Connect with us

Intelligence

THE FSB and SIGINT: Absolute Power at Home and Abroad

Published

on

The Russian Federal Security Service (FSB) should easily be considered one of the most influential and powerful intelligence organizations in the world today. Its primary functions and roles include: law enforcement, counterintelligence, domestic surveillance, and internal intelligence functions at the national level.

These roles mirror many of the functions assigned to the Federal Bureau of Investigation in the US (FBI). However, while many of these functions would put the FSB squarely in the realm of law enforcement instead of security or intelligence, the FSB also has mission responsibilities that organizations such as the FBI do not. The most significant being the mission of signals exploitation (SIGINT). This article focuses on the SIGINT capability of the FSB and its threat to US political, economic, and diplomatic policies as well as the threat in the new environment of cyber espionage.

Initially an internally focused organization, the FSB threat profile changed in 2003 when, under Presidential Edict No. 314, the missions and authorities of the Federal Agency for Government Communications and Information (FAPSI) were transferred to the FSB. This meant the FSB would now have both the resources and authorities for SIGINT collection against its adversaries and information assurance for all Russian government information systems. This transition established the FSB as a much larger player in the intelligence exploitation community and a larger threat to US interests. Most Western intelligence services separate the responsibilities and missions of SIGINT to a single intelligence organization, like the National Security Agency (NSA) in the US, which has only that authority. Other intelligence services handle matters such as counterintelligence and military-related intelligence. This is not the case with the FSB, which after Presidential Edict No. 314 controls elements of all major aspects and disciplines of intelligence, essentially giving it both unfettered access to collected intelligence as well as the ability to potentially restrict other Russian organizations from accessing the collected data. What exists is a single intelligence service with the capabilities to conduct human intelligence, counter-intelligence, law enforcement, border security, counter-surveillance, and signals collections. This represents a significant amount of authority and global reach that cannot be compared to any one intelligence service within the US or most other modern developed states. With the transition of SIGINT responsibilities, increased authority on border security, and cryptographic responsibilities to the FSB, the comparison of it to the US Intelligence Community also transitioned. Its domestic protection roles still most closely align with the FBI, but its SIGINT responsibilities mirror that of the National Security Agency (NSA), while the border security functions are more akin to the US Customs and Border Patrol (CBP) or even Immigration and Customs Enforcement (ICE).

On top of all of this, the FSB has become increasingly connected to all issues cyber as well. The world continues to become more interconnected. The internet has become an integral part of our daily lives and, for some, even a necessity. It supports everything from e-commerce to sensitive governmental correspondence. So when a country’s intelligence service inserts itself into business transactions, there becomes an increased risk that sensitive data could be syphoned off and used to support both commercial and national intelligence interests at home and abroad. Even though the Russian IT registration requirement is only for private companies operating within Russia, this means little in the interconnected world of the internet where data crosses many geographical boundaries between transmitter and receiver. The internet is a medium susceptible to signals collection just like any other and when countries or intelligence services have access to all internet-based traffic that falls within their borders, then that threat is not only very real but actually amplified.

One example of this threat is the Russian SORM program. SORM, or System for Ensuring Investigated Activity, is a mechanism that permits the FSB to monitor all phone and internet traffic coming in and out of the Russian Federation. While arguments are that this program is a law enforcement and internal security tool, the FSB still remains an intelligence service with a mission set that goes beyond internal security and law enforcement. It is worth noting that until a Russian Supreme Court ruling was handed down in late 2000, the FSB was under no obligation to inform Internet Service Providers (ISPs) that agents were accessing the system. The work undertaken by the FSB to support signals exploitation is not just limited to Russian companies, therefore, but extends to international entities with a presence in the Russian Federation.

On 11 April 2011, for example, a government source told the Interfax news agency that the FSB was not proposing a ban on Gmail, Skype or Hotmail in Russia. The FSB expert speaking at this meeting only expressed concerns that a number of those servers provide services outside of the national legal framework. The inferred concern was that because these companies utilize encryption for securing the communications of users, and none of them are directly based in Russia, the FSB requirement under SORM may not be implemented properly. It is interesting that the FSB would take the time for an interview to highlight its effort to find a solution to make the functioning of these services on Russian territory ‘comply’ with national laws. This statement, while perhaps innocuous on the surface, speaks to the potential level of penetration the FSB can gain into all aspects of communications, both traditional and emerging.

On 8 June 2011 Microsoft Russia made a statement with respect to the FSB and the on-line communications service Skype. In a statement carried by the Russian Federal Security Service-owned but supposedly editorially-independent Russian news agency Ekho Moskvy, Microsoft denied claims it had provided the FSB with encryption algorithms for the internet service. It did, however, admit that the source code for the program was provided. With its charter to protect and monitor cryptographic systems for the Russian government, the FSB has access to those individuals who both create and decipher cryptographic algorithms as part of the newly transferred FAPSI functions. With these vast resources, it is not a giant leap of logic to think the FSB will be sorely tempted to conduct eavesdropping on any entity it wishes, without the support of said company, as long as a suitable connection to ‘national security’ is found.  

These two examples are a sample of how cyber seems to be a new focus of FSB SIGINT collection efforts. And while, for now, they focus solely on what has occurred within Russian territory, it is important to note the FSB has recognized links in over 80 countries and formal offices in at least 18 of them. This level of global reach and interaction means its SIGINT mission can be transferred anywhere the FSB maintains a presence. As these capabilities are deployed, they provide the FSB with a larger SIGINT capability than most intelligence agencies around the world. The FSB of course formally declares that it honors all international treaties and pursues only legitimate inquiries that hold potential harm to the sovereign interests and national security of the Russian Federation. The problem, of course, is just how fungible those sovereign interests might be over time and how relevant the old adage about absolute power corrupting absolutely might become.

Continue Reading
Comments

Intelligence

9-11 Terrorist Attack: Defensive countermeasures of deter and detect

Bob Budahl

Published

on

On September 11, 2001 at 8:46 a.m. an airliner slammed into the North Tower of the World Trade Center in New York City. At 9:03 a.m. a 2nd airliner slammed into the South Tower. The planes carried thousands of gallons of jet-fuel aboard in effect making them lethal weapons. Tens of thousands of people worked in these buildings daily and both buildings fell to the ground within 90 minutes. More than 2,600 people died in the World Trade Center tower attacks. Then at 9:37 a.m. a 3rd airliner rammed into the western side of the Pentagon. 125 people died in the Pentagon attack. And a 4thairliner was intended for attack in either the U.S. Capitol or White House but the heroics of passengers crashed the plane, hence thwarting the attack. A total of 256 people died in the four planes. The death toll even surpassed the Pearl Harbor attacks of 1941.

Those responsible for the horrific attack were 19 Arabs carrying out Islamist extremists plans. Their headquarters were located in Afghanistan. They were resourceful and some had lived in the United States for some time and four of them had trained to be pilots. They were not well educated. They carried out the terrible attacks with knives, cutters, mace, etc. And they had tried to bring down the World Trade Center in 1993 but failed however in the result killed six people and wounded a thousand. It was an effort led by Ramzi Yousef. Others including Omar Abdel Rahman who had plans to blow up the Lincoln and Holland tunnels and other New York City landmarks, but they were arrested. Ramzi Yousef and others had various other terror plans of which some succeeded and some fortunately did not.

Bin Ladin was known and thought to be a financier but not thought of as a terrorist leader until later. In 1998 Bin Ladin and four others issued a fatwa in which it was publicly declaring it was God’s order that Muslims should try to kill any American they could. Bin Ladin was a wealthy Saudi and had conducted jihadist activities against the Soviet Union. But he also held grievances against the United States such as a U.S. troop presence in Saudi Arabia. He recruited and trained followers in Afghanistan and continued carrying out acts of terror, including on the United States. His people attacked embassies, hotels, and even attempted to sink the USS Cole Navy Ship by a terrorist attack. His rhetoric is derived from Islam, history and the economic and political disorder in the area. He formed an alliance between the al Qaeda group he led and the Taliban. The Clinton administration had tried cruise missile strikes against al Qaeda in Afghanistan and tried to get the Taliban to force Bin Ladin to leave Afghanistan. The U.S. unsuccessfully utilized CIA paid foreign agents to try to capture or kill Bin Ladin and his group.

As early as 1998 or 1999 Bin Ladin had been contacted by Khalid Sheikh Mohammed with an idea of using the planes as a method of attacking the World Trade Center and other targets. The original plans were for 10 planes to target both east and west coasts of the United States. The CIA did uncover some reports of Bin Ladin’s intent on attacks. The U.S. continued its disruption attempts globally and also utilized diplomacy with countries. The “predator drone” was eventually fitted with a missile should an attack on Bin Ladin provide an opportunity. Some of the reasons and connections to the actions of the perpetrators of the planned 9-11 terrorist attack became apparent after the attack. Unrest had come to the surface in the time before the attack as the Taliban leader opposed attacking the United States, in contrast to Bin Ladin’s wishes.

On 9/11 the terrorists were successful in hijacking the four planes. The planes were being used as terrorist weapons and confusion was present with air control. But eventually the FAA and NORAD who controlled airspace did receive a “shoot down order” but it was after the plane in Pennsylvania had been forced down by passengers in the only way to stop the plane from being used as a weapon.      

The enactment of the United States “Patriot Act” removed barriers that had impeded terrorism investigations in their outlay, scope and means. And in effect sped up the investigation and prosecution of the defendants. The FBI was point on the investigation that followed the attack and the operation was named Operation PENTTBOM. At one time more than half of the FBI’s personnel worked on the case. They followed through on more than one-half million leads. It was the largest crime scene in the FBI’s history.  Also in the time period following the 9/11 attack the Department of Homeland Security was created in March 2003, which brought together 22 separate agencies and offices into a Cabinet level department. The 9/11 Commission had made several recommendations and in this report some details are brought forward. These would be included under the defensive counterintelligence support mode of operation and include the principles of deter and detect within the countermeasures. It included recognizing 72 fusion centers throughout the country which acts as a focal point for receipt, analysis and sharing of threat related information. Also establishing related training and informational programs to deal with threats. One such example is the National Terrorism Advisory System. And the DHS developed and implemented a risk-based transportation security strategy. An action taken such as strengthening airline passenger’s pre-screening and targeting terrorist travel will deter terrorists as they become aware of increased security measures and thwart terrorists from attempting to board airlines for terrorist activities. The airliner’s cabin cockpit doors have been hardened post-911 and Air Marshalls are used appropriately as well as some flight crew being eligible to carry firearms. The TSA behavior detection officers use non-intrusive behavior observation to identify people who may be high risk. The TSA also utilizes detection methods such as canine teams to sniff for explosives on passengers and in luggage. Post 9/11 all cargo on U.S. planes is screened commensurate with their checked luggage. The flights coming into the U.S. from foreign countries are required to provide information prior to departure and checks all passengers against watch lists the government utilizes such as the Secure Flight Program. It also increases efficiency by allowing those cross-checked with biometrics to have expedited travel.

Today a significant defensive countermeasure post-911 is that airlines now screen all checked and carry-on baggage for explosives. The U.S. has increased security of U.S. borders and identification documents. Certain areas are closely watched and critical security improvements along the Northern and maritime are emplaced. The Dept. Of Homeland Security has taken aggressive action to enhance the security of the nation’s infrastructure and also cyber infrastructure and networks. There in a federal government system cyber intrusion detection system which includes EINSTEIN and the National Cybersecurity and communications integration center is the nation’s hub for organizing cyber response efforts. DHS and DOD are working together to protect against threats to military and civilian computer systems and networks. This is another example of defensive countermeasures. DNDO is affiliated with nuclear detection and back in 2003 only 68% of arriving trucks and passenger vehicles were scanned along the northern border with no system on the southwest border. But today the systems scan 100% of all containerized cargo and personal vehicles arriving in the U.S. through land port of entries and up to 99% of sea containers. Counter-proliferation of nuclear and biological threats is a high priority of the DHS. The tragic occurrence of 9-11 has brought about real focus on the danger of leaving vulnerabilities open to exploitation. The DHS also has importantly increased efforts to track and disrupt terrorist financing through programs such as ECTF or Electronic Crimes Task Force.

Another action taken post-9/11 was the creation of the National Counterterrorism Center or NCTC which was to serve 5 functions which were; Threat Analysis, Identity Management, Information sharing, Strategic Operational Planning and National Intelligence Management.

The U.S. Department of Justice charged ZACARIAS MOUSSAOUI with numerous terrorism charges and indicates others involved in the terrorist acts. The United States Department of Defense obtained a video tape of Bin Ladin basically accepting responsibility of the 9-11 attacks and the DOD has a transcript of the video and a portion I will quote is as follows. UBL refers to Osama Bin Ladin: “UBL: The brothers, who conducted the operation, all they knew was that they have a martyrdom operation and we asked each of them to go to America but they didn’t know anything about the operation, not even one letter.  But they were trained and we did not reveal the operation to them until they are there and just before they boarded the planes.UBL: (…inaudible…) then he said: Those who were trained to fly didn’t know the others.”

Bin Ladin, America’s most wanted terrorist was killed by United States Special Forces in a compound in Pakistan on May 2, 2011. The CIA had been involved in investigating Bin Ladin for years.      

Continue Reading

Intelligence

Counterintelligence Threat Brief for Turkey

Bob Budahl

Published

on

I will provide a Counterintelligence threat brief on traditional and non-traditional Counterintelligence threats to non-security cleared individuals who are traveling to Turkey as business travelers or for personal reasons. MIT, the official Turkey intelligence agency is active. And non-traditional threats also exist as Turkey includes diverse elements of persons from different Muslim nations. Some of which include terrorist groups with their main base of operation located in a different country but also operating within Turkey. As seen in EurAsia Review, conflicts that were usually based on national interests today are based typically on non-national interests such as ethnicity, religion and culture. Asymmetric warfare rather than having a clear issue now has several. And a weaker enemy will use it strengths against a superior adversaries weaknesses.

Using OSINT (Open Source Intelligence) to conduct my research I uncovered motive for Turkey seeking intelligence from the United States. Turkey is a NATO ally and an American ally. However, that is the crux of their relationship. It has never encompassed social and economic theology. They are predominately a Muslim country and have disagreements about many aspects of wars and conflicts that the US had interests in such as Iraq and Syria. Turkey targets Kurd fighters in Syria while we support them. And they opposed the action President Trump put in place of recognizing Jerusalem as Israel’s Capitol. There is a great amount of suspicion and mistrust regarding the failed coup of President Erdoğan. And Fethullah Gülen, the suspected leader of the attempted coup resides in the United States and refuses to extradite him. They believe Gulen is responsible for the assassination of Russian ambassador Andrey Karlov. They have typically bought US military products and technology but have made a deal with Russia to purchase an advanced missile defense system. Andrew Brunson who is an American Pastor is being held and faces spying charges and thus far efforts to release him are unsuccessful. They are suspicious of everyone. They will not hesitate to leverage information acquired through their intelligence services from the United States or any source. Turkey has long been thought of as torn between the East and West. In Turkey if you access the internet via a local ISP they can install spyware on your computer that can control it. Charter Schools are being targeted by Turkey since Gulen was instrumental in them and that tie is enough for Erdogan to lash out. MIT-Turkey’s intelligence agency places agents in journalist positions as cover which often leads to someone divulging information that is considered private.

If Turkey has decided to spy on you it probably originates from passport screening. Some things that a US visitor should be aware of are to self-assess if you could be thought of as a terrorist, narcotics trafficker or criminal. Black market activity. Do not be caught with suspicious or incriminating luggage. Do not identify known associations that Turkey may find incriminating. They may utilize any of these ways to recruit you as an asset of theirs. Usually direct and indirect activities used in conducting their intelligence operations are non-threatening and unobtrusive. Beware of local laws and customs as one example is in Turkey derogatory comments regarding government and its leaders are prohibited. It may be illegal to use insulting language.

Information Turkey may covet and target from a target such as a defense contractor non-intelligence employee may include customer data, employee data, vendor information, pricing strategies, propriety information, technical plans, corporate strategies, financials, computer access protocols, acquisition strategies, investment date, business directories of phone and emails. They may be subtle and use elicitation to gain information slowly and by gaining your trust. Be alert for tips. Throw them off their own game by asking why they ask. Refer them to public sources if specifically targeted questions are posed. Or say you cannot discuss it or just do not know. Examples of things I would consider for combating their intelligence collection efforts are to use rental electronic devices. Disable the Wi-Fi. And on the flight travel with the device as carry-on luggage. Do not use foreign storage devices in your devices. Do not leave documents and information in your hotel room. Do not use the hotel safe. Select your own cab.

But sometimes harassment incidents are utilized and obviously are meant to intimidate or test a US citizen’s reactions. If harassment is selected to be used on a prospective recruit it can be used in a variety of means.

Continue Reading

Intelligence

Yom Kippur War Intelligence Failure

Bob Budahl

Published

on

The Yom Kippur War intelligence failures were broad and to the highest level of government and military within Israel. They misperceived themselves as being free and safe of attack from the Arabs, at least in the near and current future. The Israelis were confidant an attack would only occur along the perimeters in which they themselves perceived the Arabs may attack, which they believed to be in the distant future. Israel felt that such an attack was bound to fail and thus preventing the Arabs from initiating an attack. Israel had let down their guard and therefore were surprised by the timing of the attack, the method of attack and also the place of the attack. Few military parallels are found as great as the strategic surprise Egypt and Syria enjoyed on October 6, 1973.

Information divulged years later is that King Hussein of Jordan made a visit September 25, 1973 to Israel and met with the Prime Minister and gave his assessment that Egypt and Syria were about to attack Israel. Warning was not heeded as the attack took place October 6, 1973. And importantly Jordan itself had been involved in former wars itself with Israel so their motivation for informing them of an impending attack was suspicious from the Israelis’ view. Skeptics argue that Hussein disavowed giving warning to Israel during this visit. Hussein had hoped that the warning would influence the Israeli Prime Minister to make changes and progress with the Arabs and avoid a costly war. Israel’s intelligence officer dismissed Hussein’s claim and believed that the Arabs were too weak to attack. Also believed by the Israelis is that the Arabs would not fight a war they knew they would lose. This may be a key point as to misperception as the Arab’s initially in the war obtained their objectives and possibly in their view set the course right from the “1967 War” in which they lost territory. Egypt’s Sadat even made a trip to Saudi Arabia before the war and made a plea that if the United States resupplied Israel during the war for Saudi Arabia to emplace an oil embargo on the United States to exert influence. The CIA passed a report on September 30th to the Israelis which was sourced to King Hussein which elaborated on what he had previously told the Prime Minister. By September Syria had received Soviet SAM’s and other equipment and were ready for war. The Soviets removed dependents of advisors and diplomats from Egypt and Syria October 5th.Israel suffered 2,656 dead and 7,250 wounded in the battle.

The Israeli armed forces were reliant on reservists which made up a large portion of Israel’s armed forces. In order to prove successful time was needed in times of attack to mobilize and move them from civilian life and emplace these personnel into a war-time theater of operation. As such, Israel put much effort into developing their intelligence services into the elite force for which much trust was given by the country to provide the warning it needs to prepare for war.With the failure of fore-warning to Israelis’ the Arab’s controlled the early moves in the war and brought initial success which they desired and in effect changed the balance of power within the Middle East away from Israel’s advantage.

Egypt and Syria’s attack on October 6, 1973 occurred at 14:00 hours which caught the IDF off guard and Israel’s military and political leaders did not understand a war was about to break out until 18:00, which was too late. The Commission investigating the intelligence failure indicated three reasons for the mistake. The first reason involved two assumptions in which Egypt would conduct air strikes deep into Israel against its air force before starting a war and the other assumption was Syria would not go full-scale war unless Egypt was in action against the Israelis already. The 2ndreasonwas a major mistake as Military Intelligence had guaranteed that they would be able to provide adequate advance warning of any attack and they did not do so. The 3rd reason is the intelligence services basically dismissed the adversaries’ forces buildups as either defensive or an exercise. Prime Minister Gold Meir and the Defense Minister Moshe Dayan concluded full mobilization was not necessary early on and they only placed the standing army on full alert.

To lend support to Israelis’ perception that attack was not probable at least not in the near future there is evidence and facts that the Arab’s did successfully employ deception methods on Israel as well as on the United States. The Arabs had been open to Dr. Kissinger’s peace negotiation in September 1973 and even planted items in a Lebanese newspaper about neglect and deterioration of equipment from the Soviet Union within the Suez Canal area. A very good synopsis which perhaps lends Israeli a sympathetic path is that estimating intentions are one of the most difficult and yet crucial element within intelligence. One may use hard evidence. If the evidence is incomplete it is more difficult to determine intention. Technology has advanced greatly in later years which makes a surprise attack much more difficult to achieve with the presence of advanced IMINT and SIGINT.

Is the current state of counterintelligence in the Intelligence Community adequate?

In regard to whether the state of counterintelligence within the Intelligence Community is adequate today one can best assume counterintelligence is a forever changing, evolving, assessment and reactive process of making sure our capabilities are up to date with the current world intelligence threat that exists in the world today. I do believe that counterintelligence is adequate as of today but that does not mean we do not need to improve. Much can be derived as to pre-9/11 or post-9/11 scenario. The intelligence officials and decision makers have to make sure that the IC is able to function strategically and operationally. Post 9/11 there exists “old” and “new” threats but clearly now we are primarily and immediately faced with “new” threats such as prevention of individual or small group acts rather than State actors. And because of this emphasis is placed upon utilizing human sources or spies, and interrogations of suspects or informants. The “old” threats still require IC collection, analysis and operations regarding State actors and these services are still intact and operating fully. The intelligence community may involve two ways in which it adapts to its external demands and when a perceived intelligence failure occurs then it reinvents itself to deal effectively. Or it may change proactively because of anticipating or observing environment changes.

There still exist threats from State actors in regard to our intelligence community and national decision makers and counterintelligence needs to be vigilant to deter, detect, exploit, neutralize and disrupt these attacks on an ongoing basis. National Security information as well as the US companies’ proprietary information will be targeted for collection. Some industries that may experience activity directed against them include the defense, finance, energy, dual-use technology, etc.  Insider threats will continue to be a closely surveilled item of interest of the counterintelligence agencies. And Russia is believed to remain a threat through cyber operations meant to influence or convey misleading information to encourage public opinion towards Russia’s best interests. Elections have been targeted and efforts are believed to continue. Increased and vigilant counter-cyber terrorism programs need to be fully conducted and expanded to the utmost ability the United States can exhibit and emplace.

Transnational criminal groups as well as terrorists are learning and utilizing advanced intelligence capabilities in technical, physical and cyber means. And “insider threats”, which is the oldest form of spying still exist in today’s world.

Continue Reading

Latest

South Asia2 hours ago

The Likely Outcome of Narendra Modi’s Unconstitutional Seizure of Kashmir

An independent fact-finding mission into the now military-ruled constitutionally autonomous Indian state of Jammu-Kashmir (commonly referred to simply as “Kashmir”)...

Health & Wellness4 hours ago

Expert tips for a better night’s sleep

When was the last time you had a good night’s sleep? For many, sleep doesn’t come easy. Up to 70...

Travel & Leisure8 hours ago

Top 4 Drives around Beverly Hills and L.A. to Experience in a 2019 Maserati Levante SUV

With a deep history of more than 100 years of Italian craftsmanship, Maserati’s DNA is a balance of luxurious, sophisticated...

South Asia11 hours ago

Indian Subcontinent Independence and Economies Lagging Counterparts

Mid-August is when the subcontinent celebrates independence from Britain.  Born in a cauldron of hate 72 years ago, India today...

Newsdesk14 hours ago

UN Security Council discusses Kashmir- China urges India and Pakistan to ease tensions

The Security Council considered the volatile situation surrounding Kashmir on Friday, addressing the issue in a meeting focused solely on the dispute,...

Middle East16 hours ago

Business and boxing: two sides of the same coin

What do a planned US$15 billion Saudi investment in petroleum-related Indian businesses and a controversial boxing championship have in common?...

Defense18 hours ago

Kashmir: A Nuclear Flash Point

India has challenged the whole world with nuclear war, the Defense Minister announced to review its policy of no first...

Trending

Copyright © 2019 Modern Diplomacy