The Sunday Times reports another peculiar "Chinese spying" story.
From The Sunday Times
July 20, 2008
Gordon Brown aide a victim of honeytrap operation by Chinese agents
David Leppard and Claire Newell
A top aide to Gordon Brown has been a suspected victim of a "honeytrap" operation by Chinese intelligence agents.
The aide, a senior Downing Street adviser who was with the prime minister on a trip to China earlier this year, had his BlackBerry phone stolen after being picked up by a Chinese woman who had approached him in a Shanghai hotel disco.
The aide agreed to return to his hotel with the woman. He reported the BlackBerry missing the next morning.
The aide, whose identity is known to The Sunday Times, immediately reported the theft to the prime minister's Special Branch protection team and was informally reprimanded.
Why have details of this incident, which must have been know to only a very few people, been leaked to the Sunday Times right now ?
Who is spinning the media for power and influence in the Downing Street and Whitehall kremlins ?
A senior official said yesterday that the incident had all the hallmarks of a suspected honeytrap by Chinese intelligence. The incident will raise fresh questions about the security of sensitive official information. It follows a spate of high-profile cases where data from government departments have been lost.
Are we meant to believe that an intelligence agency operation against a Downing Street insider resulted in the tipping off of the British officials , through an actual reported loss of a BlackBerry portable email device ?
Do Chinese, or other countries intelligence agencies, or even serious criminals, all of whom also operate in London, as well as in Shanghai, no longer use "honeypot" agents for sexual blackmail purposes any more?
Since British Labour party politicians and their apparatchiki seem to be able to weather News of the World revelations, Cash for Honours investigations, and endless Computer Data insecurity scandals etc., without ever resigning or being criminally prosecuted, then are such tactics less useful than in the past ?
If a foreign intelligence agency did get their hands on a Downing Street BlackBerry, why did they not simply clone all the data from it, or modify the software and or hardware to snoop on the user and his communications thereafter, and then replace it, before the hapless Downing Street insider ever noticed that it was missing ?
Since this loss of the device was supposedly reported within a few hours, there should have been little risk to the centralised email system, provided that the appropriate access codes and , if necessary, the cryptographic keys had been changed promptly.
BlackBerrys are used as mobile telephones and also store data and send and receive e-mails. Downing Street BlackBerrys are password-protected but security officials said most are not encrypted.
Whatever unencrypted data was on the BlackBerry device itself, would, of course be at risk, but is this should not, in theory, have included any Secret or Top Secret material.
Experts say that even if the aide's device did not contain anything top secret, it might enable a hostile intelligence service to hack into the Downing Street server, potentially gaining access to No 10's e-mail traffic and text messages.
Which experts would those be then ?
There were security alerts back in 2006, when it was discovered that BlackBerry servers (not the handheld mobile devices) were potentially vulnerable, not because of weaknesses in their strong encryption, but because they were stupidly storing user login data, unencrypted, in a Microsoft SQL server data base, which could be exploited through SQL injection via buffer overruns in attached .png and .tiff graphics file handling routines. e.g. see this discussion thread [2006-01-03] Security Hole Claimed for BlackBerrys. Within the last week, a similar sort of potential vulnerability was announced, affecting the BlackBerry Attachment Service PDF distiller.
BlackBerry servers can either be run by as a public internet service, or they can be dedicated to corporate or Government department use.
In theory any private corporate BlackBerry server connected to the Government Secure Intranet or GSi (Restricted) or the xGSi (Confidential) email networks, should never have been vulnerable to this sort of remote manipulation, because of the Security Accreditation procedure required, but how can we be sure ?
It is worth remembering that during the height of the Downing Street Cash for Honours investigations in January 2007, involving Downing Street email systems, they claimed that there were no BlackBerry devices being used by Downing Street staff, or that if there were, they were only being used for Labour party business, rather than official Government communications.
See More PMOS "denials" about the 10 Downing Street email systems - what about the Pipex router then ?
The incident highlights the growing threat of Chinese intelligence to Britain and the West. Last December Jonathan Evans, the director-general of MI5, warned that China was carrying out state-sponsored espionage against vital parts of Britain's economy, including the computer systems of big banks and financial services firms.
Sources said that the incident had occurred during Brown's two-day trip to China in January.
Downing Street sources ? Whitehall sources ? Chinese sources ?
The prime minister had been accompanied by about 20 Downing Street staff, including senior advisers on foreign policy, the environment and trade. There were also 25 business leaders on the trip, among them Sir Adrian Montague, the chairman of British Energy, Arun Sarin, then chief executive of Vodafone, and Sir Richard Branson, the Virgin boss.
The incident occurred in Shanghai on the second day of the tour. That evening, about a dozen members of the Downing Street staff went to a hotel disco where a lively party with several hundred young people was in full swing.
"It was apparently a lot of fun, there was quite a bit of dancing with lots of people ona big crowded dance floor," said one security official.
The group stayed at the disco for at least two hours. One senior aide was approached by an attractive Chinese woman. The couple danced and later disappeared together.
The security official said: "In these circumstances it was not wise. Nobody knows exactly what happened after they left. But the next morning he came forward and said: "My BlackBerry is missing." The prime minister's Special Branch protection team were alerted.
A British "security official" or a Chinese one ?
Downing Street yesterday confirmed that a member of the prime minister's office had lost a BlackBerry during an evening event on the January visit to China. However, it played down the affair, stating that an investigation had established that there was "no compromise to security
Given the institutional incompetence displayed by the Government, with even the most basic security procedures for the handling of classified material having been ignored by senior staff, and by Ministers, who should all have been setting a good example to their subordinates, it is entirely legitimate to ask for actual independent proof that such elementary post security incident measures have actually been done properly.
Lack of detailed practical travel advice from the FCO
Where is the Foreign and Commonwealth Office advice about the risks to their electronic data systems, i.e. what to take, what to leave at home, what particular precautions are necessary to take in China ?