by Grey Hare Editor | May 4, 2020 | Articles
Traffic Analysis for MI5 – If I were Putin, I would, wouldn’t you?
By Philip Ingram MBE
I am going to start this blog with a caveat, not good practice, but important as what I am saying in it is purely speculative, it is not based on anything more than the supposition of a rambling mind, but I do like to question things I observe. In addition, I wish to make it clear that I have no evidence, nor am I stating that RT is engaged in espionage in any way, I am merely using its geographical presence for illustrative purposes.
“Covert activity – using false identities – was blended with overt information through Russian media outlets like RT. Too often those in the West focused on one element of this activity – hacking or social media – but failed to see the full spread,” said the BBC Security Correspondent Gordon Corera in his new book Russians Amongst Us when he was talking about interference in elections in 2016.
In 2014 Russia Today launched a dedicated TV channel in the UK rebranded as RT. Again, according to Gordon Corera’s book he said, “Putin had said the aim of the network had been “to try to break the Anglo-Saxon monopoly on the global information streams.” I will come back to RT later.
One of the key activities during the Second World War that enabled the Top-Secret team at Bletchley Park to break the Enigma code was what is referred to as Traffic Analysis. That Traffic Analysis allowed a picture of what communications networks operated where and when and technical analysis of that traffic, i.e. operator fingerprinting, frequencies used, network discipline and more.
According to the US Manual TM 32-250-AFll 100-80, Fundamentals of Traffic Analysis (Radio Telegraph) published on 9 Jun 1948, it defined Traffic analysis as, that branch of signal intelligence (SIGINT) analysis which deals with the study of the external characteristics of signal communications and related materials for the purpose of obtaining information concerning the organisation and operation of a communication system.”
The modern equivalent of Traffic Analysis would be the identification of work and personal mobile phones associated with an organisation. However, would need a collection capability to be able to collect the information from phones as they first switch on and connect to a network and that rarely happens in one place, or does it?
Speaking to Matthias Wilson is a former SIGINT analyst with the German military and Germany’s foreign intelligence service he said, “What happens when a mobile phone first connects to the network? In order to understand this, we have to look at the unique identifiers each phone has. The first would be the serial number of the phone itself called IMEI, the International Mobile Equipment Identity. This 15-digit number contains information on the brand and model of the phone and number unique number allocated to one specific device.
Secondly, each mobile phone will have one (or more) SIM cards containing information provisioned by the provider. The SIM has the IMSI, or International Mobile Subscriber Identity, saved on it. In most cases the IMSI will also consist of 15 digits and is linked to one’s phone number. It is used to identify a user within the mobile network. From the IMSI, you can derive the country and provider the card has been issued through.
When a mobile phone is switched on, it immediately searches for a network to connect to. If a preferred network is found, the phone will send a request to the network and basically ask for a connection to this network. This request will contain the IMSI and in some cases the IMEI as well. If the IMSI is registered in the networks databases, an authentication process takes place between the phone and the network.” The critical data is contained in the initial network login.
He concluded, “data intercepted from mobile phones logging into a network will provide a rough location, the IMSI that can be linked to a phone number and thus an intelligence target, and in some cases even information on the type of device that is used through the IMEI. Collecting this initial logon is also crucial to following a target of the course of time, as apart from this first connection, a phone will be identified by the temporary IMSI in all further connections.”
OK, so the theory is there, what is next? This comes down to Location, Location, Location.
The RT Studios in London opened in 2014 occupy a couple of floors of the 118-meter-high Millbank Tower, the highest tower block in the area. Its roof is the natural place for mobile phone antenna from many networks, providing good coverage for this area of London. RT have a direct feed over a high capacity communications link to their main studios in Moscow via satellite with the uplink dishes also on the roof.
They have a legitimate reason to be on the roof of the building with specialise engineers and their own equipment, configured in any way they need.
When anyone goes into the MI5 or MI6 building, they are not allowed through reception without mobile phones being taken off them and locked away, in most cases people will switch them off before locking them away or putting them in special faraday bags, cutting their signal off from the networks.
When people leave the building again, they naturally switch their phones on, and they register with the nearest and strongest network. I have noticed this on the many occasions I have walked past both MI5 and MI6 HQs and observed people leaving. That network, in proximity to the buildings is likely to be via the antenna on the roof of the Millbank Tower, where RT have sophisticated data uploading capabilities, transmitting their TV data from Russian state-controlled assets, back to Moscow.
Over time simple pattern of life analysis combined with the Traffic Analysis would enable a picture to be built up of the movement of every phone that registered if that could be identified. Whose phones do the most registering through these masts on a regular basis, who is switching on and off more than normal?
Matthias Wilson continued, “Given the close proximity to the target, I could do this with my own passive collection device and a small stub antenna.” “There are so many more opportunities,” he added, “as Bluetooth tracking and collection would be easy as well.” Another SIGINT specialist who asked not to be named said, you’d probably forget about the cellular side of things and tap into the backlink,” referring to the signal from the antenna going back to the network.
As I said at the start of this blog, this is pure speculation based on observation from the ground, a vivid but partially informed imagination and I am sure the security teams in MI5 and MI6 will have examined this particular threat scenario carefully. However, If I were Putin, I would, wouldn’t you?
This blog was written by Philip Ingram MBE, a former senior military intelligence officer with the overt help from Matthias Wilson and covert advice from a number of others for which he is very grateful. Philip is available for comment if necessary.
by Grey Hare Editor | Nov 2, 2019 | Articles
Thatcher’s Spy by Willie Carlin
Review by Philip Ingram MBE
I bought this book with a degree of scepticism. There are an increasing number of accounts of “The Troubles” and an increasing number of people claiming links to the intelligence war in “The Troubles.” Why? Well their claims are virtually impossible to verify and with the continuing bigoted, historically focused political sectarianism that has paralysed progression in Northern Ireland combined with the over inflated influence the DUP had with the minority Conservative Government and the continuing clamour for and claims about what really happened in public enquiries, anniversary TV programmes and more, it is a marketing dream for publishers.
Using that as a baseline, combined with my own inside knowledge, I found this book difficult to put down. I grew up with much of what went on so do have a knowledge from that perspective. I have also talked to a huge number of people who have served in Northern Ireland in an Intelligence role but not about this book specifically.
The book is well written, an easy read, accurately describes many incidents from a perspective that can only be from someone who was there and has a logic thread to many of the things he described that made me realise that there was a lot more to this book than my scepticism wanted to admit. I really enjoyed it and found it thought provoking and informative.
He starts as a good Catholic boy from Derry joining an Irish Regiment in the British Army, something that the average casual observer of Northern Irish politics would initially scoff at , but the reality was the Irish regiments recruited from North and South of the border, Catholic and Protestant alike, it made for the regimental St Patricks Day parties to become interesting events, where sectarianism was defined by song but trumped by loyalty to the Regiment.
Carlin was ‘placed’ by MI5 and then had a career of being handled by them and then an organisation in the British Army with an infamy in Northern Irish history, the Force Research Unit or FRU. His description of their modus operandi broadly fits with the reality of how they worked and his description of some of their basic errors in drills fits perfectly with the arrogance many who served in that type of unit had. They often believed themselves to be ‘an elite’ amongst intelligencers and invincible.
Early in the text he introduces one of his dilemmas when he describes seeing Martin McGuinness coming out of an MI5 safe house and whilst he goes on later to say he didn’t believe McGuinness was working for MI5, he more than subtly explains a London derived plan to protect McGuinness, his move to politics and move away from the ‘armed struggle’ and to enable his election. On more than one occasion he introduces senior British officials who favoured a move to a united Ireland.
His text will likely worry unionists and perpetuates the question ‘What was McGuinness’s relationship with British Intelligence?’ as there clearly was one. This is never answered.
He also explains how he came to find out about, or uncover, a number of other agents in Sinn Fein and the IRA who were working for British Intelligence. His knowledge was in Derry and that wasn’t the number one priority for British Intelligence at any time.
Extrapolating his Derry exposures province wide would suggest the IRA and Sinn Fein were leaking like a sieve, and a good percentage of those with access to information were on the payroll of the state either working for the police, the army or MI5. That was at a time when Intelligence operations were immature; from the late 1990’s on, operations became significantly more mature and probably remain that way even today.
Carlin confirms McGuinness and Adams as IRA commanders and their links to ‘the Armalite and the Ballot Box’ campaign and talks about how Sinn Fein planned and executed election fraud by ‘personating’ votes. What he suggests is that the political path for McGuinness was watched over by MI5 who took opportunities to craft his progression away from the armed struggle when they could and when they couldn’t, they took action to reduce any obstacles that could have been in his way.
The role the British State played in the move of the republican movement from one of an armed struggle to a political movement is unlikely to be fully revealed in our lifetimes if ever. Is it now time that Gerry Adams come clean publicly about his role in the IRA?
Through the book Carlin talks of the “fuck-up squad” who were IRA volunteers not quite under control, the battle between the IRA and INLA, the tensions caused by republican funding being switched from the armed struggle to the political wing. He details how much it cost Sinn Fein to maintain its political presence across Northern Ireland, but his focus remains firmly in his home territory of Derry city with a couple of forays to Tyrone and Fermanagh.
He doesn’t bang an ideological drum and is matter of fact about his lack of respect for the RUC and, after he was extracted and resettled, how he nearly deliberately shot another informer! His personal tragedies come through having lost a child to cot death whilst he was still in the British Army and then later in life his daughter in a car accident and son to sepsis but tragedies aside there is a flicker of pride throughout the book in what he did.
He has a pride in the relationship he had with McGuinness, his fly-fishing analogy and that he got him to say the IRA had no weapons in Derry on Bloody Sunday. He has a pride in how he managed to personate votes in elections, he has a pride in his interactions with MI5 and the FRU and he has a pride in the achievements that were put down to his intelligence and he has pride that Margaret Thatcher sent her ministerial jet to whisk him away from Northern Ireland and that she at a later date came to shake his hand.
In all this is a thought-provoking book from a man in his 70’s who was there. Do I believe it? I do, will there be mistakes? Of course there will, as no one has complete recall over such a period of time and through such dramatic events but in all I highly recommend this account of a very troubled period.
by Grey Hare Editor | Mar 2, 2019 | Articles
Skripal and Salisbury an infamous combination
It is now a year since Colonel Dr Alexander Mishkin and Colonel Anatoliy Chepiga, traveling under the false identities of Alexander Petrov and Ruslan Boshirov, both members of the Russian Military Intelligence Service, the GRU, entered Britain through Gatwick airport. They had a deadly intent, kill the double agent who was living in the sleepy city of Salisbury, Sergei Skripal, using the deadly nerve agent Novichok.
Their mission was a simple one but had been carefully planned. Sergei Skripal’s daughter Yulia was landing at Heathrow airport to visit her father and be with him on what would have been her late brother Alexander’s birthday. Her emails and probably her phone, were being monitored by Russian intelligence and they would have known her arrangements in detail.
After checking into a cheap East End of London hotel Mishkin and Chepiga waited until the next morning to take the train to Salisbury from Waterloo, to carry out a final ‘close target recce’ of Sergei Skripal’s house in Christie Millar Road.
Their detailed movements in Salisbury that day have not been revealed completely but it is probably that, in their possession they had a detailed ‘pattern of life’ study on Sergei Skripal, possibly delivered to their hotel, so they knew his normal routine. They knew he left his house through the front door, not the side or back door, they knew he pulled it shut by the handle, not the door frame, they knew everything about him because others will have spent time watching him closely, studying his movements, reading his emails, listening into his phone conversations.
Mishkin and Chepiga’s trip to Salisbury on Saturday 3rdMarch 2018 would be to confirm the route to take to Sergei Skripal’s house from Salisbury Station, look for signs of him being watched by British Intelligence, confirm their escape plan and possibly meet with at least one member of the team that carried out the ‘pattern of life study,’ before returning to London.
Early on Sunday 4thMarch, Mishkin and Chepiga return to Salisbury with a fake Nina Ricci Premier Jour perfume bottle filled with deadly Novichok in Russia having replaced the cap with a special applicator that morning. On arrival in Salisbury they quickly retrace the route they checked out the day before and approached Sergei Skripals house to smear the deadly agent onto his front door.
Whilst it is possible it was dispensed directly from the modified perfume bottle the danger of ‘splash back’ would have meant putting it onto a wipe and smearing that onto the door handle would be safer; we don’t know if this is what they did. Both Mishkin and Chepiga will have been wearing protective gloves and it is probable that Mishkin carried self-injecting epi pens filled with a nerve agent antidote, atropine, just in case anything went wrong.
This is where their movements become a bit of a blur. At some point they will have taken their contaminated gloves off and disposed of them, that is probably the point they dropped the fake Nina Ricci Premier Jour perfume bottle and exactly where all of this happened is not known publicly yet, neither are the details of their movements around Salisbury before catching the train back to London and then to Heathrow. How and where they disposed of their contaminated gloves has never been mentioned and the fate of the fake Nina Ricci Premier Jour perfume is too well known when Charlie Rowley gave it to his girlfriend Dawn Sturgess on 30thJune 2018 and she sprayed its contents onto her skin, exposing herself to a lethal dose of Novichok.
Just after the attack on 15thMarch 2018, I asked the MET police who had taken over the investigation, what had happened to the items the ‘would be’ assassins had used and was met with silence, I published my concerns here: https://greyharemedia.com/clear-and-present-danger/and in the Sunday papers. Statements from Public Health England said the risk to the public was very low, Dawn Sturgess paid with her life months later.
The detail of where Charlie Rowley found the contaminated perfume bottle and when he found it are unclear. It is distinctly possible he found it in early March and put it in his bag, forgetting it was there until he unpacked after moving into new accommodation from a homeless shelter in June.
I now repeat my question, what happed to the gloves they will have worn? I suspect they were put in a local bin and the next day taken by the council to landfill so are now safely disposed of, but no one has said.
Why Sergei Skripal?
The most important point to start with is the reason for the attack on Sergei Skripal. It was not done first and foremost to kill him, it was assumed, given the deadly nature of Novichok, that he would die. However, if that were the sole motivation then he would have been shot, stabbed or had a car accident. Sergei Skripal was a vehicle used to send a message to any Putin dissenters across the globe that he could get them anywhere, any time and in a horrible way. Prime Minister May hinted to this in an answer to a question after her statement in the House of Commons on 5thSep 2018.
The second reason was to stir a nationalistic fervour into his Presidential campaign domestically by having a reason to say the west was attacking poor Russia. Remember the attack happened exactly 14 days before the Russian Presidential election and opposition parties and oligarchs were becoming more threatening to Mr Putin’s position and his desire for an increased majority.
Sergei Skripal was chosen because Salisbury in next to DSTL Porton Down, the UK’s chemical defence laboratory and this allowed an element of plausible deniability where President Putin could claim that this was set up to undermine him in the eyes of the international community.
Of note, this is exactly the messaging that came out in the immediate aftermath of the attack. The Russians have a doctrine called маскировка (maskirovka) which is all about ‘masking’ or deception and is central to all they do. The Russian people have an unhealthy belief in conspiracy theories and that the west is out to get them no matter what and this played into President Putin’s domestic messaging.
Putin and the GRU will have been surprised at the tenacity of the UK’s counter-terror police and Security Services investigation and the level of detail they have managed to ascertain. The public exposure of Mishkin and Chepiga by the investigative website Bellingcat will have severely embarrassed the GRU.
Sergei and Yulia Skripal will now be under the protection of MI5 and being held safely out of the public eye. They will be receiving further medical support for their physical and mental symptoms. Their futures will be being discussed with them and they are an integral part of any and all decisions about what happens next. For Yulia, a complete innocent who had a bright career and future, it must be particularly hard.
What are we missing?
We are missing detail what the police believe happened to other contaminated items, we are missing detail around the movements of Mishkin and Chepiga around Salisbury, very little footage from the city’s new £450,000 public space CCTV has been released, we are missing details of the team that will have carried out the pattern of life study, we are missing details of what Mishkin and Chepiga did in London.
However, we have to remember there is a politically sensitive, highly complex live murder investigation ongoing, so it is unlikely much of this detail will be released because we don’t need to know. A comment on the contaminated detritus to build further public confidence would be good however.
We have to recognise the huge effort the police, security service, ambulance, fire and rescue, NHS, military personnel, DSTL scientists, civilian security staff and council workers have put in to deal with every aspect of this ongoing spy story. If it were not for their professionalism and coordinated effort there would almost certainly be more deaths and much longer lasting consequences for Salisbury and its surrounds.
Note: This blog is written by Philip Ingram MBE, a former British Army Intelligence Officer and Colonel, who was based near Salisbury in the past. If you would like any further comment from Philip, please contact him by clicking HERE
by Grey Hare Editor | Jul 19, 2018 | Articles
How to understand Jihad – read Nine Lives
a review by Philip Ingram MBE
I am in a unique position to review this book for several reasons. I was part of the NATO planning team preparing to take over from the United Nations in Bosnia and then deploying to do just that when Aimen was cutting his teeth in jihad.
As a senior British army intelligence officer with access to the highest levels of intelligence I would often read CX reports, CX reports are highly classified MI6 reports, but they never give away the true identity of the source and I would often speculate where they had come from. The description Aimen has given regarding what he gave to his MI6 handlers now fills many of those speculative blanks.
The final reason is I know Aimen personally and knew him before he went public about his past and I am proud and privileged to see him as a friend. We have talked on many occasions about some of the events and stories so well-articulated in this fantastic book, Nine Lives by Aimen Dean, Paul Cruickshank, and Tim Lister. It also explains why there were times when Aimen went ‘off grid’ and I couldnt contact him.
Nine Lives gives an essential reading insight to the various paths people take to extremism and gives a frightening insight to the coordination that goes on across a globally linked network that is almost delivering terror by franchise.
I have seen some of the training manuals and other plans that Aimen refers to and know they sit in centralised hidden libraries in the dark web and elsewhere, easy for franchised extremist groups and individuals to request access to and learn their horrific trade from. Given their proliferation, it is near impossible for the authorities to remove every source of this extremist material from our ever-connected world.
We should remain concerned and recognise that it is everyone collectively who has a role to play in helping defeat extremism by reporting unusual activity. Remember, the extremists have only to be successful once, but the intelligence services have to be successful all of the time, and they have lost a real asset in the middle of the extremist networks when Aimen was compromised.
I know the pressures an agent and an agent handler go through as I have been there. If anything, Aimen doesn’t do his mental resilience enough justice as the stress of what he was doing to help keep us safe would have been unmeasurably large. I am not surprised he became ill on several occasions.
I know intelligence, I know spying and there is only one word that can describe this book – outstanding. For anyone who wants to know how extremist networks work this is a must-read. If it were a novel it is a page-turner, but the frightening fact is it is a true story. Aimen, Paul, and Tim, I salute you, but Aimen, for the countless lives you have saved, your contribution to humanity is truly awe-inspiring, thank you. This books contribution to understanding the sewer pit of extremism and the role of intelligence agencies is seminal.
Get the book on Amazon now – you won’t regret it: https://www.amazon.co.uk/Nine-Lives-Time-Inside-al-Qaeda/dp/1786073285/
Recent Comments