Feeds

Russian spy ring bust uncovers tech toolkit

Feds flush flame-haired femme fatale

5 things you didn’t know about cloud backup

The complaint against the other nine defendants - eight of whom are accused of posing as bogus married couples - further describes the alleged spy ring's technical methods.

The Illegals were given a steganography program by the SVR's Moscow Centre, it says. The software is not commercially available, and investigators discovered the alleged spies held copies of it by clandestine searches of their properties. Going back to 2005, the FBI obtained warrants to make forensic copies of hard drives and other digital media at several locations across the US.

A New Jersey search uncovered a network of websites, from which the alleged spies had downloaded images.

"These images appear wholly unremarkable to the naked eye," the complaint explains.

"But these images (and others) have been analyzed using the steganography program. As a result of this analysis, some of the images have been revealed as containing readable text files."

Over one hundred such hidden messages were found in the New Jersey search.

Similarly, a search in Boston led to websites carrying steganographic messages. The texts had also been encrypted, and both the Boston and New Jersey hard drives required a 27-character password.

The Illegals are also accused of receiving data from Moscow through "brush pass" meetings. On June 6 this year, a Russian official "surreptitiously gave cash and a flash memory stick to Richard Murphy" at White Plains train station in New York.

"As Russian Government Official #3 and Murphy passed one another on the stairs, Murphy held out his backpack and Russian Government' Official #3 placed the Shopping Bag that he had been holding into Murphy's backpack," the complaint explains.

Earlier this year Murphy had allegedly been summoned to Moscow Centre, with instructions to buy an Asus Eee PC 1005HA-P with cash, and bring it with him. He returned to the US in March, and handed the apparently modified or switched laptop (the complaint notes it had a different serial number) over to Michael Zottoli, one of his fellow defendants, based in Seattle. According to a message to Moscow recovered from the New Jersey hard drive, the new machine was needed "due to [Zottoli's] laptop "hanging"/"freezing" before completion of the normal program run".

According to the FBI, over several years the Illegals used all these technical resources and techniques to deliver sensitive intelligence about US nuclear weapons, economics and Washington DC gossip to Moscow. Today Russia's foreign ministry said the charges levelled at the group were "contradictory" and it was seeking more information.

There are copies of the criminal complaints against all the defendants here. ®

Update

Police in Cyprus said they today arrested the 11th suspect, Christopher Metsos, at Larnaca Airport, trying to board a flight to Budapest. He has been released on bail pending extradition to the US.

The essential guide to IT transformation

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.