In 2020 I committed to writing short thoughts on my readings.

Today, it’s The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics (2020) by Ben Buchanan.

After having really liked Ben’s previous book (The Cybersecurity Dilemma), I had high hopes for reading “The Hacker and the State”. It tells the story of state-originated hacking and the diversity of ends that cyber subterfuge can be employed. It categorizes this in three parts, which also reflect the book’s main empirical point: state originated hacking is most used for espionage, attack, and destabilization. Theoretically, the book’s main thesis contends that between two distinct approaches to competitive statecraft, cyber capabilities are best used for ‘shaping geopolitics and seizing the advantage’ (p.3), rather than ‘signaling a state’s positions and intentions.’ (p.4) In fifteen chapters (319 pages)...

In 2020 I committed to writing short thoughts on my readings.

Today, it’s “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers” (2019) by Andy Greenberg, a writer for Wired and one of the most respected journalists covering information security.

Update 28. August 2020: the full academic review can be found here.

Sandworm aims to tell the story of “Russia’s reckless willingness to wage this new form of cyberwar” and of a global arms race that “the United States and the West have […] directly accelerated with our own headlong embrace of digital attack tools.” (p. xiii). It tells this story in six parts (emergence, origins, evolution, apotheosis, identity, and lessons) and forty-two chapters. Its title, Sandworm, derives from the name chosen by one of the main actors in the book given to the threat actor of interest. It derives from an early campaign...

In 2020 I committed to writing short thoughts on my readings (see previous posts on the Austrians, counterintelligence, etc.).

I finally read John Barron’s (1974) book on the KGB.

The book is remarkable in many ways. Based on defector interviews, and significantly helped by several Western intelligence agencies, Barron wrote a book on KGB operations up to ca. 1970 in a level of detail that is still relevant today.

The book is written in narrative format and structured in fourteen chapters. The book offers an overview of the KGB’s outlook, remit of operation, and its position in the Soviet system of political rule. As such, it stands the test of time. At least as far as I am aware, there are no major lines of interpretation that were changed as a result of historical research (e.g. Christopher Andrew’s books on the KGB in the 1990s). Therefore, I would recommend the book to anyone...

HUMINT is adapting to the changing technological environment, both enabling new activity and constraining others. In this post I wrote up my thoughts after reading Jenna McLaughlin & Zach Dorfman’s December 2019 article in YahooNews. I focus on what digitally-enabled counterintelligence capabilities mean for HUMINT tradecraft.

What follows:

• Digital traces, biometrics, and advanced analytics and their implications on HUMINT
• My Conclusion
• Summary of McLaughlin & Dorfman

Digital traces, biometrics, and advanced analytics and their implications on HUMINT

Digital traces and biometrics coupled with cheap data storage and advanced data analytics are quickly changing the scope conditions for HUMINT tradecraft. One can separate the changes in two main aspects: on the one hand, digital data trails and individual connectivity has opened a rich targeting and access venue for HUMINT...

What we know

The three media outlets @srf¹ @zdf² and the @washingtonpost³ jointly reported that CryptoAG from 1970 onwards was owned by the CIA and the German BND, and sold cryptographically weakened devices, based on the internal histories of the CIA and the BND of the operation.

Image source: WashingtonPost

Between the 1970s and 1990s, the partnership made up for over 40 per cent of NSA’s machine decryptions, and for 90 per cent of BND’s diplomatic product reports.

Who knew?

The WashingtonPost claims “the documents show that at least four countries - Israel, Sweden, Switzerland, and the United Kingdom - were aware of the operation or were provided intelligence from it by the United States or West Germany.” SRF showed documents claiming that the secret was shared, over the years, with Denmark, France, the United Kingdom, Israel, Netherlands, Sweden, and (unidentified) others...

In 2020 I commited to writing short thoughts on my readings (see e.g. on the Austrians).

Today it’s to Catch a Spy (2019) by James M. Olson, a former CIA case officer and chief of counterintelligence (CI) at the CIA.

The book offers an introduction into American counterintelligence. It’s structured in three parts: 1. the main threats (China, Russia, Cuba), 2. principles and methods of CI (10 commandments of CI, Workplace CI, Double-Agent Operations), and 3. CI Case Studies.

The book seems to be addressed to potential U.S. CI recruits. The most interesting aspects are Olson’s priorities when it comes to CI principles and methods. In other words: there are better and more up-to-date resources on the threat environment and on CI case studies. Having said that the case studies are useful summaries for entering U.S. CI history - for each there are recommended references, often of...

In 2020 I commit to writing short thoughts on my readings.

The start is Thomas Riegler’s book on the Austrian Intelligence Services.

The book is written in three parts: History of the services, the BVT-Affair, and Cases, the first two of which I read (caveat to my assessment below).

Upside
The book is most astute in its analysis of the interconnection between Austrian political parties and the intel services. It is the most detailed study of the BVT I am aware of (the other two services being treated more in passing), and introduces much needed context into the period between 2015-2019. For example, it explains the structure (and resulting struggles) of the mixture between a policing and intelligence agency that the BVT is. It also shows how a domestic struggle (organisational dysfunction and political conflicts) led to a severe deterioration with partner services resulting in...

On 13. May 2015 Switzerland issued a regulation on the export of internet and mobile phone surveillance products. Export control regulations can be split into application (i.e. who has to apply for a license) and scope of control (i.e. in which cases is export denied).

The scope of application in this case follows the December 2013 decision of the Wassenaar Arrangement on Export Controls. This includes the sale and procurement of intrusion software, IMSI catchers, and carrier class IP surveillance technologies.

The scope of control includes (in addition to the normal export restrictions*), the reason to belief that the exported good will be used by the end-user as a means of repression. This is important, as it introduces a new basis for export denial into substantive law. On this basis, Switzerland will be able to deny the export of technologies to end-users who are suspected of...

On 4. May 2015, Switzerland’s intelligence service published its annual report on the security situation of the country.

Strategic landscape

The report notes a state of flux in the strategic landscape, driven by (a) a long-term clash of interests between Russia and the West as seen in the destabilization of Ukraine, with the potential for a renewal of a protracted East-West conflict throughout Europe and (b) the domestic insecurities in the Maghreb / Sahel and Iraq/Syria that led to large, uncontrolled territories.

Illegal intelligence and attacks on information infrastructure

Of special interest to this blog is the chapter on “illegal intelligence and attacks on information infrastructure.” Switzerland has chosen to focus on targets, methods, impact of Snowden revelations, and APTs. Regarding targets:

“In Switzerland, illegal intelligence is targeted both at Switzerland’s...