Category: surveillance

the British origins of #dirtbox

Many IMSI. So catching. Much aeroplane. Such Dirtbox. OK, so the US Department of Justice, or more directly, the FBI is flying around in light aircraft carrying an IMSI catcher in order to spy on the cellular traffic of evildoers and, hey, anybody else in the 37km max diameter of a GSM cell centred on where the aircraft happens to be right now. Thanks to Declan McCullagh we know they have been since at least 2009 because it’s in the manufacturer’s price list.

But, hey, Dirtbox. I have to say I find the story difficult to follow just with the comic contrast of all these terribly serious Americans with lists of questions to ask in the Senate, like so, and the fact every second word is “dirtbox”, and they’re all innocent about it.

“Dirtbox” is a British slang term equivalent to arsehole/asshole dating from the 1990s, now archaic, probably best immortalised in a Viz comic strip featuring Roger Mellie, the Man on the Telly, and celebrity Tony Slattery. The genius of Google Images wasn’t equal to finding it, at least not in the 30 or so seconds I was willing to invest. Another reference is Robbie Williams’ appropriately shitty album Rudebox. So you can see how this would make me laugh.

dirtbox

Right. Probed by the dirtbox equipment. But we’re not just here for cheap laughs, are we. Here’s a blog post of mine from 2012. It is not exactly secret that the British secret services have the use of a small group of Islander light aircraft based at RAF Northolt in London that do precisely this. I remember Internet references to this from people who ought to know as far back as 2004-5.

Rlchard Aldrich’s unofficial history of GCHQ, though, notes that they were involved in an arrest in 2007 and goes on to point out that they have existed since 1999 at the latest. The reference is pages 537 and 538 of the 2010 HarperCollins paperback edition. Aldrich suggests that the technology dates to the campaign against Colombian drug baron Pablo Escobar in the early 1990s. He also describes it as pulling in microwave backhaul links.

Aldrich’s version of the story is all about backhaul, but in my 2012 post I disbelieved that we had that much of it still on the air rather than on fibre. I’ve since learned that 3UK has fibre, increasingly, dark fibre it controls itself, to 90-odd per cent of its base stations, but Vodafone is in the 30s and is therefore heavily reliant on microwave. You would expect an early 90s emerging market network to be about 100% microwave, so perhaps Aldrich’s source was in fact talking about Colombia. But this is beside the point, as IMSI catchers work on the access side not the backhaul.

I would guess that the UK context would be Northern Ireland, which reminds me that although Aldrich describes the aircraft as operated by the RAF, I’ve read elsewhere that they have Army Air Corps tail numbers.

So. Airborne IMSI catchers have been operated by the UK since 1999 at least, possibly earlier, and they are known in the US by a British slang term that dates them to a few years earlier than that.

Moazzam Begg, always in the paper, rarely reported.

Am I right in thinking that Moazzam Begg’s political role is getting more complicated, more important, and more impressive? Here’s a story. It kicks off with:

British jihadi fighters desperate to return home from Syria and Iraq are being issued with death threats by the leadership of Islamic State (Isis), the Observer has learned.

A source with extensive contacts among Syrian rebel groups said senior Isis figures were threatening Britons who were attempting to travel home. He said: “There are Britons who upon wanting to leave have been threatened with death, either directly or indirectly.”

The source is apparently the Observer‘s home affairs editor’s source, rather than a foreign correspondent’s source, so you might well wonder what kind of anonymous source is based in London, has contacts in Syrian rebel groups, and is very, very keen to get the message out that ISIS might kill international volunteers, specifically British ones, who want to leave.

Begg now appears in the story. It’s impossible to know whether there is any logical link between the source and Begg, or whether the Observer writer juxtaposed them to make it look like they support each other, an old hack’s trick. But if you want to reach potential jihadi volunteers with the message that they can’t trust ISIS, an ex-Guantanamo detainee would be a more convincing representative than almost anyone else. He would be a classic “surprising validator”.

Reading down, it seems he certainly knows that some wannabe jihadis have been held against their will in Syria, but any association with the “source” is either the Observer‘s gloss on it, or else that of someone who briefed them.

Begg seems to be moving from a campaign for the release of Guantanamo prisoners, to a campaign both for forgiveness towards volunteers in Syria and to prevent them going in the first place. Both are necessary. But I really wonder about the complex politics emerging around him.

He is the face of the dissident campaign demanding an end to the extralegal punishment that defines the War on Terror. He is also something like a spokesman for people who would like to leave the jihadi movement. These two are mutually consistent. But he is also increasingly a voice for de-radicalisation and prevention as a strategy.

This makes sense as an alternative policy proposal, but it also involves him in the underreported bureaucratic fight between the community-policing (in every sense) people sponsored by DCLG since Hazel Blears’ time, and the traditional intelligence services. One side is focused on prevention, policing by the community (of people who are described as a community), and works with the police and social services. The other is focused on technical surveillance and agent-running. With less money about, the two have been fighting like cats in a sack since 2010.

Mark Townsend’s piece seems to be using quotes from him to further a briefing campaign against ISIS recruiting, and also to back the DCLG-Contest-Prevent people in government versus the hard security lobby.

Then, I also wonder about the mission to Syria that landed him back in jail in 2013. When he set out on that mission, we were still supporting Syrian rebels and especially the FSA, rather than flying close air support for the FSA and the regime at the same time. More than a few testimonies from returned British jihadis mention that they believed the Syrian adventure had some sort of official Western blessing.

So, we have Begg, ex-prisoner and cause célébre. We have Begg, peace activist. We have Begg, de-radicaliser. We have Begg, continuing Islamic aid worker. We have Begg, still a target of police surveillance. Do we have any other roles? I imagine they make sense as a wider whole to the man himself.

I can see every reason to run the best possible propaganda campaign to stop people signing up with ISIS. (I’m not quite as cynical as John Dolan, whose piece is pretty good even if he thinks Luton is in Yorkshire.) But this is complicated, risky, and ambiguous stuff and wants more scrutiny than it gets.

Begg has grown into a bigger and more interesting political role than just that of wannabe jihadi or Rumsfeld victim, the Islamic adventurer the lads wish they were, but at the same time, the wise old head and voice of reason, a figure of the debatable lands. If he doesn’t get killed, I wouldn’t be totally surprised to see him as an enduring national figure of some sort. But where is he going with it, and how far does he control it?

The problems of Puffin Party security

Here’s an interesting story of a Russian military intelligence officer deployed into Ukraine, apparently under plausibly-deniable cover, whose communications were meant to hide in plain sight among the chaotic noise of the Internet. Specifically, he’s a gamer and re-enactor in private life and he tried to use the channels of this subculture.

Unfortunately for him, it only cuts both ways up to a point. You can’t operate in the apparent anonymity of the Internet without also accepting its distinctive threats, and Anonymous got into his e-mail account with hilarious consequences. What appeared to be a trivial and frivolous subculture providing nonthreatening space turned out to expose him to everything Putin hates in the form of a genuine security threat.

I have just been reading Danah Boyd’s fine It’s Complicated: The Social Lives of Networked Teens, and an important point that sticks out is that a working definition of privacy is the ability to choose your audience.

Satellites to new heights

I’ve recently seen someone from the Satellite Applications Catapult come up on the UKNOF mailing list, asking about how best to get dark fibre from their Harwell offices into London with a view to distributing lots of satellite imagery. Obviously a CDN is the way to go, but the first thing that came to mind is whether they’ve got a new satellite. I mean, it’s vaguely surprising that an organisation that runs its own cloud platform would be asking for fairly simple networking advice, and even more so one that owns this.

Context, and more, plus much more in this category.

Proliferation

OK, so the weird weather and infrastructure crisis exacerbated by the Galbraithian combination of private affluence and public squalor is being monitored by the local newspaper using a web platform for 140-character snarkfarts and cat photos, and their robot air force. That, you know, provincial newspapers just have at the back of the newsroom. This is basically a Bruce Sterling novel, isn’t it?

Some Snowden consequences

Sir Humphrey says among much else, all worth reading:

An outsider looking in may well conclude that the sort of military assets needed to build and effect long term change, stability and security are those which have effects such as training teams, defence attaches, limited professional training and so on with the nuclear deterrent as the ultimate guarantor of security, and not so much on very heavy army assets like armoured divisions which are much harder to deploy. Looking more broadly, things like focusing heavily on cyber security defence is arguably more important than some other tasks – this is perhaps the problem facing the military today. The sort of interaction many nations want is quite localised, involving maybe a training team or specialist advisors or access to training courses.

I don’t think anyone can disagree that all sorts of countries, flooded with new electronics and computing capacity, well aware of the vast advantages it gave Western militaries in the last 30 or so years, are probably both deeply worried and also only vaguely informed about their information security problems.

Similarly, deploying four people from CESG or JANET CSIRT to do an assessment is the sort of thing that might gain friends and influence people, at remarkably low cost. We sent the Red Arrows on tour around the Gulf and did a half a dozen squadron-sized Typhoon deployments trying to sell Eurofighters with vast amounts of extremely expensive taxpayer-funded whoosh. “Cyberengagement” or better “information security cooperation” sounds like a great idea.

Until you remember that we hugely overdid the intelligence half of the whole thing, our fibres are radioactive, GCHQ pulls in the Queen’s selfies to the pool boy, if you ever sent a vCard on a UK-owned GSM network they kept it, and literally nobody will ever trust us on this issue ever again.

This goes double, triple, or quadruple with the news – try ioerror’s CCC talk if you haven’t already – that we’ve been involved in trying to compromise security tools, forums, and infrastructure everybody uses. I find this more shocking than pretty much anything else in this story.

Reading the newspaper, carefully

This Indy story is making some waves.

The first point I’d draw from it is that the UK special relationship with the Gulf states is getting another go-round, and William Hague seems mad keen. As well as a lot of effort to sell stuff, and the town the size of Wigan or Oxford made up of expats, there’s been informed talk of one or other GCC state wanting an RAF squadron stationed there (as if we had Typhoon airframes to spare, which we don’t, but that’s another story). A GCHQ presence fits right in. It also fits right in with the theme of keeping some of the Iraq/Afghanistan infrastructure in being on a long term basis.

The second point is that persons interested in knowing more would do well to consult a map of submarine cable landings. The third point is that Glenn Greenwald clearly has no idea who Duncan Campbell is, although I guess this is fair for someone who isn’t a British journalism trainspotter.

The fourth point is that there is a far simpler explanation of the story that works with both the Indy‘s claims and Snowden’s denial of giving them any information. That would be “the Indy deduced it by close reading of the Snowden stories, and then trailed it past a source”. Literally every occasion this blog has published substantive news (and it has! now and then in the last 10 years) was based on something like that, and IF Stone apparently said that it’s amazing what you can find out by reading the newspaper carefully.

GPS jamming for fun and profit, or at least workplace dignity

Here’s a really fascinating article in Inside GNSS about the proliferation of electronic countermeasures against GPS. The heaviest users are lorry drivers, who use GPS jammers to disrupt management surveillance of their working day. I would guess that this has probably benefited from an existing culture of radar detectors, GATSO databases, and such.

This causes curious side effects, notably where major motorways are close to airport runways for which a GPS-based nonprecision approach is published (the authors propose various algorithms), and in financial districts where high-frequency trading systems require very accurate timing. This results in a large concentration of tier-1 NTP servers fed by GPS receivers, that get disrupted on a regular basis by a delivery van using a jammer.

Another interesting use case that comes to mind is Google’s NewSQL, globally distributed, column-based data store, Spanner, which relies for its versioning-based consistency guarantee on very accurate timing typically derived at each location from multiple GPS receivers. The Googlers did build in cross-checks between sites, not being dumb or anything, so there are limits to how much weirdness it could cause.

The devices cost a few dozen galactic credits a go. Inside GNSS points out that they are advertised on the basis of how much Tx power they crank out, which isn’t ideal as the GPS signal is very diffuse at this distance from high earth orbit, and any more than the minimum power to drown it out both buggers it up for others and increases your chances of being detected.

I feel I should point out that Charlie Stross actually suggested this solution, or actually a somewhat more advanced one more like this, in comments right here on this blog as a way of defeating Alistair Darling’s national road-pricing system. Sadly, even Google search can’t find it in the old enetation comments system.

Meanwhile, in Keighley:

Mrs Orchard, of Denholme Gate, said shortly after her sick leave started, odd phone calls were made to the family home by people asking if she could do some work for them, her family and neighbours saw men hiding in cars outside her home, and then she found a GPS tracker had been attached to the underside of her Audi car.

two points on Snowden in the UK

Just a couple of points about the British wing of Snowden. First of all, what function does it serve to go begging to the Americans for sums of money that aren’t especially big in the context of a £1.8bn single intelligence budget?

Well, the money is a costly-signal that UK cooperation is valuable to the Americans. This legitimises the “NSA ask” in return. And in turn, the “ask” can be used to lobby the rest of government. We must have X, Y, and perhaps even Z because otherwise we’d displease the NSA and they’d pull their contribution…which you would have to replace!

Second, it’s interesting the way the government likes to re-use acronyms. According to Richard Aldrich, GCHQ’s budget line-item for fundamental research in cryptography and computing was called “Methods to Improve” throughout the coldwar. It’s no surprise, then, that “Mastering the Internet” has the same acronym, and probably a fair guess that the new name meant much the same thing but with Internet awesomesauce to impress notorious e-mail printer, Tony Blair.