Russian spy ring needed some serious IT help

The Russian ring charged this week with spying on the United States faced some of the common security problems that plague many companies -- misconfigured wireless networks, users writing passwords on slips of paper and laptop help desk  issues that take months to resolve.

In addition, the alleged conspirators used a range of technologies to pass data among themselves and back to their handlers  in Moscow including PC-to-PC open wireless networking and digital steganography to hide messages and retrieve them from images on Web sites.

They also employed more traditional methods including invisible ink, Morse Code and ciphers, according to assertions made by federal agents in court papers seeking arrest warrants for the suspected spies.

The history of steganography

One of the most glaring errors made by one of the spy defendants was leaving an imposing 27-character password written on a piece of paper that law enforcement officers found while searching a suspect's home. They used the password to crack open a treasure trove of more than 100 text files containing covert messages used to further the investigation.

"[T]he paper said "alt," "control" and set forth a string of 27 characters," the court documents say. "Using these 27 characters as a password, technicians have been able successfully to access a software program ("Steganography Program") stored on those copies of the Password-Protected Disks that were recovered…"

This sticky-note problem is common, says John Pironti, president of IP Architects, a security consulting firm. "Humans don't really do well remembering passwords beyond six characters, so they write them down someplace," he says. The real mistake was thinking that the home was secure enough to leave the password lying around.

Pironti says the use of steganography is also common, taking data and subtly inserting it into images so the changes aren't very noticeable to the naked eye. One notable aspect was that the steganography program used by the Russians is not commercially available, he says.

Without the program and without knowing what images might contain messages, it would have been nearly impossible to find the messages, Pironti says.

But a computer hard drive copied during one of the searches revealed a store of Web sites that agents visited and from which they downloaded images. Running the steganography program on some of those images revealed text files.

A Boston search yielded a hard drive that contained what investigators believe are drafts of messages to be embedded in images. The messages had been deleted, but investigators were able to recover them.

Some of the communications federal agents gathered indicate the spies weren't comfortable with the technology. One message shows a suspected spy trying to figure out how to embed a message in an image, and an audio recording inside one suspects home picked up a voice saying, "Can we attach two files containing messages or not? Let's say four pictures…"

The spy ring had numerous technical problems, including file transfers that hung and wouldn't go through and difficulty replacing laptops when necessary. In one case, an agent was so frustrated by laptop issues that she unwittingly turned it over to an undercover FBI agent.

In another case, replacing a laptop took more than two months. A suspect bought an Asus Eee PC 1005HA-P netbook, flew with it to Rome, picked up a passport in another name, flew on to Moscow and returned with it -- a process that took from January this year to March. Presumably Moscow headquarters configured the device.

When the courier spy delivered it to another suspect, he described what to do if the laptop had problems. "…if this doesn't work we can meet again in six months," one suspect was overheard saying to another, "they don't understand what we go through over here."

Pironti says spies try to use off-the-shelf hardware and software so they don't have to rely on their spymasters for replacements, and with the possible exception of the steganography application, this ring could have done that.

One of the technical issues the ring faced was described by one suspect in a message to Moscow reporting on a meeting between two spies "A" and "M": "Meeting with M went as planned … A passed to M laptop, two flash drives, and $9K in cash. From what M described, the problem with his equipment is due to his laptop "hanging"/"freezing" before completion of the normal program run."

"They must have been running [Windows] XP," Pironti says. "That's all netbooks were running at that time, and who hasn't found running custom stuff on XP to be challenging?"

A spy suspect in New York City used her laptop to communicate with a Russian government official via an ad-hoc, peer-to-peer wireless network on six occasions this year -- always on Wednesdays. She set herself up in a coffeeshop, a book store and other unspecified locations with her laptop. U.S. agents sniffed her wireless network and identified two devices -- the same two MAC addresses each time -- establishing connections that U.S. agents think were used to communicate, the court papers say.

Apparently she was having trouble making connections with the other laptop, and in frustration turned it over to a U.S. undercover agent for repairs.

At a meeting with that undercover agent, she indicated that she was having trouble setting up the wireless connection. "Everything is cool apart from connection," she says on a recording made of the meeting.

The U.S. undercover agent responds, "I am not the technical guy…I don't know how to fix it, but if you tell me, I can pass it up." He then offers to take the laptop to the consulate for repair, and points out that she could take it with her to Moscow when she goes and get it fixed there. "It would be more convenient if I gave you it," she responds.

That was last Saturday. The same day in Washington, D.C., a second undercover U.S. agent -- UC-2 -- met with another suspected Russian spy -- SEMENKO -- and discussed his experience with ad hoc wireless networking. "SEMENKO responded that he wanted UC-2 to "figure out" the problems with the communications via the private wireless network."

Earlier, in describing his reaction to a successful wireless transfer, Semenko said he was, "like … totally happy."

The spies also used radiograms to communicate -- with messages being sent over short-wave frequencies in cipher and then decoded using a key written by hand in a spiral notebook U.S. officials found during a search of a suspect's home.

Audio recordings in one spy suspect's home picked up his voice saying: "I am going to write in invisible," referring to a message he planned to send to Russian officials in South America.

Join the PC World newsletter!

Error: Please check your email address.

Tags Configuration / maintenanceRussian spy ringdesktopsecurityWireless & Mobilehardware systemsdesktop pcsData Center

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments


Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >


Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >


Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?