Your 5-minute guide to the reliability of the Cooke Report
There is a very large elephant lurking in the Cooke Report.
Cooke mentions it in a single paragraph within a document of 64 pages.
He adds a related definition in an Appendix (who reads them anyway?).
Apart from that, it does not exist in his report.
This is quite astounding, as it is the most unmistakable indicator that GSOC was in fact under technical surveillance. The probability that they were bugged in this manner ( in addition to other means ) seems bordering on certainty.
It is one of two factors that led GSOC to suspect that they were under technical surveillance and led them to call in a specialist counter-surveillance firm - Verrimus.
It’s a very large elephant, but Cooke has made it practically invisible.
What this means is that as a guide to whether or not GSOC was bugged, the Cooke Report conclusions are worthless.
Try this test yourself:
You can view the report at http://www.merrionstreet.ie/wp-content/uploads/2014/06/GSOC-Report-Final-REDACTED.pdf
First: Read paragraph 9.7 (Page 21)
9.7.
More specifically, during the period when the officers were engaged in writing the final reports on the investigations for the purpose of Section 103 of the Act, two of them came to suspect that they were the targets of “ambient listening.” (See Appendix II). They found that the mobile phones which they used constantly in their contacts with Crime and Security Branch of the Garda Síochána began to run down very quickly. Although fully charged overnight and normally good for heavy use over 24 hours, they would be depleted within 2 hours or less without there being any change in use. They considered this to be possible evidence that their mobile phones had been interfered with. They stated that since the suspected surveillance had ceased, those same phones and batteries had resumed normal performance.
Next:. Look for any further reference to this matter
Use the search function to speed up the process. If you search for “mobile”, you will find sections that deal with the entirely separate suspected IMSI-catcher. If you search for “ambient listening”, you will only find a definition of the term in Appendix II (Page 59)
Ambient Listening
This term describes a technical stratagem whereby an eavesdropper or attacker can both intercept calls made to and from a telephone (whether mobile or land line) and use the receiver as a listening device through which conversations on and in the vicinity of the telephone receiver can be <b>overheard and recorded without the knowledge of the owner of the phone and without leaving any trace.</b>
Once an eavesdropper knows the number of the target phone (and other details?) and has the necessary equipment, it is possible remotely to activate the microphone in the instrument and leave it turned on. It can be left turned on indefinitely in the case of a landline receiver and in the case of a mobile phone, so long as its battery retains power
One of the effects of an ambient listening attack on a mobile phone is that it can cause an unusually rapid depletion in its battery.
Search for “batter”. You’ll only find 9.7 and the Appendix.
Read all 64 pages.
Nowhere does Cooke offer any opinion on what is recorded in 9.7.
It’s one item within 83 items listed in 20 pages of “Evidence to the Inquiry”. It’s hidden in plain sight
He does not review it or come to any conclusion about it. Absolutely no explanation is suggested by him. I would be totally fascinated to hear him answering questions on this.
It might be that he had allowed himself to be distracted from his proper task by the well publicised “three anomalies”.
It is not clear when exactly the phone batteries auto-magically fixed themselves ( aka the compromise was removed by the perpetrators ). It feels as if this happened once GSCO moved to get a TSCM sweep done. It seems that the issue eventually communicated to Verrimus as driving the inquiry was that of the repeated phrase. In other words, GSOC at that stage were worried that their building might be exposed to technical surveillance.
Perhaps at that stage the phones had returned to normal and a lesson had been learnt. All traces of that intrusion would have been long gone before the arrival of Verrimus.
These are simple questions that should have been addressed in detail.
Maybe he did get answers, but an urge to avoid mentioning counter-measures taken by GSOC led him to take discretion to excess? The result was a shoddy piece of work.
Bugging of GSOC mobile phones
Everything happens in a context.In the Cooke report, “context” seems only to rise to something like “here’s a collection of separate matters that relate to the terms of reference”. A mere chronology of some events is not context.
Forget for a moment about the “three anomalies” that were later flagged by Verrimus.
Look at one of the factors that caused GSOC to contact Verrimus in the first place.
Read again section 9.7 of the Cooke Report. What the GSOC officers described to him are clearly the symptoms of “ambient listening” aka ‘being bugged’.
I had a phone that suddenly took to depleting its battery within hours of an overnight recharge.
The reason was that the battery was (to use a technical term) “knackered”. The battery could not hold a charge for long. Put in a new battery – back to normal. Put in the old battery – back to rapis discharge.
It happens. In my experience, once a rechargeable battery becomes knackered, it stays knackered. I’ve had the same with other devices and tools with rechargeable batteries.
NiCad batteries that were used ‘back in the day’ can have a memory effect, giving rise to a short charge cycle. That effect is not what is described (and all of a sudden for two phones at the same time). I’ve never had a battery that automagically became un-knackered.
If a knackered battery is not in question, what would cause a phone battery to deplete in 2 hours or less?
Using it for calls, emails, web and other communications are major drains.
What kind of things might you do if you notice your phone battery is low and you won’t be able to recharge for some time?
1. Minimise calls, disable WiFi, turn off Bluetooth (but you’ve already done that, yes?).
2. Switch to airplane mode and switch back to normal mode only if you want to make a call or are expecting a call.
3. Turn it off except for when you want to use it.
What you are doing is preventing the radio transmitter in the phone reducing charge via engaging in exchanges with phone masts and WiFi hotspots. It’s going to do this even if you are not actively using it. This is why you disable transmissions.
What if your battery used to be “normally good for heavy use over 24 hours” but now drains in two hours for the same level of use?
1. It’s “knackered”, or
2. The phone is suddenly doing a lot more transmitting than you are aware of. If you are of interest to someone with access to the right tech, what is most probably going on is “Ambient Listening”. Compromising a phone for remote control is relatively easy with hands-on access. Doing so remotely requires a higher level of tech. Doing so remotely also requires knowing the type and its number.
If the battery performance magically returns to normal - and particularly if it does so after you have completed work on something that is very interesting to someone else – or after you have flagged in some way that you suspect eavesdropping - then (2) seems an inescapable conclusion.
A careful listener would remotely wipe the evidence as soon as serious talk of such examination was heard. For the victim, the ultimate tin-foil course of action would be a surprise power off and a dropping of the device into a Faraday bag for transport into a Faraday cage and full forensics.
Turning the phone off might not be enough. Although apparently turned off, it may still be listening.
Snowden, for example, described malware that would fake the visual indications of being powered down. The microphone could still be active and the thing can ‘call home’. It’s draining the battery while it does that of course.
How the NSA Could Bug Your Powered-Off iPhone, and How to Stop Them http://www.wired.com/2014/06/nsa-bug-iphone/
Determining who was doing the listening could be next to impossible from a forensic examination of the phones – assuming that it could be examined before the perps wiped the evidence remotely. It could at least explicitly demonstrate that the phone had been compromised by someone.
A listener might decide in any case that there was no further benefit to them in continuing to eavesdrop. If GSOC were doing no further work on Boylan, then it would be wise to reverse the compromise. Leaving it on the phones would simply invite discovery. News of the arrival of a specialist professional counter-surveillance firm on the scene would be a trigger to remove traces of the bugging immediately.
The compromise could be effected again at a later time in the same way if required.
It is possible that a very badly-written app might be constantly chewing resources, but both officers would have had to install it and later remove it. The removal would have restored the normal 24-hour charge cycle. They don’t mention anything like this.
As Wilde’s Lady Augusta Bracknell might have said “To have one phone battery knacker and un-knacker itself like that would be deeply suspicious. To have two particular phones do that in tandem is a bit bleedin’ obvious!”
From what information is available from (albeit buried in) the Cooke report, it seems a near-certainty that both officers were being monitored remotely by parties unknown.
For just one easy read on the thought that is put into compromising mobiles try
http://www.wired.com/2014/06/remote-control-system-phone-surveillance/
One interesting snippit is the taking advantage of WiFi rather than cellular to export data. This would avoid data charges/consumption alerting the victim. This would still leave the depleting battery as a symptom more difficult to mininise however.
Note that the particular malware/governmentware described is just one of very many options available.
Note also that the report indicated that there is a C&C (Command and Control) server for this system located in Irelend. This indicates that an arm of the Irish state has bought that technology. I wonder how well the use of this facility - if it in fact exists - and any similar facilities is controlled, monitored and audited?
It is not conceivable that such technology is not available to AGS and Security.
What did Cooke make of this?
He might have ventured an opinion that the magical self-repairing phone batteries were “unexplained as a technical or scientific anomaly” but he opted to simply ignore the very large elephant.Nothing! It’s incredible.
That his deafening silence on the matter is a conscious decision is indicated by some references in his Recommendation 13.3 (Page 53)
The only other recommendation that falls to be made under this heading, accordingly, is that GSOC should more frequently carry out a thorough and suitable counter-surveillance examination of its offices, communication and IT equipment and data storage facilities to ensure that its protection remains adequate and that the risk of new surveillance techniques being deployed against the Commission or its personnel is reduced as much as possible. Similarly, it is obviously necessary that staff are trained and updated regularly in the procedures and strategies needed to mimimise the risk of their being personally compromised in the use of communications equipment.
He recommends that staff be alerted to the dangers of having their mobiles bugged and to appropriate counter-measures.
Yes. Very sensible best practice.His review and conclusions pointedly ignore the fact that two of them have described being already subjected to such compromise.
He describes two GSOC officers experiencing the very symptoms that he recommends that they be trained to look out for. He then totally ignores that this happened.
His report is worthless. It is tainted with failure to search for the truth.
There is s strong smell of Lord Denning's "Appalling Vista" approach in the lead up to the inquiry and in the. report.
Next:
The Boylan affair as a trigger for surveillance of GSOCand context arising from the Morris Tribunal findings
Other pages:
No comments:
Post a Comment