop and penetrate a wireless
computer network. In the United States it has become a bit of a fashion to drive
around in a car, equipped with a computer, a wireless Ethernet device, and a
special antenna. This enables one to pick up network traffic from most wireless
networks, especially the ones that are not secure. This new fashion has a name,
it is called war driving, and is derived from the old hacker activity of
war-dialing
In Australia laws have been passed that give ASIO,
Australia's domestic spy organization, powers to hack into computers. They can
now enter and modify computers remotely. [15] The FBI has been reported to have
rigged a computer used by a suspected criminal in order to be able to monitor
every keystroke. [16] The suspect was using encryption to protect the data on
his computer, and it was impossible for the FBI to crack this encryption. By
tapping his keystrokes they where able to find the password of his encryption
software, and decrypt all the secret information on his computer.
Less
high-tech ways of spying on activist communication include a phone tap, or a pen
register. A phone tap eavesdrops on the activist's telephone calls, recording
the oral communications on tape. A pen register tracks all the numbers of
inbound telephone calls. Phone taps are used extensively in some countries, and
less in other countries. The Netherlands is notorious for its use of phone taps;
it has among the highest amount per 1000 population of phone taps in the world.
Also in the Netherlands it has been reported more than once that public phones
where being tapped by the police, because they where allegedly being used by
criminals that tried to circumvent government tapping of their phone.
A
government phone tap is impossible to detect, don't believe the marketing hype
that spy shops give you about anti bug devices. These devices are only effective
for very low-end surveillance equipment as employed by mediocre freelance
spooks. The danger of bug detection devices is that they'll give a false sense
of security.
A very rare way of detecting a phone tap is when a mistake is
made. In 1992 a tap was placed on a computer line of the Dutch hacker group
HackTic network. This disrupted normal network email operations. The inverse
signal of the tapped line was connected to another line by mistake. Social
engineering of the phone company engineer responsible for the switch disclosed
that something odd was done to the wiring that he was not allowed to disclose
[17].
In some cases microphones (bugs) are installed in a premises, to
record conversations in a room. Before such a device can be placed, surveillance
by the agency is initiated in order to determine the best time and place to
install it. Be wary of electricians and plumbers at the door with whom you have
no appointment, they may be checking out the best location for a bug, and may be
trying to find security problems for later covert entry into your
house.
Often there is no need for the spooks to install any microphones
in your home, there already is one there, its called the telephone ! Built into
the international CCITT telephone protocol is the ability to take phones 'off
hook' and listen into conversations occurring near the phone, without the user
being aware that it is happening [18]. This effectively makes the telephone into
a room monitoring device.
Do you believe only street cats are interested
in your garbage bin ? You're wrong ! Garbage can be a primary source of
intelligence. This may sound smelly, but look at what people throw away. Often
draft versions of documents end up in the trash. These may give away vital
information. Oracle paid private investigators to go through the trash of a
trade group with ties to arch-rival Microsoft. [19] A case that already
mentioned before occurred in the Netherlands, where a private investigation
company collected the trash of numerous activist organizations.
Shredding documents is an option, but may provide a false sense of
security. When the Iranian revolutionaries occupied the US embassy in Tehran
they found big pile of shredded secret US government documents. The Iranians
managed to recover the shredded items and systematically reassemble them. They
then published facsimiles of the documents in a series that currently numbers
over 70 volumes. The information that was uncovered by the Iranians contained
the identity of the CIA station chief in Beirut, William Buckley, who was
kidnapped and assassinated by a group calling itself Islamic Holy War.
Why do you think Osama Bin Laden switched his satellite phone
off ? Because following people around has become very easy if they use a
cellular or satellite phone. A mobile phone network always knows in what cell of
the network the phone is at any given time. Police and intelligence
organizations can access this information to locate someone, or to find out the
history of a person's movements.
Another way of finding out where a
person has been in the past, is by checking credit card transactions; purchase
anything with a credit card, and the transaction is logged on the mainframe of
the credit card company, including the location of the merchant, and therefore
your location at the time of purchase.
During demonstrations and
protests the government often uses photo and video surveillance, to record the
presence and activities of individuals. Some police forces have specially
equipped command and control vehicles with video camera's on their roof, and
video terminals inside. Video and photographic surveillance of specific
locations, such as an office of an activist organization, has been documented in
the past. With the right optical equipment such surveillance can be done from a
mile or so away, defeating any chance of discovery.
INFILTRATION
An infiltrator tries to penetrate an
organization with the intention of collecting information that is otherwise not
available.
Surveillance of communications is called Sigint, an acronym
for Signals Intelligence. The use of informers, or actual infiltration of groups
is called Humint. Sigint often does not provide adequate information about the
motives and future plans of people and organizations, therefore government
agencies often engage in Humint activities. Infiltration is also used to
manipulate and compromise activists and their organizations.
Undercover
infiltration is a specialist job, and can be hard to detect. There are some
recurring signs that have been turning up in reports about past infiltrations.
An infiltrator needs to gain trust in the target organization, and will
sometimes offer secret information to gain trust and respect. An infiltrator
will seek a leadership, or close to leadership, position. It is important for an
infiltrator to become an information hub, and infiltrators often maintain
extensive contacts with other organizations. Infiltrators often create conflict
and intrigues in their environment. Infiltrators often extensively copy archived
documents of the activist organization and take these copies with
them.
Another important sign that has come up repeatedly in reports about
different infiltrations by government agencies is that the infiltrator will
often promote the use of illegal activities, and may encourage others to
participate in illegal activities. Infiltrators have been reported that offered
arms and explosives to activists [20]. In the Netherlands there have been two
reported cases of infiltrators that where offering guns and explosives. Another
case has been documented in Germany. I have had some personal experience with a
person working for the US embassy in the Netherlands that tried to incriminate
me in a crime, apparently with the intention to use that against me to discredit
me, or worse. Fortunately we reported this to the press and police before the
case came to its climax; and this person consequently lost his job at the
embassy.
The reasoning behind this activity of offering weapons is that
governments want to know who is willing to use violence or illegal activities to
achieve their activist goal [21]. An element of entrapment is often blended into
this; the infiltrator promotes the use of violent or illegal activity, and when
the illegal activity takes place the people involved are arrested. After such an
arrest an attempt can be made by the government agency to pressure the
participating activist into becoming an informer with threats of punishment and
prison.
The African National Congress manual for covert actions [22] used
the following list to identify infiltrators:
* they try
to win your confidence by smooth talk and
compliments;
* they try to arouse your interest by big
talk and promises;
* try to get information and names
from you which is no
business of
theirs;
* try to get you to rearrange lines of
communication and
contact points to help police
surveillance;
* may show signs of nervousness, behave
oddly, show excessive
curiosity;
* may pressurize you to speed up their
recruitment or someone
they have
recommended;
* ignore instructions, fail to observe
rules of secrecy;
Spies that work for corporate intelligence
organizations often work in a different way than government organizations.
Corporations want information of a more general nature, such as the results of
voting sessions, the intentions of campaigns and what contacts exist with other
activist organizations. The main function of this information for the
corporation is the creation of damage assessments and to develop public
relations responses to actions like a consumer boycotts.
Because of their
different nature, corporate spies are more low-key. They are less
likely to promote violence or to offer weapons and explosives for sale.
Therefore they are harder to detect and isolate. Cases have been reported, such
as the one mentioned before in this lecture, where corporate spies have been
active for many years.
INFORMERS
An informer reveals
confidential information in return for money or other benefits. Recruiting
informers often ends in failure, and therefore there are many reports available
about the recruitment process.
Informers can have a range of motives to
turn against the organization they are informing about. They can be disenchanted
members who volunteer their services. An activist may be overheard by someone
not of the group, who in turn informs police. Someone may have been arrested and
may try to avoid prosecution by agreeing to infiltrate a group and obtain
information about activist activities. Or someone may have been targeted for
recruitment by the police. [23]
Recruitment by police or intelligence
agencies is usually preceded by extensive background checks. Activists that have
weak spots are singled out for recruitment attempts. A weak spot may be
financial trouble, immigration status, pending prosecution and a range of other
possibilities. The activist may be threatened and/or offered money. Other offers
that may be made to coerce the activist into becoming an informer may include a
permanent visa offer, or a settlement to prevent prosecution. Family members and
friends of the recruitment prospect may be pressured, to convince the activist
to become an informer.
WHAT TO DO ?
If you believe you, or
your organization, are the target of infiltration of surveillance, the best
thing you can do is start building up documentation and evidence. Create a small
group of trusted individuals, and start to planning and researching the case.
Try to find out all the facts, try to remember every detail that can be
remembered. It is no use to have suspicions that cannot be backed up with hard
facts. If evidence has been collected, it is often useful to double-check it
first, and then publish the evidence. Please try to always be extremely careful
about paranoia and unfounded allegations. Because that can cause as much, or
more, harm to an organization as any intelligence activity.
The best
defense, if you have nothing to hide anyway, is to be extremely transparent. If
transparency does not deter intelligence agencies, it will at least diminish
your own feelings of paranoia and persecution. Second best is to have a high
degree of awareness about security and knowledge about surveillance methodology.
That helps in developing secure communication mechanisms, such as using
encryption, steganography and maintaining anonymity.
It is always useful
to use encryption to protect your Email. Sending an unencrypted email is the
same as sending a postcard without an envelope, any hacker or system engineer
can read your email. There are various encryption software programs
available on the Internet, PGP, Pretty Good Privacy, is probably a good choice.
If you want to hide the fact that you are communicating, you may want to use
some steganographic program, that hides a message within another
message.
Security is one thing, paranoia another. The summary of
technologies and activities in this article is extensive, and some may find it
scary. The fact that all these things are possible, does not mean that they
happen right now in your organization. For most people it is unlikely to be
extensively targeted by most of the methods that I have described. Police and
intelligence organizations have limited resources, and very extensive
surveillance will only be done on high priority targets.
Priorities change, and what one day seemed important, may not be
important the next day. An recent example would be increased attention by the
intelligence community for the anti-globalization protestors, that may not seem
as important today in light of the global fight against terrorism.
The intention of this lecture is also to instill a
certain level of security awareness in people. You could compare it to an
insurance policy. You never know when we will have a need to know about
these surveillance and infiltration techniques; one day in the future we may
find ourselves living in a totalitarian state. It would be useful in those
circumstances if some information about government surveillance and infiltration
activities is available.