Tuesday, June 06, 2017

The Case for Retrograde Tradecraft

Thanks to dL, who pointed me to this story on how the NSA busted a leaker yesterday.

A brief disclaimer: We don't yet know the full story on the leak. What it facially looks like is that a well-intentioned employee of a government contractor leaked a secret report that NSA didn't want anyone to see. But it could be something else, e.g. NSA wanting that information made public (perhaps to affect the ongoing "Russia probe") with plausible deniability, in which case the leaker could either be in on the thing, or have been manipulated into leaking it (with the arrest aiding the plausible deniability angle).

But anyway: The leaker got caught because modern printers encode certain information, as nearly invisible yellow dots, on every document they print. Since The Intercept put actual images of the actual printouts online, it was trivial for NSA to discover that the document was printed on a particular printer at a particular time, and from there figure out who might have printed it.

Modern technology is useful, but also problematic from the perspective of someone wanting to not be surveilled, tracked, or discovered in this or that activity. And not just directly, as above. As dL is also fond of pointing out, one's "social graph" (basically the sum of a person's online activities) can reveal a lot about the person absent any specific smoking gun.

If non-state intelligence agencies -- that's the term Mike Pompeo used for WikiLeaks, and while he said it like it's a bad thing, I think the whole idea rocks -- want to operate successfully, I think they're going to need to go back to Cold War espionage tradecraft. One-time pads that are NEVER, in ANY way, involved with electronics. Brush passes. Dead drops. "Chance" meetings in areas that just happen to (hopefully) not be under video surveillance. That kind of thing.

Those things are harder than mouse/keyboard/send. But that works both ways. One guy at Langley or Fort Meade can track/surveil the activities of bazillions of people from a single computer terminal. The reverse is true to the advantage of surveillance targets. It takes multiple people to follow one guy around and notice if he leaves a mark on a mailbox or happens to pass close by someone else who might or might not be a person of interest.

There's substantial literature out there on the subject. But of course finding it without it ever being noticed that you went looking for it might be tricky.

No comments: