Russian spy ring bust uncovers tech toolkit
Feds flush flame-haired femme fatale
The FBI's case against an alleged deep cover Russian spy ring relies heavily on surveillance of their use of ad hoc Wi-Fi networks, bespoke software, encryption and the web.
After a counter-espionage operation lasting several years, 10 people were accused on Monday of being covert agents of the SVR, Russia's foreign intelligence service. An 11th alleged member of the network - dubbed the "Illegals" programme by investigators - remains at large.
[A man has been arrested - see update at the end of this article.]
Anna Chapman, from her Facebook page
The criminal complaints against the group highlight their dependence on internet technologies.
Testimony from FBI agents describes how 28-year-old Anna Chapman (pictured) allegedly kept discreet appointments with a Russian government official at Manahattan coffee and book shops. Without making overt contact, she would allegedly communicate with her handler over an ad hoc Wi-Fi network.
"Russian Government Official #1 was across the street from the book store, carrying a briefcase," an unnamed FBI agent says in the complaint.
"I observed Chapman pull a laptop out of the tote bag. Chapman stayed in the book store for approximately thirty minutes; Russian Government Official #1 was in the vicinity of the book store (but outside) for approximately twenty of those thirty minutes."
Chapman allegedly kept 10 such appointments on Wednesdays between January and June this year. On nearly every occassion the FBI observed the same two MAC addresses communicating via ad hoc Wi-Fi.
Surveillance agents nearby used "a commercially available tool that can detect the presence of wireless networks" to witness the creation of the ad hoc networks. NetStumbler is probably the most popular example of such software.
"Law enforcement agents were able to detect a particular MAC address - MAC address A - at the time that Chapman was observed powering on her laptop computer," the complaint says.
"Law enforcement agents were also able to determine that the electronic device associated with MAC address A created the ad hoc network."
Chapman's fellow defendant, Mikhail Semenko, is accused of similar data exchanges with another Russian government official in Washington DC.
On one occasion in April, the Russian government official, who was based at the UN, rumbled his surveillance team, according to the court documents. He returned to his office and only one of the usual MAC addresses, allegedly belonging to Chapman's laptop, was observed trying to communicate.
On Saturday last week she handed the laptop to an undercover FBI agent, "so that it could either be fixed, or sent back to Moscow". An hour after the meeting she allegedly bought a Motorola phone and international calling card under the name "Irine Kutsov" of "99 Fake Street". The following day, last Sunday, she didn't turn up to another scheduled meeting with the undercover agent.
Blimey, I reckon if they'd just used pgp and webmail from work they would have probably gotten away with it ;)
Hmm, what's this in my coat pocket?
It's called Interpol
In the same way that we can ask for the arrest of somebody who has committed a serious crime here and then left the country, so can the Americans.
Achieving extradition is another matter entirely because evidence will have to be presented to show sufficient proof that this person would be charged with a crime. Unless of course you are subject to our wonderful, balanced 'agreement' with the Yanks, or the extradition is between EEC member states. In either case it would appear that extradition is all too easy and without sufficient safeguards in place.
It does sound completely daft giving this guy bail though. There can be few people more capable of getting out of the country after having their passport confiscated than a spy. And if there is any truth to the allegations (which seem fairly substantive) then you can also imagine that the Russians will be keen to ensure that he is nowhere to be found. Or they might be happy for him to be found once they've arranged for him to stop breathing.
MAC address spoofing.....
Or, try better procedures, such as going to different, busy, open Wi-Fi hot spots and sending each other steganographised holiday pictures via Skype?
If something works once, they get complacent and keep doing it without thought for possible countermeasures. These people need El-Reg commentards to act as consultants.