Category: intelligence and stupidity

More questions on the Biryani Project.

Randy McDonald, and probably others, seem to have found the Afzal Amin piece baffling, so I thought I’d draft a brief explainer as follows.

Afzal Amin, potential Tory MP and ex-army officer, tried to incite the EDL to stage a provocative demonstration in his heavily Muslim constituency during the campaign, while also inciting a group of radical-ish Muslims to protest the EDL. He then tried to get the EDL to call off the demo (that he incited) when he asked. The point was to create a situation in which Amin could appear at the last minute and resolve the conflict without a nasty ruck between EDL football thugs and semi-jihadis, presumably vastly adding to his prestige and authority and getting him elected.

Obviously, as this involved the EDL backing down and CAVING IN TO THE TERRORISTS, or maybe just COMPROMISING WITH THE SYSTEM, they needed a big side-payment. Amin promised their leaders money or possibly jobs, plus support to integrate the EDL into respectable politics, and also offered to pay rank-and-file EDL activists hard cash to campaign for him. Using hired canvassers at an election is illegal in the UK in itself. He also seems to have had ambitions to roll out the process elsewhere in the UK, and to be inspired by David Kilcullen/Galula/etc counterinsurgency theory. Unfortunately for him, he was caught – somehow – by the Mail on Sunday‘s investigations team, which managed to video him conspiring with the EDL in a curry house.

A really interesting question is where he was going to get the money to pay off the EDL (and presumably also his vaguely edgy Muslims). It turns out he has an incredibly shady fake NGO, which got a no-bid contract to the tune of £120k with a bit of the government that has responsibility for counter-radicalisation policy, the CONTEST programme, incidentally headed by a political buddy of his. So the obvious conclusion is that he planned to put the EDL, and probably the Muslims, on his NGO’s payroll and bill the expenses to the government. At which point we need to ask whether the CONTEST people knew about the whole caper and this was some sort of ill-thought out amateur spook scheme. That said, it’s not like huge irresponsibility, deceit, incredibly careless handling of public money, and the use of government resources for one’s election campaign aren’t enough to be going on with.

Before the whole affair sinks into obscurity, I think it’s worth following up some questions that are still outstanding. First of all, Amin mentioned to the EDL that he’d been meeting “some Muslim lads” regarding what I will from now on call the Biryani Project. This sounds very much like he wanted to make sure there would be an angry and at least somewhat radicalised reception committee for the planned EDL march, in order to maximise the conflict he would then solve.

Presumably, if the Biryani Project was indeed meant to serve as a model and be rolled out nationally, it would need angry Muslims just as much as it needed the EDL. Logically, if he needed to hire Stephen Yaxley-Lennon, he would also need to hire the Muslims. So that’s another group of people he’d need to pay or place in a sinecure of some sort. What did he promise them and how did he intend to deliver?

Secondly, who were these Muslims? A place to start looking would be here – via Labour candidate Kate Godfrey’s Twitter feed, it seems he tried to incite the Muslim Public Affairs Committee to insult him about his military service.

Why he bothered when Dan Hardie will insult him about his military service for the sheer pleasure of the thing is another question.

MPAC UK’s involvement needs some parsing, though. The simplest explanation is that they were the “Muslim lads”, in which case we might reason that they were involved and are accelerating away from the mess, or alternatively, if we accept they are telling the truth, that Amin was deluding himself about their involvement. Both are possible. It is also possible that he addressed himself both to MPAC UK and to some other group.

In general, we should be looking for a group around Dudley who were offered a grant, and I suspect a detailed review of the DCLG’s report and accounts (here) might be telling. I’ve yet to find anything suspicious, although I do wonder why literally the only Google hit for “Srebrenica memorial day” and the organisation DCLG thinks it gave the grant to is the DCLG accounts. That could be a clerical error, though. Anyway, the Curzon Institute’s grant is in there, and Amin says he’d been talking to the EDL for at least a year – which means he had DCLG’s money in hand when he began the project.

Meanwhile, Theresa May sets out an important counter-radicalisation initiative:

After several months of disagreement the only official anti-extremism unit to be formed immediately is an “Extremism Analysis Unit”, which set out a blacklist of individuals and organisations with whom the government and the public sector should not engage.

Presumably, except over a chicken biryani at the Celebrity Restaurant, Dudley?

Meanwhile, on the question of Amin’s career, the Wikipedia article has improved to the extent of including the London Gazette mentions for his commission, promotion, and retirement, which places him in the Education & Training Branch throughout. The “Counterinsurgency and Stabilisation Centre”, which someone asked about, is a terminology error for the Land Stabilisation and Counterinsurgency Centre, which was headed by Alexander Alderson and whose name implies it belonged to Land Command rather than the Defence Academy.

Kim Philby and a web of trust

Show me your Kim Philby and I’ll show you your concerns. Ever since his defection, British writing on the iconic spy has always reflected the anxieties of society at the time of writing, modulated by the latest lot of declassified documents. What else could it do, faced with such a character, a man who couldn’t have been more protean or more expert at letting his interlocutor project their own thinking on to him? In the 1960s, his role as the ultimate Etonian predominated. In the 1970s, sexuality took over. In the 1980s, to go with the revival of the cold war, it was the communism again. But what would it be now?

Anyone writing about Philby is standing on the shoulders of giants. The literature is enormous, and has regularly been transformed by the disclosure of more information. However, this viewpoint often mostly serves to show that the giants are skew-whiff on their pedestals.

Ben Macintyre’s A Spy Among Friends: Kim Philby and the Great Betrayal is the latest to have a go. He decides to frame the book around the notion of friendship and the relationship between Philby and his friend, defender within SIS, boss, agent handler, and interrogator, Nicholas Elliott. As a result, the book is in large measure a group biography, always a neat trick.

I’m not sure how well the friendship element of the book works, except to highlight that Elliott was almost comically decent to Philby and everyone else involved, visiting Aileen Philby daily in the psychiatric hospital while Kim, self-absorbed as always, barely seems to have noticed she was ill. But that’s OK. Macintyre brings up whole chunks of new story.

One especially rich chunk is the women. A Spy among Friends is among other things a succession of incredible women, like the chief of staff in SOE Section D who was also the chief organising officer of the Conservative Party – surely we need a brief life at least – and the Sunday Express war correspondent who recommended Philby to her, or the MI5 investigator Jane Archer whose abilities Philby rated so highly he insisted on getting her transferred to his SIS counterintelligence group to make sure she didn’t by chance get assigned to his case. Marks & Spencer executive Flora Solomon appears at a succession of critical junctures, helping him launch his career, politely declining the opportunity to join him in the KGB, and eventually providing crucial evidence against him – in part, out of anger at his appalling treatment of his wife, a close friend of hers. (She was also furious about his journalism, specifically his criticism of Israel.)

Peter Wright, by contrast, mentioned Litzi Philby/Kohlmann in passing and hardly says anything about any of the other women in the story, not even his colleague Archer. Neither does The Culture of Treason although it’s a long time since I read it. There’s your answer: the highly un-gay Philby was remembered as the Gay Traitor, not out of homophobia, but out of sexism. This shift of focus tends to diminish Philby as a character, to pigeonhole him as a posh chancer who left a trail of broken wives and unpaid bills behind him, dumping his self-inflicted chaos on – who else? – his friends. But this is a welcome cold bucket of realism.

Another important point is the politics of professionalism. The critics of SIS tended to make much of its habit of recruiting through the old-boy network and of operating in a highly informal fashion. They used the words professional and modern a lot and affected classlessness. But even as they were saying their piece, Michael Young was already writing the strongest possible rebuttal, The Rise of the Meritocracy.

In many ways, the post-defector recriminations were a debate about how the access to elite status would be regulated in future. On one side, the traditionalists believed that the best solution was a diffuse network of contacts who themselves could be trusted and a specific culture, as hard to define as it was unmistakable. On the other side, the modernisers (and I use the word deliberately) believed the best solution was a graduate profession with defined career progression, credentials, and tests.

Importantly – and here’s where Michael Young comes in – this doesn’t for a moment mean that the same sort of people wouldn’t be recruited. If the modalities of Nicholas Elliott’s recruitment couldn’t have been more stereotyped (a word put in by his old housemaster, an approach at the races), it was also true that he was an Etonian with a good degree, someone whose chances of passing through a credentials-based, supposedly modern and prejudice-free, system would have been between excellent and certain. The same was of course true of Philby, whose academic qualifications could not have been more stellar.

Another way of looking at this is from an information security perspective. The traditionalists didn’t have the vocabulary, and public-key cryptography hadn’t been invented yet, but they were essentially a web-of-trust. Trusted individuals vouched for others, whose trustworthiness they initially evaluated through diffuse markers of subculture. This had the advantage that it was much, much harder to fake being the right sort of chap than it is to bang on the effort, get the credential, and keep your nose clean. Any fool can fake conformity, but it takes a genius to fake weirdness convincingly. It was even harder again to gain the connections into the web of trust required.

(Macintyre is good on eccentricity as strength; he needs to be, because the book is just full of prize weirdos. Also, there is a hell of a lot of drinking, hardcore, vase full of Martinis, whisky before breakfast, falling out of windows, eight pints and gin chasers the night before a zero-dark-thirty call for a dangerous mission, drinking. Arguably, had anyone worried about the booze and drugs, they might have rumbled the entire spy ring in the early 1940s – but hardly anyone was remotely sober. It’s the 1950s as seen in this classic Jamie Kenny post Oh yes, and did you know Commander “Buster” Crabbe RN was in the habit of wearing his diving suit to make love? Apparently his marriage was falling apart at the time of his sticky end in Portsmouth harbour, and the suit wasn’t helping.)

The modernisers wanted something more like a public-key infrastructure. A succession of tests administered by a central source of truth would lead to the issue of credentials, which could of course be revoked.

As it turned out, the Cambridge spies reveal both the strengths and weaknesses of the web of trust. The system was very robust; it took multiple, individually brilliant, persistent, patient, cooperating, already partially trusted attackers to break into it. It was also resilient; it continued functioning despite the massive security breach, and many people in it did in fact detect the attackers. However, it was extremely difficult to restore after the disaster, as the continuing hunt for more spies after Philby demonstrates. Also, its very resilience made it difficult to know that it had been subverted, and easy to take refuge in denial.

The Americans adopted the second approach. Theoretically, a PKI is easier to administer and more scalable, but more brittle. Spies like Aldrich Ames and Jonathan Pollard had to fake it, adopt the conventional signs of conformity, but once they faked it, they were in. (It didn’t help that the Americans were so keen on lie-detectors, an example of security theatre marrying pseudo-science.)

But brittleness can be useful. When, for example, a SSL certificate authority has been compromised, it has (as far as we know) become obvious very quickly, and the problem has (as far as we know) been solved quickly, by revoking and re-issuing the certs. The diversity of CAs, and hence competition between them, is useful here. Even the Heartbleed fiasco is mostly remarkable for the swiftness with which it was fixed. It is often useful for things to break unequivocally and publicly.

And webs of trust have other problems. Any system that intends to determine if some people can be trusted or not is exclusionary; that is sort of the point. As a result, they tend to absorb and harden the prejudices that are ambient in society.

So, I show you my Kim Philby: the key concerns seem to be sexism, disenchantment with graduate career prospects, and the failure modes of distributed cryptosystems. I guess I was right.

The problem: the US can’t promise information security to anyone

I’ll be having more to say about the latest Snowdonian revelations as they apply to macro-politics, probably at the Fistful. In the meantime, the document at Le Monde is interesting from a technical point of view.

They mention attacking a PBX – quite a common issue, because a lot of them are proprietary and not very managed and getting at voice calls is high-value. They also mention some attacks involving hacking the end-user PC (obviously), some others that require physical access, and very interestingly, a couple that involve sensing something from a distance.

Specifically, MAGNETIC, DROPMIRE, and OCEAN involve respectively magnetic emanations from computers, similar things from laser printers, and “optical collection from raster-based computer screens”. The first two fall within what is known as TEMPEST, a NATO term for information leaking from computer systems in the radio spectrum and how to prevent it. The US informed its allies about this, up to a point, and NATO created a standard. (They, in their turn, found out from Sir Peter Wright.)

Either the French were in the habit of letting really secret stuff get into non-TEMPEST machines, or the Americans know more about it than they let on and also more than the French suspect. The French are no fools about this stuff; although 70% of the world’s CAPEX on LTE networks in the last two years was in the States, Alcatel snagged most of it. There are, as they say, huge issues about trust.

OCEAN, though, sounds new and interesting. Something similar, VAGRANT, appears to have been used on computer screens at the French embassy in Washington. Overall, the French missions in the US were targeted with malware (HIGHLANDS), with optical observation (VAGRANT or OCEAN), and with an exploit of their PBX (just PBX).

Which reminds me. Remember these posts? Well, over here, we have a discussion of Pakistani worries about cyberwar/information security. I contend that more guarantees of information security would do the avoidance of nuclear war there nothing but good. It would be great if the US, which is a friend-ish to both sides, could help create confidence.

But of course now they can’t. The SIGINT alliances worked because they were both alliances about intelligence and also about security. That implies limits on what the US (or any party to them) could do. So this turned out being a macro-politics post after all.

We didn’t let Coulson see anything sensitive except for the SIGINT

So Andy Coulson, famously, was subject to a background check by Control Risks before joining Downing St. There was some doubt as to whether he had actually gone through the positive vetting process. Supposedly he had, and he was cleared to see “Strap 1” material. But then it turned out in fact the DVA hadn’t finished the process when he quit and in fact the date he quit fits suspiciously well with the timetable.

OK, so what exactly is “Strap 1” material?

Well, the answer is “this”: a GCHQ program to “stain” jihadis’ computers so that they could be identified even if their IP addresses were obscured by multiple layers of network-address translation or indeed by TOR, revealed in the latest Snowdendump, is classified as UK Top Secret/Strap 1/COMINT.

The fact that it contains COMINT – communications intelligence – automatically flags it as being even more agonisingly secret, and subject to the inter-allied arrangements for the security of signals intelligence product.

two points on Snowden in the UK

Just a couple of points about the British wing of Snowden. First of all, what function does it serve to go begging to the Americans for sums of money that aren’t especially big in the context of a £1.8bn single intelligence budget?

Well, the money is a costly-signal that UK cooperation is valuable to the Americans. This legitimises the “NSA ask” in return. And in turn, the “ask” can be used to lobby the rest of government. We must have X, Y, and perhaps even Z because otherwise we’d displease the NSA and they’d pull their contribution…which you would have to replace!

Second, it’s interesting the way the government likes to re-use acronyms. According to Richard Aldrich, GCHQ’s budget line-item for fundamental research in cryptography and computing was called “Methods to Improve” throughout the coldwar. It’s no surprise, then, that “Mastering the Internet” has the same acronym, and probably a fair guess that the new name meant much the same thing but with Internet awesomesauce to impress notorious e-mail printer, Tony Blair.

PRISM. Sometimes it’s easier to solve these things in L

I think it is probably important to direct attention to this post, which contains the only convincing explanation of PRISM I’ve yet seen, including the tiny budget (if it only cost $20m to process everything in Apple, Google, Facebook etc, what do they need all those data centres for), the overt denials, and the denial of any technical backdoor.

Basically, the argument is that PRISM is an innovation in the technology of law rather than the technology of computing, some sort of expedited court order programmed in Lawyer requiring the disclosure of specified data, and perhaps providing for enduring or repeated collection. This would avoid the need to duplicate vast amounts of infrastructure or trawl every damn thing, would stick to the letter of the law, and would help engineers sleep, as it wouldn’t imply creating a vulnerability that could be used by both the NSA and God-knows-who. It would also permit the President and such folk to deny that everyone was being monitored, as of course they are not.

That said, data could be requested on anybody who the court could be convinced was of interest. As the legalities seem quite permissive and anyway the court is a bit of a flexible friend, this means a lot of people. And in an important sense it doesn’t matter. The fact that surveillance is possible is important in itself. Bentham’s panopticon was based on the combination of overt surveillance – the prisoners knew that there was a guard watching them – and covert surveillance – the fact that the prisoners didn’t know at any given moment who the guard might be watching and therefore could not be certain they were not being observed.

The degree to which this was an aim of PRISM must be limited, because it was after all meant to be secret. But it is hard to avoid the conclusion that it’s there.

Something else. I’ve occasionally said that the Great Firewall of China should be seen as a protectionist trade-barrier as much as an instrument of censorship. Huge Chinese Internet companies exist that probably wouldn’t if everyone there used Facebook, Google, etc. Here you see another benefit of it – the Public Security Bureau gets to spy on QQ, but it’s harder for the Americans (or anyone else) to poke around. This may explain why the NSA seems to pick up lots of data from India and much less from KSA or China; you can PRISM for terrorists trying to affect the Indo-Pak nuclear balance and you can’t for Chinese targets.

Borders are always interesting, and this is today’s version.

Iran, of course, does another twist on this. It has a vigorous internal ISP industry, but monopolises international interconnection through a nationalised telco, DCI, that practices serious censorship. However, the same company also sells unfiltered, real Internet connectivity to actors outside Iran, notably in Oman, Pakistan, Iraq, and Afghanistan, almost certainly following Iranian foreign policy goals. DCI has even gone so far as to invest heavily in a new Europe-Middle East submarine cable to add capacity and improve quality (notably by taking a shorter route to Europe, and adding path-diversity against Cap’n Bubba and his anchor). Back in 2006, supposedly, the best Internet service in Kabul was in the cybercafe they installed in the Iranian embassy’s cultural centre.

(A starter-for-ten. Has anyone else noticed that the major cloud computing providers, Amazon Web Services, Salesforce/Heroku, Rackspace et al, aren’t mentioned?)


Yahoo! has not joined any program in which we volunteer to share user data with the U.S. government. We do not voluntarily disclose user information. The only disclosures that occur are in response to specific demands. And, when the government does request user data from Yahoo!, we protect our users. We demand that such requests be made through lawful means and for lawful purposes. We fight any requests that we deem unclear, improper, overbroad, or unlawful. We carefully scrutinize each request, respond only when required to do so, and provide the least amount of data possible consistent with the law.

The notion that Yahoo! gives any federal agency vast or unfettered access to our users’ records is categorically false. Of the hundreds of millions of users we serve, an infinitesimal percentage will ever be the subject of a government data collection directive. Where a request for data is received, we require the government to identify in each instance specific users and a specific lawful purpose for which their information is requested. Then, and only then, do our employees evaluate the request and legal requirements in order to respond—or deny—the request.

Yahoo!’s top lawyer, spinning like a top, but basically confirming the notion of PRISM as a surveillance technology implemented in Lawyer.

A very Blairite disaster

So, the Kenyan Police counter-terrorism spokesman has this to say:

“Kenya’s government arrested Michael Olemendis Ndemolajo. We handed him to British security agents in Kenya and he seems to have found his way to London and mutated to Michael Adebolajo,” a Kenyan counter-terrorism spokesman, Muthui Kariuki, told the Associated Press. He added: “The Kenyan government cannot be held responsible for what happened to him after we handed him to the British authorities.”

Assorted relatives and friends seem to think the question is more whether the British had any business asking him questions while he was under the control of the Kenyans, who are alleged to have brutalised him in various ways. Further, the security service’s approach to recruiting informers seems to involve following them around and repeatedly buttonholing them, openly, in the street.

It sounds like an out-take from Four Lions – secret intelligence with a GOLF SALE sign. Perhaps the aim was actually deliberately overt, public, in your face surveillance, rather than recruitment, as a deterrent or an example to others. Either way, I think we can all agree that the situation has not developed to our advantage.

Which reminded me of this classic Daniel Davies post:

young Muslim men are exactly the ones who are vulnerable to being drawn into violent extremist movements, and their parents have both much better information about this happening than we do, and a powerful interest in stopping their sons turning into suicide bombers. In actual fact, [the launch of the CONTEST strategy was] yet another god-damned own goal which had the effect of getting peoples’ backs even further up.

How could this have been sold better?

Well, it seems to me that if the action that you want to achieve is “hand your children over to us”, the very most obvious message that you need to add to that is “we promise that we will keep them safe”. However, since our government currently has as its policy that it wants to hold people for 90 days without trial, and to extradite them without hearings to the Americans, who in turn might subject them to extraordinary rendition and waterboarding, we are not currently in a position to make that promise. We need to get into a position to make that promise, and fast.

A policy recommendation – if an allied police force catches someone like this, treat it as a consular matter and fetch the guy back to the UK. Then it can be a police matter. Or the secret services could try to persuade him to inform…in secret. Just letting the Kenyans or whoever batter him is just as bad and fools nobody. It also makes the UK look duplicitous and underhand as well as ruthless.

I suspect this is better advice than any of the barrage of availability entrepreneurship spewing from the surveillance industry, Hazel Blears, Hitchens Minor 2.0, or the swarm of assorted grant-seeking missiles this sad event has released.

Churchill was wrong for most of his career, you know…

This Ha’aretz piece is interesting for the insight it gives into Israeli policy and especially into process, but also for a couple of other things. Notably, it’s remarkably frank about the Obama administration deliberately trying to stop Netanyahu going to war, and the role of dodgy casino guy Sheldon Adelson in both US and Israeli right-wing politics, and it provides the new information that the Americans have given up on the formal diplomatic channel and concentrated on influencing the Israeli military directly, on a brasshat to brasshat basis. The implied conclusion is that the IDF leadership are interested in external reality while Bibi is too busy being Winston Churchill, and further that they are interested in getting information from the Americans about what their own prime minister is thinking.

Also, Netanyahu considers himself an expert on US politics. The danger here is that the America he is an expert on may not be the same America everyone else is dealing with. If, as I suspect, he is getting a lot of his information from his Republican contacts, he’s living in an alternate universe. In so far as people like Sheldon Adelson are impressed by US politicians who know Bibi Netanyahu personally, his contacts are literally being paid to tell him what he wants to hear. It’s ironically similar to Bush before the Iraq war, just with the stove-pipe reversed.

However, I was astonished by this quote:

While the Fifth Fleet of the U.S. Navy is operating in the Straits of Hormuz, just as the Pacific Fleet was anchored at its home base near Honolulu on the fateful morning of December 7, 1941, the two instances are not really comparable.

Well, no, they’re not, are they? Some tabloid journalists keep a few paragraphs of general-purposes “sexy” in a file they can drop into a story as required and just change a couple of parameters to fit. This sounds like the same thing, but with Churchill!

Meanwhile, Colin Kahl, and this. It does look like there’s a coordinated push-back against the bullshit, which is good news for those of us who remember 2002. The US Navy bombs Iran…with love. Of a purely Platonic form between comrades of the sea. Oops. while also bringing the carrier back.

US policy does look like it’s trying to achieve three goals – 1) no war with Iran, 2) reassure the GCC countries (so they don’t start one), 3) restrain the Israelis (without pressing so hard they freak and start one). These are partly contradictory, but then what isn’t? Certainly, the combination of being ostentatiously nice to Iranian sailors while also sailing a giant carrier up and down the Gulf does fit the needs of 1) and 2).

a short telegram, or a very long tweet

Everyone’s linked to Mark Perry (of Conflicts Forum/Alistair Crooke fame)’s piece on Israeli spooks running around Baluchistan posing as the CIA already, but I will too as it’s very interesting indeed. I’m not sure what their bag in this is, other than the notion of “always escalate” and hope to profit from the general confusion.

But what’s really interesting is what the story is doing out there now. Here’s Laura Rozen’s write-up, which introduces the suggestion that they may have represented themselves as being from NATO and notes that a leader of the organisation said as much on Iranian TV before being executed. Meanwhile, the Iranians write to the Americans accusing the CIA of being behind the assassination of another nuclear scientist.

On Twitter, she suggests that the scientist wasn’t killed by the Americans (i.e. presumptively by the Israelis, or by people working for them wittingly or otherwise), and that this was staged specifically to queer the possibility of reviving the Iran-Turkey uranium swap deal. (You do wonder what George F. Kennan would have made of diplomatic tweeting.) Further, we know that a back-channel has been set up.

Disclosing information about the Israeli operation in Baluchistan might be a smart way of establishing trust between the US and Iran. Obviously, information about terrorists running about blowing stuff up and killing people is of value to Iran. Information that it’s the Israelis is obviously congenial to Iran. Crucially, burning an Israeli spy network is costly to the Americans and not something they would do lightly (the Perry piece is a monument to important people trying all they could to do nothing). In that sense, it is a meaningful signal – much more convincing than mere words. Presumably, Perry’s role at Conflicts Forum and with Arafat makes him a convincing postman into the bargain. And third-party spies are just the sort of thing that enemies can bond over. I recall reading about the IRA and the UVF staging a joint investigation to find informers in the early 1970s.

Another dose of speculation – if Baluch rebels were meeting with people who they thought were from NATO, was this plausible because NATO was in fact paying them off to leave the Karachi-Quetta-Kandahar supply route alone?

The intersection of electronic warfare and mall management

Here’s something interesting. You may remember this story from back in November about the CIA spy network in Lebanon that met at a Pizza Hut they codenamed PIZZA, and which was rolled up by a joint Hezbollah-Lebanese military intelligence investigation. The key detail is as follows:

U.S. officials also denied the source’s allegation that the former CIA station chief dismissed an email warning that some of his Lebanese agents could be identified because they used cellphones to call only their CIA handlers and no one else.

Lebanon’s security service was able to isolate the CIA informants by analyzing cellphone company records that showed the numbers called, duration of each call and location of the phone at the time of the call, the source said.

Using billing and cell tower records for hundreds of thousands of phone numbers, software can isolate cellphones used near an embassy, or used only once, or only on quick calls. The process quickly narrows down a small group of phones that a security service can monitor.

If the top paragraph is true, it would have been catastrophically ill-advised. Even somebody special, like a CIA agent under diplomatic cover, has a relatively large number of weak ties to normal people. This is the reverse of the small-world principle, and is a consequence of the fact that the great majority of people are real human beings rather than important persons. As a result, things like STELLAR WIND, the illegal Bush-era effort to analyse the whole pile of call-detail records at AT&T and Verizon in the hope that this would find terrorists, face a sort of Bayesian doom. We’ve gone over this over and over again.

However, phone numbers that only talk to special people are obviously suspicious. Most numbers with a neighbourhood length of 1 will be things like machine-to-machine SIMs in vending machines and cash points, but once you’d filtered those out, the remaining pool of possibles would be quite small. It is intuitive to think of avoiding surveillance, or keeping a low profile, but what is required is actually camouflage rather than concealment.

There are more direct methods – which is where electronic warfare and shopping mall management intersect.

Path Intelligence, a Portsmouth-based startup, will install a network of IMSI-catchers, devices which act as a mobile base station in order to identify mobile phones nearby, in your shopping centre so as to collect really detailed footfall information.

Similarly, you could plant such a device near that Pizza Hut to capture which phones passed by and when, and which ones usually coincided. Alternatively, you could use it in a targeted mode to confirm the presence or absence of a known device. Which makes me wonder about the famous Hezbollah telecoms network, and whether it was intended at least in part to be an electronic-intelligence network – as after all, nothing would be a better cover for a huge network of fake mobile base stations than a network of real ones.

Meanwhile, this year’s CCC (like last year’s) was just stuffed with GSM exploits. It really is beginning to look a lot like “time we retired that network”.