Friday, 16 October 2009

UK MoD Manual of Security Volumes 1, 2 and 3 Issue 2, JSP-440, RESTRICTED, 2389 pages, 2001

Released October 3, 2009
Summary
This significant, previously unpublished document (classified "RESTRICTED", 2389 pages), is the UK military protocol for all security and counter-intelligence operations.
The document includes instructions on dealing with leaks, investigative journalists, Parliamentarians, foreign agents, terrorists & criminals, sexual entrapments in Russia and China, diplomatic pouches, allies, classified documents & codewords, compromising radio and audio emissions, computer hackers—and many other related issues.
The document, known in the services as the "JSP 440" ("Joint Services Publication 440"), was referenced by the RAF Digby investigation team as the protocol justification for the monitoring of Wikileaks, as mentioned in "UK Ministry of Defence continually monitors WikiLeaks: eight reports into classified UK leaks, 29 Sep 2009".
The full document is large (46Mb, 2389 pages). A smaller (3.6Mb) text-only version can be found here.
Example excerpts (bolding by WikiLeaks, "D Def Sy" means Directorate of Defence Security, see also UK military targets domestic opinion leaders):
"Non-traditional threats
The main threats of this type are posed by investigative journalists, pressure groups, investigation agencies, criminal elements, disaffected staff, dishonest staff and computer hackers. The types of threat from these sources can be categorized in six broad groups: a. Confidentiality. Compromise of politically sensitive information. This threat is presented by: (1) Pressure groups and investigative journalists attempting to obtain sensitive information. (2) Unauthorized disclosure of official information (leaks)..."
"Investigative journalists have exploited personal tax information; they also target commercial and financial information as do criminal elements seeking financial advantage. "
[..]
"Leaks of Official Information
Leaks usually take the form of reports in the public media which appear to involve the unauthorised disclosure of official information (whether protectively marked or not) that causes political harm or embarrassment to either the UK Government or the Department concerned. Such disclosure may have been made either orally, whether deliberately or carelessly, or following the unauthorised sight or passage of a document. Information that is formally reported as lost to a security authority, and subsequently appears in the public media, should not be treated as a leak but judged to be a compromise of lost information and treated as a loss. First news of a leak may come direct from a journalist attempting either to verify the information obtained or wishing the Department or agency to know what access to official information has been gained. In the rare cases where this occurs prior to publication, it may be possible to seek an injunction to prevent publication. Leaks of official information are to be reported to the appropriate PSyA or Command security staff in the first instance. Where the leak is judged to be serious, the PSyA or Command security staff are to bring it to the attention of D Def Sy as soon as practicable, and within 24 hours if possible. The consequences of leaks of official information are considered serious when they undermine government policy or cause embarrassment to the government. Examples are: a. The premature leaking of information on Defence Estimates or other financial details. b. The leaking of MOD correspondence on issues that are controversial at the time.
c. The leaking of details of overseas defence equipment negotiations prior to formal agreements being signed. 0258. The following factors need to be taken into account by the relevant PSyA or Command security staff in preparing to report the incident as a leak to D Def Sy: a. The medium/media and journalists (if known) concerned.
b. The intrinsic importance of information leaked. (If there is any doubt as to whether or not the information is important, D Def Sy should be consulted for advice). c. d. e. How widely the information was circulated and in what form. Can a specific document be identified for the contents of the leak. The identity, if immediately apparent, of the source of the leak.
f. Whether or not the Official Secrets Acts are believed to have been breached, if immediately apparent. 0259. In general there is likely to be advantage in pursuing a leak investigation in those cases where..."
[..]
"The threat to operations against these targets is less likely to arise from positive acts of counter-espionage, than from leakage of information through disaffected members of staff, or as a result of the at tentions of an investigative journalist, or simply by accident or carelessness. 1706. In this wider definition of Threat, the "enemy" is unwelcome publicity of any kind, and through any medium. The most effective safeguard is to reinforce those aspects of security that minimise the risk of leakage of sensitive intelligence operations or product into the public domain - whether by accidental exposure or deliberate intent. The STRAP System aims to achieve this."
[..]
"The security measures in this chapter are aimed primarily to cover contacts made in CSSRAs and have been drawn up to protect the individual from action by FISs, extremist groups, investigative journalists and criminals."
[..]
"An Annual Threat Assessment (ATA) is issued to all Government Departments giving generic statements as to the main sources of Threat. This will include personnel who may be from or influenced by Foreign Intelligence Services (FIS), authorized users who, for whatever motive, may seek to gain access to official information they have no 'need to know', subversive or terrorist organizations, and investigative journalists."
[..]
"The threat from subversive or terrorist organisations, investigative journalists and others must also be considered."
"Experience has shown that at least half the attempts to hack into systems arise from this group and that external hackers use "social engineering" techniques to trick authorised users into revealing information which may aid an external penetration. 7. The Media. Investigative journalists are increasingly interested in State IT systems, particularly those operated by the police and the Security and Intelligence agencies. There has been evidence of premeditated attempts to acquire protectively marked information from IT systems. 8. Members of the Public. The fact that inform ation held electronically may be open to novel forms of surreptitious attack provides a special attraction to certain individuals, commonly known as 'hackers'. Whilst the efforts of hackers are unlikely to be directed specifically against protectively marked information, there is added kudos in breaking into Defence systems, so much information might be discovered fortuitously. "
"..The threat from subversive and terrorist organizations, criminal activity, investigative journalists, and members of the public cannot be discounted..."
"..Malicious software can originate from many sources such as disaffected staff, foreign intelligence services, investigative journalists or terrorists..."
[..]
"..The main elements of the Audio security threat are: a. The threat from deliberate attempts to overhear conversations posed by FIS (especially at locations overseas), sophisticated terrorist and subversive organisations and in particular from criminals, investigative journalists, private investigators and some members of the public..."
[..]
"..Identify possible threats to your site, such as from: Foreign Intelligence Services. Terrorist groups. Disaffected staff. Criminals. Investigative journalists."
[..]
"The protective marking of the definitions of the BIKINI Alert States is RESTRICTED but the codewords BIKINI WHITE, BIKINI BLACK, BIKINI BLACK SPECIAL, BIKINI AMBER and BIKINI RED are not protectively marked. These codewords may be passed by telephone provided that they are not qualified in any way. Notices displaying the current Alert States are to be sited so as to minimize the likelihood of the general public seeing them. These codewords and their meanings are understood by the civil police. The codewords and their definitions are not to be communicated to the media or any other unauthorized person."
[..]
"Chinese Intelligence Aims
3. Chinese intelligence activity is widespread and has a voracious appetite for all kinds of information; political, military,commercial, scientific and technical. It is on this area that the Chinese place their highest priority and where we assess that the greatest risk lies. 4. The Chinese have realised that it is not productive to simply steal technology and then try to `reverse engineer it'. Through intelligence activity they now attempt to acquire an in-depth understanding of production te chniques and methodologies. There is an obvious economic risk to the UK. Our hard earned processes at very little cost and then reproduce them with cheap labour. 5. It is also, potentially, more serious than the above. In certain key military areas China is at least a generation behind the West. The Chinese may be able to acquire illegally the technology that will enable them to catch up. The real danger is that they will then produce advanced weapons systems which they will sell to unstable regimes. They have a track record of doing so. The consequences for the world's trouble spots and any UK involvement there could be disastrous.
Characteristics of Chinese Intelligence Activity
6. Chinese intelligence activity is very different to the portrayal of `Moscow Rules' in the novels of John Le Carre. The Chinese make no distinction between `information' and `intelligence'. Their appetite for information, particularly in the scientific and technical field, is vast and indiscriminate. They do not `run agents' they `make friends'. Although there are Chinese `intelligence officers', both civilian and military, these fade into insignificance behind the mass of ordinary students, businessmen and locally employed staff who are working (at least part-time) on the orders of various parts of the S tate intelligence gathering apparatus.
Cultivation
7. The process of being cultivated as a `friend of China' (ie. an `agent') is subtle and long-term. The Chinese are adept at exploiting a visitor's interest in, and appreciation of, Chinese history and culture. They are expert flatterers and are well aware of the `softening' effect of food and alcohol. Under cover of consultation or lecturing, a visitor may be given favours, advantageous economic conditions or commercial opportunities. In return they will be expected to give information or access to material. Or, at the very least, to speak out on China's behalf (becoming an `agent of influence').
Locally Engaged Staff
8. Most companies operating in China are obliged to employ a number of locally engaged staff supplied by organisations such as the `Provincial Friendship Labour Services Corporation'. It is probable that the Chinese civilian intelligence service will have briefed such staff to copy all papers to which they are able to gain access. Many Chinese students and some businessmen also work to a brief from the Chinese intelligence services.
Technical Attacks
9. The Chinese intelligence services are known to employ telephone and electronic `bugs' in hotels and restaurants. They have also been known to search hotel rooms and to use surveillance techniques against visitors of particular interest.
Compromise
10. The Chinese intelligence services have been known to use blackmail to persuade visitors to work for them. Sexual involvement should be avoided, as should any activity which can possible be construed as illegal. This would include dealing in black market currency or Chinese antiques and artefacts, straying into `forbidden' areas or injudicious use of a camera or video recorder."
[..]
"TRAVEL BRIEF FOR VISITS TO RUSSIA AND THE FORMER SOVIET REPUBLICS
About this brief
1. The purpose of this brief is to provide security advice for travellers to Russia and the rest of the former Soviet Union (FSU). It describes both the risks involved in travelling to Russia and the other former Soviet Republics, and the action to be taken should trouble arise. The information in the brief is based on the actual experiences of recent travellers to the FSU.
Why should I read this brief?
2. As a visitor to Russia and the FSU you may attract the attention of the local security and intelligence services. Although most travellers experience little or no trouble, it would be unwise for you to assume you are immune to this attention. As you will see from the examples given in this brief, all visitors to Russia and the FSU are potentially of interest to foreign intelligence services, irrespective of the purpose of the visit.
What are the RFIS after?
3. In view of the poor state of the Russian economy, the Russian Federation Intelligence Services (RFIS) place a high priority on information to bolster their economy, scientific and technical information, and on information to help advance their pol itical influence. This extends to the theft of patents and to seeking detailed information on Western scientific developments. They also have an interest in political reporting, alongside their more traditional targets such as Western Defence and Security, eg NATO. The SVR (foreign intelligence service) and the GRU (military intelligence) try to recruit British subjects to work for them in the United Kingdom and elsewhere, often initially in minor support roles. They are always on the watch for any British subject who may be induced, either wittingly or unwittingly, to cooperate. They do not necessarily concentrate on those who already have access to information of value to them.
The approach to Overseas Visitors
4. From the moment a visitor enters the country, he or she may be reported on by a wide variety of people, including officials, business contacts, tourist guides, hotel employees and apparent casual contacts. People who speak the visitor's own language may be introduced in such a way as to make him think that it was the visitor who took the initiative, or that their meeting was entirely fortuitous. We know it sounds like a spy movie, but as well as having wide networks of agents and informers, the FSB (Russian security service) makes extensive use of sophisticated technical devices. In the main hotels all telephones c an be tapped and in some rooms visual or photographic surveillance can be carried out, if necessary using infrared cameras to take photographs in the dark. If is perfectly possible for the FSB to ensure that the visitor is placed in such a room. There is also a wide range of technical devices, which can be used outside and even in places such as restaurants and cars. These technical devices pick up indiscreet talk which could be of use to the FSB.
Methods of Compromise
5. Careful behaviour should be sufficient to avoid difficulties with the FSB, but visitors should bear in mind that they can get into trouble in many ways. Unofficial financial transactions, such as obtaining local currency at favourable rates or sel ling personal possessions to acquaintances, are all in contravention of local laws. A Russian friend or acquaintance may ask a visitor to deliver a letter or a present to some relative living in the West, but this is again in breach of local regulations. Taking works of art out of Russia is a serious offence, while drink-driving regulations are rigorous. There are strict r ules about taking photographs in Russia and it is advisable to find out in advance where cameras may be used. 6. Irregularity in personal behaviour may also lead to trouble. The FSB may attempt to capitalise on sexual liaisons between visitors and lo cal nationals. In addition, the FSB may attempt to compromise and subsequently blackmail through knowledge of marital infidelity or sexual activity the target may wish to hide.
Risk of Arrest
7. A visitor who commits any offence against local laws runs the risk of being arrested and threatened with the withdrawal of business facilities, imprisonment or exposure unless he or she agrees to work for the FSB. Attempts may be made to induce the victim to sign a confession or to agree to cooperate. Alternatively, the evidence may be stored away for use at a later date, perhaps when their circumstances have changed (for example, after the visitor has married, or entered a different field of employment).
8. Visitors may face any of these hazards whenever they visit Russia but the FSB is especially active during Trade Fairs. At these times particular care should be taken.
SVR and GRU Approaches Worldwide
9. As a general point, it should be borne in mind that both the SVR and GRU are known to have approached British nationals, in particular businessmen, in many parts of the world. The threat is especially high in some Third World countries where the R FIS believe they have little to fear from the local security services. People who have been regular visitors to Russia are more likely to come to notice since the FSB will hold some record of their personal details, which can be passed onto the SVR a nd the GRU. An indiscretion or irregularity committed in Russia, even if apparently unnoticed at the time, may be exploited by RFIS officers elsewhere. In addition, RFIS officers may make approaches using the cover of another nationality, for example Eastern European or Scandinavian, to disguise their true allegiance.
Advice about visits to Other Former Soviet Republics
10. Visitors to the other former Soviet Republics should heed the advice given to visitors to Russia. Although these republics now have their own independent security services, many of them continue to cooperate closely with the RFIS. The RFIS are so comfortable operating in some former Soviet Republics that they regard them as virtually home territory. The advice about co mpromising offences and risk of arrest also applies. It should be noted that many of these republics are not used to Western visitors and may pay particular attention to them."
[..]

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News