[iwar] Interesting article

From: Fred Cohen (fc@all.net)
Date: 2001-05-02 08:24:15

Return-Path: <sentto-279987-1184-988818451-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 02 May 2001 09:58:07 -0700 (PDT)
Received: (qmail 14941 invoked by uid 510); 2 May 2001 15:57:26 -0000
Received: from ef.egroups.com ( by with SMTP; 2 May 2001 15:57:26 -0000
X-eGroups-Return: sentto-279987-1184-988818451-fc=all.net@returns.onelist.com
Received: from [] by ef.egroups.com with NNFMP; 02 May 2001 15:47:39 -0000
X-Sender: fc@all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_1_2); 2 May 2001 15:47:10 -0000
Received: (qmail 32796 invoked from network); 2 May 2001 15:24:18 -0000
Received: from unknown ( by m8.onelist.org with QMQP; 2 May 2001 15:24:18 -0000
Received: from unknown (HELO all.net) ( by mta1 with SMTP; 2 May 2001 15:24:16 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id IAA25085 for iwar@onelist.com; Wed, 2 May 2001 08:24:15 -0700
Message-Id: <200105021524.IAA25085@all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 2 May 2001 08:24:15 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] Interesting article
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Region: West Europe

Sub-Region: West Europe

Country: France


Source-Date: 04/05/2001

Paris Weekly Details French Electronic 'Espionnage' Abilities

EUP20010406000153 Paris Le Nouvel Observateur (Internet Version-WWW) in
French 05 Apr 01

[Article by Vincent Jauvert: "Espionage -- How France Listens to the
Whole World"]

[FBIS Translated Text]

 It is one of the largest tapping centers in the world.  At this secret
base protected by watchtowers, police dogs and electrified barbed wire,
13 immense parabolic antennas spy day and night on all the international
communications transiting through the satellites they monitor. 

    Where is this base whose photo Le Nouvel Observateur has published
here? In the United States? In Russia? No, in the Perigord region, on
the Domme plateau, next to Sarlat airport.  The site is officially (and
modestly) referred to as the "radio center." Here, the French spy
service, the DGSE [General Directorate for External Security], monitors
hundreds of thousands -- millions? -- of telephone calls, e-mails,
files, and faxes on a daily basis.  This is the main site for the French
Republic's "big ears."

    It is not the only one.  Like the United States and the
English-speaking countries with close ties to it, France has over the
past ten years set up a global interception network.  Le Nouvel
Observateur can confirm the existence -- and publish photos -- of three
other DGSE "satellite" tapping bases.  One -- code-named "Fregate" -- is
hidden in the Guyanese forest, at the heart of the Kourou space center. 
The other, completed in 1998, is attached to the side of the Dziani
Dzaha crater on the French island of Mayotte in the Indian Ocean.  Both
are managed jointly with the BND (Bundesnachrichtendienst), the German
secret service.  The third center is located in the western suburbs of
Paris, on the Orgeval plateau, at Alluets-le-Roi.  A total of about 30
antennas "cover" nearly the entire globe, with the exception of the
Siberian North and a part of the Pacific. 

    There will soon be other stations.  Expanding its "satellite"
tapping network is one of the DGSE's "priorities," the rapporteur for
the 2001 defense budget, Jean-Michel Boucheron, writes.  The French
secret service has more resources available every year for this purpose. 
A new station is being built on the Albion plateau, where nuclear
missiles were stored before the silos were dismantled; a fifth is
planned for the Tontouta naval air base in New Caledonia. 

    Of course, this network is -- and will remain -- much less powerful
and efficient than the US system on which it is modeled, one which has
often been discussed in recent months and is commonly referred to as
"Echelon." The American NSA [National Security Agency] is 30 times
richer than its French counterpart, the technical directorate of the
DGSE.  The former employs 38,000 people, the latter 1,600.  The smaller
"Frenchelon," as the Americans and their partners call it, is no less of
a threat to privacy.  Including that of the French.  Here is why: When
they are transmitted by one of the satellites monitored by the Domme,
Kourou, or Mayotte bases, our communications with other countries or the
DOM-TOM [French Overseas Dominions and Territories] may be intercepted,
copied, and disseminated by the DGSE, without any monitoring commission
having any say in the matter.  None! A situation that is unique in the

    Every democratic country that has equipped itself with satellite
tapping services has set up safeguards -- laws and monitoring bodies --
to protect its citizens from the curiosity of the "big ears." Every one,
led by Germany and the United States.  But not France. 

    Nonetheless, our country has been spying on communications
satellites for 30 years.  The SDECE [Foreign Intelligence and
Counterintelligence Service] set up its first parabolic antenna at
Domme, at the site of a small radio interception center, in 1974.  The
antenna measured 25 centimeters in diameter and still exists.  Another
followed soon afterwards.  "At the beginning, there were only a few
satellites, the Intelsats," explains a veteran of the technical
directorate.  "We were able to 'suck up' a large portion of
international traffic." However, in 1980, as the explosion in global
telephony began, more and more satellites were put into orbit: Eutelsat,
Molniya, Inmarsat, Panamsat, Arabsat.  "We were quickly overwhelmed,"
recounts a former senior official.  "The Domme center found itself
under-equipped, ridiculous -- and we at the DGSE were a laughingstock
for our American and British colleagues."

    In 1984, the head of the secret service, Admiral Lacoste, pressed
Francois Mitterrand: "We need another interception station." France, he
claimed, had an ideal site for this type of operation: the Kourou space
center.  Ideal? It was located very near the Equator, that is, in the
best possible spot for listening in on communications satellites, nearly
all of which are geostationary.  The base would be located a few
kilometers from the Ariane launching pad, meaning that its antennas
would not attract attention.  And moreover, economic espionage was the
French secret service's new priority, and the United States its main
target.  And the satellites "covering" the United States were in orbit
precisely above Guyana. 

    To share the costs and reinforce the Franco-German alliance, Lacoste
proposed bringing the BND into the adventure.  The joint effort would be
all the easier, the admiral explained, because the two services were
already working together closely in interception stations in West Berlin
and elsewhere in the FRG.  The president gave the go-ahead in late 1984. 
The Rainbow Warrior [Greenpeace ship sunk by the DGSE in New Zealand]
scandal, which arose a few months later, delayed the operation.  The
"Fregate" base would be inaugurated secretly in 1990 by Claude
Silberzahn, the new director of the DGSE, and his German counterpart. 

    Silberzahn wanted to go even farther.  In his view, to reclaim its
place among the major players, the DGSE needed new stations.  The Gulf
War gave him new arguments.  American spies' technical exploits in Iraq
were breathtaking.  Francois Mitterrand and Prime Minister Michel Rocard
were convinced.  Silberzahn was authorized to launch a wide-ranging
ten-year investment plan.  He modernized the Domme center, bought a Cray
supercomputer, and had the first parabolic antennas installed at
Alluets-le-Roi, at a base previously reserved for the interception of
radio waves.  Finally, with the BND, he launched the site on Mayotte. 
This French territory in the Comoros archipelago is also close to the
Equator.  The tapping center would be located on Petite-Terre, a
miniscule island where the Foreign Legion already had a base.  From
Mayotte, the DGSE's technical directorate could better "cover" Africa,
the Middle East, and Asia, the up-and-coming continent.  Completing the
project would take five years.  Sordid stories of cheated-on husbands
are said to have slowed down the work. 

    Today, the Republic's "big ears" have, as we have already said, 30
antennas on three continents.  These mobile antennas can change
direction several times a day, depending on the schedule or objectives
of the service.  All countries are subject to tapping, even allies. 
Member countries of the European Union too? "Of course," says the
official.  "Thanks to these satellites, we can spy on everyone where
they live.  No crazy plots, no risk of diplomatic incidents.  This is
why we invested so much."

    Which satellites are priority targets? "The ones that can provide us
with the most political and economic information," says an expert.  The
Inmarsats, for example.  Thanks to these satellites, anyone can
telephone or send an e-mail or fax to (almost) anywhere on earth.  All
it takes is a little suitcase weighing two kilos.  At its beginnings in
1982, subscribers to this service were mainly professional sailors and
oil companies.  Then the customer base expanded to include wealthy
yachtsmen.  "What a windfall for economic espionage! You cannot imagine
the things these businessmen say 'in clear' over their boat telephones,"
a specialist explains.  "They think they are safe in the middle of the
ocean.  They talk about contracts, projects, discoveries." And that is
not all.  The Inmarsat company has signed contracts with most major
airlines and 650 business aircraft.  When a passenger makes a telephone
call in flight, it transits via one of these satellites ...  to the
satisfaction of the "big ears." Inmarsat is also used on the ground,
most often in the earth's "hot spots," where telephone equipment is
poor.  The company has a total of 200,000 subscribers: journalists,
diplomats, international civil servants, NGO officials, etc.  "No very
powerful computer is necessary to spy on this choice clientele," says an
expert.  "A maximum of 2,000 messages pass through an Inmarsat satellite
simultaneously.  This is ten to 50 times fewer than for the others."

    The others are the giants of global telephony: Intelsat, Eutelsat,
PanAmSat.  Several billion messages from every continent transit via
these satellites every day.  "It is impossible to ignore them," says an
expert, "but difficult to process them as a whole.  We have to choose
the segments of the beam that interest us." And in particular, to
identify the channels leased by the military, diplomats, or companies. 
Some companies use a new, inexpensive service known as VSAT: This
network enables them to keep all their establishments throughout the
world connected on a permanent basis.  In Domme and Kourou, the DGSE
"sucks up" traffic from Intelsat 801, which provides thousands of VSAT
links between America and Europe. 

    The big satellites also transmit the Internet.  They have become
highways -- backbones -- for the Web.  Says one specialist, "10 percent
of the traffic passes through them.  This is not much, but we can
intercept this 10 percent: The rest, which transits via optic fiber
cables, is something else." Staff at the Mayotte center are impatiently
awaiting the new Intelsat 902, which within a few months will be
furnishing "backbones" in Africa, in Asia, and part of Russia.  It will
be positioned at 62 degrees east, just above the French island in the
Indian Ocean. 

    Other types of satellites targeted: Regional satellites, which
"cover" only a portion of the planet.  Like the Arabsats for the Middle
East and North Africa.  "Ah, the Arabsats!" sighs a former "listener."
"The information they provided us in the 1980s! On Qadafi during the
Chad conflict or on Israel during the invasion of South Lebanon."

    Finally, there are the national satellites.  Some countries are too
poor and too large to set up a network of telephone cables throughout
their territory.  For internal communications, they use satellites: the
Raduga in Russia, the Mabuhay in the Philippines, or the Dong Fang Hong
in China. 

    But the increase in the number of satellite operators -- there are
more than 100 today! -- poses a problem for the DGSE.  "Each one codes
its beam and does not make the code for deciphering it public," says a
former official.  Obtaining the key requires all the secret service's
resources.  "Several methods exist, not all of them 'clean'," the expert
continues.  "You can negotiate with the operator.  You say: 'France will
give you part of its international traffic; in exchange, you give us
this confidential protocol'." Another technique: "Bribe a company
executive or promise him a medal." Yet another: "If you learn that a
foreign secret service has this software, trade it for something else."
You can also discreetly enter the operator's facility and steal the
precious diskette.  "The DGSE has a division that is very good at this
type of burglary," says the expert.  There remains the homemade
solution: Discover the code yourself.  "But that can take a long time. 
In the meantime, you miss a lot of things."

    For several months, one satellite has been a particular thorn in the
side of French secret service engineers.  It is Thuraya, launched last
October by an Abu Dhabi company that offered its subscribers total
coverage of mobile telephony in the Arab world.  Its service will be
operational in April.  Its customers: senior Syrian officials, Libyan
businessmen, Egyptian military officers.  So many targets for the DGSE. 
"There is a catch," says the expert.  "The Emirates are financing the
operation, but Hughes, the American aerospace giant, is managing the
system.  And as concerns codes for the beam, Hughes knows a whole range
of them.  We have not yet found a solution."

    With greater or lesser difficulty, dozens of beams are thus sucked
up every day by the DGSE's parabolic antennas.  What happens afterwards?
In cellars at the bases of these antennas, technicians and operators
with "defense secrecy" clearance work in air-conditioned computer rooms. 
Grouped into day and night teams, some 200 work at Domme and
Alluets-le-Roi, 40 or so at Mayotte and Kourou. 

    The technicians scurry around in front of electronic control panels. 
They control the powerful equipment (amplifiers, demodulators,
analyzers, decoders) that transforms satellite beams into faxes, e-mail,
files, or voice messages.  Their primary concern: deciphering encrypted
communications, which is becoming more and more difficult. 

    The operators, meanwhile, are seated in front of computer consoles. 
They check the automatic sorting of traffic.  Only a few thousand
intercepted messages reach secret service HQ on Boulevard Mortier in
Paris each day.  They are sent by optical fibers or protected radio
links.  The rest, the great majority, are thrown into an electronic
trashcan.  Selection is conducted on the basis of a dictionary of
addresses and key words. 

    "Addresses?" These are telephone numbers and e-mail addresses that
the DGSE monitors constantly.  Those of embassies, ministries,
international organizations, NGOs, multinational companies -- the
computer of the "big ears" holds several thousand from all over the
world.  When one of these addresses appears in the beam of a satellite
being spied on, the communication is automatically recorded and sent to
Paris.  This type of surveillance has a name in tapping jargon:

    Key words? Another method of filtering flows of data.  "A key word
can be a proper name, a nickname, a chemical formula, a slang term, or
an acronym," an expert explains.  "We enter them into a file and wait."
When one of these words appears, the computer goes into reverse and
records the communication from the beginning.  At the DGSE, this
practice is known as "standby" or "trawling."

    "For e-mails, this computer sorting is very efficient," says another
specialist.  He adds: "Given the computers' capacities, we can in this
way filter several million electronic messages a minute.  A good search
engine is all it takes.  We need simply adapt it to our needs." It seems
highly like that the DGSE uses the search tool developed by Lexiquest, a
French company. 

    When it comes to faxes, the sorting process is less efficient. 
Experts estimate the success rate at no more than 60 percent.  Why so
many failures? Because the computer does not "read" the fax directly. 
It must first be converted into bits by a character recognition program. 
If this phase is disrupted by transfer problems or illegible
handwriting, the retranscribed fax will not make sense.  It is lost to
the "big ears." Despite these difficulties, the DGSE has always been one
of the best spy services as concerns automatic processing of faxes --
hence its success in economic espionage. 

    The situation is entirely different as regards speech.  The DGSE has
not developed techniques as effective as those of the NSA or Israel's
Mossad.  One expert confides, "Contrary to popular belief, it is very
difficult to teach a computer to catch key words spoken during a
telephone conversation 'on the fly'." Explanation: "Some people speak
quickly, others slowly, some stammer, others have an accent.  Result:
The failure rate is very high." The French service is studying another
sorting method that the Americans and Israelis have already developed:
automatic transcription.  The computer transcribes the entire telephone
conversation, then a search engine finds the key words in the file that
has thus been constituted.  "Strange as it may seem, it is simpler to
proceed like this." The Defense Ministry has just asked the best French
speech processing laboratory, the Limsi in Orsay, to develop software
for this purpose. 

    After sorting comes listening.  At the DGSE, several hundred people
-- 300, 500? -- spend their days wearing headphones.  "Keeping in mind
that a good professional can process 50 to 100 conversations a day, you
do the math!" says a veteran.  The total is more than 15,000 a day or at
least 5 million a year. 

    Is the game worth the candle? This mass of information -- these
millions of intercepted conversations, e-mails, or faxes -- is it really
useful? The unanimous opinion is that "pearls," bits of secret
information worthy of being transmitted to levels as high as that of the
president of the Republic, are very rare.  "A few dozen in the space of
20 years," says the former senior official.  "And even then..." There
were the cases, already cited, of Qadafi and Israel in the 1980s. 
Later, instructions for voting in the UN Security Council were
intercepted.  Recently, recordings of senior Serbian dignitaries have
been transmitted to the Elysee [president's residence]. 

    In fact, the real "gems" have other clients: several large French
industrial groups.  For two decades, the DGSE has been working in
symbiosis with some 15 private or public firms.  Between spies and
bosses, it is a matter of give and take.  The former provide economic
and technological intelligence (the DGSE's specialized research service
employs about 50 people).  The latter furnish cover stories for agents
on missions abroad. 

    Former DGSE staffers who have been recruited by the firms involved
serve as liaisons.  At their former employer's HQ on Boulevard Mortier,
they regularly take delivery of copies of faxes, e-mails, or draft
contracts intercepted by tapping stations.  The yield is sometimes
excellent.  "We often receive thanks from bosses," says the senior
official.  In 1998, the "big ears" enabled the French industrialists
concerned to follow developments in a set of crucial negotiations on the
merger -- which fell through in the end -- of German aerospace
manufacturer Dasa and its British counterpart, British Aerospace. 

    But there are not just "pearls," far from it.  There is the rest of
the work, the everyday routine, these thousands of reports of
interceptions, "raw" reports as they are referred to at the DGSE, which
pile up in the analysis department and are not always read.  "For one
good piece of information, there is so much useless bla-bla," says a
secret service manager.  "I wonder if all this is worth it." Many would
prefer to see the DGSE invest in human intelligence services rather than
technical systems.  "With the fortunes we spend every year, we could set
up so many agents abroad.  After all, that is our real job."

    Threat to privacy? Without a doubt.  Some of the millions of
communications tapped could be yours.  The risk is even higher if you
call a region with few cable connections, like Africa, Russia, or the
DOM-TOMs.  Nothing prohibits the DGSE from intercepting your
conversations or e-mails if they are transmitted by satellite.  Worse,
this type of espionage is implicitly authorized by a 1991 law
establishing the Commission on Monitoring of Wiretaps.  Article 20 of
this law indeed stipulates that it is not within the powers of this new
commission to monitor "measures taken by the public authorities to (...)
monitor (...) transmissions via hertzian channels [Le Nouvel Observateur
editor's note: That is, via the airwaves]." In other words, the body may
monitor everything except "satellite" taps. 

    "This exception was demanded by the highest state authorities,"
confides a former advisor to then Defense Minister Pierre Joxe.  "Why?
You may remember that at that time, the DGSE was launching a
wide-ranging plan to modernize its 'big ears.' Compromising it was out
of the question." A former Elysee staffer: "We wanted to give the secret
service a free hand, not enclose it in a quota of authorized taps."

    The members of parliament could not make head nor tail of it.  They
should have been more curious.  They would have learned that many
democratic countries had already rigorously regulated the activities of
their "big ears." In Germany, eight independent experts appointed by the
parliament have monitored the BND's wiretapping activities since 1968;
they constitute the "G10" commission.  They have considerable power. 
They can interrogate all employees of the BND and view the entire tap
production process.  "The objective: to protect Germans' privacy,"
according to Professor Claus Arndt, who served on this commission from
1968 to 1999.  When, during random sorting, the name of a German citizen
or company appears, the BND must erase it, barring the express consent
of the commission.  "By the same token," says Professor Arndt, "the
secret service must submit the entire list of key words it intends to
use.  It is not allowed to include the name of a German." By next June,
a law should allow super-inspectors to visit any of the German secret
service's sites, including the Kourou station.  If France refuses to
allow this, the president of the commission could call for the BND's
withdrawal from the Guyanese base. 

 In Australia, the "big ears" are under the surveillance of an inspector
general designated by the government.  He has the power to verify that
the DSD, the espionage service, applies highly restrictive laws.  For
example, any information about an Australian collected by tapping
stations must be destroyed.  A destruction report must even be submitted
to the inspector general.  In Canada, a commissioner designated by the
parliament is responsible for this task of monitoring.  Each year, he
drafts a public report.  In the United States, the NSA's activities are
monitored by an inspector general and the US attorney general. 

    When will France follow suit? In recent months, members of
Parliament have taken an interest in "big ears" ...  belonging to the
Americans.  The Defense Commission recently issued a spiteful report
about "Echelon" and the NSA (footnote: On the subject of Echelon, see
"Global Electronic Surveillance," by Duncan Campbell, Allia Publishing). 
It is time for it also to study the practices of the DGSE and propose
ways of monitoring them.  This is an opportune time.  A revolution in
"tapping" is on the way.  The secret service is planning to invest
massively in interception of undersea cables.  Before plunging into this
adventure, could it not be subjected to a few democratic rules?

[Description of Source: Paris Le Nouvel Observateur (Internet
Version-WWW) in French -- left-of-center weekly magazine featuring
domestic and international political news]

Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225
  Fred Cohen & Associates: http://all.net - fc@all.net - tel/fax:925-454-0171
      Fred Cohen - Practitioner in Residence - The University of New Haven
   This communication is confidential to the parties it is intended to serve.
	PGP keys: https://all.net/pgpkeys.html - Have a great day!!!


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:10 PDT