Last year, WikiLeaks released 8,761 CIA documents containing interesting details about the technology, malware, viruses and other exploits and zero day vulnerabilities that the Central Intelligence Agency (CIA) is using.
One interesting section of this document, titled Vault 7, details how the CIA is using the United States consulate in Frankfurt, Germany as a covert hacker base, even giving the hackers based in Frankfurt (which happens to be the largest US consulate in the world) diplomatic “black” passports.
In addition to being given diplomatic passports, the hackers operating out of the Center for Cyber Intelligence Europe (CCIE) are also provided with cover stories they can use for German Customs and other screening procedures.
The Cover Story
The cover story that the CIA agents are instructed to use in Frankfurt is quite interesting. Of course, WikiLeaks revealed that as part of the leaked Vault 7 documents.
We won’t go through it all here, but there is some interesting info about what agents should do during the flight (agents are told to enjoy free Lufthansa booze in moderation), upon arrival (get Euros from the Deutsche Bank ATM, not Travelex and do not leave electronics in your hotel room), as well as on first day (how to get to the Consulate and where to go when inside), during the TDY (temporary duty) and when finally leaving (leave with as few Euros as you can and a recommendation to buy a single malt whiskey at the Duty Free).
The document also reveals the cover story (for a particular trip).
Q: Why are you here?
A: Supporting technical consultation at the Consulate.
Q: What part of the Consulate?
A: Political/Military (POL/MIL)
You can read the instructions here if you’re interested. We wouldn’t recommend going there and trying the cover story for yourself, of course. We should point out that these documents date back between 2013 and 2016, so the CIA probably has new tips by now and is no longer using the same cover stories.
CIA Assessment on Surviving Secondary Screening
Another WikiLeaks document provides insight into the CIA approach to secondary screening procedures at the airport and is equally interesting.
The document is, of course, quite lengthy (there are about 15 pages in total), so here’s the link if you want to check it out for yourself.
Here’s an excerpt from the document, related to triggers for secondary screening:
Referral to secondary screening can occur for concrete reasons, such as watch-list match or discovery of contraband, because of random selection or because the inspector suspects that something about the traveler is not right.
The document further explains the various behaviour, travel patterns, as well as other factors that agents should avoid if they don’t want to deal with secondary screening and ends with tips on how to deal with it.
In particular, the document states that “consistent, well-rehearsed, and plausible cover is important for avoiding secondary selection and critical in surviving it”, especially to the questions “Why you are here?”and “Where are you staying?”.
Another section offers insight into what travel patterns might be suspicious to different intelligence agencies around the world. For instance, the Venezuelan ONIDEX (Office of National Identification and Foreign Status) will flag any foreign traveler who makes frequent trips to this country (such as five or more times per month) and send him or her to secondary screening), while the Israeli might get suspicious if they see in your passport that you’ve traveled a lot to Muslim countries.
There’s also a warning as to what kind of behavior can be expected from deceptive persons and therefore might trigger secondary surveillance at some airports. According to the document, deceptive persons:
- Pause significantly between a question and their response (they might use sounds like “um”)
- Swallow, bite their lips, breathe deeply, perspire, pick or adjust their clothes
- Use phrases such as “to be honest”, “to tell the truth”, “to be frank” or words like “maybe, normally, typically” and so on
- Or give overly specific answers to questions
Fine Dining Hacking Tool
WikiLeaks has also revealed some of the hacking techniques used by CIA hackers. These, the CIA named “Fine Dining”. They are supposedly capable of getting into high security systems, even if they are not connected to the Internet directly (for instance, police or government databases). Back in 2013, it was even revealed that NSA agents managed to tap into the German Chancellor Angela Merkel’s phone.
When using the Fine Dining tool, the agent will look like he is watching a video, using Prezi or Skype, playing a game (now I’ll never trust people playing LBreakout 2 or 2048) or running a virus scan on MacAfee or Kaspersky. All in all, Fine Dining provides some 24 decoy programs to its user.
These WikiLeaks documents perhaps don’t reveal anything too shocking (we already knew NSA was tapping Angela Merkel’s phone for instance), but they provide a very interesting insight into how CIA operatives are working outside the main Langley base in the United States and when abroad. If nothing, it’s a thought-provoking read.