SUMMARY VERSION INTELLIGENCE ISSN 1245-2122 N. 117, 15 May 2000 Every Two to Three Weeks Next Issue on 5 June 2000 Publishing since 1980 Editor Olivier Schmidt (email intelligence-adi@wanadoo.fr; web http://www.blythe.org/Intelligence) TABLE OF CONTENTS, N. 117, 15 May 2000 FRONT PAGE WORLDWIDE - "MELISSA", "ILOVEYOU" & FUTURE UPGRADES p.1 TECHNOLOGY AND TECHNIQUES PHONE INTELLIGENCE PROBLEMS & EAVESDROPPING FIGURES p.2 INTERNET - Another FBI Net Unit. p.3 BRITS TO "CLEAN" INTERNET ... JUST LIKE THE RUSSIANS p.4 CRYPTOGRAPHY SOFTWARE DEREGULATION IN EUROPE p.5 CRIME - Australia Puts Data Base On-Line. p.6 CHIPS - Intel Drops Processor Serial Numbers. p.7 HACKERS - DDSA MStream Software Found on the Net. p.8 PEOPLE USA - DAVID WISE p.9 - Jessie Mae Thompson. p.10 USA/GREAT BRITAIN - BARBARA MCNAMARA p.11 GREAT BRITAIN - HERMAN OUSLEY p.12 - John Betjeman. p.13 GREAT BRITAIN/NORTHERN IRELAND - TOBY HARNDEN p.14 MIDDLE EAST - Osama Bin Laden. p.15 AGENDA COMING EVENTS THROUGH 1 JULY 2000 p.16 INTELLIGENCE AROUND THE WORLD USA - ISRAEL DOESN'T SPY ON THE USA ... AGAIN p.17 - IRS' "TAIL BETWEEN ITS LEGS" p.18 - CIA RECORDS PROBLEM, ANNUAL REPORT & DEUTCH CASE p.19 - NEW STATE DEPT LIST & OTHER "TERRORISM" NEWS p.20 - FBI Does Its Own "Globalization". p.21 - The "Feds" Show Up at the LAPD. p.22 - RECENTLY-RELEASED BOOKS & WEB INFO p.23 CANADA - GOOD AND BAD ASIAN SPIES p.24 GREAT BRITAIN - HILDA MURRELL GOES BACK TO HAUNT MI5 p.25 - DORRIL BOOK ON MI6 p.26 - LITANY OF PROCUREMENT PROBLEMS CONTINUES p.27 - User's Guide to British Intelligence. p.28 NORTHERN IRELAND - MI5 BLAMES SINN FEIN FOR BLOODY SUNDAY p.29 - IRA STATEMENT RELAUNCHES PEACE PROCESS p.30 FRANCE - WELL-PLANNED INTELLIGENCE ROBBERIES p.31 - "FORTUNES OF WAR" IN PRIVATE INTELLIGENCE p.32 NETHERLANDS - FRENCH PRESSURE PROCUREMENT PLANS p.33 GERMANY - Heinz Fromm New BfV Chief. p.34 NORWAY - RADAR COVER STORY REVEALS USA NUCLEAR PLANS p.35 CZECH REPUBLIC - New Intelligence Coordination Committee. p.36 BULGARIA - New Anti-Organized-Crime Boss. p.37 RUSSIA - Siberian Mob Jamboree Rolled Up. p.38 COLOMBIA - "BAD GUYS" NOT BEHAVING AS THEY SHOULD p.39 CUBA - Lourdes Listening Post Debated in Congress. p.40 BRAZIL - Operation Condor Investigation Takes Off. p.41 KENYA - "List of Shame" For Everyone ... But Moi. p.42 ISRAEL - Arabs "With Blood on Their Hands" To Be Released. p.43 THAILAND - Waiting for a CIA Medal for Ho Chi Min. p.44 AUSTRALIA - "Legal" Aerial Spies Cause Diplomatic Row. p.45 --------------------------------------------- Intelligence, N. 117, 15 May 2000, p. 1 WORLDWIDE "MELISSA", "ILOVEYOU" & FUTURE UPGRADES At this time last year, Melissa and CIH/Chernobyl were the worst viruses to have surfaced on the Internet (see "Computer Viruses from Melissa to Chernobyl", INT, n. 99 3). Now we have ILoveYou or the "Love Bug" virus, but, as we will show below, far worse stuff is "just sitting on hard drives collecting dust and waiting for a boring, rainy day". ...(cut)... We agree with Zalewski that "Lame VBS application that isn't even able to spread without user click-me interaction, and is limited to one desk-end operating system... Worm that sends itself to people in your address book, and, in its original version, kills mp3 files on your disk. And you call it dangerous? Stop kidding." Indeed, Zalewski lays out the seven criteria for a "serious" worm project, his Samhain project: "1. Portability - worm must be architecture-independent, and should work on different operating systems ...; 2. Invisibility - worm must implement stealth/masquerading techniques to hide itself in live systems and stay undetected as long as it's possible; 3. Independence - worm must be able to spread automatically, with no user interaction, using built-in exploitation of data base; 4. Learning - worm should be able to learn new exploits and techniques instantly ...; 5. Integrity - single worms and wormnet structure should be really difficult to trace and modify/intrude/kill ...; 6. Polymorphism - worm should be fully polymorphic, with no constant portion of (specific) code, to avoid detection; 7. Usability - worm should be able to realize chosen mission objectives - eg. infect chosen system, then download instructions, and, when mission is completed, simply disappear from all systems." According to Zalewski, his document was "written to show that very serious potential risk, which we virtually can't avoid or stop, isn't hypothetical. Code provided here is partial, often comes from first, instead of most recent, Samhain release and so on. But remember - working model has been written ... Winter 1998, three bored people somewhere in the middle of Europe. Sit and relax." So it looks like Berkowitzwas right on one point: they're bored ... for the time being. --------------------------------------------- Intelligence, N. 117, 15 May 2000, p. 17 USA ISRAEL DOESN'T SPY ON THE USA ... AGAIN On 6 May, but dated 29 May for the newsstands, the conservative magazine, "Insight" published an article entitled, "FBI Probes Espionage at Clinton White House", , concerning an extensive investigation into allegations that Israeli spies had penetrated the White House and other US government telephone systems. The report carries many details, and, according to one specialist, "It does look like something may have happened". The major press quickly replied that the FBI investigation was "dormant" and had turned up "no proof" of Israeli electronic spying and Mark Regev, a spokesman for the Israeli Embassy stated, "Israel does not spy on the United States" ... like in the Jonathan Jay Pollard spy case. ...(cut)... This particular lapse was stressed by well-known counter- eavesdropping specialist, James Ross, who recently stated that the high-tech White House telephone exchange or PBX is a DMS- 100 and "I'm quite certain it was installed in 1993 because, I was told, the Clintons did not like the idea that human operators would be handling calls." The Clintons chose it because the Northern Telecom switch appeared to be the most modern. But, according to Ross, "modern PBXs allow the manufacturer or its agent to remotely upgrade the software. My advice to clients for years has been to have the PBX provider install a local on-off switch so that the user can be sure there is no remote access unless the telecom manager has coordinated with the supplier to allow access only when the supplier has requested it and only for the length of time the supplier needs to upgrade the software ... I considered remote modification of the software to be an extremely remote possibility against my clients because of the complexity of doing the job right, and the chaos that would be caused if any error was made in the modified software ... Could the MOSSAD have purchased the same switch and tested various software mods on it? I think there is little doubt that they could do just that." In short, there may well have been an unlocked "back door" to White House phones and Mossad knew about it. "Intelligence" readers can make the remaining logical deductions. --------------------------------------------- Intelligence, N. 117, 15 May 2000, p. 24 CANADA GOOD AND BAD ASIAN SPIES Former Chinese spy, Yong Jie Qu, 34, would have made things easier for xenophobic elements in the Canadian administration by not protesting an initial refusal to grant him permanent resident status in Canada. But this "trouble maker" did just that and compounded his case by winning in court. On 30 April, the press reported that Federal Judge, Francois Lemieux, handed Qu another chance to remain in Canada by ruling that his espionage work against members of a Montreal student association did not threaten democracy and that he could reapply to become a permanent resident, despite the fact he took part in espionage and subversion for the Chinese government while a student at Concordia University. The ruling overturned the decision of Canadian visa officer, Paul Whelan, who denied Mr. Qu's application in September 1998. Based on a still-secret report from the Canadian Security Intelligence Service (CSIS), Mr. Whelan said Mr. Qu informed Chinese officials about the activities of pro-democracy Chinese students at Concordia during the early 1990s. In what looks like a blatant attempt to influence Judge Lemieux's decision, certain elements in Canadian intelligence leaked the CSIS Project Sidewinder report to the press which "Canadian security threatened by Asian gangs, Chinese government" a day before Judge Lemieux's decision. The reports claimed the Chinese government and Asian criminal gangs had been working together in drug smuggling, nuclear espionage and other criminal activities that constitute a grave threat to Canadian security. "In many ways, China remains one of the greatest ongoing threats to Canada's national security and Canadian industry," the secret report claimed. The study, entitled "Chinese Intelligence Services and Triads Financial Links in Canada", was prepared in June 1997 by five analysts from the Royal Canadian Mounted Police (RCMP) internal security service and the CSIS foreign intelligence service. According to press reports, the study "was considered by some CSIS managers to be so controversial that it was watered down and rewritten before a sanitized version was circulated to other government agencies last year", which tends to indicate the "hard-line" RCMP "got it right" and the "soft" CSIS "got it wrong" on Asians and China. The allegedly "soft" Security Intelligence Review Committee (SIRC), an independent oversight body, is investigating allegations that the original Sidewinder report was suppressed because of political pressure ... but that will take some time. ...(cut)... --------------------------------------------- Intelligence, N. 117, 15 May 2000, p. 31 FRANCE WELL-PLANNED INTELLIGENCE ROBBERIES One specialist told "Intelligence", "no one doubts it was a 'professional job'. They carried away the whole damn safe full of classified wiretaps." On 2 May, the court of Nanterre (Hauts-de-Seine), a suburb of Paris, opened an investigation following the 22-23 April robbery in a building of France Telecom Mobiles in Montrouge, also a Paris suburb, of documents classified "secret defense" (equivalent to "Top Secret"). The investigation was first turned over to the Gendarmerie but then given to the Direction de la Surveillance du Territoire (DST) internal security, thus implying it has much more to do with intelligence and national security than with common crooks. The robbery took place apparently without a break-in and despite the presence of a security alarm system. A safe, containing several hundred wiretap documents, disappeared. To add insult to injury, the same building was robbed again on 25-26 April, this time with a break-in, and the office of a wiretap surveillance agent was ransacked. Apparently nothing was taken ... according to the police. ...(cut)... --------------------------------------------- Intelligence, N. 117, 15 May 2000, p. 39 COLOMBIA "BAD GUYS" NOT BEHAVING AS THEY SHOULD For the mainstream media and stodgy governments, identifying the "bad guys" in Colombia is getting harder and harder since Bogota negotiates with supposedly leftist rebels and turns over large territories to them and "law and order" right-wingers shooting up women and children. ...(cut)... To complicate things further, Colombia's main Marxist rebel force, the Revolutionary Armed Forces of Colombia (FARC), which reputedly reaps huge profits from its links to the drug trade, announced, on 28 April, in a communique signed by rebel and government negotiators, that it will co-host an international forum on illicit drug crops. The FARC, Latin America's largest and oldest rebel group, controls or has a dominant presence in roughly 40 percent of Colombia, including much of the country's deeply-impoverished south, where coca leaf -- the raw material for cocaine -- is the N. 1 cash crop. The statement said delegates and ambassadors from 21 countries, including the US, Great Britain, Germany and France, would be invited to attend the 29-30 May forum on "illicit crops and the environment". It added that the governments of Spain and Norway had agreed to act as "facilitators" for the event. The FARC wants financing for a rebel-devised crop substitution program to help poor peasants break their dependency on coca. FARC commanders strongly deny direct involvement in drug trafficking but admit imposing a 15% "war tax" on local traffickers and producers of cocaine. Cocaine production in Colombia has doubled over the last four years, despite an ambitious, US-backed drug crop eradication program. Colombia supplies roughly 80 percent of the world's cocaine and it is a leading source of the high- grade heroin consumed in the United States. --------------------------------------------- Intelligence, N. 117, 15 May 2000, p. 44 THAILAND - Waiting for a CIA Medal for Ho Chi Min. On 1 May, taking up the responsibilities of its predecessor, the CIA honored members of the World War II "Free Thai" movement trained by the Office of Strategic Services (OSS) to operate against Japan after Pearl Harbor and the US entered the war. At a private ceremony at CIA headquarters outside Washington, CIA director, George Tenet, presented five of the original 43 members of the group with an agency medallion for their service during the war. When the US entered the war, Thai minister in Washington, Seni Pramoj, asked the US to help organize, train and equip a force to liberate Thailand from Japan, and the "Free Thai" movement was born. He recruited Thai students at US universities including Cornell and MIT, who were then trained by the OSS, the CIA predecessor. It's still "a bit early" for the CIA to give similar honors to Ho Chi Minh and the Viet Minh who, alongside the OSS, fought the Japanese during the war, and then the French after the war, when the OSS saved Ho Chi Minh's life. But then anti-Communism became more fashionable than anti-Colonialism, the Viet Minh became the NVA and the Viet Cong, most of the OSS became the CIA and picked up the unsuccessful fight against "Uncle Ho" where the French dropped it. ---------------------------------------------