Monday, August 31, 2015

I spy

James Bond is passe. The spy of the 21st century is more likely to be software secretly smuggled into your computer which enables somebody to know exactly what you are doing with your PC or laptop. Or it could be a drone drifting into a cave harbouring Afghan militia.

The Economist has  a fascinating article on how spying has evolved.  In the old days, the thing to do was to smuggle in a smart guy- preferably from an elite institution, such as Oxbridge- into the target country with a fake identity, visiting cards and plenty of cash. Today, with biometric identification, this has become difficult. The other form of 'humint' - or human intelligence- is simply paying people on the other side for passing on information. This is, of course, alive and well. But, targeting the right people who will spy for you is becoming more sophisticated- it's no longer a matter of accosting people at clubs or parties.

The thing to do is to get data on a whole lot of people and look for weaknesses- medical problems, financial problems, hints of scandal. That's what the people who hacked the site of America's Office of Personnel Management were looking for. I am surprised people didn't think of hacking Ashley Maddison for this reason.

This gives us an idea of what the focus of spying game will be: electronic communications and materials stored on PCs and laptops. One begins to understand why the NSA and other intelligence agencies are so keen on scrutinising email and related traffic. By combing through this, one can lead a treasure of information. The equivalent of this is listening into phone conversations, including mobile conversations.

One problem for spy agencies, the Economist mentions, is encrypted messages. Since it is the receiver and the sender who hold the keys- and not the channel that allows them- spy agencies want the channels to insist that users give them the keys. But this may not be necessary. You don't have to crack an encrypted message. It's enough if you can track what the sender is typing or what the receiver is typing- and there's plenty of spyware available for this.

The flip side is that spy agencies that store information are themselves vulnerable- as the Snowden episode highlighted in a big way. How to steal somebody's else data while safeguarding your own is the central challenge of modern spying.

All of this seems pretty clear. Still, some doubts remain. Electronic spying may be effective when it comes to spying on official agencies. Will it work with terrorists or criminal groups? Such groups are more likely to rely on passing messages on a slip of paper or by word of mouth. Electronic spying can't help here. Since, James Bonds can no longer be smuggled in to mingle with such groups, it's just possible that spying on terrorists and the like has been weakened in recent years.


Anonymous said...

Dear Prof,

Thanks for the blogpost.
Just for change: you may like to watch the Movie Spy

a few months back: I took my team out for a dinner night and at the last minute we added movie to the plan; so for lack of tickets of Jurassic park we ended up watching The Spy: a spoof on James Bond and Mission Impossible empire.

The Spy special effects team and Melissa McCarthy comically shames the Bond empire and the Cruise empire to the core.

Best wishes

T T Ram Mohan said...

Anonymous, Thanks for the tip. The movie hasn't arrived here but I did watch the trailer on You Tube. Look forward to seeing the real thing.