ACTIVISTS & SPOOKS: covert activities against activist groups



For HTML version see
http://www.xs4all.nl/~felipe/articles/infiltration_lecture.htm


ACTIVISTS AND SPOOKS

A lecture about covert activities against activist groups, given at TILT
conference, Sydney Australia

(c) Felipe Rodriquez - 27 September 2001


With special thanks to Eveline Lubbers for her insightful comments and
inspiration for this article and in general.


INTRODUCTION

Activists worldwide are scrutinized by government agencies and corporate
intelligence activities. Numerous organizations have been the object of
surveillance and infiltration. These organizations include activist groups
that advocate sabotage and violence. But most are peaceful organizations
that do not advocate violence.

Organizations around the world that have been targets of government
surveillance and infiltration include Greenpeace and Amnesty International.
Other groups include gay and lesbian rights organizations, socialist and
Communist organizations, environmental groups, animal rights groups, middle
east organizations, unions, peace activist organizations and human rights
groups [1].

Western world intelligence organizations work on the basis of a counter
insurgency model developed by British intelligence expert Frank Kitson. In
his book, Low Intensity Operations he defines various stages of development
of political organizations. He advices that the primary work of an
intelligence agency should occur in the earliest phase of the creation of an
organization, when the it is small and vulnerable. It outlines the necessity
for continuous covert operations, insisting that infiltration and
"psychological operations" be mounted against dissident groups in "normal
times," before any mass movement can develop. [2]

Officially the primary functions of government intelligence activities
consist of giving information and warning of potentially hostile political
plans of organizations, and the research and analysis of that information.
Unofficially it includes the manipulation of organizations and people, in
order to disrupt, weaken, compromise and control them.

There is a need for activist groups to be concerned with surveillance and
infiltration: governments and corporations observe, and sometimes
manipulate, these groups to discover what they know, who their sources are,
and what their future activities will be.

One word of warning; you should not let this lecture make you feel too
paranoid; governments have limited resources, and therefore they are
unlikely to use many of the techniques that I will mention in this lecture
if you are not an important suspect to them.


WHO ARE THE SPOOKS ?

Organizations involved in infiltration and surveillance activities include
police organizations, local and foreign human intelligence organizations,
local and foreign signal intelligence organizations and global corporations.
A large US based religion, The Church of Scientology, has also been accused
numerous times of infiltration and surveillance activities, apparently to
weaken and destroy their perceived enemies.

A large number of government infiltrations of activist groups have been
reported worldwide. An example is reported infiltration and surveillance
activity by the Victorian police Operations Intelligence Unit, in Australia,
in the early nineties. This unit monitored 316 organizations and had files
on more than 700 people in the state of Victoria [1]. Exceptional about this
was not the amount of organizations and individuals that where monitored,
but the fact that these covert activities where exposed. Similar activities
by police forces and intelligence organizations happen around the world, but
remain covert.

Often we only get to see single pieces of the intelligence puzzle. Some of
the examples of puzzle pieces that where found are:

-    the infiltration into the US organization 'Students for Economic
Justice' [3]
-    undercover police activities during protests [4]
-    failed attempts to recruit informers [5]
-    informants or agents that have been discovered and volunteered
information about their previous covert activities.

Such activities need not be limited to domestic government agencies. In the
early 90s a US agency tried to infiltrate a hacker group in the Netherlands
by setting up a hackers bulletin board to lure and entrap hackers. He
created multiple personalities on his bulletin board to create an impression
that there was genuine activity and communication going on. But in reality
he was trying to extract information from Dutch hackers about their
activities, and possibly try to infiltrate those hacker groups. The operator
of this bulletin board later turned out to be an employee at the US embassy
in The Hague. In 1995 he was fired by the US embassy because he had become a
security threat, and in 1996 he started posting elaborate stories about his
intelligence activities [6] for the CIA.

Various corporations have also engaged in surveillance and infiltration
activities. And they do not only spy on their competitors. Activities
against activist groups have been reported. Such as the case of McDonalds,
that employed private investigation agencies to infiltrate London Greenpeace
[7,8]. In the case of Greenpeace London, Mc Donald's had hires more than one
investigators to infiltrate that group. The infiltrators did not know the
identity of the other infiltrators.

Corporations have an increasing need to gather intelligence to protect their
interests. Governments can often not provide the information and
intelligence products that corporations need. Various corporations have
therefore used private intelligence companies, such as a company called
Control Risks. Control Risks is a so called international business risk
consultancy. Services include political and security risk solutions,
investigations, security consultancy and crisis management and response. The
essence of companies like Control Risks, is to function like a privatized
intelligence organizations.

In January this year a person called Manfred Schlickenrieder was exposed as
a corporate spy that was doing work for shell and possibly other
corporations. This person has been spying on activist groups for a period of
more than twenty years. He collected information and photographs on hundreds
of people. He also offered to sell guns to people. The founder of the
company he worked for, a former MI6 agent, said in the Financial Times that
his company tried to do the same thing for corporations as they had done
before for the government.

A number of espionage activities by freelance agents that sell their product
to corporations have been reported. In the Netherlands there was a case
involving a detective agency that collected paper from activist groups. The
agency employee, posing as an activist, told organizations that the old
paper would be sold to a recycling company, and the proceeds would be
donated to a school. As a result many sensitive documents ended up on the
desk of corporate managers, to whom they where sold by the agency [9].
Another freelance agent was Adrian Franks, who infiltrated numerous activist
groups, collected information about them, and tried to sell this information
to corporations around the world [10].


METHODS OF SURVEILLANCE

Much has been written about the Echelon surveillance network. Echelon has
the capacity to carry out total communications surveillance. Satellite
receiver stations and spy satellites in particular are alleged to give it
the ability to intercept any telephone, fax, Internet or e-mail message sent
by any individual. Echelon operates worldwide on the basis of cooperation
among the UK, the USA, Canada and Australia. These states place their
interception systems at each others disposal, and make joint use of the
resulting information [11]. A former Canadian secret service employee says
the service routinely received communications concerning environmental
protests by Greenpeace vessels on the high seas [12].

Echelon is coordinated by the National Security Agency, or NSA, in the
United States. This is an agency has a budget of approximately 4 billion
dollars a year. This budget is magnified by the cooperation with other
intelligence agencies, and assets are pooled with these agencies. Examples
are the spy base in Pine Gap, based in Australia, with mixed Australian and
US staff. There are numerous speculations about the capabilities of the NSA,
they have been known to top into undersea communications cables, and the
United States have a special submarine equipped for these operations. There
have been messages about the NSA tapping undersea fiber optic cables, by
splicing them. The problem does not seem tapping into these cables, but
processing the unimaginable amounts of information that such tapping
provides. In space the NSA has specially equipped spy satellites, such as
the Mercury signals intelligence spacecraft. These satellites are designed
to intercept transmissions from broadcast communications systems such as
radios, as well as radars and other electronic systems. They have a very
large deployable antennae with a diameter of approximately 100 meters.

Carnivore is a computer-based system that is designed to allow the FBI to
collect information about emails or other electronic communications to or
from a specific user. It has the capability to capture all the network
traffic to and from a specific user or IP address [13]. Other countries are
developing similar devices, and the legislation needed to implement them. In
the Netherlands legislation has already been implemented that will force
ISPs to make their Internet network traffic available to police and secret
service surveillance, when served with an order to do so [14]. In the
Netherlands there was a legal case where a former hacker, that now works for
the police, provided evidence that the Dutch police had created a black box
device that was capable of tapping specific internet traffic at a provider,
and had the capability to reconstruct the entire session of the user that
was the target of surveillance.

There are currently a lot of news items about intelligence services trying
to uncover messages that have been hidden using steganography. This is a
technique to hide a message inside another message. It is alleged that
terrorists use steganography to hide messages that are sent to other
terrorists. Several Internet providers around the world have been asked to
provide information about this, and to cooperate with the intelligence
community to uncover these hidden messages. Government contracts have been
granted to companies to develop techniques that enable the analysis of
content on the Internet, in order to uncover messages that are hidden using
steganography.

If you are concerned about the security of your computer network, then stay
away from wireless network equipment, such as the Apple Airport and Lucent
Orinoco wireless access points. Wireless network communication has been
compromised, and it is relatively easy even for an amateur to eavesdrop and
penetrate a wireless computer network. In the United States it has become a
bit of a fashion to drive around in a car, equipped with a computer, a
wireless Ethernet device, and a special antenna. This enables one to pick up
network traffic from most wireless networks, especially the ones that are
not secure. This new fashion has a name, it is called war driving, and is
derived from the old hacker activity of war-dialing

In Australia laws have been passed that give ASIO, Australia's domestic spy
organization, powers to hack into computers. They can now enter and modify
computers remotely. [15] The FBI has been reported to have rigged a computer
used by a suspected criminal in order to be able to monitor every keystroke.
[16] The suspect was using encryption to protect the data on his computer,
and it was impossible for the FBI to crack this encryption. By tapping his
keystrokes they where able to find the password of his encryption software,
and decrypt all the secret information on his computer.

Less high-tech ways of spying on activist communication include a phone tap,
or a pen register. A phone tap eavesdrops on the activist's telephone calls,
recording the oral communications on tape. A pen register tracks all the
numbers of inbound telephone calls. Phone taps are used extensively in some
countries, and less in other countries. The Netherlands is notorious for its
use of phone taps; it has among the highest amount per 1000 population of
phone taps in the world. Also in the Netherlands it has been reported more
than once that public phones where being tapped by the police, because they
where allegedly being used by criminals that tried to circumvent government
tapping of their phone.

A government phone tap is impossible to detect, don't believe the marketing
hype that spy shops give you about anti bug devices. These devices are only
effective for very low-end surveillance equipment as employed by mediocre
freelance spooks. The danger of bug detection devices is that they'll give a
false sense of security.
A very rare way of detecting a phone tap is when a mistake is made. In 1992
a tap was placed on a computer line of the Dutch hacker group HackTic
network. This disrupted normal network email operations. The inverse signal
of the tapped line was connected to another line by mistake. Social
engineering of the phone company engineer responsible for the switch
disclosed that something odd was done to the wiring that he was not allowed
to disclose [17].

In some cases microphones (bugs) are installed in a premises, to record
conversations in a room. Before such a device can be placed, surveillance by
the agency is initiated in order to determine the best time and place to
install it. Be wary of electricians and plumbers at the door with whom you
have no appointment, they may be checking out the best location for a bug,
and may be trying to find security problems for later covert entry into your
house.

Often there is no need for the spooks to install any microphones in your
home, there already is one there, its called the telephone ! Built into the
international CCITT telephone protocol is the ability to take phones 'off
hook' and listen into conversations occurring near the phone, without the
user being aware that it is happening [18]. This effectively makes the
telephone into a room monitoring device.

Do you believe only street cats are interested in your garbage bin ? You're
wrong ! Garbage can be a primary source of intelligence. This may sound
smelly, but look at what people throw away. Often draft versions of
documents end up in the trash. These may give away vital information. Oracle
paid private investigators to go through the trash of a trade group with
ties to arch-rival Microsoft. [19] A case that already mentioned before
occurred in the Netherlands, where a private investigation company collected
the trash of numerous activist organizations.

Shredding documents is an option, but may provide a false sense of security.
When the Iranian revolutionaries occupied the US embassy in Tehran they
found big pile of shredded secret US government documents. The Iranians
managed to recover the shredded items and systematically reassemble them.
They then published facsimiles of the documents in a series that currently
numbers over 70 volumes. The information that was uncovered by the Iranians
contained the identity of the CIA station chief in Beirut, William Buckley,
who was kidnapped and assassinated by a group calling itself Islamic Holy
War.

Why do you think Osama Bin Laden switched his satellite phone off ? Because
following people around has become very easy if they use a cellular or
satellite phone. A mobile phone network always knows in what cell of the
network the phone is at any given time. Police and intelligence
organizations can access this information to locate someone, or to find out
the history of a person's movements.

Another way of finding out where a person has been in the past, is by
checking credit card transactions; purchase anything with a credit card, and
the transaction is logged on the mainframe of the credit card company,
including the location of the merchant, and therefore your location at the
time of purchase.

During demonstrations and protests the government often uses photo and video
surveillance, to record the presence and activities of individuals. Some
police forces have specially equipped command and control vehicles with
video camera's on their roof, and video terminals inside. Video and
photographic surveillance of specific locations, such as an office of an
activist organization, has been documented in the past. With the right
optical equipment such surveillance can be done from a mile or so away,
defeating any chance of discovery.


INFILTRATION

An infiltrator tries to penetrate an organization with the intention of
collecting information that is otherwise not available.

Surveillance of communications is called Sigint, an acronym for Signals
Intelligence. The use of informers, or actual infiltration of groups is
called Humint. Sigint often does not provide adequate information about the
motives and future plans of people and organizations, therefore government
agencies often engage in Humint activities. Infiltration is also used to
manipulate and compromise activists and their organizations.

Undercover infiltration is a specialist job, and can be hard to detect.
There are some recurring signs that have been turning up in reports about
past infiltrations. An infiltrator needs to gain trust in the target
organization, and will sometimes offer secret information to gain trust and
respect. An infiltrator will seek a leadership, or close to leadership,
position. It is important for an infiltrator to become an information hub,
and infiltrators often maintain extensive contacts with other organizations.
Infiltrators often create conflict and intrigues in their environment.
Infiltrators often extensively copy archived documents of the activist
organization and take these copies with them.

Another important sign that has come up repeatedly in reports about
different infiltrations by government agencies is that the infiltrator will
often promote the use of illegal activities, and may encourage others to
participate in illegal activities. Infiltrators have been reported that
offered arms and explosives to activists [20]. In the Netherlands there have
been two reported cases of infiltrators that where offering guns and
explosives. Another case has been documented in Germany. I have had some
personal experience with a person working for the US embassy in the
Netherlands that tried to incriminate me in a crime, apparently with the
intention to use that against me to discredit me, or worse. Fortunately we
reported this to the press and police before the case came to its climax;
and this person consequently lost his job at the embassy.

The reasoning behind this activity of offering weapons is that governments
want to know who is willing to use violence or illegal activities to achieve
their activist goal [21]. An element of entrapment is often blended into
this; the infiltrator promotes the use of violent or illegal activity, and
when the illegal activity takes place the people involved are arrested.
After such an arrest an attempt can be made by the government agency to
pressure the participating activist into becoming an informer with threats
of punishment and prison.

The African National Congress manual for covert actions [22] used the
following list to identify infiltrators:

*    they try to win your confidence by smooth talk and
       compliments;

*    they try to arouse your interest by big talk and promises;

*    try to get information and names from you which is no
       business of theirs;

*    try to get you to rearrange lines of communication and
       contact points to help police surveillance;

*    may show signs of nervousness, behave oddly, show excessive
       curiosity;

*    may pressurize you to speed up their recruitment or someone
       they have recommended;

*    ignore instructions, fail to observe rules of secrecy;

Spies that work for corporate intelligence organizations often work in a
different way than government organizations. Corporations want information
of a more general nature, such as the results of voting sessions, the
intentions of campaigns and what contacts exist with other activist
organizations. The main function of this information for the corporation is
the creation of damage assessments and to develop public relations responses
to actions like a consumer boycotts.

Because of their different nature, corporate spies are more low-key. They
are less likely to promote violence or to offer weapons and explosives for
sale. Therefore they are harder to detect and isolate. Cases have been
reported, such as the one mentioned before in this lecture, where corporate
spies have been active for many years.


INFORMERS

An informer reveals confidential information in return for money or other
benefits. Recruiting informers often ends in failure, and therefore there
are many reports available about the recruitment process.

Informers can have a range of motives to turn against the organization they
are informing about. They can be disenchanted members who volunteer their
services. An activist may be overheard by someone not of the group, who in
turn informs police. Someone may have been arrested and may try to avoid
prosecution by agreeing to infiltrate a group and obtain information about
activist activities. Or someone may have been targeted for recruitment by
the police. [23]

Recruitment by police or intelligence agencies is usually preceded by
extensive background checks. Activists that have weak spots are singled out
for recruitment attempts. A weak spot may be financial trouble, immigration
status, pending prosecution and a range of other possibilities. The activist
may be threatened and/or offered money. Other offers that may be made to
coerce the activist into becoming an informer may include a permanent visa
offer, or a settlement to prevent prosecution. Family members and friends of
the recruitment prospect may be pressured, to convince the activist to
become an informer.


WHAT TO DO ?

If you believe you, or your organization, are the target of infiltration of
surveillance, the best thing you can do is start building up documentation
and evidence. Create a small group of trusted individuals, and start to
planning and researching the case. Try to find out all the facts, try to
remember every detail that can be remembered. It is no use to have
suspicions that cannot be backed up with hard facts. If evidence has been
collected, it is often useful to double-check it first, and then publish the
evidence. Please try to always be extremely careful about paranoia and
unfounded allegations. Because that can cause as much, or more, harm to an
organization as any intelligence activity.

The best defense, if you have nothing to hide anyway, is to be extremely
transparent. If transparency does not deter intelligence agencies, it will
at least diminish your own feelings of paranoia and persecution. Second best
is to have a high degree of awareness about security and knowledge about
surveillance methodology. That helps in developing secure communication
mechanisms, such as using encryption, steganography and maintaining
anonymity.

It is always useful to use encryption to protect your Email. Sending an
unencrypted email is the same as sending a postcard without an envelope, any
hacker or system engineer can read your email.  There are various encryption
software programs available on the Internet, PGP, Pretty Good Privacy, is
probably a good choice. If you want to hide the fact that you are
communicating, you may want to use some steganographic program, that hides a
message within another message.

Security is one thing, paranoia another. The summary of technologies and
activities in this article is extensive, and some may find it scary. The
fact that all these things are possible, does not mean that they happen
right now in your organization. For most people it is unlikely to be
extensively targeted by most of the methods that I have described. Police
and intelligence organizations have limited resources, and very extensive
surveillance will only be done on high priority targets. One also has to be
mindful of the fact that intelligence and law enforcement agencies have
limited resources. Priorities change, and what one day seemed important, may
not be important the next day. An recent example would be increased
attention by the intelligence community for the anti-globalization
protestors, that may not seem as important today in light of the global
fight against terrorism.

The intention of this article is not to make you feel paranoid, or to make
you feel permanently watched by the government. Such extreme focus on an
individual or group is rare and only happens in extreme cases where suspects
are very important. Most intelligence operations against activists are
likely to be low intensity intelligence operations with the aim of tracking
developments and collecting information. But if you have been trained in
some Al Qaeda camp in Afghanistan, then you probably have a credible reason
to feel watched at this particular moment.

The intention of this lecture is also to instill a certain level of security
awareness in people. You could compare it to an insurance policy. You never
know when we will have a need to know about these surveillance and
infiltration techniques; one day in the future we may find ourselves living
in a totalitarian state. It would be useful in those circumstances if some
information about government surveillance and infiltration activities is
available.


Another reason to create this lecture, is that most of us live in democratic
states. Therefore it is important to have some insight in the covert
activities that our governments engage in, because they do so in the name of
the electorate, and therefore in our name.




Thanks,

          Felipe Rodriquez



------------


SOURCES:

[1] Operations Intelligence Unit Victorian police data base files at:
http://home.vicnet.net.au/~neils/PoliceWatch/spec1.html

[2] Low-intensity Operations - General Sir Frank Kitson Faber and Faber;
ISBN: 0571161812

[3] Activist group exposes undercover officer
http://www.statenews.com/article.phtml?pk=3519

[4] Undercover troopers among those arrested during GOP convention
http://europe.cnn.com/2000/ALLPOLITICS/stories/11/16/convention.protests.ap/

[5] Koerden ge‘nfiltreerd (dutch)
http://www.xs4all.nl/~evel/koerd.htm

[6] Snorri Helgarsson - My Story
http://groups.google.com/groups?q=snorri+cia+parker&hl=en&rnum=19&selm=4omak
u%24b6%40enterprise.cistron.nl

[7] Special Branch Help McDonald's
http://www.mcspotlight.org/media/press/squall_aut96.html

[8] Mag ik u infiltreren? (dutch)
http://www.xs4all.nl/~evel/mcspy.htm

[9] Liefdewerk Oudpapier (dutch)
http://www.xs4all.nl/~evel/onzewer.htm

[10] Infiltrator in A SEED, Earth First!, ENAAT - and where else?
http://www.xs4all.nl/~respub/artikelen/adrian/

[11] European parliament report on the existence of Echelon
http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf
[12] Jim Bronskill, Canada a key snooper in huge spy network, Ottawa
Citizen, 24.10.2000

[13] Carnivore FAQ
http://www.robertgraham.com/pubs/carnivore-faq.html

[14] opentap.org
http://www.opentap.org/documents.php3

[15] EFA newsletter - ASIO hacking legalised
http://www.efa.org.au/News/issue5_2.html#asio

[16] Mafia trial to test FBI spying tactics
http://www.theregister.co.uk/content/4/15268.html

[17] Hack-Tic afgeluisterd ? Hack-Tic 18/19 (dutch)
http://www.hacktic.nl/magazine/1811.htm

[18] SGR Newsletter, No.4, 1993
And also in Hack-Tic 18/19 at http://www.hacktic.nl/magazine/1824.htm (dutch
site)

[19] Oracle's Private Eyes Hit Microsoft Trail
http://www.pcworld.com/news/article/0,aid,17470,00.asp

[20] Operatie Homerus - papieren tijger uitgeverij (dutch)
ISBN 906728100X

[21] Verslag van de speurtocht naar de infiltrant Adrian Franks (dutch)
http://www.xs4all.nl/~evel/adrian.htm

[22] African National Congress manual for covert actions
http://cryptome.org/anc-manual.htm

[23] POLICE UNDERCOVER OPERATIONS (2) by Mollie Maguire
http://www.cat.org.au/a4a/police2.html



(C) Felipe Rodriquez Copyright Notice; You may copy and distribute verbatim
copies of this article for non-commercial use without the author's
permission.



========== HURIDOCS-Tech listserv ==========
Send mail intended for the list to <huridocs-tech@hrea.org>.
Archives of the list can be found at: http://www.hrea.org/lists/huridocs-tech/
To subscribe to the list, send a message to <majordomo@hrea.org>,
with the following text in the message: subscribe huridocs-tech
To unsubscribe from the list, send a message to <majordomo@hrea.org>,
with the following text in the message: unsubscribe huridocs-tech
If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.


[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]