.FLYINGHEAD SPECIAL REPORT
.TITLE Analysis: Spying Chinese temptress steals senior Brit’s BlackBerry
.AUTHOR David Gewirtz
.SUMMARY Oh boy! Here we go again. Another senior government official has had his BlackBerry stolen by another foreign intelligence agency. But this time, it’s not an American official. According to the U.K.’s The Sunday Times a senior aide to British Prime Minister Gordon Brown had his BlackBerry stolen by Chinese intelligence agents while on a trip to China.
.OTHER
Oh boy! Here we go again. Another senior government official has had his BlackBerry stolen by another foreign intelligence agency. But this time, it’s not an American official. According to the U.K.’s The Sunday Times a senior aide to British Prime Minister Gordon Brown had his BlackBerry stolen by Chinese intelligence agents while on a trip to China back in January.
.CALLOUT Shall we shag now, or shall we shag later?
The story gets particularly juicy because the senior Downing Street aide got caught in what’s probably the world’s oldest intelligence ploy, the "honeytrap". No, I’m not talking about the rock band from Coventry, I’m talking about an intelligence scam where a particularly hot woman is used to lure a particularly horny guy into some form of compromising position.
In the case of our bollocksed-up British horndog, he was approached by a Chinese woman while in a Shanghai hotel disco. He agreed to return to his hotel with the woman — and the next thing we know is he reported the BlackBerry missing to the Prime Minister’s Special Branch protection team the next morning.
According to another unmentioned senior Brit official, the incident had "all the hallmarks of a suspected honeytrap by Chinese intelligence."
.TEASER This is a heck of a story. Tap here for the full (and oh-so-juicy) details.
.H1 Karl Rove’s missing BlackBerrys
The intelligence risk of lost BlackBerry’s first came to our attention when I reported that former White House Deputy Chief of Staff Karl Rove had lost his BlackBerry device more than once in [[http://www.emailsgone.com|Where Have All The Emails Gone?]].
At the time I wrote the book, the intelligence risk was merely a scenario. As I wrote the scenario, a BlackBerry accidentally got left in a hotel room, to be stolen by a maid with ties to terrorist organizations.
My first draft actually had the BlackBerry stolen by a hooker who’d picked up a senior White House official, but because I wanted to spotlight the security risk and not get everyone hung up on the idea of a White House official with a hooker, I changed the scenario to use a less controversial thief.
And yet, life imitates art.
.H1 The Mexican theft of U.S. government BlackBerrys
Back in April, I reported that Rafael Quintero Curiel, lead press advance person for the Mexican delegation, was caught stealing BlackBerry devices belonging to White House staffers who were attending meetings between U.S. President George W. Bush and Canadian and Mexican leaders in New Orleans.
My [[http://www.outlookpower.com/issues/issue200804/00002164001.html|detailed analysis]] showed:
.BEGIN_LIST
.BULLET How one of the nightmare scenarios I wrote about in the book has now come true with almost freaky precision.
.END_LIST
.BEGIN_LIST
.BULLET How this isn’t just a cautionary tale for the U.S. government, but for businesses and individuals as well — and, as we’ve now seen, other governments across the world.
.END_LIST
.BEGIN_LIST
.BULLET How the scope of the security risk is bigger than it might seem. For example, if Quintero Curiel had stolen paper documents instead of BlackBerrys containing the digital equivalents, he’d have to haul 166.8 pounds of U.S. government information back to Mexico.
.END_LIST
.BEGIN_LIST
.BULLET How those BlackBerry devices could have contained anything. They could have home addresses of relatives of key U.S. officials. They could have pictures of their kids. They could have passwords, access codes, phone numbers, directions to evacuation locations.
.END_LIST
.BEGIN_LIST
.BULLET How it happened. I explored the scene of the crime and also explores the issue of whether Rafael Quintero Curiel was merely a diplomatic functionary or an agent under diplomatic cover.
.END_LIST
.BEGIN_LIST
.BULLET How, because of the unfortunate perceptions many Americans have of Mexicans, this act is being treated more as a joke than as a serious security breach by both press and the blogger community.
.END_LIST
.H1 Compromised BlackBerry as possible surveillance device
What I didn’t discuss was what might have been put onto the BlackBerry’s while Curiel had them in his hands. There’s software (I won’t mention where to get it, but it’s an easy, cheap download off the Internet), that can turn a BlackBerry (and most other smartphones) into a mobile surveillance system.
Supposedly designed to allow husbands and wives to keep an ear on cheating spouses, the software, once installed on the phone, is undetectable. It allows the spy to hear everything that the phone’s microphone can pick up, it allows the spy to undetectably listen in on phone coversations, and it allows the spy to get copies of every email sent and received by the device.
The stolen Mexican BlackBerry’s were returned to their owners after being recovered by the U.S. Secret Service. But, when the Secret Service got the devices back, did they do a full, bare-metal wipe of the devices, or did they just return them to their owners?
If they didn’t do a bare-metal wipe, is it possible that White House staffers, walking around in the presence of Presidential-level discussions, are transmitting those discussions to someone in Mexico — or elsewhere?
And there was my worry: what if there are White House staffers with compromised phones wandering around the White House, acting as unwitting mobile bugging devices? How serious a risk is that?
Clearly, the Secret Service is an extremely competent organization, but just on the off chance that they might not have thought of this one, I considered it my patriotic duty to bring it to the attention of some slightly scary government friends I have in Washington. Whether they every found anything on those BlackBerrys is something we’ll all probably never know.
.H1 Bumbling Brit
And that brings our story back to our bonking Brit and his BlackBerry bandit. Just how much trouble did this aide’s problematic peccadillo get him into? Of more concern, how much damage did our international man of mystery’s "special branch" do to Britain’s security — and, by extension, the security of her allies?
We know a single BlackBerry can store a surprising amount, the equivalent of about 28,000 printed pages of data, or — in keeping with the theme of our British boner — the equivalent of seven complete sets of all seven Harry Potter novels. That’s a lot of strategic government information to lose to the Chinese.
We also know a single BlackBerry can be turned into a shockingly powerful surveillance device, with all sort of disturbing implications for national security.
The Sunday Times reports "that even if the aide’s device did not contain anything top secret, it might enable a hostile intelligence service to hack into the Downing Street server, potentially gaining access to No 10’s email traffic and text messages."
As these various stories — my initial book scenario, the Mexican theft of U.S. government BlackBerry devices, this new Chinese theft of British BlackBerrys — have shown, the risk of BlackBerry theft is particularly high when government officials are traveling.
These devices are often the mobile extension of their offices, their primary means of communication, and their personal, pocket file cabinets.
.H1 So, what should governments do?
I’ve made recommendations before about the secured handling of handheld devices. If you recall, I recommended the establishment of an Electronic Communication Protection Detail, a group I’ve recommend be created as part of the Secret Service to manage all of the email security issues. I’ve recommended each staffer issued such a device needs to be trained to notify the Electronic Communication Protection Detail immediately when a device is lost.
But clearly more is required. It’s clear that the White House, and, by extension, governments of our strategic allies need to establish a complete end-to-end asset management policy for handheld devices. Guidelines need to be established for where these devices can be taken, when they can be removed from one’s person, and how they should be handled in secured situations like those that ocurred in New Orleans and Shanghai.
Finally, a true rapid-response operation needs to be established so data can’t fall into the wrong hands. I’ve recommended that no communication device be issued to White House staffers without two key features: location and destruction.
It is possible to both remotely erase certain BlackBerry devices and remotely locate them. When lost, a team from the Electronic Communication Protection Detail should first trigger the remote erase and then a tracking team needs to be dispatched to recover these little mobile nightmares as quickly as possible.
Clearly, the Secret Service responded relatively quickly in the New Orleans case and recovered the devices. We don’t know whether the Special Branch recovered the missing British device. In the case of the theft of the American devices, because there was no apparent remote destruction capability, the data wasn’t secured until the physical devices were. And, again, we don’t know whether or not the Brits had any operation in place to secure their missing device.
In the case of the American loss, where the devices were stolen from a table outside a hotel conference room, the devices never would have fallen into the hands of a foreign power had a better procedure been in place.
However, in the case of our Downing Street dirty dancer, the only possible protective procedure is better on-device security and remote destruction. No power in the world will prevent amorous aides from doing the nasty given the right temptation.
As Austin Powers once said, "Shall we shag now, or shall we shag later?" Either way, without better BlackBerry security, we’re all shagged.
.BEGIN_SIDEBAR
.H1 Product availability and resources
Read [[http://www.timesonline.co.uk/tol/news/politics/article4364353.ece|"Gordon Brown aide a victim of honeytrap operation by Chinese agents"]].
Read [[http://www.emailsgone.com|Where Have All The Emails Gone?]].
Read [[http://www.outlookpower.com/issues/issue200804/00002164001.html|"The worrisome implications of the Mexican theft of White House BlackBerry devices"]].
.END_SIDEBAR
.BIO
