Read on Twitter
A few days ago, a report popped into my feed, that seems both troubling and plausible. So much is the case that I think it's worth a bit of a thread which is not something I do often so here goes:
1/
1/
This paragraph raised the brows:
The claim centred on a “cooperation agreement” made in 2006 worth €300,000 to the Maltese government through which Beijing had donated furniture to the country’s newly purchased 13-storey embassy in Brussels.
2/ https://www.theguardian.com/world/2020/may/19/belgium-confirms-inquiry-into-malta-china-spy-threat
The claim centred on a “cooperation agreement” made in 2006 worth €300,000 to the Maltese government through which Beijing had donated furniture to the country’s newly purchased 13-storey embassy in Brussels.
2/ https://www.theguardian.com/world/2020/may/19/belgium-confirms-inquiry-into-malta-china-spy-threat
And as my mind got running I remembered reading about this famous whopper gifted to Averell Harriman by schoolchildren.
Theremin's microwave-stimulated Thing
Declassified and on the congressional floor 60 years ago today!
3/ https://www.atlasobscura.com/articles/how-a-gift-from-schoolchildren-let-the-soviets-spy-on-the-us-for-7-years
Theremin's microwave-stimulated Thing
Declassified and on the congressional floor 60 years ago today!
3/ https://www.atlasobscura.com/articles/how-a-gift-from-schoolchildren-let-the-soviets-spy-on-the-us-for-7-years
The next day, a bombshell of a report was in my feed that is mindblowing from Joshua Meservey. 186 government buildings possibly compromised?!?
4/ https://www.heritage.org/asia/report/government-buildings-africa-are-likely-vector-chinese-spying
4/ https://www.heritage.org/asia/report/government-buildings-africa-are-likely-vector-chinese-spying
I'm a bit of a NATSEC reader, yet a layman, and in January I came across a book that caught my eye instantly. The Spy in Moscow Station by @neuroquest and I think the story remarkably relates to what we are seeing today and on a level that is worthy of great discussion.
5/
5/
@neuroquest was scouted by @GenMhayden in an effort to "shake up" the Research Dept. at the NSA to bring it into the new millenium. Haseltine was the EVP of Disney Imagineering beforehand and it sure does seem that the General made a great pick.
6/
6/
I do think all should buy this book so I'm not gonna give away everything, but would like to get the space between your ears in the right frame.
The year was 1978 and our assets in the Soviet Union were dying. Alarms were going off so hard that the...
7/
The year was 1978 and our assets in the Soviet Union were dying. Alarms were going off so hard that the...
7/
CIA COS Moscow, Gus Hathaway, authored a cable requesting that NSA R9 Director, Charles Gandy, get on a plane to Moscow with speed. HUMINT had been paused, with Tolkachev wanting to work so the problem had to be solved fast. This was also after the embassy fire of August...
8/
8/
1977 which was just as a crew of Seabees were about to investigate some oddities in a chimney, and of course the perennial push of microwaves aimed at the embassy was endless.
(Victor Sheymov testified in 1998 to congress that the fire was intentional)
@john_sipher
9/
(Victor Sheymov testified in 1998 to congress that the fire was intentional)
@john_sipher
9/
This of course was also after Admiral Turner was appointed director of the Agency and was more apt to build a lean towards SIGINT instead of HUMINT because of the kneecapping of @TheGhostsGhost and @AngletonsMerits for political ends. That's another discussion.
10/
10/
Charles Gandy was the head of R9 at NSA, and along with State and Bureau, had discovered a number of implants on telephones, teleprinters, and text encryption devices and also that collection could be passive and active. Basically any mechanism emits radio frequency...
11/
11/
or acoustic energy. If conducted, these emissions could be read as far away as a mile or more. This was the focus of TEMPEST.
12/
https://www.nsa.gov/Portals/70/documents/news-features/declassified-documents/cryptologic-spectrum/tempest.pdf
12/
https://www.nsa.gov/Portals/70/documents/news-features/declassified-documents/cryptologic-spectrum/tempest.pdf
THIS IS IMPORTANT:
"Gandy sometimes marveled at the inventiveness and technical sophistication of Russian intelligence. The Soviet economy was smaller than that of Texas, and yet they had managed to blow past the US in surveillance tradecraft."
@natvogel
13/
"Gandy sometimes marveled at the inventiveness and technical sophistication of Russian intelligence. The Soviet economy was smaller than that of Texas, and yet they had managed to blow past the US in surveillance tradecraft."
@natvogel
13/
"...the KGB scooped up Russia's best brains, sometimes before they even went to grad school, and offered them privileges, prestige, and perks only available to KGB officers and top Communist Party officials."
Gandy's concern wasn't really expressed across other agencies.
14/
Gandy's concern wasn't really expressed across other agencies.
14/
At the embassy, bugs and microphones were to be expected, especially with 100s of Soviets on the service staff, it was really impossible to avoid devices being planted.
Gandy thought, the walls don't have ears; the walls are ears.
15/
Gandy thought, the walls don't have ears; the walls are ears.
15/
One story Gandy heard was of an 8 year old boy at the embassy who had his bike stolen. He screamed at the wall in his bedroom "Wall, give me my bike back!" The next day the bike was outside his room.
Gandy soon started to get briefed on MUTS1, MUTS2, and TUMS...
@ddp
16/
Gandy soon started to get briefed on MUTS1, MUTS2, and TUMS...
@ddp
16/
and he was certain that though rising from VHF into microwave bands, their function was the same as the Thing; extracting info from the embassy.
Analyzing time stamps, Gandy noticed that frequencies changed every 10 minutes, and when productive they held for 40 minutes.
17/
Analyzing time stamps, Gandy noticed that frequencies changed every 10 minutes, and when productive they held for 40 minutes.
17/
The microwaves collected so far were coming from 2 sites:
-an apartment across Chaikovskova
-an old Russian Orthodox building nearby nicknamed Our Lady of Telemetry or Our Lady of Observation
Gandy had to lay hard truth... with a freq. at 9 GHz, the device could be 1/2"
18/
-an apartment across Chaikovskova
-an old Russian Orthodox building nearby nicknamed Our Lady of Telemetry or Our Lady of Observation
Gandy had to lay hard truth... with a freq. at 9 GHz, the device could be 1/2"
18/
He may have gone further to say a device wasn't even needed.
Of note: "Having worked at many embassies worldwide, Gandy knew that embassy SCIFs were often left open, despite claims by local intelligence officers that such lapses never happened."
@chey_cobb
19/
Of note: "Having worked at many embassies worldwide, Gandy knew that embassy SCIFs were often left open, despite claims by local intelligence officers that such lapses never happened."
@chey_cobb
19/
Is this the spy?
"And the ingenuous, nearly impossible-to-understand physics underlying such virtuoso technical feats made such Russian attacks all the more dangerous: Who could believe that such bizarre things were possible, especially from the backward third-world Soviets?
20/
"And the ingenuous, nearly impossible-to-understand physics underlying such virtuoso technical feats made such Russian attacks all the more dangerous: Who could believe that such bizarre things were possible, especially from the backward third-world Soviets?
20/
Gandy did not travel alone and shipped equipment via diplomatic pouch set for his arrival as time was short. In a black fabric draped room that was hot they got to work. Using TSCM practice, they would have scanned the RF spectrum around the clock for any not-normal...
21/
21/
signals ie bugs, mics, or data-gathering implants especially those in short covert bursts.
"In a never-ending cat-and-mouse game between spies and counterspies, the trick with exfiltrating stealthy transmission was to hide the fact that you were hiding, in order not...
22/
"In a never-ending cat-and-mouse game between spies and counterspies, the trick with exfiltrating stealthy transmission was to hide the fact that you were hiding, in order not...
22/
to draw attention to the fact you were hiding."
OOOF @ewbarnard
"In the spy trade, listening to listeners is called robbing the highway robber."
Could Gandy have gotten voice signals off of electronic circuits that were monitoring the embassy?
23/
OOOF @ewbarnard
"In the spy trade, listening to listeners is called robbing the highway robber."
Could Gandy have gotten voice signals off of electronic circuits that were monitoring the embassy?
23/
Clearly the KGB had an inkling of what Gandy was up to as one night they created an overvoltage on the circuits at their quarters in order to blow out their electronics. Thankfully Gandy was prepared for this.
24/
24/
Two days later, Gandy with Seabee help finally got into the chimney and sure enough a three-element Yagi-style beam antenna was mounted in the shaft with simple pulleys.
In its current position, it seemed as if it was aimed at the chief of mission's office.
25/
In its current position, it seemed as if it was aimed at the chief of mission's office.
25/
"...it was possible that conversations in his office were being routinely monitored and recorded. Or a covert implant via fax machine or typewriter might be sending data was typed or faxed in the office straight to KGB headquarters."
26/
26/
Getting at the antenna was going to require severe caution as it was more than likely booby-trapped. Normal TSCM checks before had gotten body parts blown off, and to add in the diplomatic fight of who's territory was the antenna on?
27/
27/
They got the go ahead to enter the chimney and built a pulleyed boatswain's chair... when reaching the bottom of the chimney it was discovered there were heating coils attached to the pulley that if activated would have dropped the antenna in a second for recovery.
28/
28/
Also at the bottom of the chimney it was discovered that there was a tunnel leading to an apartment complex adjoining the embassy that led to a trap door in the embassy staff changing room. Knowing it was only a matter of time until they were discovered...
29/
29/
they had to get moving and needed someone with diplomatic immunity to get into the tunnel. When the chance came and "Carl" dipped into the tunnel it was quickly revealed that it was booby trapped with explosives. He also noticed there was a second entrance to the tunnel.
30/
30/
Eventually, the antenna was cut and captured and we never again ventured into the shaft. Now, what to make of it? Gandy was able to get the antenna functioning and was stunned not by what it was collecting, but what it wasn't.
31/
31/
Gandy had discovered that the antenna was stealthy way to hid signals from bugs or implants where no one using normal amplifiers would ever find them.
"I'll be dipped and rolled in cracker crumbs," Gandy said under his breath.
@ddp
32/
"I'll be dipped and rolled in cracker crumbs," Gandy said under his breath.
@ddp
32/
The ingenuity of the design, is that it was designed on the principle of how we would detect it... and that it could be moved to point at many targets in the embassy on a simple pulley.
33/
33/
Hathaway, who initially called Gandy in, on the debrief of the antenna said:
"You're implying that the Russians, who can't even keep food on the shelves of their state-run stores, are so far ahead of us that they can make bugs that state of the art equipment can't detect."
34/
"You're implying that the Russians, who can't even keep food on the shelves of their state-run stores, are so far ahead of us that they can make bugs that state of the art equipment can't detect."
34/
Gandy was firm... he wanted all equipment in the embassy shipped back to Meade but got hard pushback:
"Bring me solid proof about what the chimney antenna is doing. Bring me a smoking gun."
Before Gandy returned home, he heard a series of clicks on recordings.
35/
"Bring me solid proof about what the chimney antenna is doing. Bring me a smoking gun."
Before Gandy returned home, he heard a series of clicks on recordings.
35/
