Feature: Communications interception device bust highlights the world of non-government spying


Three men have been arrested by the South African Police Service in an undercover sting operation in which the Hawks posed as buyers for a cellphone locator and eavesdropping machine called a “Grabber”. The three are alleged to have listened in to government tenders related to the Airports Company of South Africa.

The machine is small enough to fit into a car or van and presidential authority is needed to operate one. The Grabber confiscated in South Africa at the beginning of this month was apparently used for corporate spying, reports The Star. The machine, made in Israel and worth over R25 million, was specially installed in a German-made multi-purpose vehicle. Two of the men arrested while trying to find a buyer for the device are a top businessman in the gold industry and a bank employee.

The acquisition of the first-generation Mobile GSM tracking and locating equipment is highly regulated, The Star noted, saying it believes the equipment was bought using a fraudulently acquired letter of authority from the South African government.

Such International Mobile Subscriber Information (IMSI) catcher technology uses the unique identifiers of a SIM card to intercept communications. IMSI catchers simulate base stations, sending out a signal that’s stronger than that of the closest cellphone tower, fooling a cellphone into thinking the machine is a base station. IMSI catchers work by using the fact that cellphones need to verify that they are connected to a network, meaning that all cellphones in the vicinity of the catcher can be intercepted.

The recent arrest of the Grabber suspects highlights a vast world of espionage piggybacking on cellphone networks. To get more background on this type of espionage, defenceWeb spoke to Matthew Aid, a leading writer on intelligence and an expert on the US National Security Agency (NSA) as well as intelligence matters worldwide.

Aid explained that the incident shows that: “We are now in the middle of an electronic eavesdropping proliferation regime where sophisticated spying equipment that used to be the exclusive preserve of the world’s largest and best funded intelligence agencies is now so cheap that it is well within the price range of even the world’s smallest spy agencies.”

However, before looking into the murky world of illegal spying, terrorism and crime, Aid gave examples of legitimate uses of the technology. “In an urban military environment with lots of cellphone users, this sort of equipment has proven to be invaluable. In Iraq, the US military used similar equipment at fixed listening posts or mounted in HUMVEES to intercept vast amounts of insurgent cellphone and text messaging traffic. Israel’s SIGINT [signals intelligence] organization, Unit 8200, uses their own version of this equipment to monitor Palestinian Authority (PA) communications in the West Bank and Hamas traffic in the Gaza Strip. This is very useful for targeting airstrikes or artillery shots.
“The same would be true in a typical peacekeeping environment such as the Congo, Cyprus or southern Lebanon, where all the potential warring parties depend almost exclusively on cellphones to communicate.”

The Grabber technology might be less effective in parts of Africa where cell technology is not available, but African Union military forces would have more traditional SIGINT technology in those areas, Aid explained.

Machines like the Grabber, compared to the highly complex and expensive equipment used by America’s National Security Agency (NSA) or the UK’s Government Communications Headquarters (GCHQ) are also highly portable. Aid says in addition they are: “Robust, easy to conceal, relatively simple to operate (a big plus in the developing world), and not very expensive to maintain.”
“Perhaps most importantly, anybody can now qualify to buy this stuff, including generous long-term financing package for qualified buyers who can’t afford big lump-sum payments. The companies which are selling the equipment don’t require end-user certificates from governments. They are more than happy to sell to large corporations or just about anybody else who can afford to buy it. It’s a buyers’ market, and the companies who make this stuff don’t seem to be too picky about who they sell it to.”

In the African context, the obvious danger is that terrorist groups, wildlife and drug traffickers and human trafficking networks, many of whom work together, can elude government agencies by listening in on their communications.

Aid listed organisations he knew about that had recently used similar eavesdropping technology (and attendant software) for such purposes. “Chechen guerrillas operated a highly sophisticated SIGINT collection network during their war with the Russian military in the 1990s. It was not until the second war in Chechnya in 1999 that the Russian government began systematically encrypting its communications traffic in order to choke off the intelligence that previously had flowed so freely to the Chechens.
“Through at least the early 1990s, a number of Burmese insurgent organizations, including the Kachin Independence Organization, the Shan State Army, the Karenni Army, the Karen National Liberation Army, and until its collapse in 1989, the Communist Party of Burma, all maintained SIGINT intercept and processing organizations that were superior to that maintained by the government of Burma (Myanmar).
“In Papua New Guinea, the Bougainville Revolutionary Army in the 1990s routinely intercepted the radio traffic of the PNG Defence Force.”
“From the late 1960s through at least the late 1980s, the Irish Republican Army (IRA) ran a large and surprisingly sophisticated SIGINT collection operation against British military forces based in Northern Ireland.
“In 1998, Japanese police discovered that a group of leftist radicals called ‘Kakumaruha’ had been intercepting police communications for almost 15 years from the group’s main hideout in Urayasu in Chiba Prefecture.
“In 1997 the Israeli government publicly alleged that the Palestinian Authority’s intelligence organization, the Palestinian Preventive Security Service, had purchased a sophisticated SIGINT collection system that was being used to monitor Israeli Defence Forces (IDF) cellular telephone traffic. About the same time, the IDF learned that the Hezbollah guerrilla forces in southern Lebanon were also listening in on Israeli military cellphone traffic.”

During the fighting in the West Bank in 2002, Palestinian Authority intelligence personnel were still successfully intercepting and exploiting IDF communications traffic. According to newspaper reports, these intercepts allowed a number of senior Palestinian terrorists wanted by the Israelis to escape from the Israeli military’s dragnet around the Jenin refugee camp in the West Bank in March 2002. When Israeli troops seized Yasser Arafat’s headquarters building in the West Bank city of Ramallah in March 2002, they found an electronic surveillance centre, which the Palestinians were using to track IDF troop movements.

As of 2001, the Shi’ite terrorist group Hezbollah reportedly operated four listening posts in southern Lebanon and the Bekaa Valley, which monitor Israeli communications traffic. Much of the expert staff at these stations is provided by Iranian personnel from the intelligence service of the Iranian Revolutionary Guards Corps.

In Africa, illegal trafficking tends to mix human trafficking with drugs, wildlife parts like rhino horn as well as gun-running and assistance to extremist terrorist groups like Boko Haram. A brief look at the power of drug traffickers in Latin America shows the dangers to law enforcement: “Since the early 1980s narcotics traffickers in Latin America have been found using radio scanners and sophisticated SIGINT collection methods in order to discover and avoid host nation narcotics interdiction efforts. For example, in July 1986 Bolivian authorities discovered that the operators of drug labs in the Bolivian jungle processing cocaine were intercepting government and military radio traffic. These intercepts of Bolivian military and police traffic tipped the traffickers off to impending raids on their labs. In August 1989, a convicted former drug smuggler told a U.S. Senate hearing that the Medellin Cartel in Colombia was monitoring U.S. Customs Service, Coast Guard and Drug Enforcement Administration communications channels around-the-clock. In September 1997, the Colombian National Police seized equipment that was being used by members of the Cali Cartel to intercept and clone Colombian government and military cellphone communications.”

In the 1990s, the wealthiest drug trafficking organization in Burma, the United Wa State Army (UWSA), acquired the ability to intercept the radio traffic of the Thai military in northern Thailand.

As in the case of the South African Grabber, corporate spying is also a growth industry. Matthew Aid says: “In a widely accepted practice within the Canadian oil industry, teams of corporate spies, called ‘scouts,’ monitor the activities of rival oil companies using traditional espionage techniques, as well as by intercepting the mobile radio telephones and cellphones of their competitors. Organized fleets of Thai fishermen operating illegally in the waters off the coast of Myanmar (Burma) monitor Burmese Navy radio traffic in order to evade that government’s fisheries patrols. In October 2001, it was revealed that the Uzan family in Turkey used their control of the Turkish cellular telephone company Telsim, to listen to the cellphone calls of executives from their main competitors, the Dogan Group. The Uzans then broadcast some of the taped intercepts on their television network, Star TV.”