This is the blog of British investigative journalist Jason Lewis.
It features articles from my time as Investigations Editor of the Sunday Telegraph and Whitehall and Security Editor of the Mail on Sunday.
I specialise in writing on intelligence and security matters, human and civil rights and the activities of the British State.
Monday, 12 March 2012
Spies use Facebook to spy on NATO
How spies used Facebook to steal Nato chiefs’ details
NATO'S most senior commander was at the centre of a major security alert when a series of his colleagues fell for a fake Facebook account opened in his name - apparently by Chinese spies.
Image 1 of 3
Adml James StavridisPhoto: GETTY
By Jason Lewis, Investigations Editor,, in Washington DC
9:00PM GMT 10 Mar 2012
Senior British military officers and Ministry of Defence officials are understood to have been among those who accepted "friend requests" from the bogus account for American Admiral James Stavridis.
They thought they had become genuine friends of Nato's Supreme Allied Commander - but instead every personal detail on Facebook, including private email addresses, phone numbers and pictures were able to be harvested.
Nato officials are reluctant to say publicly wo was behind the attack. But the Sunday Telegraph has learned that in classified briefings, military officers and diplomats were told the evidence pointed to "state-sponsored individuals in China".
Although they are unlikely to have found any genuine military secrets from the Facebook accounts they accessed , the incident is highly embarrassing.
In the wake of it Nato has advised senior officers and officials to open their own social networking pages to prevent a repeat of the security breach.
Admiral Stirvis - who was in charge of operations in Libya to bring about the end of Colonel Muammar Gaddafi's regime - now has an official Facebook site while the bogus one has been permanently deleted from the internet.
But it opened up a treasure trove of personal information to the people behind the fake.
As well as their names, people routinely put personal email addresses, dates of birth, clues about their home address and personal and family pictures online. Some even state their current location, and messages on a page's "wall" can reveal huge amounts about their beliefs and state of mind.
Although it is not known how much information was harvested, foreign intelligence agencies would be delighted to have such huge amounts of information which can be used to produce detailed profiles of potential targets for espionage or even blackmail.
Senior Nato staff were warned about the fake account late last year and made representations to Facebook.
It is understood that Facebook uses very sophisticated techniques to identify bogus accounts which, it says, have very different footprints to genuine Facebook users.
A spokesman said: "After the profile was reported to us, it was taken down as soon as we were notified and investigated the issue."
Last night officials at SHAPE, the Supreme Headquarters Allied Powers Europe, reluctantly confirmed that its commander had been targeted.
They refused to be drawn on the origin of the security breach although other senior security sources confirmed that it had been traced to China.
A spokesman for SHAPE said: "This type of compromising attempts are called "Social Engeneering" and has nothing to do with "hacking" or "espionage".
"Discussions/chats/postings on Facebook are of course only about unclassified topics."
A NATO official added: "There have been several fake supreme allied commander pages. Facebook has cooperated in taking them down. We are not aware that they are Chinese.
"The most important thing is for Facebook to get rid of them. First and foremost we want to make sure that the public is not being misinformed. Social media played a crucial role in the Libya campaign last year.
"It reflected the groundswell of public opposition, but also we received a huge amount of information from social media in terms of locating Libyan regime forces. It was a real eye-opener. That is why it is important the pubic has trust in our social media."
The so-called "spear fishing" exercise is the latest tactic in the wide ranging use of the internet to spy on key Western figures and to steal their secrets.
Fears centre on the espionage operation of Chinese intelligence agencies - which are targeting not just military secrets but every aspect of western life.
Among the items stolen are said to be the secrets of stealth aircraft, submarine technology, the space programme and solar energy.
British institutions are equally vulnerable including Chinese hackers successful getting access to House of Commons secure computer network.
Shawn Henry, the FBI's executive assistant director in charge of targeting cyber crime said: "We see thousands of breaches every month across all industry and retail, infrastructure and across all sectors.
"We know that the capabilities of foreign states are substantial and we know the type of information that they are targeting."
The state-sponsored attacks are aimed at stealing information to give them an economic, political and military advantage.
Some hawkish figures in the US also fear that a hostile country or terror group might launch a "cyber war" against them attempting to attack and destroy military and civil infrastructure using viruses or other electronic weapons. However most experts think this is highly unlikely.
It is similar to the so-called "Night Dragon" attacks which targeted executives of some of the world biggest oil and gas companies.
The names of the firms involved have not been disclosed. Their reluctance is widespread as companies fear disclosure will damage customer confidence in them and it their share price.
The attacks infiltrated the energy companies computer system and looked for how the firms operated.
The attackers targeted the Western firms' public websites and specific individuals using Facebook and other social networking sites to learn about them first, and then trying to dupe them into revealing their log in names and passwords.
The hackers were traced to China, to Beijing and investigators found the attacks only happened on week days between 9am and 5pm local time suggesting they were working at an office or a government facility.
Security expert Dmitri Alperovich, who helped uncover the "Night Dragon" breach, says Western businesses and Government are all routinely being targeted.
He said: "They will know your strategy, your price list, everything to undercut and beat you. The Chinese are using every trick in the book
"They stole emails between executives about high level negotiations. They are stealing their negotiation playbook and then they outbid them.If they know your strategy they can't lose."
Last year an employee at a key US computer security firm, RSA, opened a personal email with the subject line "2011 Recruitment Plan" and clicked on the attached Excel spreadsheet.
The attachment contained a virus, apparently engineered by the Chinese, which breached RSA's systems.
RSA's customers include the White House, the Central Intelligence Agency, the National Security Agency, the Pentagon and the Department of Homeland Security (DHS), as well as organisations around the world.
The breach meant it had to contact its customers to warn them of the security risk.
Such is concern over the cyber-attacks that the DHS now sees it as a key priority along with tackling terrorism.
Bruce McConnell, its director of cyber security said: "The internet is civilian space. It is a marketplace. Like the market in Beirut in the '70s, it will sometimes be a battleground."
He likened his department's job to attempts to co-ordinate the civilian response to a hurricane.
But "unlike in a hurricane, we are responding to incidents every day," he added.