- The Strategist - https://www.aspistrategist.org.au -

Do cyber spies dream of electric shadows?

Posted By on November 11, 2021 @ 14:33



Alice sits at a bar with Bob, a travel consultant she has been seeing socially since she met him a few weeks ago in the lobby of the building where she works as a network administrator. Her company develops IT systems for the military. Bob isn’t actually a consultant but a foreign intelligence officer who has been influencing Alice to sell state secrets. He is facing away from the closed-circuit TV camera above the counter, but he’s oblivious to the fact that his movements have been tracked via facial recognition ever since he arrived in the country. Bob’s true identity was revealed in a ransacked personnel database and the microphone on his smartphone was hacked through a zero-day vulnerability to record Alice breaking the law.

While this story is fictional, it highlights how pervasive surveillance, online personal data and new technologies such as trackable devices are making it harder for states to collect intelligence from human sources (commonly referred to as human intelligence, or HUMINT), which includes a range of activities whose core purpose is to recruit an individual to ‘spy’.

In this new era, espionage will pit tech against tech to avoid detection and create more plausibly deniable covers. Covert communications will likely become more sophisticated to avoid detection, but HUMINT collection agencies could further collaborate with their technical counterparts to take full advantage of other emerging technologies to protect their intelligence officers and agents on the ground.

Cyberspace is changing spycraft, and national security agencies are being urged to adopt machine learning and open-source data to bolster their analytical capabilities. Human intelligence and networks of informants, however, will remain necessary for acquiring some secrets, assisting cyber operations by placing USB drives in air-gapped computers, for example, and providing insights into the thinking of decision-makers in target countries. To establish trust between officers and their informants, interpersonal and face-to-face meetings may be unavoidable while virtual reality and other digital technologies mature.

In countries like Russia and China, some experts have argued that traditional HUMINT tradecraft has become obsolete due to the use of facial recognition, biometric scanning and internet-connected devices that leave ‘digital dust’ for counterintelligence officers to detect. This has followed a New York Times report claiming a top-secret CIA cable revealed that dozens of informants working for the US had been compromised or killed in these increasingly difficult operating environments.

However, technological advances haven’t been fully utilised yet and present an opportunity for HUMINT collection agencies like the CIA, MI6 and the Australian Secret Intelligence Service to work with the NSA, GCHQ and Australian Signals Directorate to develop new HUMINT tradecraft. For example, new covert communication techniques could take advantage of anonymising technologies that are already challenging counterintelligence in open democracies.

Last month, an undercover FBI operation resulted in the arrest of Jonathan Toebbe, a US Navy engineer, for attempting to sell classified nuclear submarine technology to a foreign government. Toebbe employed a range of tools to protect his identity and encrypt his communications. ProtonMail, an end-to-end encryption mail service, was used over the Tor Network via publicly available wi-fi to hide his affiliated IP addresses. He also asked to be paid in Monero, a cryptocurrency that is harder to trace than Bitcoin but not impossible.

This case shows that anonymising technology can be used to avoid interception, but poor tradecraft might still result in detection. Even if Toebbe had been less trusting of his purported foreign handlers, these tools would have only delayed his eventual discovery. He would have had difficulty using and laundering the cryptocurrency, stolen information can be eventually traced back to the few users who had access to the original documents, and specific surveillance of Toebbe’s devices may have revealed suspicious activity.

The key takeaway is that knowledge of human behaviour combined with technical expertise is still essential to understanding the limitations of technologies and how they can be applied in HUMINT tradecraft. As described by former MI6 head Alex Younger, fourth-generation espionage will require ‘fusing ... traditional human skills with accelerated innovation’.

In general, intelligence agencies could creatively use technology and consider tools and media that are not necessarily technical or were designed for other purposes.

For example, the China Institutes of Contemporary International Relations, a think tank affiliated with China’s top intelligence agency, the Ministry of State Security, published a report on the national security implications of the so-called metaverse (元宇宙). It recognised that this new model is likely to be the next generation of the internet and will become an integral part of a country’s political discourse and social culture. Without stating it explicitly, the report suggests that Chinese intelligence officers may be already thinking about how virtual and augmented realities could be used for recruitment or influence activities. Chinese intelligence services have previously exploited social media platforms like LinkedIn for similar espionage purposes and used traditional avenues like political organisations to carry out influence campaigns under plausibly deniable fronts.

Other technologies such as generative adversarial networks, or GANs, a class of artificial intelligence models that are designed to avoid detection by other AI models, could be used to mask covert activity among normal activities. They are already used in deep fakes and, combined with language models, like GPT-3, could be trained to automate the process of creating misleading digital personal data, spoof mobile metadata for operatives or create fake informant or employee entries as honeypots to taint personal databases that might be hacked.

For HUMINT collection agencies in the West, emerging technologies are an opportunity to support operations in increasingly difficult environments. To develop new tradecraft, HUMINT agencies could team up with technical agencies and recruit new talent for the next generation of cyber-enabled spies.


Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/do-cyber-spies-dream-of-electric-shadows/

[1] zero-day: https://www.fireeye.com/current-threats/what-is-a-zero-day-exploit.html

[2] human sources: https://www.iwp.edu/wp-content/uploads/2016/01/20160107_TheChangingShapeofHUMINTPagesfromINTEL_FALLWINTER2015_Vol21_No3_FINAL.pdf

[3] changing spycraft: https://www.australianforeignaffairs.com/articles/extract/2020/07/data-driven

[4] adopt: https://www.theatlantic.com/ideas/archive/2021/09/us-intelligence-osama-bin-laden/619781/

[5] argued: https://www.nbcnews.com/politics/national-security/human-spies-have-become-obsolete-says-one-expert-culprit-technology-n1280965

[6] report: https://www.nytimes.com/2021/10/05/us/politics/cia-informants-killed-captured.html

[7] challenging counterintelligence: https://www.wsj.com/articles/hostile-spies-target-u-s-with-cyber-encryption-big-data-report-finds-11581357600

[8] arrest: https://www.justice.gov/opa/pr/maryland-nuclear-engineer-and-spouse-arrested-espionage-related-charges

[9] end-to-end encryption mail service: https://protonmail.com/security-details

[10] Tor Network: https://www.wired.com/story/the-grand-tor/

[11] not impossible: https://news.bitcoin.com/ciphertrace-enhanced-monero-tracing-capabilities-governments/

[12] fourth-generation espionage: https://www.gov.uk/government/speeches/mi6-c-speech-on-fourth-generation-espionage

[13] China Institutes of Contemporary International Relations: https://web.archive.org/web/20211013110953/https:/irp.fas.org/dni/osc/cicir.pdf

[14] report: https://archive.vn/JjE7o

[15] LinkedIn: https://www.bbc.com/news/world-asia-53544505

[16] political organisations: https://www.aspi.org.au/report/party-speaks-you

[17] deep fakes: https://www.aspi.org.au/report/weaponised-deep-fakes

[18] GPT-3: https://openai.com/blog/gpt-3-apps/

[19] honeypots: https://www.kaspersky.com.au/resource-center/threats/what-is-a-honeypot

[20] personal databases: https://foreignpolicy.com/2020/12/22/china-us-data-intelligence-cybersecurity-xi-jinping/