Russian Spy Ring Needed Some Serious IT Help
Russian spies allegedly used steganography, open wireless networks and transfer of memory sticks to swap data, but faced problems such as leaving a password lying around on a piece of paper and trouble getting laptops fixed in less than six months.
Wed, June 30, 2010
Network World — The Russian ring charged this week with spying on the United States faced some of the common security problems that plague many companies -- misconfigured wireless networks, users writing passwords on slips of paper and laptop help desk issues that take months to resolve.
In addition, the alleged conspirators used a range of technologies to pass data among themselves and back to their handlers in Moscow including PC-to-PC open wireless networking and digital steganography to hide messages and retrieve them from images on Web sites.
They also employed more traditional methods including invisible ink, Morse Code and ciphers, according to assertions made by federal agents in court papers seeking arrest warrants for the suspected spies.
One of the most glaring errors made by one of the spy defendants was leaving an imposing 27-character password written on a piece of paper that law enforcement officers found while searching a suspect's home. They used the password to crack open a treasure trove of more than 100 text files containing covert messages used to further the investigation.
"[T]he paper said "alt," "control" and set forth a string of 27 characters," the court documents say. "Using these 27 characters as a password, technicians have been able successfully to access a software program ("Steganography Program") stored on those copies of the Password-Protected Disks that were recovered…"
This sticky-note problem is common, says John Pironti, president of IP Architects, a security consulting firm. "Humans don't really do well remembering passwords beyond six characters, so they write them down someplace," he says. The real mistake was thinking that the home was secure enough to leave the password lying around.
Pironti says the use of steganography is also common, taking data and subtly inserting it into images so the changes aren't very noticeable to the naked eye. One notable aspect was that the steganography program used by the Russians is not commercially available, he says.
Without the program and without knowing what images might contain messages, it would have been nearly impossible to find the messages, Pironti says.
But a computer hard drive copied during one of the searches revealed a store of Web sites that agents visited and from which they downloaded images. Running the steganography program on some of those images revealed text files.
A Boston search yielded a hard drive that contained what investigators believe are drafts of messages to be embedded in images. The messages had been deleted, but investigators were able to recover them.
