Speak Up, We’re Eavesdropping! A technician “under the roof” Conversation with an FSB officer (ret.) about the ins and outs of information gathering and information security By Grigory Pasko, journalist
From Russia, with Tradecraft
My interview subject and I spent a long time discussing whether we should or shouldn’t use his real name. On the one hand, he’s still technically a reserve chekist. On the other hand, the “reserve” status of former FSB officers is a very relative term. In the end we decided that we’d change his name. According to the principle of “you never know…”. After all, his current job – heading a firm that uncovers information leaks and protects information – does depend on whether or not the “senior comrades” renew his license. Pavel Mikhailov came to the KGB after graduating from the radioelectronics department of a polytechnical university. Administration «R» (fighting crimes in the sphere of technology and communications intercept intelligence), where he ended up, was engaged in discovering information leaks in state structures, as well as electronic eavesdropping of foreign representations and discovering working “enemy” listening devices. He’s already been retired for several years. And all these years he’s been inspecting various organizations with colleagues – primarily the offices of entrepreneurs – for the presence of possible information leaks. Before offering our readers my interview with the technician working “under the roof”, I probably ought to say a few words about the subject of our discussion – mining and protecting information. In recent years, the method of electronic eavesdropping has been used actively in Russia in the economic and political struggle. Internet sites have literally begun to teem with articles on this subject. They offer surveys of the Russian market for devices that let you know if your phone is being tapped, advise you to visit a “special technology” store to see what’s on offer (microphones, “noiseotrons”, stethoscopes, mini-transmitters (with schematics), or provide commentary on surveillance equipment, as well as reminding of certain facts from the history of listening devices (the most popular of which concerns the “dreadful betrayal” of the former head of the KGB of the USSR, Vadim Bakatin: his colleagues accused him of having passed on documentation on the listening devices embedded in the new American embassy building to a representative of the American embassy). You can also find quite a few examples of the vigilance of the valiant chekists in interdicting the criminal activity of self-taught Kulibins [an 18th century Russian scientist and tinkerer—Trans.] trading in everything from sunflower seeds to various kinds of listening devices, scanners, and bugs. And that’s where we’ll start our talk, with bugs. Pavel, there is a prevailing opinion that you can just stick a bug on whatever you want and wherever you want, and then just sit back and record the patter of the individuals of interest to you… The fact of the matter is that only unprofessionals place bugs for a long period of time. And unprofessionals don’t sweep their workplaces for the presence of listening devices for a long period of time. Smart people use our services periodically. And by the way, we’re not really that expensive compared with the loss that could accrue to their business by ill-wishers – competitors. Back when you used to work at Administration «R», did you engage in wiretapping apartments, houses, offices? Other people engaged in wiretapping apartments. We dealt with communications intelligence, radio intercepts, identifying unknown transmission devices working on the territory of a region. In the main, these were training exercises, because there were no instances of actual radioelectronic espionage in our region. But that doesn’t mean there wasn’t anything like this going on at all? Maybe there was, and maybe there wasn’t. At any rate, the equipment we had was used effectively. We trained together with the neighboring region: we would set up devices on their territory, simulate their operation, and await a reaction. Usually, the neighbors reacted. But in the event of an error, punishment would follow without delay and most severely. I recall a textbook case when bugs were discovered in the office of Primorsky Kray governor Nazdratenko back when he was involved in a standoff with FSB general Kondratov… That was a murky story. Supposedly, the police, under the control of the governor, had placed the bugs in order to discredit the FSB by throwing the blame on it. And then the police themselves found them and, in violation of all the laws, invited journalists over and showed them these bugs. And only then did they invite specialists from Administration «R». In actuality, there is a multitude of incidents similar to this one. The special services and their work methods have been and continue to be used to the hilt for attaining some kind of political objectives. It is enough to recall the “sauna stories” with the procurators-general… It is known that during the time of the reform of the FSB, many specialists left for commercial, banking, and other “oligarchic” structures, creating their own mini–special-services there: with units for gathering information and protecting channels of information. It is enough to recall Gusinsky’s Media-Most with general Bobkov. How widespread was this phenomenon in Russia? The same thing that was going on in the capital was going on in the regions. And the structures created on the model of the special services still exist today. Not as well-equipped technically as in Moscow, with more modest needs and appetites, but… with the same connections and practically the same capabilities that existed before. Of course, there are now fewer of these structures, because this business isn’t cheap. And only high-class professionals have remained in this market. Was Russia lagging far behind the foreign special services in terms of technical equipment? It was behind, and it remains behind. Moreover, in recent years the lag has increased. Because the specialized institutes have fallen apart; there wasn’t enough funding… The only thing keeping them afloat was their talent and enthusiasm. Under Putin, the process has moved in the other direction: the technical equipment has started to improve, money is being appropriated… …The number of chekists is growing. But there haven’t been, and still aren’t any preventive measures against terrorism in place. What can and should the FSB technical services be doing to support the FSB in its duty to prevent terrorism in the country? -The certainly should be doing this… What law are you governed by in the work you do? – Activities in the realm of information security – that’s really what we’re doing now – is regulated by the law “On information, informatization and protection of information”. It says that any information the unauthorized use of which may cause harm to its owner shall be subject to protection. In addition, it indicates that control over information security in the structures of state shall be implemented by the organs of state power. We aren’t part of the power, so that’s why we work only with non-state structures and private persons who are not associated with state secrets or limited-access information. For example, private banks, the editorial boards of newspapers and magazines… Structures of state are handled by the same kind of organizations as ours, only they’re state themselves. They’ve got different licensing, too, and are funded out of the state budget. How do clients feel about your past – service in the KGB? I never hide where I come from. And the client understands that a person who is not from there may not have the license or the work experience. That is, formally speaking, just anyone off the street could try to organize such a business. But for this he will need a recommendation from the head of the FSB of a Subject of the Federation [a Russian province, such as an Oblast or Krai—Trans.] If he can get that, it’s full steam ahead. But I am not aware of such cases. What guarantees do you give clients that information about their activities won’t become known to competitors or to the FSB? Just my word of honor. I’ll be honest – that seems a bit thin. All I can say is shop around. Try to find someone cheaper and more reliable. The fact is that my entire business depends on my reputation. If it goes, my business goes. It’s enough for one person to say, to insinuate, to start a rumor, that I’m handing over clients to “the office”, and I can just close up shop. But there haven’t been instances like that yet. Furthermore, I warn a client right from the start that information – if such becomes known to me – about his participation in distributing narcotics, preparing the murder of a person, trading in state secrets and other such things will be reported by me to the proper authorities. And let’s say he’s engaged in fraud in the sphere of entrepreneurship? Let those who know without me that this is what he is engaged in engage in this. Do you have a “handler” at the FSB? I retired from such a high post that there’s no need to even talk about a “handler”. My “handler” is my convictions and my work experience. How much do you charge for your services to check if information is secure? On average, to sweep a facility, for example, of 20 square meters [roughly 200 square feet—Trans.], for all possible kinds of information leaks costs the client from 300 to 600 dollars. But there is also an individual approach. If I see that an entrepreneur is trying to save his money, and that he works hard and honestly to earn it, then the price can be reduced by half. What is the frequency with which people call on you for help? We don’t keep statistics like that, but there is one peculiarity: the quantity of calls to us increased after the elections to the State Duma. There were fewer before the elections… And when the change of the membership of the Duma took place, there came a wave of calls. I think that the next change of rotation in the parliament will also entail an increase in the number of calls to such organizations as ours. Who places bugs? The siloviki structures – the UBOPs, the RUBOPs, the OBNONs… [Administrations for Fighting Organized Crime, District/Regional/Republican Administrations for Fighting Organized Crime, Branches for Fighting the Unlawful Turnover of Narcotics—Trans.] There’s a total of eight structures that have the right to do this, just in the MVD [Ministry of Internal Affairs—Trans.] system. The things the FSB places are practically impossible to find. And then… Anybody at all can place a bug. The main thing is how to make use of this later. The FSB needs this to present in court. That means you need to do everything legally, get permission through a court. That’s why “the office” doesn’t waste time on trivial stuff. But the cops do fool around with this. Either for kompromat, or out of some other self-interested considerations. But we figure out their bugs quickly. At the same time, let me note: we work in the interests of the client absolutely within the confines of the law. What is the first question you ask a client? Who could be working against you? If it’s the MVD, then they’ve got their techniques and methods. If it’s gangsters – they’ve got their own “signature”. The siloviki structures have their own equipment, the gangsters use other kinds… Not necessarily worse. Why do you get requests from the editorial boards of newspapers and magazines? To determine if they’ve got information leaks. We’ve had that several times in our practice. And each time it was already too late. We calculated that the information had already been taken out, that is before our arrival. That sort of thing happens when the editorial board, for example, has a conflict with the administration of the region. Or when, with their publications, journalists have stepped on the toes of some commercial structure that can afford to organize a wiretap. Can the FSB listen to everybody and everything, to monitor electronic dispatches? You can’t have total eavesdropping. This is, first of all, constrained by financial reasons. The equipment for total control would cost a fortune. Besides, someone needs to service this equipment. That is, again, you need people. Their labor needs to be remunerated. And that’s money again. To monitor email, the internet, is possible in principle. But the possibilities are limited by financial considerations, the availability of the necessary quantity of people. But you could always recruit a hundred hackers… And the likelihood of information leaks would increase a hundred-fold. Even in the USA, with the financial potential of the NSA, total control didn’t work out. What are the sources of information leaks? Data on hard disks is stolen, as a rule, by the system administrator. Sometimes he gets himself hired on purpose and then takes his time skimming off the information and selling it. This is physical theft of strategic information. Then there is tactical information – necessary today, at this hour, day. For example, a firm is in litigation with someone, and information is needed for counteraction in court. Or a transaction is about to take place at any moment, while competitors have decided to sabotage it. We once swept an office and decided to trace how the telephone wire leading out from the building was laid. It turned out that on one of the floors of the building, it passed through the office of competitors. It makes sense that the competitors were regularly in the know about all the affairs and operations of their hapless colleagues, many steps ahead. The means for skimming information can be anything at all. First of all, this is installing a wiretap on the telephone. Then – a wireless radio transmitter bug in the office. It works like a radio telephone from which information is recorded. In neighboring offices – next door, upstairs – you can set up electronic stethoscopes to listen in on conversations. What works especially well for these purposes is ventilation shafts, drop ceilings, an abundance of furniture in the office. As always, an effective method remains installing a small portable recording device. A visitor comes in, inconspicuously sticks a microphone under the desk or chair with a piece of tape or chewing gum, and goes away. Later, all you have to do is record the conversations on tape. The power supply resource for an «Olympus» digital sound recorder is 17 hours. More than enough. You can leave a recording device in the seams of upholstered furniture. I want to especially point out that such a use of the equipment is perfectly legal. After all, you can always say that you’d accidentally dropped your recorder. Or forgotten it. The equipment is bought openly, in stores, the laws do not prohibit it. There is an abundance of equipment sold openly or semi-legally, and all the more so illegally – a huge quantity. Wireless radio bugs can be placed in electronic devices, clocks, souvenirs… Anywhere that’s convenient, really. That’s why I always advise giving these gift horses a good look in the mouth. Electronic stethoscopes with infrared channels serve for gathering information through the vibration of windows. One disadvantage is that they’re very noisy. But an effective thing. The actual cost of a radio bug is around 15 dollars. You can pick up a perfectly decent selection of listening devices at any market for a relatively small price. What do you think, is your business ever going to die? In a country like Russia, it will either live forever or, as happened before, the state, as represented by the security service, will take it into its own hands. Several stories from Pavel Mikhailov’s experience:
“I once got an order from the wife of a big businessman. She asked me to install video surveillance cameras in the apartment to find out if her husband was cheating on her. For several hours, while we were installing the equipment, she was fooling around with her lover… practically right before our eyes.” “There was this time we were sweeping the office of a businessman – a big place and littered with all kinds of junk all over the place. He was walking around despondently because he had lost his bank card. When we went through a mound of paper, the scanning device suddenly went off. In order to find the source of the electronic radiation, we had to literally take apart this mountain sheet by sheet. And that’s how we found the bank card.” “I advised one entrepreneur to have less furniture in the office and apartment for security purposes. After sweeping his office, I went to sweep his apartment at his request. Can you imagine my amazement when I saw… absolutely bare rooms. It turns out that he and his wife had rigorously followed my advice and were using a minimum of furniture and furnishings in the apartment.” “Here’s one thing that’s etched in my memory. In the desk of a businessman, one of those “new Russians”, there was a book. Now, that’s already something highly unusual for this type of person. And the name of the book was – “Jokes About the Intelligentsia”.