Feeds

Russian spy ring bust uncovers tech toolkit

Feds flush flame-haired femme fatale

Securing Web Applications Made Simple and Scalable

The complaint against the other nine defendants - eight of whom are accused of posing as bogus married couples - further describes the alleged spy ring's technical methods.

The Illegals were given a steganography program by the SVR's Moscow Centre, it says. The software is not commercially available, and investigators discovered the alleged spies held copies of it by clandestine searches of their properties. Going back to 2005, the FBI obtained warrants to make forensic copies of hard drives and other digital media at several locations across the US.

A New Jersey search uncovered a network of websites, from which the alleged spies had downloaded images.

"These images appear wholly unremarkable to the naked eye," the complaint explains.

"But these images (and others) have been analyzed using the steganography program. As a result of this analysis, some of the images have been revealed as containing readable text files."

Over one hundred such hidden messages were found in the New Jersey search.

Similarly, a search in Boston led to websites carrying steganographic messages. The texts had also been encrypted, and both the Boston and New Jersey hard drives required a 27-character password.

The Illegals are also accused of receiving data from Moscow through "brush pass" meetings. On June 6 this year, a Russian official "surreptitiously gave cash and a flash memory stick to Richard Murphy" at White Plains train station in New York.

"As Russian Government Official #3 and Murphy passed one another on the stairs, Murphy held out his backpack and Russian Government' Official #3 placed the Shopping Bag that he had been holding into Murphy's backpack," the complaint explains.

Earlier this year Murphy had allegedly been summoned to Moscow Centre, with instructions to buy an Asus Eee PC 1005HA-P with cash, and bring it with him. He returned to the US in March, and handed the apparently modified or switched laptop (the complaint notes it had a different serial number) over to Michael Zottoli, one of his fellow defendants, based in Seattle. According to a message to Moscow recovered from the New Jersey hard drive, the new machine was needed "due to [Zottoli's] laptop "hanging"/"freezing" before completion of the normal program run".

According to the FBI, over several years the Illegals used all these technical resources and techniques to deliver sensitive intelligence about US nuclear weapons, economics and Washington DC gossip to Moscow. Today Russia's foreign ministry said the charges levelled at the group were "contradictory" and it was seeking more information.

There are copies of the criminal complaints against all the defendants here. ®

Update

Police in Cyprus said they today arrested the 11th suspect, Christopher Metsos, at Larnaca Airport, trying to board a flight to Budapest. He has been released on bail pending extradition to the US.

Application security programs and practises

More from The Register

next story
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.