Russian spy ring needed some serious IT help

Network World - The Russian ring charged this week with spying on the United States faced some of the common security problems that plague many companies -- misconfigured wireless networks, users writing passwords on slips of paper and laptop help desk issues that take months to resolve.

In addition, the alleged conspirators used a range of technologies to pass data among themselves and back to their handlers  in Moscow including PC-to-PC open wireless networking and digital steganography to hide messages and retrieve them from images on Web sites.

They also employed more traditional methods including invisible ink, Morse Code and ciphers, according to assertions made by federal agents in court papers seeking arrest warrants for the suspected spies.

The history of steganography

One of the most glaring errors made by one of the spy defendants was leaving an imposing 27-character password written on a piece of paper that law enforcement officers found while searching a suspect's home. They used the password to crack open a treasure trove of more than 100 text files containing covert messages used to further the investigation.

"[T]he paper said "alt," "control" and set forth a string of 27 characters," the court documents say. "Using these 27 characters as a password, technicians have been able successfully to access a software program ("Steganography Program") stored on those copies of the Password-Protected Disks that were recovered…"

This sticky-note problem is common, says John Pironti, president of IP Architects, a security consulting firm. "Humans don't really do well remembering passwords beyond six characters, so they write them down someplace," he says. The real mistake was thinking that the home was secure enough to leave the password lying around.

Pironti says the use of steganography is also common, taking data and subtly inserting it into images so the changes aren't very noticeable to the naked eye. One notable aspect was that the steganography program used by the Russians is not commercially available, he says.

Without the program and without knowing what images might contain messages, it would have been nearly impossible to find the messages, Pironti says.

But a computer hard drive copied during one of the searches revealed a store of Web sites that agents visited and from which they downloaded images. Running the steganography program on some of those images revealed text files.

A Boston search yielded a hard drive that contained what investigators believe are drafts of messages to be embedded in images. The messages had been deleted, but investigators were able to recover them.

Some of the communications federal agents gathered indicate the spies weren't comfortable with the technology. One message shows a suspected spy trying to figure out how to embed a message in an image, and an audio recording inside one suspects home picked up a voice saying, "Can we attach two files containing messages or not? Let's say four pictures…"

The spy ring had numerous technical problems, including file transfers that hung and wouldn't go through and difficulty replacing laptops when necessary. In one case, an agent was so frustrated by laptop issues that she unwittingly turned it over to an undercover FBI agent.

In another case, replacing a laptop took more than two months. A suspect bought an Asus Eee PC 1005HA-P netbook, flew with it to Rome, picked up a passport in another name, flew on to Moscow and returned with it -- a process that took from January this year to March. Presumably Moscow headquarters configured the device.