50 Ways to Monitor Your Lover Online – LOVEINT

Cybersecurity

Since time immemorial those with the capability to conduct surveillance have had the ability, if not properly monitored, to use those same tools and capabilities for their personal interest. Or as the vernacular goes, to conduct LOVEINT.

LOVEINT – a mash up of the words of ‘love’ and ‘intelligence‘ – is when an individual uses their ability to task resources or query databases on information associated with their love interest and/or their family.

In mid-2017 we learned of a female FBI contractor whose role was to conduct German to English translations on information pertaining to a German national associated with the Islamic State of Iraq and Syria (ISIS). She used this information to insinuate herself directly into a personal relationship with the target. A relationship which evolved to sufficient depth that she traveled to Syria to meet with the individual surreptitiously and then married him.

6 Examples of LOVEINT In Action

In late-2017 a U.S. Navy officer in Iraq attempted to use an NSA database to learn what information was available on a given U.S. telephone number. The number happened to belong to the son of her boyfriend. In this case a system warning notice deterred further inquiry by the naval officer, who was removed from her post.

Then looking back a bit, we see the resources of NSA were documented as being used by those with access to monitor their love interest. In the autumn of 2013 NSA’s Inspector’s General Office revealed a number of LOVEINT instances which had occurred within the U.S. intelligence community.

In one case, a foreign national female, working on behalf of the U.S. government abroad, mentioned to a colleague that she suspected the man with whom she had been intimate was listening to her calls. Subsequent inquiry and investigation showed that indeed an employee misused the NSA systems.

In a separate case, an NSA employee spied on a foreign phone number because she found the number on her husband’s cell phone.

In a third case, an employee reportedly inquired NSA databases on his first day of employment using his “ex-girlfriend’s” email address “to practice on the system.”

And then back to Germany, a BND (Bundesnachrichtendienst – German intelligence) officer misused German SIGINT capabilities to conduct a bit of LOVEINT investigation. The BND officer queried the BND reservoir of data for email and computer records of his spouse. The BND officer allegedly conducted the surveillance over the course of two years while on foreign assignment abroad. Putting new meaning to the term, “trust but verify.” Unfortunately for him, use of government systems in this manner is also illegal in Germany, as it is in the U.S.

SIGINT Collection Capabilities Uncovered

While Snowden’s revelations of U.S. and its allies SIGINT capabilities removed much of the fig leaf which covered the crown jewels of the multitude of SIGINT collection capabilities available, it took a flurry of Freedom of Information Act (FOIA) requests from journalists around the world for the LOVEINT revelations to occur.

The good news? The internal audit system within NSA seems to be working, and the self-policing which occurs within trusted communities continues to be a useful deterrent, given the frequency of self-reporting.

Moral of this story? If you have access and the urge to conduct a bit of LOVEINT, step away from the terminal.

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).

More in Cybersecurity