Spies Are Being Made Redundant By Technology

GCHQ recently released a Report called Pioneering a New National Security: The Ethics of Artificial Intelligence in which they set out, in broad terms, the guide to how they will ethically use Artificial Intelligence (AI) in the future.

This is an important document for what it represents: a deliberate move towards public engagement, transparency, and the establishment of public trust.  The report quotes the Alan Turing Institute, “the field of AI ethics emerged from the need to address the individual and societal harms AI systems might cause”,

GCHQ the UK’s spying agency say they have fully engaged with AI to find, analyse and use the massive amounts of global data for their own intelligence work. AI and Machine Learning are playing an increasing role in cybersecurity, with security tools analysing data from millions of cyber incidents, and using it to identify potential threats 

Digital disruption is sweeping through the world’s second-oldest profession, spying, and it is altering monitoring, collection and action. Spying has of course been important for governments throughout history but it has also been very important for business and has helped create industrial change.

Historically people were used as the main spy agent, but in recent history and currently, spying and intelligence gathering is often accomplished by using Artificial Intelligence, cyber analysis, hacking and malware electronics.

AI, which traces its history back to British mathematician Alan Turing’s work in the 1930s, allows modern computers to learn to sift through data to see the shadows of spies and criminals that a human brain might miss. GCHQ, where Turing cracked Germany’s naval Enigma code during World War Two, said advances in computing and the doubling of global data every two years meant it would now fully embrace AI to unmask spies and identify cyber attacks.

The world’s biggest spy agencies in the United States, China, Russia and Europe are in a race to embrace the might of the technological revolution to bolster their defensive and offensive capabilities in the cyber realm. This process is moving toward a more continual monitoring approach as is now often using Cyber-Intelligence and aspects of Cyber-warfare.

Consequently, there is a growing realisation in some Intelligence agencies that the Spy Agents job is changing and some aspects of spying is gradually becoming redundant.

Cyberspace can now be used by a lot of electronic and IT systems, to the Internet of Things which is connected many of the traditional mechanical systems to robotics for monitoring, observation and analyse.These processes can be used to monitor and spy on the seas, skies, streets, phones, emails and conversations of targeted individuals.

AI now can be used to monitor the enemy or friends, intelligence services and their correspondence. All data can be collected and analysed by machines using different systems and processes such as cognitive computing. This uses self-learning and pattern recognition for data analysis of natural language processing and can copy the way an individual’s brain works, Wittgenstein would have approved!

Now drones can be used to assassinate agents and operators. Malware and machines can spy on systems, people and on a leader’s mobile conversations, texts and emails.

Therefore, in some eyes you no longer need an agent to Spy as we can now use aspects of Cognitive Computing (CC) to get deeper into a targets mail, conversation and actions. CC has been used to refer to new hardware and/or software that mimics the functioning of the human brain and helps to improve decision-making and can be used to monitor a target. In this sense, CC is a new type of computing with the goal of more accurate models of how the human brain/mind senses, reasons, and responds to stimulus. CC applications link data analysis to adjust content for a particular type of audience.

As such, CC hardware and applications strive to be more affective and more influential by design but CC can also be used to monitor and interpret a governmental decision making process and to alter and add bias if required. So the 2nd oldest profession will soon have far fewer jobs than in the past and some say OO7 will be taught by such learning games OO-ISpy.com.

Alex Younger a previous head of MI6, said, “the digital world is a very interesting combination of an existential threat and a golden opportunity”.

“The information revolution fundamentally changes our operating environment. In five years’ time there will be two sorts of intelligence services: those that understand this fact and have prospered, and those that don’t and haven’t. And I’m determined that MI6 will be in the former category.

“The third and most important part of British intelligence is the surveillance agency GCHQ, which in partnership with the US National Security Agency, is responsible for scooping up most of the intelligence through tracking phone calls, emails, chat lines and other communications.”

The Internet companies not only faced a backlash from customers concerned about their privacy but were displeased on discovering that, in spite of their cooperation, the agencies were accessing their information anyway through backdoor channels.

The UK is now repurposing its intelligence services with a £1.5bn annual top-up for Intelligence and Security. 

Espionage techniques have evolved beyond the old methods of the 1970s and earlier of bugging rooms or tapping phone lines; today’s Watergate wouldn’t come from breaking into an office building, it would come from cracking an email server or a corporate network. Already, we’re seeing these threats escalate in the political world, from the Democratic National Convention (DNC) email hack, to a spear-phishing campaign targeting US officials, to last year’s surge of sophisticated cyber-attacks against the State Department.

Cyber attacks have made it increasingly possible for foreign governments, international and local hackers to effect and change media and propaganda and alter election results.

In 2014, as Ukraine prepared for a crucial vote to decide the Presidency, government cyber experts found Russian hackers had breached its election computing infrastructure. The hackers knocked out the entire system that tallied the votes. The attack was detected and repaired, but then, just as the vote results were about to roll out, a virus was found that would have called the election for radical nationalist.

However, there is also definitely a social effect in the US where a lot of working people, are rebelling against the ruling establishment elite who have had an increasing grip on power through institutions and the media for at least the past 40 years.

Literally hundreds of millions of dollars are being spent conducting opinion polls across the States, many of which tend to have built-in bias's. This tends to ensure that their primary function is as a propaganda message often in the interests of those commissioning the polls. This is the lesser known use of the Malware message.

  • Internet protocols are now nearly 30 years old, and the Web has grown dramatically in scale and it has acquired hundreds of additional protocols and extensions, making it increasingly complex to manage. 
  • Around 53% of the world population now has an Internet connection.
  • The Internet continues to grow day by day making McLuhan's Global Village almost a reality.

People will be so connected via the Internet that it has been suggested they will be able to create new digital "nations" with other people who share their interests.

  • In 1995 Internet use was less than 1% of the world population. By 2005 it hit its first Billion users. Today’s Internet world users are 4.7 billion.
  • By 2025/6 it is thought that this will rise to 6/7 billion 75/80% of the global population.

Global connectivity has really arrived in the past 20 years. This is significant because like previous industrial geo-political and macro-economic revolutions this one reminds us that the age of connectivity is in its infancy, and most of the changes have yet to come.

By the end of this year, there will also be around 4.2 billion connected things, everything from smart cars, smoke detectors, door locks, industrial robots, streetlights, heart monitors, trains, wind turbines, even tennis racquets and toasters. As digital technology continues to spread to the poorest parts of the world criminal and extremist groups operating here and there will also increasingly be given access to the new technology.

Spying History

On the brighter side, digital technology should make it easier to track down and uncover illegal syndicates and bring them to justice, unless they are run by governments who have their own agenda and use cyber-privateers to do their malware, collection, electronic spying and data theft and message adaption and propaganda.

The rise of city states and empires meant that each needed to know not only the disposition, character and morale of their enemy, but also the loyalty and general sentiment of their own population.Early Egyptian pharos [some 5,000 years ago] employed espionage agents to ferret-out disloyal subject and to locate tribes that could be conquered and enslaved. In Ancient Rome, major political players had their own surveillance networks, which provided them with information about the schemes of those in power.

The Roman Empire possessed a fondness for the practice of political espionage. Spies engaged in both foreign and domestic political operations, gauging the political climate of the Empire and surrounding lands by eavesdropping in the Forum or in public market spaces. Seventy years before Christ’s birth, the politician and orator Cicero frequently lamented that his letters were being intercepted. "I cannot find a faithful message-bearer," he wrote to his friend, the scholar Atticus. "How few are they who are able to carry a rather weighty letter without lightening it by reading."

In the Middle Ages, the Roman Catholic Church was more powerful than most governments, and it had a powerful surveillance network to match. Religious confessions and the confession boxes were used to monitor and spy on local communities.

The court of Elizabeth I was fertile ground for scheming and spies, and Francis Walsingham's job was to keep the monarch one step ahead of her adversaries. Many modern espionage methods were established by the Elizabethan spymaster Francis Walsingham. Walsingham's staff in England included the cryptographer Thomas Phelippes, who was an expert in deciphering letters and forgery, and Arthur Gregory, who was skilled at breaking and repairing seals without detection. In May 1582, Walsingham’s team intercepted letters written by Spanish ambassador to England, regarding a conspiracy to invade England and install Mary, Queen of Scots to the throne. 

  • Walsingham came up with a way to prove she was a threat to the queen. They had all of her mail opened, but led her to believe that she had a secret means of correspondence through letters hidden in a beer keg.
  • Walsingham gathered and added evidence of Mary's involvement in rebellious plots. She was later of course put on trial for treason and beheaded.

Throughout the late eighteenth and early nineteenth centuries, American industrial spies roamed the British Isles, seeking not just new machines but skilled workers who could run and maintain those machines. One of these artisans was Samuel Slater, who having worked and memorised patent information, secretly emigrated to America in 1789, posing as a farmhand and brought with him an intimate knowledge of the Arkwright spinning frames that had transformed textile production in England. He set up the first water-powered textile mill in the US and soon became very wealthy and owned over a dozen mills. President Andrew Jackson called him “the father of the American industrial revolution”. He was called ‘Slater the Traitor’ by the British.

Two decades later, the American businessman Francis Cabot Lowell talked his way into a number of British mills, and memorized the plans to the Cartwright power loom. When he returned home, he built his own version of the loom, and became one of the most successful industrialist of his time. The efforts of Thomas Digges, America’s most effective industrial spy, got him repeatedly jailed by the Brits, and praised by George Washington for his “activity and zeal.”

Not that the British didn’t have a long history of commercial theft themselves. In 1719, in Derby, Thomas Lombe set up what’s sometimes called the first factory in the United Kingdom, after his half-brother made illicit diagrams of an Italian silk mill. Lombe was later knighted. In the nineteenth century Britain’s East India Company, in one of the most successful acts of industrial espionage, sent a botanist to China, where he stole both the technique for processing tea leaves (which is surprisingly complex) and a vast collection of tea plants. That allowed the British to grow tea in India, breaking China’s stranglehold on the market.

Recently revelation that intelligence agencies have been gathering user data directly from nine of the largest Internet companies, including Google and Facebook, has shocked and partially surprised many Americans and Europeans. But, considering the history of spying, maybe it shouldn't have.

Decades before the agency was collecting massive amounts of phone and Internet records, it was collecting telegraph records in an operation that raises similar legal issues and worries about lack of oversight.

For instance, in August of 1945, US Army representatives met in secret with the country’s three major telegraph companies, ITT World International, RCA Global, and Western Union. They explained that the Army Signal Security Agency wanted copies of all telegrams sent to and from the United States. World War II was coming to a close and the top secret, multinational Manhattan project had proven the power of foreign intelligence. Executives from the three companies agreed to comply, provided they were assured by then-Attorney General Tom Clark that it was not illegal for them to do so. There is no record any such assurance was officially given, but the operation went ahead anyway. 

The telegraph operation, codenamed SHAMROCK, was a massive undertaking in the time before digital data storage: Once a day, beginning in late 1945, the Army sent couriers to telegraph offices in New York; Washington, DC; San Francisco; and San Antonio to pick up all their international telegrams, which were stored at first on hole-punched paper and later on reels of magnetic tape.

Analysts then sifted through the communiques, looking for encrypted intelligence and evidence of Soviet spying. For the next two decades the program continued in secret, often even from the top staff of the NSA. This was, impart the model for PRISM, which Snowden exposed.

These days, of course, things have changed. The United States is the world’s biggest advocate for enforcing stringent intellectual property rules, which it insists are necessary for economic growth.

However, a current example might be Samsung, for instance, is known for being a “fast follower” in its consumer business, which really means that it’s adept at copying other companies’ good ideas. That’s not the same as theft, but evidence from its recent patent trials with Apple shows that Samsung’s response to the iPhone was, in large part, simply to do it “like the iPhone.”

Today Malware in its simplest form is similar to the way in which phone systems were originally used to listened to phone calls or to copy them. Malware, short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems and can engage in many other options including displaying unofficial counter-advertising.

Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.

Spyware or other malware is sometimes found embedded in programs supplied officially by companies, e.g., downloadable from websites, that appear useful or attractive, but may have, for example, additional hidden tracking functionality that gathers marketing statistics.

Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan Horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other types of spy software.

Some Categories Of Malware 

Virus - Software that can replicate itself and spread to other computers or are programmed to damage a computer by deleting files, reformatting the hard disk, or using up computer memory.

Adware - Software that is financially supported (or financially supports another program) by displaying ads when you're connected to the Internet.

Browser hijacking software - Advertising software that modifies your browser settings (e.g., default home page, search bars, toolbars), creates desktop shortcuts, and displays intermittent advertising pop-ups. Once a browser is hijacked, the software may also redirect links to other sites that advertise, or sites that collect Web usage information.

Spyware - Software that surreptitiously gathers information and transmits it to interested parties. Types of information that is gathered includes the Websites visited, browser and system information, and your computer IP address. Spyware is software that aims to gather information about a person or organisation without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.

Spyware can collect almost any type of data, including personal information like internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting web browsers. Some spyware can change computer settings, which can result in slow Internet connection speeds, unauthorised changes in browser settings, or changes to software settings.

We now use malware and spyware in many different environments, technologies and military equipment and maritime vessels at sea and in port.

Potential applications of this electronic technology include anti-personnel weapon systems, potential missile defense system, and the disabling of lightly armored vehicles such as cars, drones, watercraft, and electronic devices such as mobile-phones from hundreds of miles off the coast from the country being monitored by the Defender.

The Pentagon is now begun to up-grade the potential of such vessels and is researching technologies like directed-energy weapon and railguns to counter maturing threats posed by missile and hypersonic glide vehicles. These systems of missile defense are expected to come online in the mid to late-2020s.

During the last 35 years, all of our secrets and the enemy’s secrets have been stored inside computers. This makes the use of the cyber attacks more Spy necessary. Cyberwar remakes old assumptions about national security and military engagement. Old metrics such as troop numbers or missile inventories become outdated. Cyber-warriors aren’t as easy to track as nuclear weapons or naval warships. And unlike in the Cold War, when the US and the Soviet Union were the only powers capable of exacting serious damage, cyberwar is inexpensive. Any nation might emerge as a threat, and the identities of the true combatants are never quite clear.

The new era of cyberwar became public knowledge in 2012, when US intelligence officials leaked details of the malware Stuxnet, which took place a few years before the leak, was a piece of malicious software that American and Israeli forces developed to sabotage Iran’s nuclear weapons development.

The virus infected some 300,000 computers, but it became active only in a fraction of them. Unlike the assassinations of Iranian scientists, which Israeli forces – probably its intelligence agency, the Mossad, performed, Stuxnet’s effect was invisible. Stuxnet marked a new chapter in the annals of international confrontation: the first known instance of a computer attack that aimed for results in the physical world, rather than stealing data or clogging online traffic. Reflecting the importance of cyberwar, the Pentagon said it would ramp up its hacking capabilities.

Paying a hacker to steal secrets can be a cheap way to gain valuable intelligence. Consider Su Bin, a Chinese hacker living in Canada. He was indicted in 2014 for stealing US military secrets. He targeted several military planes, amassing a stockpile of hundreds of thousands of documents, including drawings, wing measurements and flight-test data for the C-17 flight transport aircraft. While US taxpayers invested $3.4 billion to develop the C-17, Su Bin’s project to steal 630,000 related documents cost a mere $450,000.

Many observers suspect that China's apparent compliance with the China/US cyber agreement represents little more than a shift in tactics that is probably temporary. Other observers suspect that Chinese hackers may have simply redirected their efforts to other, more valuable or more vulnerable targets in other countries.

Weaponised Social Media 

War, as the 19th-century military theorist Carl von Clausewitz famously put it, is simply the continuation of politics by other means. Social Media, by democratising the spread of information and erasing the boundaries of time and distance, has expanded the means, transforming war to an extent not seen since the advent of the telegraph.

Social Media, particularly Twitter at present is used a propaganda tool. The 2012 Gaza conflict was “the first Twitter war”, spokesmen for Israel and Hamas each posted up to 90 times a day and changes some of the news stories to suit their views.

Electronic voting Systems are another problem for democracies. More often than not, electronic voting systems are nothing but bare-bone, decade old computer systems that lack even rudimentary endpoint security. Despite the recurring discussion on electronic voting vulnerabilities that occurs every four years, only limited attention is given to the systemic problem undermining American democracy.

To hack an election, the adversary does not need to exploit a national network of election technology. By focusing on the machines in swing regions of swing states, an election can be hacked without drawing considerable notice. Voter machines, technically, are so riddled with vulnerabilities that hacking an election is easy.

The electronic voting systems popularised in the United States in the early 2000s have been repeatedly proven vulnerable and susceptible to attacks that are so unsophisticated, a high school student could compromise a crucial county election in a pivotal swing state with equipment purchased for less than $100, potentially altering the distribution of the state’s electoral votes and thereby influencing the results of the Presidential election.

The United States e-voting system is so vulnerable that a small group of one or a few dedicated individuals could target a lynchpin district of a swing state, and sway the entire Presidential election. Previous close elections similar to the one this November are for instance: 1960, John F. Kennedy only had 112,727 more votes than Richard Nixon. The 2000 election between George W. Bush and Al Gore was similarly contentious and it may have depended on a few hundred votes.

If the attacker has access to the administrative card or if they can infect a machine with malware that will spread onto the administrative card, then they can spread malware onto multiple machines and increase their sway over an election.

Cyber Warfare

Since Russia’s cyber attacks on Estonia, US spies and security researchers say Russia is particularly skilled at developing hacking tools. Some malicious software linked to Russia by security researchers has a feature meant to help it target computers on classified government networks usually not connected to the Internet.

The virus does this by jumping onto USB thumb drives connected to targeted computers, in the hopes that the user, such as US military personnel, will then plug that USB drive into a computer on the classified network. It has been almost a decade since the smartphone emerged, introducing the new age of always-on mobile connectivity, and networked devices now already outnumber the people on the planet.

This Internet of Things creates new levels of complexity for those enforcing cyber security and creates new opportunities for cyber-spies. This new world order might also allow far greater surveillance of individuals by governments. A UCLA engineer notes that ever-cheaper data storage could allow public officials to record and catalog everything that happens online.

A newly discovered piece of malicious code dubbed Duqu is closely related to the notorious Stuxnet worm that damaged Iran’s nuclear-enrichment centrifuges. The code can monitor messages and processes, and look for information including the design of so-called SCADA systems (for “supervisory control and data acquisition”). These are computer systems that are used at industrial plants and power plants to control things like pumps, valves, and other machinery.

Like Stuxnet, which infected thousands of computers in 155 countries last year, Duqu got aboard victim computers by means of a stolen digital certificate, a cryptographic code that authenticates a piece of software on a target machine.

From power smart grids to the “Internet of Things,” the potential targets of cyber warriors are now multiple.

Premeditated, politically or socially motivated attacks against a computer-dependent society could be orchestrated by foreign powers and affect nations at any level: from the availability of utilities, to denied access to important financial and medical information, to causing a significant impact on national GDPs.

An oil pipeline in Turkey was cyber attacked and exploded in 2008. The pipeline was super-pressurised and alarms were shut off. By hacking security cameras, attackers were able to hide the blast from the control room that, unaware, was unable to respond promptly. Another attack to a German steel company demonstrated how, by simply infiltrating the information systems running the plant, hackers could cause major damage.

Accountability is hard to prove when cyber weapons are used. By using several proxies or infecting computers indirectly, it is difficult to trace back to a particular malicious hacker or organisation on any form of attacks.

Even if a culprit is found, it is hard to accuse a nation of a deliberate act of war, especially due to lack of a legal framework. Accordingly, more than 140 countries have funded cyber weapon development programs.

Conclusion

Some of the numerous larger-scale cyber-attacks can be intuitively considered acts of cyber war. With many countries large and small investing in cyber warfare, it is impossible not to think of the use of “information warfare” as a new form of terrorism. Information warfare goes beyond simply attacking computers and communications networks, as a computer-literate terrorist can wreak havoc causing physical destruction and harm to populations.

The Internet can be turned into a weapon used against targets by terrorists hidden in cyberspace to carry out cyber violence and disruption, while being physically located elsewhere. Computer-related crimes, as an extension of terrorist attacks, have the potential of bringing catastrophic side effects.

Right now, we are clearly in an electronic cyber arms race, and far more development is going into offensive than defensive tools.

Yet, several experts believe the malware, which was initially described as not particularly sophisticated, could now determine the future of warfare as well as global electronic connectivity. This next such revolution, for 21st century, will challenge the economic implications of the nation state. Certainly as more people work for multinational firms and get to know more people from other countries, our sense of justice and government crime is being woken and engaged.

However, the ability of nations, corporates and individuals to monitor and Spy on us will improve often without the need or direct use of Human Spies. The Internet of Things will allow detailed monitoring of foreign and competitive organisations and individuals, such that The Internet of Things becomes the new Spy.

Image: Unsplash

You Might Also Read:

Creating Post-Modern Intelligence:

 

« Electronic Espionage Will Use AI Instead Of Spies
Vodafone Using Google Cloud To Retain Customers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

e-Governance Academy (eGA)

e-Governance Academy (eGA)

eGA is a think tank and consultancy founded for the transfer of knowledge and best practice in e-governance, e-democracy and national cyber security.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

Arilou Technologies

Arilou Technologies

Arilou Cyber Security, part of NNG Group, is a pioneer in the field of automotive cyber security.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

Data Terminator

Data Terminator

Data Terminator provide a comprehensive range of secure data destruction equipment and services are in compliance to US Department of Defense (DoD) and National Security Agency (NSA) standards.

Startup Wise Guys

Startup Wise Guys

Startup Wise Guys is a mentorship-driven accelerator program for early stage B2B SaaS, Fintech, Cybersecurity & Defense AI startups.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.