Tuesday January 18, 2022

Inside the US military’s secret undercover army — III

May 22, 2021

ISLAMABAD: In May 2013, in an almost comical incident more reminiscent of "Get Smart" than skilled spying, Moscow ordered a US embassy "third secretary" by the name of Ryan Fogle to leave the country, releasing photos of Fogle wearing an ill-fitting blond wig and carrying an odd collection of seemingly amateurish paraphernalia—four pairs of sunglasses, a street map, a compass, a flashlight, a Swiss Army knife and a cell phone—so old, one article said, it looked like it had "been on this earth for at least a decade."

The international news media had a field day, many retired CIA people decrying the decline of tradecraft, most of the commentary opining how we'd moved on from the old world of wigs and fake rocks, a reference to Great Britain admitting just a year earlier that indeed it was the owner of a fake rock and its hidden communications device, another discovery of Russian intelligence in Moscow.

Six years later, another espionage case hit the news, this time when a jury sent former American military intelligence officer Kevin Patrick Mallory to 20 years in prison for conspiring to sell secrets to China. There was nothing particularly unique about the Mallory case, the prosecution making its own show of presenting the jury with a collection of wigs and fake mustaches looking like Halloween costumes, the whole thing seemingly another funny episode of clumsy disguise.

And yet, says Brenda Connolly (not her real name), one would be naïve to laugh too hard, for both cases provide a peek into the new tricks of the trade and the extreme secrecy that hides them. Connolly started her engineering career at the Directorate of Science and Technology at the CIA and now works for a small defense contractor that produces the gizmos—think "Q" in the James Bond movies, she says—for signature reduction operations.

That "ancient" Nokia phone carried by Ryan Fogle, she says, was nothing of the sort, the innocuous outsides concealing what she calls a "covert communications" device inside. Similarly, entered in evidence in Mallory case was a Samsung phone given to him by Chinese intelligence that was so sophisticated that even when the FBI cloned it electronically, they could not find a hidden partition used to store secrets and one that Mallory ultimately had to reveal to them.

Lost in the spy-vs-spy theater of both cases were other clues of modern signature reduction, Connolly says. Fogle also carried an RFID shield, a radio frequency identification blocking pouch intended to prevent electronic tracking. And Mallory had vials of fake blood provided by China; Connolly would not reveal what it would be used for.

Like many people in this world, Connolly is a connoisseur and curator. She can talk for hours about the broadcasts that used to go out from the Soviet Union—but also were transmitted from Warrenton, Virginia—female voices reciting random numbers and passages from books that agents around the world would pick up on their shortwave radios and match to prearranged codes.

But then Internet cafes and online backdoors became the clandestine channels of choice for covert communications, largely replacing shortwave—until the surveillance technologies (especially in autocratic countries) caught up and intelligence agencies acquired an ability not only to detect and intercept internet activity but also to intercept every keystroke of activity on a remote keyboard. That ushered in today's world of covert communications or COVCOMM, as insiders call it. These are very special encryption devices seen in the Fogle and Mallory cases, but also dozens of different "burst mode" transmitters and receivers secreted in everyday objects like fake rocks. All an agent or operator needs to activate communications with these COVCOMMs in some cases is to simply walk by a target receiver (a building or fake rock) and the clandestine messages are encrypted and transmitted back to special watch centers.

"And who do you think implants those devices?" Connolly asks rhetorically. "Military guys, special ops guys working to support even more secretive operations." Connolly talks about heated fabrics that make soldiers invisible to thermal detection, electric motorcycles that can silently operate in the roughest terrain, even how tens of feet of wires are sown into "native" clothing, the South Asian shalwar kameez, the soldiers themselves then becoming walking receivers, able to intercept nearby low-power radios and even cell phone signals.

Fake hands, fake faces

Wigs. Covert communications devices. Fake rocks. In our world of electronic everything, where everything becomes a matter of record, where you can't enter a parking garage without the license plate being recorded, where you can't check in for a flight or a hotel without a government issued ID, where you can't use a credit card without the location being captured, how can biometrics can be defeated? How can someone get past fingerprint readers?

In 99 out of 100 cases, the answer is: there is no need to. Most signature reduction soldiers travel under real names, exchanging operational identities only once on the ground where they operate. Or they infiltrate across borders in places like Pakistan and Yemen, conducting the most dangerous missions. These signature reduction missions are the most highly sensitive and involve "close in" intelligence collection or the use of miniaturized enemy tracking devices, each existing in their own special access programs—missions that are so sensitive they have to be personally approved by the Secretary of Defense.

For the one percent, though, for those who have to make it through passport control under false identities, there are various biometrics defeat systems, some physical and some electronic. One such program was alluded to in a little noticed document dump published by Wikileaks in early 2017 and called "Vault 7": over 8,000 classified CIA tools used in the covert world of electronic spying and hacking. It is called ExpressLane, where US intelligence has embedded malware into foreign biometrics and watchlist systems, allowing American cyber spies to steal foreign data.

An IT wizard working for Wikileaks in Berlin says the code with ExpressLane suggests that the United States can manipulate these databases. "Imagine for a moment that someone is going through passport control," he says, hesitant to use his real name because of fear of indictment in the United States. "NSA or the CIA is tasked to corrupt—change—the data on the day the covert asset goes through. And then switch it back. It's not impossible."

Another source pointed to a small rural North Carolina company in the signature reduction industry, mostly in the clandestine collection and communications field. In the workshop and training facility where they teach operators how to fabricate secret listening devices into everyday objects, they are at the cutting edge, or so their promotional materials say, a repository for molding and casting, special painting, and sophisticated aging techniques.

This quiet company can transform any object, including a person, as they do in Hollywood, a "silicon face appliance" sculpted to perfectly alter someone's looks. They can age, change gender, and "increase body mass," as one classified contract says. And they can change fingerprints using a silicon sleeve that so snugly fits over a real hand it can't be detected, embedding altered fingerprints and even impregnated with the oils found in real skin. Asked whether the appliance is effective, one source, who has gone through the training, laughs. "If I tell you, I'll have to kill you."

In real life, identity theft (mostly by criminals' intent on profit) remains an epidemic that affects everyone, but for those in the intelligence and counter-terrorism worlds, the enemy is also actively engaged in efforts to compromise personal information. In 2015, the Islamic State posted the names, photos and addresses of over 1,300 US military personnel, instructing supporters to target and kill the identified individuals. The FBI said that the release was followed by suspected Russian hackers who masqueraded as members of ISIS and threatened military families through Facebook. "We know everything about you, your husband and your children," one menacing message said.

Counterintelligence and OPSEC officials began a large-scale effort to inform those affected but also to warn military personnel and their families to better protect their personal information on social media. The next year, ISIS released 8,318 target names: the largest-ever release until it was topped by 8,785 names in 2017.

It was revealed that military personnel sharing location information in their fitness devices were apparently revealing the locations of sensitive operations merely by jogging and sharing their data. "The rapid development of new and innovative information technologies enhances the quality of our lives but also poses potential challenges to operational security and force protection," US Central Command said in a statement at the time to the Washington Post.

Then came the DNA scare, when Adm. John Richardson, then chief of naval operations, warned military personnel and their families to stop using at-home ancestry DNA test kits. "Be careful who you send your DNA to," Richardson said, warning that scientific advancements would be able to exploit the information, creating more and more targeted biological weapons in the future. And indeed in 2019, the Pentagon officially advised military personnel to steer clear of popular DNA services. "Exposing sensitive genetic information to outside parties poses personal and operational risks to Service members," said the memo, first reported by Yahoo news.

"We're still in the infancy of our transparent world," says the retired senior officer, cautioning against imagining that there is some "identity gap" similar to the "bomber gap" of the Cold War. "We're winning this war, including on the cyber side, even if secrecy about what we are doing makes the media portrayal of the Russians again look like they are ten feet tall."

He admits that processing big data in the future will likely further impinge on everyone's clandestine operations, but he says the benefits to society, even narrowly in just making terrorist activity and travel that much more difficult, outweigh the difficulties created for military operational security. The officer calls the secrecy legitimate but says that the Defense Department leadership has dropped the ball in recognizing the big picture. The military services should be asking more questions about the ethics, propriety and even legality of soldiers being turned into spies and assassins, and what this means for the future.

Still, the world of signature reduction keeps growing: evidence, says the retired officer, that modern life is not as transparent as most of us think.