How Hezbollah tracked down a CIA spy ring

A nice run down into how Hezbollah rolled up a CIA spy ring in Lebanon in late 2011.

The adversary, Hezbollah, used access to the telephone company logs they have those, and searched for atypical mobile phone usage patterns:

  1. phones that only receive a few calls / messages over long periods of time
  2. mobile phones that are never mobile
  3. weird / unusual messages PIZZA!!

That is, they were looking for phones that were kept at home, turned on occasionally, and only received calls/sms infrequently. The exact usage pattern one would expect for a mobile that is used exclusively for a handler to contact an agent.

This data gave Hezbollah a general location down to the apartment complex of where the agents were located. Next, the adversary correlated the location data with the home addresses of members who had access to secret information. They conducted surveillance on those members and discovered they were using a Pizza Hut to meet with their handlers.

via anonymity is hard – Hacker OPSEC.

Leave a Reply

Please do not spam. Everything is moderated and I have no patience for the slightest bits of spam. You will get Askimet blacklisted. No links that are trying to sell things allowed. Blogspam countries are IP banned.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>