24 luglio 2006

Questione di sigint


Pochi minuti fa sull'edizione online del quotidiano israeliano Haaretz è apaprso un eccellente reportage sulle operazioni di intelligence che in questi giorni hanno portato ad alcuni successi nelle azioni contro le postazioni missilistiche di Hezbollah in Libano. Lo riporto interamente perché è una lettura che merita Seguono alcune note in margine di interesse spionistico radiofonico.

Opening a window on intelligence

By Yossi Melman (Haaretz)

There was a personal reason for the excitement that grabbed the chief of Military Intelligence, General Amos Yadlin, last Wednesday, too. He was attending a family celebration in the center the country. But far away, in souther Beirut, another event was going on, in which Yadlin had a particular reason to take an interest. At exactly the same time, Israeli Air Force fighter jets were dropping 23 tons of explosives on the Hezbollah's so-called alternative bunker. Hidden under an innocent-looking mosque, the bunker had been built by Iranian engineers who specialized in the construction of protected subterranean building for their country's nuclear facilities.

Five days have passed since the bombing and its results are not yet known. Hezbollah, as part of the psychological warfare it is waging against Israel, has not made its losses public. Members of the movement's field security unit are carefully guarding the area around the damaged bunker, along with other important sites belonging to the organization, and preventing strangers from approaching.

Israel, which decided very late in the game to respond with psychological warfare, has also refrained from releasing any information on the incident - although the chief of staff did hint at a press conference on Friday night that Israel knows the identities of some of those killed in the bombing, but prefers that Hezbollah will publicize their names. In this way, Israel is letting Hezbollah grope in the dark with respect to what Israel actually knows and its intelligence capabilities.

Prime Minister Ehud Olmert and Defense Minister Amir Peretz authorized the attack, based on intelligence assessments that Hezbollah leaders including Hassan Nasrallah and his deputy Imad Mughniyah - a well-known terrorist wanted by the Mossad, the CIA and in fact just about every Western intelligence agency, who is considered to be Hezbollah's "chief of staff" were supposed to be in the bunker. The aim of the attack was also to hit Mughniyah's deputy, Talal Hamia, and other commanders.

Nasrallah was not harmed in the attack because he wasn't in the bunker at the time, but it is possible that other members of the organization's leadership were wounded.

Connecting to the target

The bombing and lack of clarity surrounding the results of this incident open a window, albeit a very narrow one, on a hidden element of the war: the part played in it by Israel's intelligence. And it is not an inconsiderable element. This intelligence is what makes it possible to connect the bomber jet with its target.

The Mossad can take credit for a number of operational units involved in locating, recruiting and running agents. In Israel Defense Forces' Military Intelligence, the credit goes to the terrorism experts in its Research Division, to Unit 504 - which is involved in running agents and also in offensive intelligence operations in southern Lebanon - and, to a certain extent, to SIGINT (signals intelligence) Unit 8200.

What are Israel's intelligence achievements? Some information about this was intimated by the previous chief of staff, Moshe Ya'alon, who is currently in the United States. At a lecture he gave in Washington, he said: "Hezbollah has built special rooms inside ordinary residential buildings used to launch rockets, but they didn't know that we know that, and were surprised."

For years, and while carefully maintaining strict compartmentalization, Hezbollah built up a dense system of "secret houses," in which rockets and missiles aimed at numerous Israeli targets were hidden. About a year ago, Nasrallah boasted that he would "set northern Palestine ablaze." Israel's north is indeed being hit very hard by Katyusha rockets and missiles, so far more than 2,000 have been fired, but it is not burning. As of yesterday, only 5 percent of the rockets and missiles fired hit precise targets, causing the deaths of around 20 people and damage to dozens of buildings.

The hidden missiles, especially the long-range Zelzal ones, were the Hezbollah's strategic weapons. This capability has been severely undermined. The IAF - equipped with precise information that has been gathered, examined and meticulously prepared by intelligence experts - knows exactly where many of these concealed storerooms are and has destroyed them. Contributing to this is AIF intelligence, which knows very well how to translate the material gathered by the Mossad and Unit 504, and processed by terrorism experts in the MI Research Division, in order to turn the resulting data into targets for attack.

According to various estimates, about 40 percent of the missiles and rockets belonging to the Hezbollah have already been hit. The firepower remaining in its hands should not be taken lightly: It can still launch rockets and missiles and in large numbers. Nor is there any doubt that Nasrallah will try to make wise use of his residual capability; he may be saving up part of it for a dramatic finale. However, the accomplishments of Israeli intelligence in undermining his missile and rocket capability are indeed noteworthy. They are mainly thanks to the work of HUMINT - human intelligence - based on locating, recruiting and running agents. This is also the specialty of the Mossad and of Unit 504, whose most important contribution has been on the tactical level near the border.

Unit 8200 has also contributed its part to attaining an intelligence picture of Hezbollah, but its members, who were aware that they were being listened to, carefully maintained communications security by means of their field security and espionage services. These members, especially the military command, spoke on the telephone as little as possible. They preferred to send their orders and instructions by means of couriers and held their meetings in rooms impenetrable to listening devices that were especially built in Hezbollah's "security square" in Dahiya. This command post also featured communications centers, as well as Hezbollah's command and control.

Disruption of function

The destruction of that compound contributed a great deal to the disruption of the organization's ability to function, but Hezbollah prepared for this eventuality as well. The field commanders received instructions to act according to their own discretion in the absence of clear command orders or an attack on their communications and computer systems.

Intelligence coverage made it possible for the Mossad to preclude the implementation of Hezbollah's future plans; the agency even prevented the movement's international apparatus from repeating the success of the bombing of the Israeli embassy in Argentina in 1992, and two years later, of the Jewish community center in Buenos Aires.

Guided by Iranian intelligence, Hezbollah set up over a number of years a system of sleeper cells in Europe, South America and Southeast Asia, with the intention of - waking them up - when the time came. This just may be that time, and preparations should be made for the possibility that the organization will try to use the cells to take revenge. But the decision concerning that scenario is not in Nasrallah's hands, rather in the hands of the Iranian leadership.

In 1992, Fuad Mughniyah, brother of Imad Mughniyah, was murdered in south Beirut by a car bomb. So far, media assessments have taken the view that Imad was the real target of the bomb - that he was supposed to be visiting his brother, but was late for the meeting. Now, however, based on an analysis of the incident as it was reported in the foreign media, it may be concluded that the target was in fact Fuad Mughniyah himself, who was a junior partner to his brother's terror activities. In that year, thanks to precise intelligence, Israel used missiles fired from helicopters to kill Abbas Musawi, the secretary general of Hezbollah. Since then, a number of mid-level Hezbollah commanders have been killed in operations that the Lebanese media has attributed to Israeli intelligence. A few months ago, a network that was involved in the assassination of Raleb Awali, a Palestinian active in Hezbollah, was apprehended.

It is clear that the chief target, Nasrallah, is still alive today, and so apparently is Imad Mughniyah. From this standpoint, the situation can be described as a failure. An additional colossal intelligence failure concerns the recent missile attack on the Israeli naval destroyer. Navy intelligence knew and was familiar with the Iranian missile that hit the ship, and it should have been assumed that the Hezbollah possessed it.

The problem of intelligence capabilities intensifies further with the outbreak of war. When the intelligence that is gathered is realized, a great deal of what has been built up meticulously over years goes up in smoke. The "bank of targets" that has been prepared diminishes after the first wave of attacks. There is a tactical intelligence difficulty in pinpointing new targets during the fighting. Moreover, it is especially different to run agents: Communications with them, even if they are equipped with state-of-the-art devices, break down because of a lack of contact. Suspicions grow and the dangers posed to the agents increase. This is even more true for agents involved in the more basic aspects of intelligence operations.

Still, the information that has been gathered and stored during the years preceding the fighting form the basis for the IDF's operations of air and land capabilities, in addition to the activities of special forces on the enemy's home front, whose role, among other things, is to close the intelligence gaps - and especially to locate new missile and rocket launching sites created since the outbreak of the war.
Quello che Melman scrive a proposito delle reti di agenti sul campo e ai problemi di comunicazione con le sedi operative del Mossad, il servizio di intelligence di Gerusalemme, è quanto mai pertinente. Chi ascolta le frequenze alternative delle onde corte, quelle non broadcast riferibili ai vari servizi civili e militari, avrà immediatamente pensato alle number stations, le stazioni che danno letteralmente i numeri, trasmettendo lunghe sewquenze di lettere o simboli numerici. Da anni si ipotizza con ragionevole certezza che queste trasmissioni sono proprio legate alle attività di spionaggio internazionali: i contenuti cifrati trasmessi sono con molta probabilità messaggi trasmessi da e verso gli agenti in missione. Le trasmissioni attribuite al Mossad sono rimaste una componente molto attiva di un panorama che dopo la guerra fredda e la scomparsa della divisione tra blocco occcidentale e orientale si è assottigliato. Nel post precedente ho citato il blog Mt-Milcom di Larry Van Horn senza però dire che tra le frequenze indicate c'è anche la "programmazione" delle number station normalmente attribuite al Mossad e alle sue operazioni in Medio Oriente: l'intero blocco di frequenze e orari della categoria "E10" nel sistema di classificazione inventato dalla newsletter Enigma 2000. Larry in effetti riprende l'articolo su E10 pubblicato da Simon Mason sul suo straordinario sito sulle trasmissioni spionistiche.
L'articolo di Haaretz cita a un certo punto il fatto che gli agenti del Mossad sono equipaggiati con dispositivi molto avanzati, ma in effetti la trasmissione di messaggi cifrati si basa spesso su sistemi di codifica molto semplici e straordinariamente efficaci dal punto di vista della sicurezza. Mi riferisco in particolare ai one time pad inventati, secondo lo storico della crittografia David Khan, nel 1917. Negli OTP le lettere del messaggio in chiaro vengono semplicemente sostituite con altre lettere in base a un sistema di sostituzione del tutto casuale, in cui la chiave, lunga come il messaggio, è costituita da una semplice stringa di lettere casuali. Il livello di inviolabilità degli OTP è praticamente infinito: dato un campione di testo cifrato sarà possibile ottenere stringhe di plain text, testo in chiaro, a partire da chiavi diverse, tutte egualmente "probabili" dal punto di vista della criptoanalisi. Anche disponendo di enormi capacità di calcolo per vagliare tutte le combinazioni possibili, non sarà possibile distinguere tra plain text autentico e testi spuri. Vi rimando, come mi capita spesso, a quanto scrive a proposito Wikipedia. Ci sono alcuni punti deboli di questo meccanismo, teoricamente inattaccabile. Un OTP non va mai usato due volte su due messaggi diversi e la sequenza di lettere deve per forza essere casuale. Chi prova a generare gli OTP con metodi computazionali deve tener conto di questo vincolo, soprattutto se utilizza algoritmi pseudo-casuali. Se c'è un pattern, uno schema, l'analista prima o poi lo individuerà.
L'aspetto interessante è la possibilità di utilizzare gli OTP in condizioni operative di estrema emergenza, servendosi al limite di un semplice foglio di carta e di una penna. In pratica gli OTP possono essere custoditi in piccoli blocknotes facili da nascondere e poco sospetti. O, nell'era digitale, in un lettore MP3 come l'iPod. Ma la cifratura e la decodifica dei testi si effettuano anche a mano e i messaggi cifrati possono essere ricevuti, sulle onde corte, con una radiolina da pochi dollari.
Tornando al traffico spionistico E10, secondo Simon Mason si conosce un unico caso di decodifica amatoriale di questa categoria di emissoni dovuto essenzialmente a una trasmissione in chiaro, l'unica mai rilevata dagli appassionati. Il messaggio è stato trasmesso su 5339 kHz dalla stazione KPA il 15 marzo di quest'anno, alla conclusione di una emissione serale. Quando la centrale (o l'agente) ha trasmesso la stringa di chiusura: G1O2O3D4N5I6G7H8T (la decifrazione mi sembra banale). L'audio di questa ironica - anche se poco informativa - concessione alla impenetrabile (sempre ammesso che di OTP si tratti) segretezza delle number stations si può ascoltare qui.

Tags:

Nessun commento: