iStock-837345268-1

On October 4, 2018, Bloomberg Business published an article that shook the foundations of cybersecurity – “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies: The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.”

China’s not the only nation pursuing these avenues. This article is Part 1 of a series that focuses on how security plays out on national scales. First up: Russia’s espionage efforts using hardware compromises. 

No New Thing

Espionage by nation-states has been going on for thousands of years, and the methods to thwart them are sometimes humorous – like the 440 BCE technique to carry secret messages by imprinting the message on the shaved head of the messenger. When his hair grew out, the message was obscured from view and the messenger went on his way to deliver the message. Probably not a real-time method of delivery!  Let’s take a look at some past examples of Russian espionage efforts. 

The Great Seal Bug

On August 4, 1945 an “innocent” delegation of the Vladimir Lenin All-Union Pioneer Organization presented Ambassador Averell Harriman with a beautiful carved wooden plaque of the Great Seal of the United States. Dubbed the “The Thing” or the “Great Seal bug”, it “was one of the first covert listening devices (or "bugs") to use passive techniques to transmit an audio signal.”

The passive device needed electromagnetic energy from an outside source to activate and is considered a predecessor of Radio-Frequency Identification (RFID) technology.  It hung in the ambassador's Moscow residential study for an unbelievable seven years until it was accidentally discovered by a British radio operator at the British embassy who overheard American conversations on an open radio channel as the Soviets were beaming radio waves at the ambassador's office.

Tracked Typewriters

Fast forward to 1976 when the Russians were at it again.  This time, they implanted eavesdropping devices in IBM Selectric II and III typewriters used over an eight-year period at the US Embassy in Moscow and the US Consulate in Leningrad.

I actually remember these typewriters from my tenure in the Naval Nuclear Program. They were interesting devices, as the type-characters were arranged on a metal “print ball” situated in the center of the machine.  The print ball would spin to strike the paper commensurate with the key pressed by the operator.

The compromise was virtually undetectable, as “the advanced digital bugging device was built inside a hollowed-out metal supporting bar that runs from left to right inside the IBM typewriter. It registered the movements of the print head (ball), by measuring small magnetic disturbances caused by the arms that control the rotation and elevation of the print ball.” 

In essence, this was considered to be the first “keystroke logger” and was disclosed by a tip from the French intelligence service, who found a similar bug inside one of the teleprinters at their Moscow embassy in January 1983.

The Moscow Signal

More egregious examples of compromise involved an entire building rather individual devices within the building.  Known as “The Moscow Signal”, this incident “involved a reported microwave transmission, varying between 2.5–4 gigahertz, directed at the Embassy of the United States, Moscow from 1953 to 1976, resulting in an international incident. The US government eventually determined it was probably an attempt at espionage, and that the concerning health effects on embassy staff were incidental.”

Spy Construction

Eventually, needing a new Moscow-based embassy building, U.S. Ambassador Malcolm Toon laid the cornerstone in 1979 for what was to be a new embassy building on Tchaikovsky Street.  Hoping for a new beginning between the two superpowers, the Soviets offered to sell the Americans prefabricated building modules under the guise of guaranteeing that the new building met local building codes and standards.

Then-president Nixon pushed the U.S. State Department to approve the Russian’s generous gesture for assistance, but this arrangement essentially allowed the Soviet KGB secret police “to become the building's prime contractor.”

The U.S. naively allowed the Soviets to build precast concrete pieces for the embassy in their own factories.  And in 1982, U.S. inspectors using experimental X-ray scanners checked the construction on the 10-acre compound and found spy devices imbedded in the concrete panels and beams that were undetectable by normal X-rays.  The steel reinforcing rods were apparently designed to function as antennas.

A 1988 New York Times article stated that the building “stands useless infested with spying systems planted by Soviet construction workers.”

Untrustworthy USBs

At the September 2013 G20 Summit near St. Petersburg, Russia, foreign delegates and heads of state were “gifted” USB pens and mobile phone recharging devices by Russians that were “reportedly capable of secretly tapping into emails, text messages and telephone calls.”

Failed Attempts

Not all Russian attempts to bug the U.S. were successful. In 1967, the Soviet KGB planned to bug the U.S. Congress using agents from the Russian news agency, TASS. A TASS reporter smuggled a bug into an open hearing of the Armed Services Committee and was able to attach it under a table in the room.

 In a waiting car a few blocks away from the Capitol, KGB agents were unable to pick up a signal from the bug.  Unbeknownst to them, U.S. authorities had discovered it, disabled it, left it in place and the FBI waited for the KGB to retrieve the bug – which never happened. 

Like Mad Magazine’s Spy vs. Spy cartoon that depicts the hijinks of good versus evil spy caricatures, the U.S. gives as good as it gets, if not more so. Project “acoustic kitty” was launched by the CIA in the 1960s in which cats were surgically implanted with listening and transmitting devices. The first mission was allegedly a failure when the acoustically-enhanced cat was struck and killed by a taxi. And the project was abandoned in 1967 “due to the difficulty of training the cat to behave as required.”

The lesson? Security has always been – and will continue to be – a high stakes game of staying one step ahead. Cybersecurity is no different.

 

In Part 2, we will examine Chinese efforts to eavesdrop or otherwise compromise U.S. interests. 

Share This Article

  

CISOBox Demo

See how CISOBox can help you with incident response handling, including graphs, analytics, and communication coordination.

Higher Education Case Study

Wondering if CISOBox is right for your organization? Read about Case Western University and the impact CISOBox had for them.