The arrest of 10 Russian "illegal" suspected SVR spies, in the USA, including the photogenic Anna Chapman, who appears to have spent 5 years or so working in the United Kingdom, and who married and divorced a British citizen, is full of interesting technical tradecraft and legal issues.
The arrest of another 11th suspect, Christopher Metsos, in Cyprus, who then appears to have been allowed to flee the country "whilst awaiting an Extradition warrant" on "money laundering" allegations from the USA", is , in its own way rather worrying, given the obvious use of Entrapment by the US authorities in this affair.
One area in which the US judicial system is better than that of the United Kingdom is in the online publication of Indictments, signed by investigating police or counter- intelligence agents, detailing the alleged activities of the accused.
These are often made available for free by the major US newspapers and provide a check against the wretched culture of "anonymous briefings" which the British media allow themselves to be manipulated by.
The New York Times seems to have been the first to do this, but copies of the two Indictments are now available from the BBC website:
BBC copy of the District Court Indictment against the other 9 illegal spy suspects (.pdf) i.e. Christopher R. Metsos, Richard Murphy, Cynthia Murphy, Donald Howard Heathfield, Tracey Lee Ann Foley, Michael Zottoli, Patricia Mills, Juan Lazaro and Vicky Pelaez.
Both documents make a distinction between spies under diplomatic cover working from Embassies, Consulates and, in this case the Russian Permanent Mission to the United Nations in New York and "illegals".
"Illegals" are in two categories - those who operate under totally false names and identities of, in this case, US citizens, or those who operate under their own (Russian) identities.
See the infamous "Hollow Coin" case in the 1950's involving Rudolf Abel / Vilyam Genrikhovich Fisher.
Why arrest this alleged spy ring now, after several years of surveillance ?
It is unclear why the US authorities actually decided to make a propaganda fuss and arrest these alleged "illegals" rather than simply threatening to deport them under immigration laws.
Presumably there is some sort of internal power struggle for scarce budgets and prestige, amongst the various US intelligence agencies.
The case has certainly shifted a lot of mainstream media attention from the BP oil pollution scandal, which probably pleases the White House spin doctors.
No actual Espionage or even Economic Espionage charges
None of the suspects are actually accused of obtaining or passing on any actual classified information.
None are actually accused of Espionage, (up to 20 years in prison) or even Economic Espionage (up to 10 years in prison and half a million dollars fine for stealing certain trade secrets).
There are no charges under the catch all "national security" provisions of the so called PATRIOT Act either.
The likelihood is that the alleged spies were either as yet inactive "sleepers" awaiting orders in the future, or were meant to be "agents of influence", or perhaps low level logistics support team members, without direct contact with any US traitors or personal access to real secrets.
The fact that two of them are accused of undertaking "dead drop" operations of money and of a false passport, at the behest of the FBI agent provocateurs who had gained their trust, implies membership of the logistics tail of the SVR espionage rings in the USA.
Similarly in the United Kingdom, none of the alleged activities set out in the Indictments would have fallen foul of the the UK's Official Secrets Act 1989
Unregistered Agents of a Foreign Government
They are accused of Conspiracy to Act as Unregistered Agents of a Foreign Government which carries a penalty of up to 5 years in prison.
There is no such law in the United Kingdom.
If there was, how many Public Relations and Political Lobbying companies and individuals would be caught by such a law in the UK ?
Given the number of current and former MPs and Lords and Ministers (from across the political spectrum) who have acted for foreign clients and for foreign companies or organisations, which are controlled by foreign governments, it seems unlikely that any such law would be passed in the UK.
The interesting alleged technical details about the secret communications methods employed by this alleged spy ring are not in themselves illegal.
This is presumably why the US authorities went for their usual Entrapment method, using their people who managed to infiltrate or gain the trust of a couple of the suspects, to accept and deliver to a Dead Letter Drop, an envelope of cash or a false passport.
These acts were then videoed to provide evidence of activity as an "Unregistered Agent of a Foreign Government" a crime with a penalty of up to 5 years in prison.
Since US laws and regulations do not allow "Unregistered Agents of a Foreign Government" to make use of the US bank or credit card or other financial systems, anybody who receives or passes on any money "from a Foreign Government" can be accused of "money laundering" or more usually, as in this case, the even more catch all inchoate offence of "conspiracy to commit money laundering", which has a penalty of up to 20 years in prison.
In previous cases, the US authorities have even claimed that the salaries paid by the US Government to to Federal employees working for the FBI etc. who turned out to have been recruited to be Russian or Chinese or Cuban or Israeli etc. spies after their initial employment by the US Government, was evidence of "money laundering" since they were obtained under false pretences by "Unregistered Agents of a Foreign Government".
This is not "money laundering" in the the sense that UK laws are framed, aimed at Serious Organised Crime gangs involved in illegal drug or tobacco or alcohol etc. smuggling, human trafficking. Neither does this sort of activity qualify as "terrorism" money laundering.
Entrapment is much more heavily frowned upon in the UK legal system than in the USA.
Communications Traffic Analysis of repeated ad hoc WiFi connections using the same two MAC addresses
The alleged use of ad hoc WiFi connections (i.e. directly peer to peer, between two portable computers, without logging in to a Wireless Access Point) by "Anna Chapman", sitting in a café or a bookshop, whilst a diplomat from the Russian Permanent Mission to the United Nations lurked nearby or drove past in a minivan was interesting.
The fact that the FBI used a "commercially available tool that can detect the presence of wireless networks" and had evidence of the same two Media Access Control (MAC) addresses from the WiFi chips / USB dongles or cards used by the portable computers making ad hoc Wifi connections with each other, on about 10 occasions would be as proper use of directed surveillance both in the USA and in the UK.
Such WiFi connections do not use a public Communications Services Provider like a telecomms or internet company, so the Regulation of Investigatory Powers Act 2000 self authorisation for access to Communications Data does not apply - there are no log files to be copied or seized from third parties.
Since WiFi exploits the unlicensed Industrial, Scientific and Medical bands of radio frequencies, it is not illegal to intercept these if you have the technology to do so, even if you are a private citizen and not an intelligence agency.
Such activity would not be illegal in either country, especially since the contents of the the communications between the two computers are likely to have been protected with extra encryption or steganography over and above the strong encryption available through the standard WiFi connection
N.B. the only WiFi encryption which cannot be broken these days in real time or near real time is WPA2 using AES encryption, all the other modes i.e. the standard WEP or the more advanced but now broken TKIP can be compromised by free software available over the internet.
it is trivially easy to change the MAC address which a WiFi enabled laptop uses, either through a Windows Registry setting or by using free software available via the internet. e.g. KLC Consulting's SMAC
Writing down a long password on paper
The FBI investigators appear to have found a piece of paper on which was written "alt," "control" and "e" and "a string of 27 characters", which was found to be the key to a steganographic software program, used to hide text messages inside digital images, which were then uploaded and downloaded from various websites (see below)
Such a password would strong against brute force password guessing attacks, but was presumably too random to be easily memorised.
This sort of elementary IT security error is not unique to alleged SVR trained professionals.The April 2010 prosecution of Thomas A.Drake, a senior National Security Agency (NSA) executive and whistleblower, for ongoing leaks to a Boston Sun newspaper reporter, is mostly based on lots of paper copies and unencrypted electronic scans of classified documents found in his home.
It is plausible that the 27 character password unlocked a steganographyprogram on the computer disks which were copied surreptitiously during the New Jersey Search in 2005.
Iit would be strong circumstantial evidence of a link between the New Jersey alleged conspirators and the Boston alleged conspirators, if the Indictment claim that they both used similar steganographic software, which both required a 27 character password.
Does this imply that the Boston password has also been broken ?
What about the third surreptitious search in Seattle in 2006 ?
It is unclear how many of the images which the FBI investigators downloaded from websites which the New Jersey alleged spies had visited actually contain steganographically hidden messages.
They claim to have recovered about 100 messages, but these could be mostly from unencrypted and hidden drafts of messages which analysis of the forensic images of the computer disks revealed, according to the Indictment.
It seems improbable that the same 27 character password would have continued to have been used for 5 years. Since even amateur or open source steganographic software usually also has
the ability to strongly encrypt the messages that are being hidden within digital images (e.g. .jpg( or music or video files (e.g. mp3) etc. it is inconceivable that any SVR supplied or developed "non commercial" steganographic software would not also employ strong encryption.
Surely they would use a with a different password or pass phrase for encryption, from that used to invoke the steganography software ?
Or was the 27 character password really to an encrypted container file, in which resided the steganographic software and the draft messages etc.?
Although they may not always be encrypted, steganographically hidden messages do appear to fall under the United Kingdom's Regulation of Investigatory Powers Act 2000 Part III Investigation of electronic data protected by encryption etc section 49 notices, von-compliance with which can result in a 2 year prison sentence, or if the magic words "national security investigation" (whatever that means) are uttered, then the penalty is up to 5 years in prison.
Not e the typical Home Office catch-all abuse of the words "any" and "or other" in this legislation:
"key", in relation to any electronic data, means any key, code, password, algorithm or other data the use of which (with or without other keys)--
(a) allows access to the electronic data, or
(b) facilitates the putting of the data into an intelligible form;
"protected information" means any electronic data which, without the key to the data--
(a) cannot, or cannot readily, be accessed, or
(b) cannot, or cannot readily, be put into an intelligible form;
Challenge / Response Pass Phrases
Somehow the FBI obtained a challenge / response authentication pass phrase, which helped them to convince the accused Mikhail Semenko, that the telephone caller (FBI undercover agent UC-2) purporting to be "an agent of the Russian government" was genuine.
The second Indictment also mentions
In the months after the above-described June 2009 brush-pass at the White Plains Train Station, the New Jersey Conspirators and the SVR communicated on numerous occasions as to precisely where and when MURPHY would meet with "Mike". Among other things , the New Jersey Conspirators were told that MURPHY could definitively recognize "Mike" by having the following exhange with "Mike":
["}~Excuse me, did we meet in Bangkok in April last year?". Reply I don't know about April, but I was in Thailand in May of that year.
66. In another January 2010 message, center explained how RICHARD MURPHY, the defendant, and the SVR's agent would be able to identify each other in Rome,
[...]Password (C's rep[resentative]) - "Excuse me, could we have met in Malts in 1999" (key words: Malt, 1999). A's rep[ly]# - "Yes indeed, I was in La Valetta, but in 2000" (key words: La Valetta, 2000).
A's recognition sign: "Tiime" magazine in A's hands (title to be seen from outside"). Sign of danger: "Time" magazine in A's left hand (title to be seen from outside).
It is hard to believe that this information came from the covert searches of computers conducted back in 2005 or 2006.
How was the FBI getting access to such messages after June 2009 and in January 2010 ?
Surely such challenge response phrases are changed frequently and are tailored to a specific secret agent in the field ?
Perhaps the FBI has another source of intelligence which has infiltrated this alleged spy ring ?
At the beginning of the conversation UC-2 asked SEMENKO, "could we have met in Beijing in 2004 ?" SEMENKO responded, "Yes we might have, but I believe it was in Harbin."
Dead Drops and Tip Offs
As part of their Entrapment process, the FBI undercover agents / agents provocateurs, ordered two members of the alleged spy ring to place illegal items (supplied by the FBI) at Dead Letter Drops in a public park
According to the Indictment, UC-2 gave Mikhail Semenko a folded newspaper and an envelope with $5000 in cash, and instructions and a map to memorise, for the dead Drop Location under a bridge in a public park in Arlington, Virginia (effectively a suburb of Washington DC, near to the Pentagon and various military and intelligence agency headquarters. Semenko was then videoed at this location the next day and , surprise, surprise, the FBI found the newspaper and envelope and money placed where they had ordered.
The other FBI undercover agent / agent provocateur UC-1 did not , according to the Indictment, need to employ a challenge / response pass phrase. with Anna Chapman, who agreed to meet with him. Incredibly she handed over her laptop computer to him to be repaired or replaced and accepted a Fraudulent Passport in a false name, which she was instructed to give to an alleged illegal agent the next day.
She was provided with a challenge / response pass phrase by the FBI to authenticate this person ("I-1"):
UC-1 then stated that I-1 "will tell you... 'excuse me but haven't we met in California last summer ?' And you will tell her 'no , I think it was in the Hamptons".
Although this was meant to be a face to face meeting, with another alleged "illegal" agent, UC-1 instructed Anna Chapman to leave a signal marker, more appropriate perhaps, for a Dead Drop such as Mikhail Semenko completed.
At their "coffee shop in downtown Manhattan, new York" meeting point, a rather rambling UC-1 instructed Anna Chapman:
UC-1 then stated, "When you are done, I need you to come back here to this location...so that I know everything is okay.... You can't see from here, but when I walk out there is a city map....Go to the map after you are done. Come up to the map, and, I will give you the thing, all you do is[ place a postal]# stamp, all you do is put it on the side of the map like you are looking at the map...Just come to the map and put it on the side and I will check
This all seems very unprofessional.
Why could the alleged illegal agent I-1 not be the one to signal a successful, or a failed or missed, pick up of the Fraudulent Passport ? Why would this delivery have to be Face to Face, rather than a Dead Drop, like the one Semenko completed ?
We assume that a professional SVR spy handler would probably have been more explicit as to exactly where on the city map, the postage stamp should be placed .
Surely an alleged SVR trained spy like Anna Chapman would have been expecting to set up some sort of "I think I am being watched" signal e.g. placing the postal stamp on the wrong side of the city map or placing it upside down etc. ? (see the "Sign of danger" instructions for MURPHY above)
However, unlike Mikahail Semenko, Anna Chapman must have been suspicious, as she did not turn up at the person to person meeting point with the supposed I-1 to hand over the Fraudulent Passport.
The FBI Indictment mentions that within an hour of the meeting with UC-1, she was observed by the surveillance team to have bought a mobile phone and a "Tracfone" calling card capable of being used for international phone calls. They observed that she had thrown away the packaging of the phone and the calling card as well as the mobile phone charger, which implied that this phone would only be used for one or two calls and then would be disposed of.
Presumably the FBI included details of this mobile phone purchase to imply that Anna Chapman made an "untraceable" international mobile phone call (voice or SMS text message or data ?), to imply that she was an Unregistered Agent of a Foreign Government.
If true, it would then also appear that the bumbling FBI Under Cover agent / Agent Provocateur UC-1 only succeeded in tipping off Anna Chapman and, presumably her SVR bosses in Moscow, that she, and perhaps several other "illegal" spies were about to be arrested.
Given the media attention on her good looks and the lack of any "smoking gun" evidence (unless it can be gleaned from her laptop computer), of any illegal activity, it is hard to see Anna Chapman being successfully prosecuted.