Security and Russian Spies

The FBI this week arrested 10 people accused of being Russian spies, an investigation that stretches back to the Clinton White House. According to the FBI, the operation was aimed at placing spies in nongovernmental jobs where they could get insider information without being easily identified. Interestingly enough, the FBI's arrest was aided by its ability to infiltrate the group's computers. Turns out these alleged spies weren't as careful about their cybersecurity as they should have been. So what did they do wrong?

Word is the spies used Wi-Fi networks to communicate, but instead of connecting to an access point, they established Ad-Hoc networks. Ad-Hoc networks make remote surveillance of the connection a bit harder, and the FBI would needed a listening post close by in order to intercept the connection. Johannes Ullrich, chief research officer for SANS, writes today that the spies should have changed their MAC addresses to avoid tracking.

The other security hiccup to emerge is a good lesson for us all. Apparently the FBI secretly searched the homes of some of the spies and copied their hard disks. Problem was, they were encrypted. However, an FBI agent noticed a piece of paper during the search with a long letter and number combination, which turned out to be the encryption password. This allowed the agents to decrypt the hard disk where they found stenagography software, other encryption tools and lists of websites used to exchange stegagographic messages.

"Typically, if you want to do steganography right, first encrypt the message, then encode it in an image," Ullrich writes. "In particular if you use standard software to perform your steganography."

One other lesson to heed if you're a spy is never to use an old password to encrypt a new password. Once an attacker figures out the password, they will be able to decrypt all the others. The spies made this mistake as well. But for once it's nice to see the U.S. government finding the vulnerabilities and exploiting them against the perpetrators, not the other way around. The reports still are developing, but it does appear that cybersecurity principles played a big role in this investigation. This will remain an important lesson, not only for spies, but also especially for those employees who communicate away from work and bring home important information. Don't make the same mistakes, or your company's/agency's data could be compromised in a similar fashion.