THE SPY WHO WORKED FROM HOME: OR NOT!
by Chris Goff
So, I joked about writing The Spy Who Worked from Home, but to be honest I saw a lot of potential there. Except, it turns out, it’s hard to spy from home. Spying is all about intelligence gathering, and in today’s world with all the secure buildings and heavily defended cyber connections, its hard to gather much useful intel on a laptop in your pjs.
What happened when Covid 19 struck?
Some agencies, such as the NSA, stuck with their “strictly forbidden to work from home” policies, and tried creating classified office space. They designated work hours, set up shifts for various teams and contractors, and disinfected the office space during shift change.
Other spies tried working from home. Not a problem when working unclassified elements. A big problem for classified work. And, as the intelligence communities are known for over-classifying information, it soon became clear some things needed to be declassified. It may turn out that there will be less material deemed classified that spies want to get their hands on, and more clues out there to what material is classified.
Keeping tabs on the workforce!
Spies also faced problems similar to the problems the regular workforce experienced. With everyone working at home these days, a lot of employers want ways to keep better tabs on their employees. Work surveillance isn’t new, but digital advances during the pandemic have taken it to new heights. It’s almost like the boss is standing over you. Cyber apps let your boss know exactly what you’re up to, what apps you are using most, what digital devices, and even what keystrokes you’re making. One cyber surveillance company reported seeing a 16% increase in orders, and a 40% increase from current customers asking for more licenses.
Just what everyone wants, their spy boss looking over their shoulder, recommending ways to be more productive working from home. What ever happened to the silent agreement that I’m doing my work and you’re getting results?
So, are there spies doing real spy work from home?
Yes! Take the two Chinese engineers indicted for “researching vulnerabilities in networks of biotech and other firms publicly known for work on Covid-19 vaccines, treatments, and testing technology.” They targeted firms in multiple countries: Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, Sweden and the UK. They targeted AI companies, defense contractors and a solar energy company. They stole hundreds of millions of dollars in trade secrets. Working for themselves they attempted blackmail, and other times stole information of obvious interest to the Chinese government. In July, FBI Director Christopher Wray accused China of a “whole-of-state effort to become the world’s only superpower by any means necessary,” and said. “The FBI is now opening a new China-related counterintelligence case ever 10 hours.” In fact, nearly half of the 5,000 active counterintelligence case currently under way across the country are related to China.
And the UK claimed that hackers targeting organizations trying to stop a coronavirus vaccine in the UK, US and Canada “almost certainly” operated as “part of Russian intelligence services.”
How are they doing this?
The theory is the Russians hackers used malware (specifically WellMess and WellMail) to download files from machines. The malware was planted through “spear-phishing” campaigns, targeting individuals who unknowingly—or rather unwittingly—gave up passwords and access codes.
The UK’s National Cyber Security Center (NCSC) calls out a hacking group called APT29, also known as The Dukes or Cozy Bear. NCSC says it’s more than 95% certain the group is part of the Russian intelligence services. Cozy Bear was first identified as being a significant “threat actor” in 2014 by Crowdstrike, an American cyber-security firm.
With a name like Cozy Bear, do you have any doubt these guys are working from home, on laptops in their pjs? Me, either!
So where does that leave me?
Clearly The Spy Who Worked From Home
is not a book I’m destined to write. There is a lot I know. There is a lot I can research. (My friend Lee Goldberg
convinced me of that in his latest write up in CrimeReads
.) And I may be technically saavy, but not at the hacking level. Which leaves me to take Lee’s advice and finish researching my latest work-in-progress. Working title: Operation Gentoo
What are your theories of what will happen with the traditional spy genre? What changes to you see coming?