Garda Ombudsman "under high-tech surveillance"

tayto lover · 12-02-2014 06:57PM

hatrickpatrick wrote: »

I don't see why everyone is questioning why the Gardaí would have been suspects. The Gardaí are the people the Ombudsman investigates, they (possible tied with journalists) have the most to gain from such surveillance, they have the motive, they have the means - why wouldn't they be suspects?

For example: If both the Gardaí and the Irish Nurses Organization had the ability to engage in this type of eavesdropping, would you expect both to be suspects on the same level, even though one has a connection to GSOC and a motive for spying, and the other does not?

The Gardaí were suspected because they have both the ability and a reason to want to engage in this kind of surveillance, and nobody else has both.

Why is this so shocking?

Ah maybe its not clear BUT I was quoting Godge there.

Godge · 12-02-2014 06:58PM

Scofflaw wrote: »

The original claim was that one of the factors motivating the security sweep was the amount of information in the public debate about GSOC cases - that is, that too much was known about GSOC's internal doings.

So it could be the case that whoever leaked the security report was also responsible for the leaks that prompted the security sweep in the first place.

That could be someone in the organisation, or it could be that the same people who had the surveillance in place also leaked the report - or both, if you see what I mean. One thing the leaking of an internal secret report does tell you, of course, is that you do definitely have a leak, and it's more than a bit of loose talk or intelligent guesswork on other people's part.

cordially,
Scofflaw

What isn't clear is whether the report was ever in electronic format. If it was only in paper format, and this is something someone in the Oireachtas committee should be clever enough to ask the Commissioner, then the leak is clearly from within the organisation unless you are suggesting that you can somehow read a report from camera surveillance?

tayto lover · 12-02-2014 06:59PM

Godge wrote: »

What isn't clear is whether the report was ever in electronic format. If it was only in paper format, and this is something someone in the Oireachtas committee should be clever enough to ask the Commissioner, then the leak is clearly from within the organisation unless you are suggesting that you can somehow read a report from camera surveillance?

But a journalist seems to have a copy of some secret internal file.
Now how did he get that?

Shady Tady · 12-02-2014 07:05PM

tayto lover wrote: »

But a journalist seems to have a copy of some secret internal file.
Now how did he get that?

The bug they had the sweep for initially was a human bug who was leaking info, this was proved when the paper secret document was leaked. The leaker has now suceeded on two fronts

1 they leaked their document
2 the leaked the fact that they tried to catch him/her

Nice one!

K-9 · 12-02-2014 07:06PM

Scofflaw wrote: »

The original claim was that one of the factors motivating the security sweep was the amount of information in the public debate about GSOC cases - that is, that too much was known about GSOC's internal doings.

So it could be the case that whoever leaked the security report was also responsible for the leaks that prompted the security sweep in the first place.

That could be someone in the organisation, or it could be that the same people who had the surveillance in place also leaked the report - or both, if you see what I mean. One thing the leaking of an internal secret report does tell you, of course, is that you do definitely have a leak, and it's more than a bit of loose talk or intelligent guesswork on other people's part.

cordially,
Scofflaw

Or if the bugging type systems went on for longer than we think, whoever was doing the eavesdropping was doing the leaking! I've watched too much Spooks in my time!

Seriously, I do remember reading about rumblings about GSOC leaks. If that was the reason behind all this, it seems very ill advised to do it without informing the head of GSOC at a minimum.

Rawhead · 12-02-2014 07:09PM

Good to see that the plumbing section is hard at work again, leaks fixed at all cost. Yet again the issue has been sidelined and the focus moves to the messenger, same as penalty points and everything else.

K-9 · 12-02-2014 07:10PM

Godge wrote: »

AGS, as an organisation, does not have a motive but possibly would have the means.

Maybe I'm missing something as I'm only catching up on this story, but I'd have thought it obvious AGS would have a motive on keeping tabs on GSOC matters?

tayto lover · 12-02-2014 07:19PM

So there is an internal leak rather than an external leak. Bloody Hell.

There are more twists to this than a Hitchcock movie.

Scofflaw · 12-02-2014 07:29PM

Godge wrote: »

What isn't clear is whether the report was ever in electronic format. If it was only in paper format, and this is something someone in the Oireachtas committee should be clever enough to ask the Commissioner, then the leak is clearly from within the organisation unless you are suggesting that you can somehow read a report from camera surveillance?

"Only ever in paper format"? What, typed up on a typewriter or written by hand?

Sorry, no offence intended...just...really, is this ever the case any more?

cordially,
Scofflaw

Kaizersoze81 · 12-02-2014 07:32PM

It's looking more and more like this is an internal bugging, rather than an external one. GSOC are coming across as seriously unprofessional and incompetant in this. The head of GSOC should resign.

Godge · 12-02-2014 07:33PM

Scofflaw wrote: »

"Only ever in paper format"? What, typed up on a typewriter or written by hand?

Sorry, no offence intended...just...really, is this ever the case any more?

cordially,
Scofflaw

In electronic format offsite prepared by the English security group, delivered in person to the GSOC, who never get their own electronic copy, only a paper copy.

One way of ensuring a report remains top secret within your own organisation.

Godge · 12-02-2014 07:35PM

Kaizersoze81 wrote: »

It's looking more and more like this is an internal bugging, rather than an external one. GSOC are coming across as seriously unprofessional and incompetant in this. The head of GSOC should resign.

I wouldn't rule out the possibility of journalists also being the reason for all the problems.

At this stage, the only person(s) who could gain from all of the leaks, if they are linked is

(1) A disgruntled internal employee(s)
(2) A journalist(s)

Scofflaw · 12-02-2014 07:45PM

Godge wrote: »

In electronic format offsite prepared by the English security group, delivered in person to the GSOC, who never get their own electronic copy, only a paper copy.

One way of ensuring a report remains top secret within your own organisation.

I did think of that one, but I doubt it, and of course it leaves open the possibility of the leak not being in GSOC at all.

'Twas the thought of cyber-security operatives penning their report in good copperplate that tickled me:

Dear Sirs,

we beg to report the following anomalies as discovered at your offices on the instance of the nth of September in the year of our Lord Two Thousand and Thirteen...

cordially,
Scofflaw

Scofflaw · 12-02-2014 07:46PM

Godge wrote: »

I wouldn't rule out the possibility of journalists also being the reason for all the problems.

At this stage, the only person(s) who could gain from all of the leaks, if they are linked is

(1) A disgruntled internal employee(s)
(2) A journalist(s)

I still wouldn't agree. Without going tinfoil hat on it, there are obvious non-journalists who stand to gain from discrediting GSOC.

cordially,
Scofflaw

raymon · 12-02-2014 07:49PM

Sierra Oscar wrote: »

It is very relevant considering it has been alleged that the Minister has an unhealthy relationship with the Garda Commissioner, which in turn is why GSOC probably did not feel confident approaching the Minister to highlight their bugging concerns.

Now you have the Confidential Recipient, appointed by the Minister, trying to discourage a whistle-blower from revelaing damaging allegations against senior officers in An Garda Síochána.

Now that this is an internal leak what spin are you and Fianna Fail going to put on it now to try to damage the government? Just curious.

Godge · 12-02-2014 07:57PM

Scofflaw wrote: »

I did think of that one, but I doubt it, and of course it leaves open the possibility of the leak not being in GSOC at all.

'Twas the thought of cyber-security operatives penning their report in good copperplate that tickled me:

cordially,
Scofflaw

I have had documents delivered for me in that way, and being given and shown other documents in paper form which were then taken back. Granted, I have no experience of dealing with the type of security firm involved but I would expect them to have the highest possible security protection on their electronic documents.

I did like your draft report though

edanto · 12-02-2014 07:58PM

The internal leak is neither confirmed nor new. It was obvious since the Sunday Times article that someone gave detailed (and clearly inaccurate) information to a journalist.

How could an internal leak account for the strange result from the conference phone? The privacy consultants that were investigating the phone sent some type of signal down the phone line at 1am.... and the phone was rung back immediately. Repeating the test did not produce the same results.

Paraphrasing GSOC statement to committee - any emphasis/errors are mine wrote:

The commission did not rule out that there could be reasonable explanations for any or all of these devices

The anomaly in the telephone unit could not be repeated. We could not rule out an innocent call, even at 1am.

Telecoms data could not identify the number from which the call had been made or even that a call had been made.

If the signal the consultants sent down the line would normally cause the phone to be rung back, why did subsequent identical tests not produce the same result?

If it was a random wrong number call, why did telecoms data not give a caller ID or even identify that a call had been made?

Why would a privacy consultant send a signal of this type down a phone line unless it was known to give results that indicate surveillance?

Does that not seem more interesting to you than the already obvious leak?

Sierra Oscar · 12-02-2014 08:00PM

raymon wrote: »

Now that this is an internal leak what spin are you and Fianna Fail going to put on it now to try to damage the government? Just curious.

You are doing a nice job on following the FG Press Office line by focusing on the leaking of the security sweep report to the media.

I myself am more interested in knowing who bugged GSOC, and why that report was needed in the first instance.

Scofflaw · 12-02-2014 08:03PM

raymon wrote: »

Now that this is an internal leak what spin are you and Fianna Fail going to put on it now to try to damage the government? Just curious.

Sierra Oscar wrote: »

You are doing a nice job on following the FG Press Office line by focusing on the leaking of the security sweep report to the media.

I myself am more interested in knowing who bugged GSOC, and why that report was needed in the first instance.

That'll do, gents, that'll do.

moderately,
Scofflaw

Scofflaw · 12-02-2014 08:05PM

edanto wrote: »

The internal leak is neither confirmed nor new. It was obvious since the Sunday Times article that someone gave detailed (and clearly inaccurate) information to a journalist.

Sure, although I'm not sure what was inaccurate about it? The details released in the original article are the same as the details given by GSOC since. The only difference is the emphasis on the likelihood that there's a non-bugging explanation - GSOC playing down the potential, the journalist playing it up.

edanto wrote: »

How could an internal leak account for the strange result from the conference phone? The privacy consultants that were investigating the phone sent some type of signal down the phone line at 1am.... and the phone was rung back immediately. Repeating the test did not produce the same results.

If the signal the consultants sent down the line would normally cause the phone to be rung back, why did subsequent identical tests not produce the same result?

If it was a random wrong number call, why did telecoms data not give a caller ID or even identify that a call had been made?

Does that not seem more interesting to you than the already obvious leak?

Not to everybody, apparently.

cordially,
Scofflaw

Scofflaw · 12-02-2014 08:10PM

Godge wrote: »

I have had documents delivered for me in that way, and being given and shown other documents in paper form which were then taken back. Granted, I have no experience of dealing with the type of security firm involved but I would expect them to have the highest possible security protection on their electronic documents.

I did like your draft report though

I....may have been excessively swayed by the attractive notion of such a report.

On the other hand, though, there was a recent Snowden revelation about the bugging of the 2009 Climate Summit in Copenhagen by the NSA, where the Danes had produced a 'fall-back' document which they would use if the US were bolshy, and which basically gave in to all the US demands.

Physical security around the document was extremely tight - it was only ever distributed in paper form, and copies were recovered before people left meetings. Unfortunately, the NSA had long since copied the original digital version, and the US just stonewalled everybody and waited for it to be put on the table.

So I'm a bit dubious about claims that about documents that only exist in paper form.

cordially,
Scofflaw

edanto · 12-02-2014 08:25PM

Scofflaw wrote: »

Sure, although I'm not sure what was inaccurate about it? The details released in the original article are the same as the details given by GSOC since.

Not quite.

Article claimed : A test of the line confirmed that the phone was being used to eavesdrop on meetings.

GSOC clarified : A test on the line gave worrying results with a low probability of an innocent explanation.

Article claimed : Surveillance had compromised the GSOC wifi network in order to steal emails, data, confidential reports and possibly eavesdrop on mobile phone calls.

GSOC clarified : A media console owned by GSOC was making a WiFi connection randomly to an external network. GSOC did not specify if this media console was air gapped from their network (edit - I think they just did say that in the most recent answer, they said it was not hard wired to any of their other systems), but they did say that their databases were not compromised. There is a clear contradiction here where the article suggested NSA style total network access which GSOC did not confirm. Indeed, GSOC clarified that they don't have a wifi network.

Scofflaw · 12-02-2014 08:45PM

edanto wrote: »

Not quite.

Article claimed : A test of the line confirmed that the phone was being used to eavesdrop on meetings.

GSOC clarified : A test on the line gave worrying results with a low probability of an innocent explanation.

Article claimed : Surveillance had compromised the GSOC wifi network in order to steal emails, data, confidential reports and possibly eavesdrop on mobile phone calls.

GSOC clarified : A media console owned by GSOC was making a WiFi connection randomly to an external network. GSOC did not specify if this media console was air gapped from their network (edit - I think they just did say that in the most recent answer, they said it was not hard wired to any of their other systems), but they did say that their databases were not compromised. There is a clear contradiction here where the article suggested NSA style total network access which GSOC did not confirm.

Mm. GSOC have not actually been very definitive, and what they're saying doesn't necessarily contradict what the article said, except for the claim that files etc had actually been accessed. What GSOC have actually said is that "this" wasn't connected to "that", and that their databases were secure, which nobody had claimed they weren't. "Randomly" is not a word GSOC used, afaik - what they said was that the device, which wasn't "connected to the network", should not have been transmitting and should have had a password, but was, and didn't. Those are not contradictions of the claims, although they sound like them.

The main problem, though, is that describing the journalist's details as "clearly inaccurate" requires one to take GSOC's less than definitive statements at rather more than their face value. I'm not sure that one can do that, since (a) we already know for a fact that GSOC had decided to sit on this report, while (b) organisations that have been hacked invariably play down the extent of the breaches, and (c) GSOC are in a position where they have had to make a defence of their original decision not to follow up on the report with other people.

And all of that is without going on to make the point that an 'establishment' line has been very clearly put in place. To me, that's probably the major issue here. Whether someone did bug GSOC, or might have bugged GSOC, or even if there's only a suspicion that bugging was a possible explanation for the 'anomalies', the reaction of the current political establishment has become the major news issue here - and in most sense always was, because nobody has ever claimed there was a clear line of evidence leading to any other organisation or person(s).

cordially,
Scofflaw

DublinWriter · 12-02-2014 08:47PM

Question 1, who did it?

The biggest thing revealed today was the discovery of a fake GSM O2 cell, not O2-Irl, but O2 UK. This would have needed to have been installed in close physical proximity to the GSOC offices. Now, keep that point in mind in light of the following.

Let's rewind a little out of the realms of pure conjecture and consider who has the technology to even put this kind of thing together. We're looking at governmental levels of expertise, not criminal gangs, not the press.

That leaves us with two suspects, an Garda Siochana and British Intelligence.

First, let's look at an Garda Siochana. Like every other police force in the world, I'm sure they work closely with telecom providers based in their own jurisdiction on a daily basis. They wouldn't need to hire a nearby serviced apartment or park a tricked out van near the GSOC offices. Surveillance would be carried out centrally via the provider. Accepting that as a premise then it only leaves the suspicion that it was an off-the-books black OP. If you suspect that this is the case then do you think that an Garda Siochana would be so stupid as to set up a fake GSM cell for a UK network?

It's so unlikely as to be improbable.

Now, let's look at British intelligence.

British Intelligence has been active in Ireland ever since the foundation of the Free State, not just in terms of 'human intelligence' but also 'signals intelligence' (SIGINT).

Let's look at three key documented examples.

HUMINT #1: In the mid-1970's MI6 successfully recruited Garda Dective Sergeant Patrick Crinnion.

SIGINT #1: There was an intercept POTS facility installed in Wales to monitor all Irish-UK telephone traffic that was operation until the late 1980's.

SIGINT #2: Peter Wright, in his Spycatcher book, details a mission he was given to install surveillance in the British Embassy in Merrion Square to intercept traffic from the Irish Department of Foreign Affairs and the various Irish embassies around the world.

...and these are only the incidents that are known of.

If you're following me thus-far on this track then I'll post part 2, "Why did they do it?" as this post it becoming far too long!

Scofflaw · 12-02-2014 08:53PM

Dublin Writer wrote:

If you're following me thus-far on this track then I'll post part 2, "Why did they do it?" as this post it becoming far too long!

Eh, no, not following as yet. It's more or less the same case for the US, or Russia, or China, bar the ancient evils of the Brits. The statements about the Gardai aren't correct, either - Gardai would not go through their usual ISP contacts or standard channels if they were bugging their Ombudsman, so all the points about their usual channels is irrelevant. Coming into an ISP and saying "we need to have surveillance on these possible criminals" is very very different from saying "we need surveillance on this public body which deals with our misdeeds".

You'll need a very good "why".

cordially,
Scofflaw

Frank Lee Midere · 12-02-2014 08:59PM

edanto wrote: »

Not quite.

Article claimed : A test of the line confirmed that the phone was being used to eavesdrop on meetings.

GSOC clarified : A test on the line gave worrying results with a low probability of an innocent explanation.

Article claimed : Surveillance had compromised the GSOC wifi network in order to steal emails, data, confidential reports and possibly eavesdrop on mobile phone calls.

GSOC clarified : A media console owned by GSOC was making a WiFi connection randomly to an external network. GSOC did not specify if this media console was air gapped from their network (edit - I think they just did say that in the most recent answer, they said it was not hard wired to any of their other systems), but they did say that their databases were not compromised. There is a clear contradiction here where the article suggested NSA style total network access which GSOC did not confirm. Indeed, GSOC clarified that they don't have a wifi network.

So they had a play station which connected to an external wifi? That's NSA level alright.

I'd probably be more likely to believe that the thing either automatically connected to a wifi without a password, or more likely some internal worker connected to the external wifi and subsequently it would automatically connect to that wifi dependent on the signal strength. I never know which of the internal wifis at work my phone has connected to until I try to get email and fail - in that case it's attached to an internal only wifi so I switch out.

I don't even understand the phone issue. They called someone and that someone called back? Or there was a phonecall unrelated to the original call? Do people who bug you call you back? Is that it?

This security audit found anomalies, that often means in internal breaches not external violations.

Sierra Oscar · 12-02-2014 09:07PM

John Mooney, who broke the story initially, has been tweeting his opinions on the Committee meeting.

https://twitter.com/JohnMooneyST/status/433692726912360448

John Mooney: Opposition parties are planning to raise what #GSOC have said tonight in the Dail tomorrow. Statement given by justice minister now in doubt

https://twitter.com/JohnMooneyST/status/433683187915833344

Simon O'Brien confirms Alan Shatter was told GSOC had launched investigation into surveillance by gardai prior to Dail statement

Frank Lee Midere · 12-02-2014 09:08PM

The fake 02 cell sounds like garbage as well. Firstly as far as I can see you need to deliberately set that cell up and then turn automatic discovery off or your phone will not attach to it, so it needs phyical across to the actual device, otherwise the device finds the home network. Secondly there are two clear hints that you would be on the fake cell.

1) it will say in the top right that you are connected to O2.uk.
2) you will get a welcome to the UK text.

Both are likely to arouse suspicion from even the most technically illiterate GSOC member.

Scofflaw · 12-02-2014 09:14PM

Frank Lee Midere wrote: »

So they had a play station which connected to an external wifi? That's NSA level alright.

I'd probably be more likely to believe that the thing either automatically connected to a wifi without a password, or more likely some internal worker connected to the external wifi and subsequently it would automatically connect to that wifi dependent on the signal strength. I never know which of the internal wifis at work my phone has connected to until I try to get email and fail - in that case it's attached to an internal only wifi so I switch out.

Er, yes - and the point about your phone is that it's a communication device. It's also grossly insecure.

The point here is that the device should not have been transmitting, and it was transmitting, to an unknown network. Media device doesn't necessarily mean a Playstation, but it does mean something that has sound, possibly video/image capabilities.

That it was "air-gapped from the rest of their network" is of no comfort really when you're talking about a WiFi device, since that, after all, is exactly what WiFi does.

Frank Lee Midere wrote: »

I don't even understand the phone issue. They called someone and that someone called back? Or there was a phonecall unrelated to the original call? Do people who bug you call you back? Is that it?

Luckily, it's not necessary to become expert on how you test phone lines for monitoring. This is what the GSOC said:

The second was more worrying was a conference call telephone, a conference call facility, that we use not infrequently, and that was tested and the testing showed what we thought - our consultants thought were anomalies but it showed something that gave us cause for concern, and their judgment was the strange behaviour of this device - the response to the test - was that it could have been coincidental, could be accidental, could be explained away but they rated in their report the possibility of it being coincidental as close to zero.

This security audit found anomalies, that often means in internal breaches not external violations.

It means what GSOC have said repeatedly that it means, which is anomalies which could be evidence of intrusion or surveillance. The "internal breaches" explanation is first on the list for nearly every security issue, but network intrusion and/or surveillance by someone inside your organisation is not materially different from the same by someone outside, since both are done by someone who should not be privy to the material they are making themselves privy to.

cordially,
Scofflaw

Phoebas · 12-02-2014 09:37PM

Frank Lee Midere wrote: »

The fake 02 cell sounds like garbage as well. Firstly as far as I can see you need to deliberately set that cell up and then turn automatic discovery off or your phone will not attach to it, so it needs phyical across to the actual device, otherwise the device finds the home network. Secondly there are two clear hints that you would be on the fake cell.

1) it will say in the top right that you are connected to O2.uk.
2) you will get a welcome to the UK text.

Both are likely to arouse suspicion from even the most technically illiterate GSOC member.

I guess if it was a 'fake' cell they wouldn't send the welcome text.

But you'd have to wonder why someone targeting GSOC would use a fake UK network and not a fake Irish one since, as GSOC says, that it was no threat because none of their staff had UK registered phones.

I wonder are there any telecom software companies in the vicinity that might have been using some test kit?

Garda Ombudsman "under high-tech surveillance"

Comments