Our world has become stranger by the day. Recently, China declared “dangerous” those small souvenir trinkets their travelers might pick up at conferences overseas or at international university events. You know the gifts they mean. These are the ubiquitous bracelets, backpack pins, keychains, free USBs, and any other types of inexpensive handouts a conference booth attendant may offer. The Chinese Counter-espionage Services warn that these small items could be used to spy on China.
From Souvenirs to Surveillance
How they would work is as follows. First, the unsuspecting Chinese scholar goes to a conference. He wanders past all the booths, collecting swag at each one, meeting colleagues at the coffee gatherings during breaks, and attending presentations. At each step of the way, he is subject to nefarious spies. These spies seek to ‘force a gift,’ a small memento, on our unwary Chinese traveler. Said traveler goes home, or, more usefully for the mysterious purposes of China’s adversaries, to his workplace. There, at his work desk, the insidious device is activated once attached to his computer. He is utterly unwitting of any of this. Could it be that all conversations, electronic messages, and communications via phone or computer are compromised using some free gift? And all of this happens because our traveler accepted an almost forgettable USB or similar handout from a booth at a scholarly gathering?
Old Methods, New Tools
Of course, most modern security officers commissioned to protect classified information are more attuned to Microsoft’s woes. Microsoft advised that a new Chinese hack by ‘government-sponsored groups’ has exploited vulnerabilities in their software. Indeed, they accessed our National Nuclear Security Agency and others. Apparently, this was no small breach, because they took the time to further advise that they’re contacting all their government contacts.
So there we are. No one believes for a minute that the Chinese are not perpetrating both attack methods. Not only are they behind sophisticated computer sweeps, but also passing out apparently innocent souvenirs at conferences. The goal of espionage, remember, is to access people, places, and things of classified value. The method is simple. In short, there is no ‘old school’ method of eliciting information from our own scholars, scientists, and students. How remarkable would it be to simply turn on your computer and collect the secret discussions in an American scientific think tank? If Americans are not regularly, repeatedly, and formally advised about the various threats to their information, they too might fall for otherwise self-evident threats. Are our employees aware of Chinese attempts to infect USB flash drives and then offer them for insertion into computers? The Chinese have done this. What’s more, they found a good way to do so, which is less conspicuous. They concentrate on American and Western companies operating in Africa, believing they will not be as sophisticated in countering such sneak attacks, and so deluge these locations with infected USB devices. And what have the spies gained? Computers are connected worldwide. Who cares if the initial infection is in Africa? The final target computers might be MIT or Washington, DC.
Espionage Is Still Human
Of course, espionage is not only technology-driven. An astounding interview of a former Mossad (Israeli Intelligence) officer offered clear counsel. Recent news showed Iranian senior officials blown up in their own homes, scattered across Tehran, which was startling. The time and place of senior-level Iranian meetings were also targeted by Israeli attacks, in which all attending were killed. How did this happen? The Mossad officer advised that Iran is not a monolithic society – numerous ethnic, religious, and social groups live there. Mossad, over the years, simply exploited the various internal hatreds, distrust, and fears prevalent among all these varied groupings. Mossad recruited people who saw not the value of Israel, but a chance to get back at homegrown enemies. And who said the Mossad presented their recruitment as being on behalf of Israel? They could just as well have pretended to be Kurds, Pashtuns, or any other ethnic grouping to entice someone to spy for them. When the final bombs dropped and killed the targeted Iranian officials, who would know how it all worked?
This sophisticated method can explain how espionage operates at all levels. Where does this leave our security program? We need to brief the threats, over and over. We need to show how they evolve, but also how they will rely on well-trod paths to secure the goals our enemies seek.
