There is a scene in the Netflix series, Secret City, where a spy walks into a park with a bag full of breadcrumbs. He pretends to feed the birds as a cover when he’s actually waiting there to pick up an encoded message. This was a classic old-school spy trope where an agent waits in a public setting for a note or a whisper, heavy with some secret information that can move mountains. The only twist today is that the medium for such messages is SIM cards rather than a piece of paper. Secret City demonstrates many such instances that are mired in geopolitical scenarios and involve the use of both old school and the modern spycraft technology of today to unlock international conspiracies.
Amongst all the various things that World War I is remembered for is the sophisticated spying and espionage tactics employed by the nations at war to gain an upper hand over their opponents. At that time, developing innovative spying tactics, as well as, appropriate counter-spy techniques were both taken very seriously.
The spying and intelligence technology today has evolved significantly from the primitive ‘Enigma’ designed with 26 contact pins to the sleek laptops and fast computing software we have around us. Technology has definitely turned the world of spying upside-down, but the inherent techniques employed in the craft still remain simple and effective to the core.
Spycraft technology today
Modern-day spying techniques have evolved to become subtler, more inconspicuous. The domain has expanded form statecraft to keeping an eye on the general populace too. Now, one might debate this claim by arguing that the digital lifestyle we live in is secured with alphanumeric passcodes and two-step verification methods. However, in the words of John McAfee, the founder of McAfee Associates,
“There’s not a single flashlight app that’s not spying on you right now.”
Edward Snowden, a former fugitive contractor for America’s National Security Agency (NSA), reported the use of cyber cafes for spying on the G20 summit held in London in 2009. Who would have imagined that cyber cafes, a largely public space, could be the most favored tool of the western intelligence and security agencies!
An extrapolation of this report applies to the everyday tracking of citizen activities in a country. There is a CBS news report that mentions a Wall Street Journal story talking about sites like Facebook that track a user’s web history.
Life without any form of digital indulgence can be challenging today. Phones, tablets, and laptops constantly surround us, all evolving as the technological equivalent of Darwin’s theory of evolution. Agencies across the world are listening to every conversation we have. Unauthorized reading of an email is a child’s play for someone with even the most modest spying skills. Every single button you click, every single place you visit on the Internet is logged in databases to keep track of your entire digital footprint.
In such a world where a majority of the work is digitized, the focus of spying technology today ranges from keeping an eye on computers and servers, as well as, their owners:
Spyware software
Gone are the days that demanded trained spies, intelligent agents, and shrewd bureaucrats to know what the enemy was up to. The new school spy tactics revolve around spyware software that includes adware, trojans, cookies, and system monitors. These programs are deceptively installed into the target systems, and they collect the target’s data without her consent, reporting directly to the attacker. Once installed, the software does not spread like a virus or a worm within the targets system. However, via web browsers, keyloggers, or self-installing software, spyware compromise the system’s access rights and makes place for itself in the system memory, recording every activity that takes place on the target system.
o Modeling the spyware
Inconspicuous malware programs have replaced the classic trench coat garb or Armani-clad sophisticated Bond-like undercover agents. The spyware acts like a virtual agent and disguises itself as harmless software, gaining access into the target system. Trojan horses, keyloggers, and browser extensions are the most common models for any spyware. Sometimes, genuine software may be accompanied by malicious spyware that might merge with the internal architecture of the software, like the one disguised as a system update in the Google Play Store for Android applications. Such software keeps track of every keystroke on the keyboard, thus knowing what the target is up to at all times.
o Empowering the spyware
The modern spyware programs are usually single-ended. All the spyware needs to do is establish and lock the connection on the target’s system to relay the information to the attacker. The attacker may or may not be able to communicate with the software, which reduces the need for another spyware, unlike double agents, to complete the transmission of messages. Moreover, the spyware these days is so resilient and sophisticated that it makes its way to the kernel of the software, installing itself and bypassing all data encryption standards. An example of such sturdy spyware is the one that infected Apple’s iOS, even though the spyware was alleged to be “impenetrable”. This was the Pegasus spyware.
Defense against the modern spycraft
In the initial days of spying, a government official would suspect a mole in the institute. The mole would be shadowed and cornered and questioned to give away the information about the agency that employed him. Most of the times, the spy would yield to the torture, thus accepting his crime.
However, considering how resilient the modern spyware is, it is obvious that these programs would not give up easily before the regular security checks employed:
Better encryption
The data transferred every day from one part of the world to the other is on a secure line, wrapped in basic encryption standards. However, there are reports that talk about NSA defeating most of these meek encryption efforts. Hence, moving on from the basic encryption algorithms to the advanced encryption standards (AES), the varying combination of blocks and key lengths can help in tightly securing the data against prying eyes.
Smarter anti-malware
Another defense against the modern spyware is to invest in smarter anti-malware programs. These programs work on various principles depending on the type of malware detected in a system. There is signature-based anti-malware software, behavior-based malware, and software that uses the technique of sandboxing not just to detect an infected system but to erase it from the kernel entirely.
Collaboration
Collaboration is a team effort to combat spying. Government agencies can share information about the threats and attacks on their systems. This can lead to increased awareness among the countries; helping them to proactively implement appropriate security measures against any impending attacks.
Spying, in today’s world, does not restrict itself to an identified target alone. In a global economy that we live in, countries, concerning the information and the resources, are connected to each other through invisible links over our heads or under our feet. Attacking a single target can expose all the intelligence associated with an intelligence agency. The consequences of such a breach can lead to geopolitical turbulence and an atmosphere of tension between the countries. It is, therefore, suggested for security analysts to study the past and detect, not the weakest, but the simplest link in a network to implement appropriate countermeasures for securing and safeguarding the data. After all, in the words of John Le Carre,
“It’s easy to forget what intelligence consists of – luck and speculation. Here and there a windfall, here and there a scoop.”