From James Bond to Johnny English, the movies give us the impression that spies are top of the tree when it comes to money-no-object espionage technology. But that doesn't seem to have been the case with the 10 people charged by the FBI last week over long-term deep-cover spying. They seem to have been living way down the techno food chain.
According to the FBI's two affidavits, the suspects used steganography – a form of message concealment – to hide messages inside online pictures. They also used customised wireless software to transfer files covertly between laptops and deleted sensitive information from their encrypted hard drives. And they used shortwave radio to contact Russia. Just what you'd expect spies to do – but with all these technologies they blundered in ways that made the FBI's job easier.
Their use of easily detectable picture steganography – hiding text data unnoticeably by subtly changing the digital pixel brightness or colour values in an image – has a leading expert in that field of research baffled. "Using picture steganography is pretty outdated," says Wojciech Mazurczyk of the network security group at Warsaw University of Technology in Poland.
"You hide a message in a picture, upload it somewhere and then someone has to download it. It's just too complex." And the technique is only good for hiding small amounts of information: "You have to send too many pictures to send a decent amount of data. And it leaves a trail because the picture is on email servers between source and destination," he adds.
Hidden in plain view
The FBI can testify to that fact – it found 100 pictures with readable text in them. The bureau says the suspects secreted encrypted text data in images using customised steganography software believed to have been developed by the SVR, Russia's foreign intelligence service.
That choice – not using a commercial or freeware package – was probably a security measure, but it was undone when the instructions for opening the program ("press ctrl, alt and e") and the 27-character password it required were left on a notepad in a suspect's New Jersey home.
Mazurczyk says that smarter spies would move to a very hard-to-detect technology called "network steganography" – a variety of methods to sneak extra information into streams of internet phone calls or undefined internet traffic.
"These methods transfer a dummy file and simultaneously send secret data. So if no one caches your VOIP or network traffic the trail is gone," he says. "If these Russian spies had used modern network steganographic methods they most likely would never have been caught," he says.
Still more astonishing, perhaps, was the way one suspect regularly communicated from her laptop in a café or book shop with a known Russian embassy official via a contact's laptop in a minivan out in the street. On 10 Wednesdays between January and June this year, the FBI was able to sniff and detect the hard-wired MAC addresses of each person's laptop as they used a customised wireless file-transfer package.
Normally, MAC addresses identify a computer to, for instance, a Wi-Fi router, allowing the router to decide if it should allow the computer to access the internet. What is surprising is that the alleged spies did not think to regularly change their laptop MAC addresses to obfuscate any surveillance operation. This is easily performed using a small piece of software called a MAC spoofing utility, which is available online or could easily have been written into the laptop comms package by the SVR.
Instead, the FBI now has a complete record of the unchanged MAC addresses communicating on multiple occasions.
"I guess they got a bit arrogant and just didn't bother to look for surveillance," says Tony Sale, a former wireless technology expert for MI5 – officially known as the Security Service – the agency charged with protecting the UK against terrorists and spies.
Empty the bin
In another arena, the FBI's suspects displayed blind faith in a computer's apparent ability to delete data. It doesn't work like that: "deleting" a file merely removes the filename header, leaving the data intact on the hard drive until it is overwritten. So when the home of a Boston suspect was searched by the FBI, multiple deleted messages, thought to have been due for transmission by steganography, were found and recovered from hard drives. Use of any commonly available data overwriting utility could have kept that evidence hidden.
Of course, spies don't always need new tech. A search of the house of one of the alleged spy cells in Yonkers, New York, revealed an old-fashioned shortwave radio which the FBI thinks had been used to receive encrypted Morse-code signals from Moscow. Unfortunately for the Russians, however, the suspects failed to conceal their decryption codebooks.
Shortwave was not a bad idea, though. "Using shortwave Morse is fairly good cover," says Sale, who monitored Russian spies in the UK communicating with Moscow in the 1960s. "There probably aren't all that many intercept stations listening for Morse traffic any more."