Covert Comms (Issue № 2)
Our weekly(ish) brief on current events, espionage, digital security, and privacy from around the world.
Welcome to our periodical brief Covert Comms, where you receive current events, espionage, digital security, and privacy-related insights from us directly to your inbox.
Behind the cloak & dagger: covert communications have long been used for two parties, normally handler and spy, to communicate secretly (and oftentimes remotely) without the knowledge of the Opposition aka bad guys. Covert communications are a classic tool of spycraft and have been used since literally the beginning of time (espionage is the world’s second-oldest profession so we’ve got some history behind us), the ancient form being steganography, or concealing a message within another message or object.
Leave your secrets (aka your email) with us and you’ll receive the latest insights, commentary, and news directly to your inbox. We strive for timeliness, relevance, conciseness, and of course — a dash of intrigue and occasional wit.
Federal judge whose son was killed in attack says gunman targeted Sonia Sotomayor
U.S. District Court Judge Esther Salas, whose son was killed and her husband wounded in an attack meant for her, says the gunman also had his sights on Supreme Court Associate Justice Sonia Sotomayor. Salas reveals for the first time authorities found a dossier on Sotomayor in a locker used by her assailant, Roy Den Hollander, a lawyer who had a case before Salas and committed suicide after killing her son, Daniel. Her son's death sent Salas on a crusade to pass legislation that would scrub the personal information of judges off the internet. When she learned what the FBI found in the locker, she realized she was not the only one in Hollander's sights.1
Analyst Comment:
As this tragic incident highlights, security does not apply retroactively. Here, we witness the power of publicly available information as used for nefarious purposes: a disgruntled individual leveraging information found online — in this case the address of a district court judge — to arrive at her home with the intent of committing murder. As Judge Salas now recognizes all too painfully, the ability to remove, scrub, or otherwise suppress personal information from appearing online is a critical action that all of us can take today, and not after a threat has arrived at our doorstep (literally). You do not have to be a federal judge to warrant the minimal amount of effort required to manage your signature online and to better understand how that information could be used by a threat actor against you. We even offer this as a core service should you desire assistance. Digital security and privacy are best applied proactively. This judge may not have had “anything to hide”, but she certainly had something to protect.
South Africa: ‘Dr Death’ discovered to still be practising medicine
Wouter Basson, the doctor who led Project Coast, an apartheid-era chemical and biological weapons programme that targeted the country’s black population, continues to practise medicine in a private clinic outside Cape Town. Mediclinic Durbanville, a hospital located in a north-east suburb of Cape Town, has a website with Basson’s profile in which his CV, address, phone number and email are made available to the public. In his professional photo, the physician has a hint of a smile. He is bald, grey-bearded and dressed in a charcoal-coloured suit paired with a striped tie. By all appearances, this is a completely normal man, except for one detail: from 1981 until the mid-1990s, Basson was the all-powerful leader of Project Coast, a chemical and biological weapons programme set up by the apartheid regime to develop substances that could poison, sterilise or kill South Africa’s black citizens.2
Analyst Comment:
We included this article in our roll-up given it again highlights the power of publicly available information found online in achieving important endstates — in this case the use of a public CV and photograph to identify a man’s unfortunate and shady past as the head of South Africa’s chemical and biological weapons development programme during the Apartheid. While there does not appear to be much evidence suggesting Dr. Basson intended to conceal elements of his past, he most certainly did not wish to highlight it. Nevertheless, the quantity of data available for online investigations exponentially accelerated the risks of his eventual discovery, by simply cross-referencing the available data. Open Source Intelligence wins yet again.
A Home Security Worker Hacked Into Surveillance Systems to Watch People Have Sex
A former employee of prominent home security company ADT has admitted that he hacked into the surveillance feeds of dozens of customer homes, doing so primarily to spy on naked women or to leer at unsuspecting couples while they had sex. Telesforo Aviles, 35, pleaded guilty to a count of computer fraud in federal court this week, confessing that he inappropriately accessed the accounts of customers some 9,600 times over the course of several years. He is alleged to have done this to over 200 customers.3
Analyst Comment:
This case of a rogue employee abusing his privileges to access sensitive and personal customer intimate encounters is what amounts to the quintessential “insider threat”. Humans are typically the weak link in any security endeavour, and reputable company ADT is no exception. While 9,600 instances of inappropriate access may not seem like much compared to the company’s overall customer list, this misuse causes exceptionally grave damage for a company built around the principles of trust and security, both of which suffered here. And it’s not just ADT. As we detail in our free digital security guide and elsewhere, smart assistants such as Alexa and Siri have also experienced instances of employees abusing their privileges to snoop on customers. The devices are literally always listening — how else could they offer the allure of convenience in our daily lives?
In a Dangerous Game of Cat and Mouse, Iran Eyes New Targets in Africa
When Ethiopia’s intelligence agency recently uncovered a cell of 15 people it said were casing the embassy of the United Arab Emirates, along with a cache of weapons and explosives, it claimed to have foiled a major attack with the potential to sow havoc in the Ethiopian capital, Addis Ababa. But the Ethiopians omitted a key detail about the purported plot: who was behind it. The only clue was the arrest of a 16th person: Accused of being the ringleader, Ahmed Ismail had been picked up in Sweden with the cooperation of friendly “African, Asian and European intelligence services,” the Ethiopians said. Now American and Israeli officials say the operation was the work of Iran, whose intelligence service activated a sleeper cell in Addis Ababa last fall with orders to gather intelligence also on the embassies of the United States and Israel.4
Analyst Comment:
In what reads like a spy thriller novel, we are reminded of the games nation states play behind the curtain in their pursuit of influence — a murky world where espionage, assassinations (or “targeted killings”, which circumvent U.S. legal restrictions against assassinations per a Reagan-era executive order), and state-sanctioned violence truly are the norm. In this latest success story for Western powers, namely the U.S. and Israel, regional malign actor Iran was apparently thwarted in their attempt to possibly attack “soft targets” in the often backwater region of Africa to avenge the Islamic Republic’s loss of their top nuclear scientist (assassinated by Israel last November) and beloved leader of their paramilitary arm the Quds Force Maj. Gen. Qassim Suleimani (assassinated by the U.S. last year). This is significant because it highlights the deep cooperation and liaison required among Western nations and regional allies — in this case Ethiopia — to ensure the protection of U.S. interests (and projection of power) abroad. It also highlights the manner in which state and non-state actors seek to impose costs on their adversaries, through the use of unconventional means and below the threshold of traditional state-versus-state conflict.
Suburban spies: all in the family
It's more 10 years ago now that Sandra Hogan received an unusual tip-off. A woman, Sue-Ellen Doherty, wanted to tell a journalist the story of how she and her siblings grew up with spies for parents. A mutual friend suggested Hogan meet up with her. And so, she did. It was, Hogan says, a surreal first meeting in a Brisbane cafe. She was mostly dubious about the things Doherty was telling her at first - about how, growing up, she and her siblings helped out their parents in their day-to-day work as ASIO [Australia’s national security service] spies. They learnt how to memorise numberplates, notice unusual behaviour, and follow people undetected.5
Analyst Comment:
Memorizing license plates, noticing unusual behavior, entertaining all kinds of people at home, not unpacking their bags in a hotel in the event a quick getaway was required — all basic lifestyle and tradecraft matters learned by Australian family members brought into the ASIO’s (Australian Security Intelligence Organisation) fold during the Cold War against Soviet spies in the homeland. We appreciated this piece as it highlighted the basic lifestyle adjustments considered the norm in the espionage business (i.e. eating “dinner with informants” and spending time with “people of interest”) that intelligence officers and their family members often experience, as well as the emotional and psychological effects it had on them years later.
COVID sparks resurgence of ISIL terrorists, threatening international peace and security
The threat to international peace and security posed by ISIL terrorist fighters is “on the rise again”, the UN counter-terrorism chief told the Security Council on Wednesday. As the international community continues to grapple with the legacies of the group’s so-called “caliphate”, the UNOCT (U.N. Office of Counter-Terrorism) chief said that some 10,000 ISIL fighters, mostly in Iraq, are pursuing a protracted insurgency, posing “a major, long-term and global threat”. “They are organized in small cells hiding in desert and rural areas and moving across the border between the two countries, waging attacks”, he elaborated.6
Analyst Comment:
In what surely does not bode as favorable news for the struggling U.S.-backed Iraqi government, the messy and ever-evolving asymmetric threat posed by marginalized Sunni extremists in Iraq continues to morph — seemingly impervious to consistent attempts by a large international coalition to usher about its end. Since Al Qaeda in Iraq (then “AQI”) rebranded as ISIL and swept through vast swaths of Iraq in 2014, the group has posed a persistent threat to regional stability — even after being beaten back during the subsequent five years and culminating in the death of Islamic State leader Abu Bakr al-Baghdadi in 2019. Impressively, the group has proved resilient to such pressures and speaks to the nature of terrorism in the modern age. It also speaks to the group’s influence on regional stability, as other regional powers vying for hegemony seek to capitalize on their neighbor’s vulnerability — including Turkey, Iran, and Israel. It remains to be seen what this Forever War brings for U.S. national security efforts and resource expenditure as U.S. presence in-country enters its 18th year in some form since 2003. We ourselves have spent time in this region fighting variations of this instability and are keen on some measure of resolution.
Flaw in popular video software Agora could have let eavesdroppers in on private calls
A software flaw could have allowed hackers to spy on private calls through dating and telehealth applications, according to McAfee research published Wednesday [17 Feb]. The flaw, which stems from an encryption error, affected a video-calling software development kit (SDK) developed by Agora.io that is used by dating services such as eHarmony, Plenty of Fish, MeetMe and Skout and medical applications such as Talkspace, Practo and Dr. First’s Backline, according to McAfee. Agora is used by 1.7 billion devices for a whole host of applications used for educational, retail and gaming purposes as well as for other socializing reasons, the company says. McAfee’s Advanced Threat Research team and Agora said they do not have any evidence that the flaw has been exploited.7
Analyst Comment:
Thankfully, there was no evidence suggesting this flaw was exploited. Nevertheless, we encourage you to take the necessary precautions to protect yourself and your loved ones from instances of exposure such as this. As people increasingly rely on digital services to communicate privately, for work, or telemedicine, the criticality in carefully selecting the services with which to entrust your personal communications and data without the threat of eavesdroppers grows more readily apparent. It is thus we continue to recommend the use of end-to-end encrypted, zero-knowledge communications platforms such as Signal or Wickr, along with other techniques (i.e. removing smartphone applications you really don’t need) listed in our free digital security guide.
Email Attackers Target Victims Based on Demographics
Attackers consider demographics data such as age and where the user lives when crafting email-based attacks and identifying who will be targeted. The analysis of whether or not a person will be a victim happens for broad "cast a wide net" attacks, as well. Risk is not evenly spread out among users across geographic and demographic boundaries, a joint study by researchers from Google and Stanford University found. Some users, irrespective of their security practices, are more likely to be targeted than others. There were certain factors that put a user at a higher risk: already being a victim, location, and age. There were other factors at play, with smaller effects, such as the frequency of Gmail usage and whether the person used mostly mobile devices or also used a personal computer, as well.8
Analyst Comment:
This write-up on a recent joint study by Google and Stanford University researchers offers valuable context for us in the realm of phishing and malware attacks against Gmail users. While we recommend the use of ProtonMail due to its security features and privacy-sound architecture, understanding the nature of email-based attacks in general offers us insights we can apply to our own digital security posture. In this study, researchers examined approximately 1.2 billion messages “against Gmail users in a five month period”, and found that one of the strongest indicators that a user would be targeted was that their personal data had already been exposed in a different data breach. Specifically, having email addresses and other sensitive details exposed in a third-party data breach “increased the odds of being targeted by phishing or malware by five times.” This is a significantly valuable insight that speaks to the importance of understanding where you are vulnerable online and how that impacts the likelihood of being targeted in future attacks. We can tell you if your email has been seen in a data breach, which we offer as a core privacy service in addition to our free digital security guide, which significantly prepares and educates readers on how to lock down their digital security and privacy before it’s too late.
Enjoy Covert Comms? Brief your friends, colleagues, and others (including grandmothers, who are avid consumers of intelligence). Have a tip or article you want us to cover? Send it our way by leaving a comment below.