Adaptive Segmentationmicro-segmentation October 17, 2016

Codename Farewell: Lessons in Retail Spycraft for a World of Wholesale Data Dumps

Nathaniel Gleicher,

In early 1985, Vladimir Vetrov, a covert KGB operative, was executed for treason. Since 1980, Vetrov had operated as one of the most prolific double agents in Russian history on behalf of the French government. Between the spring of 1981 and 1982, Vetrov passed nearly 4,000 secret documents, including the complete list of all KGB operatives stationed under legal cover in embassies throughout the world. His codename was Farewell.

Codename Farewell

Vetrov was one of the most productive spies of the cold war. But the cost of the constant lies got to him. He drank, and by 1982, a French-imposed mandatory cooling-off period pushed his drinking out of control. Vetrov stabbed his mistress during an argument in their car, and when a man knocked on the window, he thought he’d been discovered, and he stabbed and killed him. The man turned out to be an auxiliary policeman, and Vetrov was arrested, tried, and sentenced to 12 years in prison in 1982. Prison broke him, and he became careless, revealing his double life. Vetrov roundly denounced the Soviet system in his eventual confession.

The United States’ first cyberattack

But Codename Farewell’s story doesn’t end there. One of the pieces of information that Vetrov revealed was that the Russians planned to use a Canadian front company to secretly acquire technology to automate the Trans-Siberian gas pipeline. In a Cold War–era “cyber” operation, U.S. and French agents worked together to set up a front company selling carefully crippled technology to the Russians.

Once in place, the altered software control code in the automation tools reset pump speeds and valve settings to produce pressures far beyond those acceptable to the pipeline joints and welds. The result was, according to one former Pentagon official, “the most monumental non-nuclear explosion and fire ever seen from space.”

It’s easy to read this story as proof that cyber-enabled espionage has been around for far longer than we imagine. In fact, our modern fear of cyber-enabled “physical effects” seems to have completely missed the fact that destruction caused by cyber manipulation got its spectacular start well before the word cyber was in common usage.

The most monumental non-nuclear explosion and fire ever seen.

But let’s look closer. Today, the embedded-systems search engine Shodan reveals network addressable industrial control systems around the world at the click of a button. It’s free, easy, and—for a malicious actor looking to cause damage—can identify physical targets at the click of a button. 

The road to an explosion in the Siberian tundra was built on the back of a long, dangerous spy game: high-stakes, high-risk skulking in the shadows; a brief period of productivity; and then a spiraling double agent, erratic behavior, exposure, capture, and execution.

The true cost of spying

More than anything else, spying in the 20th century was costly. Each new access point, each new covert operative required not only training, but years of nurture and placement. Operatives generated incredible effects—witness the Codename Farewell explosion—but even when those could be accomplished remotely through software, they relied on years of investment, risk-taking, and human agents risking their lives.

But the interconnected world of the 21st century has created a new kind of wholesale spying—one done remotely, over the network, from the safety of home soil.

If we want to reduce the rate of intrusions into our communications networks and data storage today, we have to make it much more difficult.

There have always been checks and balances to prevent spying from getting out of control. States pass laws, the international community identifies and enforces norms of behavior. But most of all, spying is hard, slow, and risky. In an age when remote intruders can filch information about millions of government employees without ever exposing themselves to direct retribution, this most essential check has been greatly weakened. 

Deterrence can help with this problem. Initial indications, at least, suggest that indictments, combined with the threat of sanctions and careful diplomacy, have helped to reduce commercially motivated cyber-enabled IP theft by the Chinese. But deterrence has always been only one of the checks in place. To ratchet up deterrence enough to compensate for the rapid drop in difficulty will be incredibly difficult, particularly against non-state actors and sophisticated criminal organizations.

If there is any lesson in the story of Codename Farewell for the reality of our modern, connected world, it is this: if we want to reduce the rate of intrusions into our communications networks and data storage today, we have to make it much more difficult.

The road to an explosion in the Siberian tundra was built on the back of a long, dangerous spy game.

This will be hard, but it is not impossible. Interestingly, the challenge is as much organizational as it is technical. For example, we have known for some time that a few simple steps—network segmentation, vulnerability patching, application whitelisting, limited user access, and strong passwords—would make networks much more secure. The problem is that it is incredibly hard for a large, diverse, distributed organization to deploy a disciplined security posture across its entire environment.

We need a greater focus on the organizational and strategic challenges of cybersecurity. These are the steps we could use to make intrusions harder, and to increase the cost of data exfiltration and spying in the 21st century. This is what we need to get back to Codename Farewell’s world of costly, risky, retail spying, as opposed to the wholesale data theft world of the modern day.

Illumio Codename Farewell T-Shirt

Are you applying the lessons of Codename Farewell today? We've got a FREE T-shirt for you >>






Adaptive Segmentationmicro-segmentation
Share this post: