An open-source overview of the technical intelligence collection threat in Asia.The views expressed in this article are those of the author and do not necessarily represent the official policy or position of the U.S. Army Intelligence Center. the Departments of the Army and Defense, and the U.S. Government. The technical intelligence (TECHINT TECHINT Technical Intelligence ) threat to government employees and civilian travelers in Asia is as prevalent today as was TECHINT targeting of Western embassies and diplomats in Moscow at the height of the Cold War. Even this comparison may be below the mark because indeed both Russia and certain areas of Asia today have far surpassed the level of targeting that one once expected between the polar antagonists of the Cold War era. The reason for this increase in threat is not because of increased political tensions but rather for a more pragmatic reason--money, or more specifically, economic espionage. Indeed, the nature of the threat is at the heart of the reason why open sources can adequately identify the threat. During the Cold War, only very rare exposes, such as the "Great Seal" attack at the U.S. Embassy in Moscow--graphically presented by the U.S. Ambassador as evidence at a publicly televised United Nations forum--or the Soviet bugging of the then new U.S. Embassy in the 1980s, ever made it to the national press. Most other incidents were only for the purview The part of a statute or a law that delineates its purpose and scope. Purview refers to the enacting part of a statute. It generally begins with the words be it enacted and continues as far as the repealing clause. of those with access to the classified newsreels; the rest of the world remained blissfully ignorant of the technical threat they might be facing during overseas travel. Background Beginning in the 1980s, the transformation of the world's political and economic environment changed the nature of the threat. Certainly, the threat was present as far back as the Korean War Korean War, conflict between Communist and non-Communist forces in Korea from June 25, 1950, to July 27, 1953. At the end of World War II, Korea was divided at the 38th parallel into Soviet (North Korean) and U.S. (South Korean) zones of occupation. when Japanese technicians began reverse-engineering U.S. aircraft parked on their tarmacs in between sorties over Korea. (1) Such rumors as Air France Air France in full Compagnie Internationale Air France French passenger and cargo airline with more than 200 destinations in some 80 countries. It introduced supersonic Concorde service in 1976, but financial loss led the company to cease its Concorde having bugged its first-class seats with microphones to overhear o·ver·hear v. o·ver·heard , o·ver·hear·ing, o·ver·hears v.tr. To hear (speech or someone speaking) without the speaker's awareness or intent. v.intr. conversations between international business executives and reports of laptops and documents copied or even stolen at French hotels give credence to this new age threat. Suddenly, the threat was neither from the United States' traditional "enemies" nor focused on politico-military targets, allowing an open, honest examination and discussion of what this threat meant for the future of U.S. security. This short overview will sift through some of the available open-source data to uncover the technical intelligence threat facing everyone (business executive, government official, or tourist) who happens to find a trip to Asia on their upcoming itineraries. First, one should note that the technical threat is not universally focused, prevalent, nor equivalent throughout Asia. Certain countries have a more dedicated collection program than others, either for reasons of economic espionage or political security. An open-source list of these countries (in alphabetical order) includes Japan, the Democratic People's Republic of Korea (North Korea), the People's Republic of China (PRC), Taiwan, the Republic of Korea (South Korea), the Russian Federation, and the Socialist Republic Socialist Republic is a republic governed on the principles of socialism usually by a communist or a socialist party. They are usually focused on a centrally planned economy, but sometimes they mix their economy with elements of a free market of Vietnam. This is not to say that technical collection does not occur in other countries of Asia, perhaps notably India and Pakistan. In fact, technical collection probably does occur in every country that maintains an intelligence service worldwide; however, either they do not direct the focus toward foreigners not deemed a domestic security threat, or the information available on the threat is not widely available in an open-source forum. TECHINT Collection Equipment Indeed, the equipment needed to conduct most basic technical collection missions (microphones, cameras, and receivers) is widely available in the commercial market at prices that even amateur hobbyists could afford and thereby conduct collection missions in almost any environment. Additionally, for those hobbyists who do not have the technical nor engineering background to build their own hidden transmitters and receivers, various Japanese and Taiwanese electronics companies produce ready-made products such as video cameras and microphone transmitters inside devices that one can install or temporarily transport into areas of interest. (2) These devices may appear to be smoke detectors, notebooks, alarm clocks, telephone outlets, calculators, cellular telephones, or even a pack of cigarettes. This goes to show that even if a country does not appear, at the outset, to have an ongoing technical collection mission, any country could conduct technical collection at will by simply surging the capability using a small commercial-off-the-shelf purchase and detailing a team of intelligence professionals or engineers to emplace em·place tr.v. em·placed, em·plac·ing, em·plac·es To put into place or position: emplace a fortification on the hilltop. Verb 1. and monitor the equipment on the target of interest. Such targets of interest might include international conferences or negotiations where collectors might monitor delegation members to determine their nation's hidden negotiating platforms. Similarly, they often monitor international companies' contract bidding process, thereby allowing local competitors to underbid them by the smallest of increments. Truly, any area that might be of national interest (economic well being is assuredly part-and-parcel of the Asian national interest) is a valid target for technical collection. The technical collection threat in practically any room worldwide starts with the telephones on the desk. A standard telephone contains at least one microphone, and with a simple reengineering trick, one can transform telephone speakers into microphones as well. Consider then the number of potential microphones a modern digital telephone might have: two in the handset, two for the speakerphone, and one for the ringer. What is preventing the discussion occurring inside the room from transmitting along the telephone lines? As it turns out, not much, and if one is overseas--especially in Asia--a person should always assume that his telephone is the equivalent of a live microphone. In the past, the hook switch See switch hook. of a telephone physically disconnected the wires inside the telephone that established the talk path (an electrical conduit between the handset and the other party). If an adversary wanted to "bug" the telephone, there were generally only two options available: [] Rewire re·wire v. re·wired, re·wir·ing, re·wires v.tr. To provide with new wiring: rewired the old house. v.intr. To install new wiring. the telephone's internal network to bypass the hook switch when the telephone is not in use or "on hook." [] Introduce another transmitter, such as a radio-frequency transmitter not dependent on the telephone internal wiring to transmit conversations outside the room. The introduction of cheap, digital telephony Digital telephony is a technology used in the provision of digital telephone services and systems. Since the 1960s it has almost entirely replaced the old telephone system that used analog telephony. did away with what little security the hook switch provided. Now the "hook switch" is nothing more than a computer-chip function that signals a disconnect procedure through digital commands. However, network administrators and hackers know bypasses they can use to turn telephones on while they are sitting idle in the telephone cradle. At the administrator's level, "clicking a button" on the main control program can activate telephones controlled by PBXs. (3) PBXs also have numerous vulnerabilities to hacker exploitations (thus the billion-dollar-a-year toll fraud problem in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. ), which make any telephone controlled by a PBX (Private Branch eXchange) An inhouse telephone switching system that interconnects telephone extensions to each other as well as to the outside telephone network (PSTN). a potential threat to external exploitation as well. Asia-Specific TECHINT Collection The threat in Asia, however, is a little more simplistic sim·plism n. The tendency to oversimplify an issue or a problem by ignoring complexities or complications. [French simplisme, from simple, simple, from Old French; see simple and common than an exotic hacker attack. Many hotels in Japan, China, and South Korea have permanent wiring so that the telephones receive and transmit audio even when they are not in use. (4) In China, at least one agency of the PRC Government owns most if not all of the executive-level (three or more stars) hotels. Foreign hoteliers need government permission to build and conduct business in China, something more easily accomplished with a PRC agency pushing the contracts through the labyrin-thine Chinese bureaucratic process. Granting partial ownership to the PRC agency willing to support the project--as well as granting the government certain concessions, one of which is general oversight and liberal leave during the construction--can facilitate this process. With this power, the Chinese Ministry of State Security can lay extra wire in the hotels during construction to either permanently tie-in microphones or make plug-and-play installation as easy. (5) They can then establish permanent surveillance and technical monitoring posts near the hotel to keep track of the guests' conversations, actions, and associations. Hotels in North Korea and Vietnam most likely follow China's lead in monitoring foreigners from a largely internal security standpoint. Japan and South Korea have a completely different perspective for monitoring foreigners' business in their hotels--economic espionage. U.S. Ambassador to Japan, Michael B. Smith, noted that Japan permanently bugged and monitored entire floors of many prominent hotels and that "Nobody in his right mind would make a telephone call [from a hotel in Tokyo]." Rather, "if you wanted to talk about something sensitive, you always went outside" because "They can't bug the parks." (6) In a classic example of Japanese hotel bugging, a U.S. telecommunications company See telecom company. executive traveled to Japan to test his company's prototype scrambler telephone. He plugged the telephone into the hotel room's telephone jack and two hours later, "a very polite but insistent serviceman from the telephone company appeared, unsolicited, at his door." Their conversation went something like this: Serviceman: "There is something wrong with your telephone." U.S. Businessman: "No, it works fine." Serviceman: "But we cannot understand what you are saying." U.S. Businessman: "That is the point." Serviceman: "It is not compatible with Japanese standards." (7) The fact that technical collection is as commonplace in Japan as in any other country on Earth should not come as a shock. Japan does not have a national intelligence service per se, because every Japanese business executive is an ad hoc For this purpose. Meaning "to this" in Latin, it refers to dealing with special situations as they occur rather than functions that are repeated on a regular basis. See ad hoc query and ad hoc mode. collector for the Japanese Ministry of International Trade and Industry The Ministry of International Trade and Industry (通商産業省 Tsūsho-sangyō-shō or MITI) was one of the most powerful agencies in the Japanese government. , an economic intelligence clearinghouse that assembles and distributes intelligence to the companies that could most benefit from it. The Japanese even built an industrial espionage industrial espionage Acquisition of trade secrets from business competitors. Industrial spying is a reaction to the efforts of many businesses to keep secret their designs, formulas, manufacturing processes, research, and future plans. school, the Institute for Industrial Protection, with government money to teach businesspersons the art of spying. (8) It is therefore unsurprising that Japanese hotels might cooperate with their government's efforts to keep tabs on all foreign guests for the "good" of the nation. Foreign businesses should likewise consider every telephone in their buildings and personal residences actively tapped by the telephone company as it would be highly unlikely that the only economic espionage targets of interest in Japan would be of those persons temporarily residing in a downtown hotel. After all, a Japanese auto-maker would be interested in the preliminary plans of U.S. American auto dealerships in Japan; there are hundreds of other similar scenarios. Certainly, the fact of businesses bugging other businesses is an everyday matter in Japan, where neither the perpetrator A term commonly used by law enforcement officers to designate a person who actually commits a crime. nor the target might necessarily be foreign. In fact, politicians use the services of private investigative agencies to place bugs in strategic locations to collect on their political rivals, as do smaller businesses and domestic dispute clients. (9) On the other hand, if the person is so inclined, he could just as easily purchase a bugging device himself in the Akihabara electronic district in Tokyo where a plethora of different devices and how-to manuals are available. These Japanese-made devices, as well as Taiwan-made devices, find their way to similar electronics markets throughout Asia including South Korea and Thailand. Such clandestine surveillance devices are illegal to import into the United States--although there are numerous loopholes that spy and electronics shops in the United States are able to use to offer similar items for sale. In Asia, however, the limitations on importation and use are virtually nonexistent non·ex·is·tence n. 1. The condition of not existing. 2. Something that does not exist. non . Amazingly, an international air traveler will likely have a harder time importing and exporting commercial radio equipment (amateur "ham" radio, citizen's band [CB], etc.) from an Asian country Noun 1. Asian country - any one of the nations occupying the Asian continent Asian nation country, land, state - the territory occupied by a nation; "he returned to the land of his birth"; "he visited several European countries" than carrying illicit listening devices through customs and security checkpoints. It is generally well known that we all should guard our conversations in Asian hotels from the prying ears of the host nation, but what about the threat from neighboring Asian nations? Should a U.S. business executive in the Philippines be worried about telephone tapping telephone tapping n → mise f sur écoute telephone tapping telephone n → Abhören nt von Telefonleitungen telephone tapping efforts from the Chinese or Japanese in addition to Filipino security agencies? As it turns out, the answer is yes. The Chobetsu is Japan's signals intelligence service and "has the capability of eavesdropping Secretly gaining unauthorized access to confidential communications. Examples include listening to radio transmissions or using laser interferometers to reconstitute conversations by reflecting laser beams off windows that are vibrating in synchrony to the sound in the room. on all of Japan's neighbors ... in addition to Japanese telephone lines." (10) In China, the Third Department of the People's Liberation Army People's Liberation Army Unified organization of China's land, sea, and air forces. It is one of the largest military forces in the world. The People's Liberation Army traces its roots to the 1927 Nanchang Uprising of the communists against the Nationalists. has approximately 20,000 trained foreign linguists working at signals intelligence (SIGINT Noun 1. SIGINT - intelligence information gathered from communications intelligence or electronics intelligence or telemetry intelligence signals intelligence ) collection sites throughout China, as well as in extra-territorial sites in Burma, Laos, and the Paracel Islands (near Vietnam). (11) These sites provide complete SIGINT coverage of radio, telephone, and satellite communications, targeting all of China's neighbors and many others beyond its immediate borders, but generally within its area of interest, covering Asia (in all directions), the South China Sea, and Pacific Ocean. (12) China's newfound economic prowess has also helped the PRC more efficiently conduct its SIGINT collection mission. The Chinese Government, a major shareholder in the Iridium iridium (ĭrĭd`ēəm), metallic chemical element; symbol Ir; at. no. 77; at. wt. 192.22; m.p. about 2,410°C;; b.p. about 4,130°C;; sp. gr. 22.55 at 20°C;; valence +3 or +4. satellite consortium, helped launch (or will launch) 22 of the planned 66 satellites in the Iridium constellation, and will provide a major gateway in China to connect Iridium satellite telephone calls with the universal, public, switched telephone network. (13) When a country owns or controls domestic, international, and satellite telephone switches, no modifications need to be made to a telephone instrument to intercept, record, or exploit the discussions made between it and another party. This capability is a natural function of the switch, making all such communications subject to host-nation interception. The Chinese-Iridium gateway is not only an essential component of the Iridium business model, thereby allowing connection of Iridium users to virtually any telephone in the world, but would also allow Chinese SIGINT elements immediate, real-time access to virtually any Iridium user's communications (although as already mentioned, collections go beyond Iridium telephones). A look at the major clientele list of Iridium might provide a small insight into the impact such a gateway could have on regional security issues. After nearly going bankrupt from the high costs of developing and launching satellites, Iridium was bought out and the new company partially kept in business through the help of major government contracts, such as with the Department of Defense, and in the Pacific theater with U.S. Pacific Command (PACOM PACOM Pacific Command PACOM Pan-African Committee (for START, the Global Change System for Research, Analysis and Training) )--the United States' front-line defense, guarding against any futuristic "Pearl Harbor," potential North Korean hostilities, the cross-Taiwan Straits crisis, or other such military contingencies. While PACOM may have access to secure encryption equipment to use in conjunction with its Iridium satellite telephones, the average businessperson probably would not, and neither would the average U.S. citizen get authorization to transport such encryption technology outside the United States. Therefore, without the inclusion of some means of encryption or secure voice scrambling, a business executive, government representative, or military official should function under the presumption that someone is monitoring all of his telephone communications made in a foreign country. Final Thoughts This short article has highlighted some of the open-source information on threats that await business travelers, tourists, and government personnel alike in their travels and work in the Asian-Pacific Theater. Although the TECHINT threat is prevalent they should not disregard the human intelligence (HUMINT HUMINT Human Intelligence ) threat. Perhaps a rule of thumb that one would be well advised to follow is not to engage in any activities or discussions that one would not like to become public knowledge. Furthermore, even though a person's travels may take him to a so-called friendly country, this is no guarantee that either that country is not interested in his activities or that other countries do not have the means to collect outside their own territories. In this regard, a popular military motto seems appropriate: "Vigilance is my watchword." Endnotes (1.) To cite just one example, Japan studied and improved on the technology behind disc brakes employed on F-104 fighters according to John J. Fialka, War by Other Means: Economic Espionage in America (New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of : W.W. Norton and Company, Inc., 1997), page 43. (2.) Ibid., pages 114-116. (3.) PBX is Private Branch Exchange, a computerized telephone switch used by businesses and government agencies as a cost-saving measure while incorporating numerous features like call waiting and call forwarding to support their customer-relations needs. (4.) Ibid., page 14. (5.) Eftimiades, Nicholas, Chinese Intelligence Operations (Annapolis, MD: Naval Institute Press, 1994), page 45. (6.) Schweizer, Peter, Friendly Spies: How America's Allies Are Using Economic Espionage to Steal Our Secrets (New York: The Atlantic Monthly Press, 1993), page 85; also Fialka, War by Other Means, page 114. (7.) Fialka, page 118. (8.) Schweizer, page 23. (9.) Fialka, page 114. (10.) Ibid., page 118. (11.) Stokes, Mark A., China's Strategic Modernization: Implications for the United States (Carlisle, PA: Strategic Studies Institute, 1999), pages 33-34. (12.) Ibid. "Lanzhou collects on Russia. Shenyang covers Russia, Japan, and Korea. Chengdu monitors India, Pakistan, and Southeast Asia. Nanjing monitors Taiwan. Guangzhou covers Southeast Asia and the South China Sea. Sites in Jilemutu, Erlian, and Hami as well as other Northwest China locations cover Central Asia, Russia, and Mongolia." Stokes lists sites in Shanghai, Beijing, plus Burma, Laos, and Rocky Island in the Paracels but does not mention their actual targets. (13.) Ibid., pages 48-49. Sergeant First Class Wade Wilson is a certified Technical Special Agent assigned to B Company, 205th MI Battalion. 3 Fort Shafter, Hawaii. Special Agent Wilson is working towards a Master's degree in Strategic Intelligence through American Military University. Readers can reach him at wade.wilson@us.army.mil and telephonically at (808) 438-6887. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion