Black Hat 2013 - OPSEC Failures of Spies

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

TIL faraday bags exists. So I guess all you got to do is find foreigners in Hong Kong with this bag and you know they’re probably spies lol

πŸ‘οΈŽ︎ 8 πŸ‘€οΈŽ︎ u/lurker4lyfe6969 πŸ“…οΈŽ︎ Sep 05 2019 πŸ—«︎ replies

This is probably how China was able to get so many American spies in their country albeit in a much more technical and sophisticated manner.

πŸ‘οΈŽ︎ 8 πŸ‘€οΈŽ︎ u/lurker4lyfe6969 πŸ“…οΈŽ︎ Sep 05 2019 πŸ—«︎ replies

I saw this briefly mentioned in Zoz's defCon talk called "Don't Fuck it Up". I've never seen the full version of the story though. Thanks for posting.

πŸ‘οΈŽ︎ 4 πŸ‘€οΈŽ︎ u/SlightlyCyborg πŸ“…οΈŽ︎ Sep 05 2019 πŸ—«︎ replies
Captions
hi my name is Matthew Cole I'm a producer with NBC News and I'm going to do something slightly different than what you guys have seen throughout the course of the day which is obviously I don't have very much technical knowledge at all but I have a story for you and it just so happens to coincide with with technical stuff I pitched this OPSEC failure of spies before Edward Snowden made any of his leaks and so it only became more timely in that it's about metadata and just to give you a little bit of background I cover national security and intelligence and worked on what will be called the Italian job which was it how it was colloquially known inside the agency but it was a extraordinary rendition in 2003 and I worked on the story for I did a piece for GQ and then sold the book to Simon & Schuster and the book was eventually killed and so what I ended up with was about five or six years worth of reporting some of which has been reported but a lot of which has never seen any kind of public forum so this will be the first for it and just as a small note for most of the slides that you're going to see here they are open source they were pulled off the internet in part because the Italian government and prosecutor who was involved in this did a marvelous thing of trying to shine as much sun sunlight as he could on the CIA so just to give you a little bit of background so 2003 obviously these post 9/11 CIA is dashing madly all around the world to try to find people who they believed were connected to al-qaeda terrorists etc etc and they came up with a sort of a new spin on an old concept which was extraordinary rendition now historically extraordinary rendition was taking someone who they believed was in a third country let's say Croatia who was an Egyptian and what wanted in Egypt for terrorism and they would act as something like a Federal Express they would pick up a package and they would deliver a package and if that package was later tortured that's how it goes and after 9/11 they wanted to up their game and they had a different idea which was we didn't need to charge anymore and we didn't necessarily have to get help from the locals we want to be able to grab people if we think they're vital so 2002-2003 Abu Omar an Egyptian cleric living in Milan had permanent resident Italian residency was a spiritual guide to some young jihadists the CIA believed that he had involvement in shipping young men to Iraq this is before the war but nonetheless was part of a Underground Railroad that would send people to al-qaeda to fight in Iraq when the war begin so the CIA decided they were going to take him this picture is an actual surveillance picture that Italian counterterrorism forces took slyly and covertly actually on the spot where he was grabbed a month later so this this photo is is about 50 feet from where he was grabbed a month later and this picture was found on the in the possession of or in the house of one of the CIA officers who was later whose home was raided although he was not grabbed so they grabbed him on 17 Sept February 2003 taken from Milan they fly him to Germany they transit him at a US Air Force Base and then they send him to Egypt where he goes into interrogation now they had a long list of questions for him where's Osama bin Laden when's the next attack what do you know what do you know what do you know unfortunately he didn't know very much but they gave him a very rough treatment over a period of time he was in Egyptian an Egyptian cell for about 14 months and Italian prosecutors and police had only one small lead which was that on the day that he was taken a young woman a mother of two with her two kids and a loaf of bread was walking down the street and they happened to see a guy who they thought might be the local Imam being shoved into a van and the van speeding off so the police had a time of day and a location which helps so the prosecutor asked the investigators to do a cell phone tower dump and find all of the cell phone towers in the two or three block radius of the kidnapping between a four-hour block and give him all the data now as it was that took that process because of some mistakes took some time meanwhile in his 14 months after 14 months because there was no charge the Egyptians freed him and one of the first things he did was he called his wife who was back in their apartment in Milan and that phone call was being tapped by the Italian authorities they hear the phone call they get a transcript and in it Abu Omar says I was kidnapped they were Western the Italians knew that it was Americans they suspected that it was the Americans but they didn't have anything to look at at around the time that Abu Omar makes that fateful call to his wife the investigators come back with data and that data was analyst notebook which gave them everything that they could want to know about metadata and phones being used in the spot and around after about a month and a half of investigation they started to find something really interesting so what we see here is a closed-off network of roughly 18 individuals using about 30 phones that in essence only were used to talk to each other so they were a completely quarantined network now if you are a prosecutor looking and sifting through metadata this here sticks out sticks out a lot and it sticks out like a sore thumb now the term for the people who are on the street that the CIA was was employing called snapshots they do surveillance all around the world they try to blend in and look like tourists or just locals they have in a it's very low they have the low end of the job but it's quite important because they are the ones who are exposed physically they come into the country under aliases sometimes under real name and they go about doing their business to try to grab people or figure out of someone's being followed so when the Italian prosecutors were looking at the network they could see that there was some kind of conspiracy going on it was a good circumstantial case that they could start to build but there was more once they had the phone numbers and could identify the network that was being used they focused on all of those phones and how long they were being used in every call they made while they were turned on in Italy what were they able to do minute by minute roughly they were able to get a map of every where they had moved so this image is actually the cell phone use on the day of the kidnapping at the time of the kidnapping and if you start here at the top it's hard to see this pointer is not great but at the top at the beginning of the L line is ah below Mars house and they had a team that was sitting outside waiting because they knew every day at roughly at noon he went to he went to the mosque to pray so they waited for him and they walked and followed him and they had another team come and walk and follow him and that yellow line represents all of the calls that were being made on that day at the moment they took him and it stops it stops right where that picture of the van is because that's where they grabbed him and then drove back in the opposite direction to head out of town so one of the reasons why one of the reasons why I pitched this this talk was because in the current debate about metadata what none things that we're hearing and we heard it today from a general Alexander is that the content of the calls is not being collected and therefore there isn't much of a privacy issue and one of the things that we learned from the Milan case and the CIA is certainly continuing to learn is that in many ways metadata is far more telling than the conversation you're having so it really doesn't matter that they're not capturing what it is that you're saying to mom it's that when they make that when you make that call and the other phone receives it through analysis Network analysis data visualization and sifting through the metadata they can tell you more about your life and understand the patterns of your life than you think um you know it realized we in some ways we're kind of like ants we have patterns physically that that repeat over and over and over again and our cell phones give that data away and it's giving it away to some cost so if you were here for the keynote address this morning you saw that general Alexander showed a quick box of what it looks like when the metadata of a phone is actually tracked a phone number another phone number duration of the time this is similar this is a these are these names that you see here are actually aliases and fake names dummy names but the the phones are correct and then you have the number of times they made a call you had the first time they were used and the last time they were used all within generally what they discovered quickly was that you know for about thirty-five phones they all started about two months before the operation and they all ended two days after the operation so again they're building a case through the metadata and sifting through figuring out who is whom and how they were behaving this is just a quick example of the type of analysis and network analysis that they're looking at you have on each side two different phones two different SIM cards represented by a cell phone number and all the different further other phones that they call to get a sense of what they're doing this is just a close-up to give you an idea of what it looks like so once they were able to figure out that they clearly had a criminal case criminal conspiracy there was a group of people they suspected Americans they were obviously up to no good and they certainly had something to do with the disappearance of this Imam they started to drill in and started to look at find out more about what they could get from the metadata and once they were able to identify the phones they started to do something really clever they said well let's see what they do over the course of the day what does the day look like for them and they would watch them again this is 14 months later but sifting through the data they would watch them and they would watch them move and do surveillance and around the area where Abu Omar was and track him and then they would see that at the end of the day like normal people they would go and have dinner and then they would go stay in their hotel and when they went in the hotel they did not take the batteries out of their cell phones so what happened those phones continued to ping and so for eight hours or ten hours those phones sat in one location without moving without doing anything and they drill it and they got another cell phone tower dump and they found where the phones would rest at night they looked around and they figured out which hotel was in through with was it within 300 feet they went to the hotel they said you know can we see a list of all the Americans who have stayed here and they started to figure out who was who and as they did they really could build out again more and more about what they did while they were there so Raymond Harbaugh it's not his real name it's an alias but Raymond Harbaugh was the leader of the surveillance team the snapshots if you will older gentleman very very very well versed in traveling around Europe blending in and doing surveillance for the CIA and what you can see in this in this slide is is that at his disposal he's using at least two phones with three chips okay among other things they've got his passport they were able to get his credit card all the hotels that he stayed at including the dates and then the various phones that he that he was in contact with now I mentioned that Harbaugh was not his real name generally when you want to do a covert operation one of the things you do is you try to be covert right you go they send you out to a foreign country and you've got a fake passport and you've got a credit card in that name and you've got as you'll see in a second a triple-a Motor card and all sorts of other things all in that identity for some reason they sent poor poor jerk George Purvis to Milan with his real name now George Purvis was also a very veteran guy been in the CIA for about 20 20 years doing almost entirely this kind of work in counterterrorism surveillance the stuff that you're supposed to be a real spooky spy James Bond kind of thing well George Purvis didn't get the memo when he landed in Milan and he registered himself into his hotel only step back for a second we know about George Purvis because of his cell phone so I'm skipping ahead to say that the metadata gave away who he was his phone etc etc so now they're looking into to what he did when he registered at the hotel he registered under his name he gave his emails his wife's email address he gave his home address he was very helpful gave his phone number everything you might ever need to find George Purvis now as a quick aside if any of you are compelled to go find George Purvis in Northern Virginia I do not recommend knocking on his door he does not take to it very well he's a little sensitive about having been exposed now Purvis and Harbaugh were two important links because as I said before this was a closed Network and the CIA did think about this they sent out 20 people to do something that was covert and the idea was that there had to be a firewall they could not be in communication with any of the CIA employees in the country that was a simple tradecraft rule and George Purvis and Raymond Harv although were the the two interfaces those two and those two only because they were the most senior were to be contacting the station and other parts of the CIA in Italy that happen either needed to help they needed additional phones they needed a strategic advice on what to do when Abu Omar didn't show up one day this was supposed to be a very quick job of Omar turned out to be not as predictable as they had hoped and so they spent weeks just surveilling and surveilling and surveilling so Purvis and Raymond horrible acted as this filter and we'll get there for a second now I'm going to skip ahead just slightly one of the things that we that that I discovered in this over the course of it was that later the CIA could see that they had made mistakes and we'll get to that in a second but they did their own internal investigation and when they did their own internal investigation they looked at this they said Jesus the snapshots really didn't do a very good job let's go ask them what happened so they went down to the bowels of the agency to find the snapshots and say what went wrong and they asked one particular guy who was on this job said why did you think that when you were walking around with your cell phone even though you weren't using it that it wasn't leaving an electronic handshake with the towers as you went around and this covert James Bond guide said well you know we were told that if we just held our cell phone in a bag of potato chips it was going to be clean now it's pretty funny of course this is what he really meant was that it was supposed to be a Faraday cage and he didn't realize that your bag of Doritos just sitting quite strong enough to keep your phone from emitting its signal but that was the kind of the lack of understanding that they had in 2003 when they were trying to run some of the most secretive operations that they had done in 30 years this is another example this is Monica Courtney Adler of course that's not our name now one of the things that the Italian prosecutor had a problem with is he could find you this okay using analyst notebook he could determine everything about what they did when they were in Italy but they were an alias so it was impossible to know who they were luckily on this side of the ocean I had access to LexisNexis and accurate and with a handy trail of phone calls that they left behind I was able to determine of the twenty probably about eight of their real identities some of whom I contacted none of whom were happy to see me Monica Courtney and ler for instance was a friend of someone who was in the agency and as it happens she took as her fake name her friend's last name that sucked there's Monica Courtney allure these are the photographs of the pictures that they gave to I think this was for a car rental but you know you had to give a photo ID when they came in and the Italians grabbed them that's a pretty good shot she's not working in Europe anymore another one one of the things they found also in addition to the passport numbers in the credit card numbers they found them serialized so there were too many sequins too many numbers sequins that were the same you know the last three digits different again the Italians had one hell of a circumstantial case this guy he's one of my favorites I'm not going to tell you his real name but I will tell you that he used to work at the FBI and 20 years ago was a public affairs officer for the FBI and now runs a bed-and-breakfast nice guy now going back to Purvis and and Harbaugh this is the crux of the case here we have a phone one I am my one serial number for it's for itself two different SIM cards that it's using two different numbers what was the problem the problem was is one of those Sims the one that's registered to barbara su death by the way is also a real CIA officer was and the other was a a SIM card that was registered to the to the station this phone was passed over to the team that was doing the surveillance and what the station didn't know was that Harbaugh used that phone to make a call to the station with a clean ship but a dirty phone a phone that had been previously cycled into the operational group and he made a call so that when the station saw the phone ringing they had the right number it was the one number that they were to respond to it was a clean SIM card but the phone was a phone that was being used to talk to everyone else in the group and that was from the investigative standpoint for the prosecutor what they needed to bring charges against the Americans another one so the station chief they decide they now have enough to pull his records so they do what do they find for two weeks shortly after Abu Omar is grabbed his cellphone ends up in Egypt where he's there making calls that's Robert lady is the only picture that's known or that has been published to the next of him on the what is your right is one of his assets who was a Italian police officer who actually is the fellow who stopped Abu Omar on the street and was seen by the young mother with the two kids and the loaf of bread this is a pulled off the internet but he's in fact still wanted and if you've followed it all about a week and a half ago mister lady ended back up in the news because he was detained temporarily in panama transiting through apparently he's back in the united states safely but if you wanted to have any sense that this wasn't just some old story from 2003 of sloppy tradecraft it has real implications for a lot of people who were involved who cannot travel outside the United States and who rightly or wrongly there are a lot of people who would like to see thrown in prison especially since they've all been convicted in absentia of kidnapping so I would have left you with a one other thing as they say about a story there's a bit of a reveal which is that all of this came out of analyst notebook which you know I don't know how many of you have seen before but it's an off the shelf at fifteen thousand was back then fifteen thousand dollar program doing data visualization and network analysis so after 9/11 the CIA looked around to all the partners around the world and said what can we do to help they looked at the Italian counterterrorism people and they said you know you guys need something that helps you guys figure out phones and how terrorists are using phones so Bob lady handed over analyst notebook to the Italian investigators who were in Milan who were ordered then to do the investigation into them just a bit of irony again it would be an old story except that 2007-2008 Hezbollah rolls up a a Israeli intelligence network operating in Lebanon Israelis come to the Americans and they say hey you guys got a problem we were rolled up through metadata our phones were being monitored how we were using our phones were being picked out we've figured it out Americans said no way just can't be can't be that Hezbollah has access to cellular data and the telecoms in Lebanon done about 20 2009 2010 they did a study a counterintelligence study and they said yeah you know what we're exposed if we keep using our phones this way we're going to get rolled up summer 2011 those are all ahead of the leader of Hezbollah goes on television to announce that they've captured two American spies to Hezbollah officials who had been spying for the Americans now they had done some plain old human intelligence and trick to the Americans they ran to double agents at them and that's going to happen but they were able to roll up their entire network in about 90% of the CIA's human asset network in Lebanon was rolled up in November 2011 how metadata they looked at in a stream of information they looked at phones that did things that were anomalies - phones that only spoke to each other once a month for 30 seconds I eat our meeting time - phones that spoke to each other once a week for two minutes and they started looking at cell phone dump tower dumps to see where they were but people on them followed watched next thing you know they had rolled up everyone that the Americans had spying for them and their officers so this is a screen grab from Hezbollah television it's a Hezbollah run television station in in Lebanon and if you were Dan McFeely and there is a Dan McFeely it's a bad day your name or if this was you sitting at a cafe meeting with an asset and you ended up with your face I didn't black that out the Hezbollah was nice enough to black that out before they gave it to the television network they're you you wouldn't be having a good day so that's the end I just wanted to tell a story and give you a sense that despite the fact that the CIA and the US government intelligence agencies have an enormous amount of money they too have been cut by the metadata problem that we're dealing with now on the American domestic privacy side so anyway please remember to swipe and thank you all for coming
Info
Channel: undefined
Views: 180,391
Rating: 4.8572817 out of 5
Keywords: 2013, bhb, usa, conference, t805, OPSEC Failures, Operations Security, Spies, Black Hat Briefings (Conference Series), OPSEC Failures of Spies
Id: bM0PmwOlifE
Channel Id: undefined
Length: 25min 11sec (1511 seconds)
Published: Tue Nov 19 2013
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.