![Sample our Politics & International Relations journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5947/TOC-Subject-Sample-2021-Politics-International-Relations.jpg"})
ABSTRACT
‘Illegals’ are extensively trained individuals dispatched abroad under false identities with no observable links to their operating country. Technology has made possible a new kind of ‘virtual illegal,’ one that extends beyond the operating country’s borders without putting a human at risk. When this is done in a targeted manner by a sophisticated attacker it is called an Advanced Persistent Threat (APT). This article draws from historical illegals cases to identify parallels in the preparation, insertion, and control of malware by APTs. Ultimately, the methods for countering the two parallel phenomena can also be similar, despite their physical differences.
Disclosure statement
No potential conflict of interest was reported by the authors.
Notes
1. Mitrokhin, KGB Lexicon, 74.
2. FBI, “Ghost Stories.”
3. Schmid and Stark, “Spies Strain German-Russian Ties.”
4. Targeted organizations cover the complete spectrum, to include military and government organizations, as well and commercial entities. Nation-states use APTs to gather military, political, and economic data for national security purposes, and cybercriminals seek financial gain. This paper focuses on the use of APTs by nation-states.
5. National Institutes of Standards and Technology, Managing Information Security Risk, B-1.
6. Moran, “Understanding Advanced Persistent Threats,” 21.
7. Ware, Security Controls for Computer Systems, xi.
8. Ibid, v.
9. Ibid, 4.
10. Anderson, Computer Security, 2.
11. Ibid, 13.
12. Ibid.
13. Ibid, 91–92.
14. Ibid, 4.
15. Prior to this time, most hacking activity was criminal in nature and often involved efforts to make long-distance phone calls without paying.
16. This was effectively a proto-APT, which consisted of a targeted attack that persisted over the course of multiple months.
17. Stoll, “Stalking the Wily Hacker,” 484.
18. Ibid.
19. Stoll, The Cuckoo’s Egg, 299.
20. National Archives of Australia. Australian Security Intelligence Service, Extract from ASIO source reports, serials 148, 150, and 215; Extract from ASIO source reports, serials 100, 118.
21. National Archives of Australia, Statement by Petrova, 218.
22. National Archives of Australia. Australian Security Intelligence Service memo, 7 May 1954, 71.
23. National Archives of Sweden, Swedish State Police debriefing report, 16 August 1954.
24. Kuzichkin, Inside the KGB, 85.
25. U.S. Congress. House. Committee on Un-American Activities, The Shameful Years, 25–26.
26. Symantec Corporation, Advanced Persistent Threats.
27. Hudson, Advanced Persistent Threats, 3.
28. Central Intelligence Agency, “Biography of Yevgeniy Yevgen’yevich Runge,” 28.
29. Federal Bureau of Investigation, Milwaukee Airtel, 12 March 1959.
30. Command Five Pty Ltd., Advanced Persistent Threats: A Decade in Review.
31. Andrew and Mitrokhin, The Sword and the Shield, 191.
32. See note 29 above.
33. Andrew and Mitrokin, The Sword and the Shield, 191–192, 197–198.
34. “Abel, Red Spy, Dies; Freed in 1962 Swap.”
35. U.S. Department of Justice, USA v. Su Bin.
36. Mandiant, APT1, 2.
37. Ibid, 5.
38. Symantec, Advanced Persistent Threats.
39. Federal Bureau of Investigation, Milwaukee Airtel, 11 March 1959.
40. Mahar, Shattered Illusions, 28–30.
41. Hudson, Advanced Persistent Threats, 4.
42. Infosec Institute, Advanced Persistent Threats.
43. “A Covey of Spies is Flushed in Germany,” 65, 66, 68.
44. Andrew and Mitrokhin, The Sword and the Shield, 167.
45. Andrew and Mitrokhin, The Sword and the Shield, 146–148.
46. See note 41 above.
47. Segal, Tracking State-Sponsored Cyber Operations.
48. FBI, “Hollow Nickel/Rudolph Abel.”
49.. U.S. Department of Justice, USA v. Anna Chapman, Mikhail Semenko.
50.. U.S. Department of Justice. USA vs. Defendant #4, a/k/a/ “Donald Howard Heathfield.”
51. See note 38 above.
52. Khokhlov, “I Would Not Murder for the Soviets,” 126; U.S. National Archives and Records Administration, U.S. Army G-2 memo and attached Kukowitsch debriefing report.
53. Andrew and Mitrokhin, The Sword and the Shield, 87, 357.
54. U.S. National Archives and Records Administration, Headquarters, Sub-Region Kassel, Counterintelligence Corps Region III memo.
55. Crotts, The New Moon, 56 fn30.
56. Schneier, “The Story Behind the Stuxnet Virus.”
57. “Ukraine’s Power Outage Was a Cyber Attack: Ukrenergo.”
58. Olshanskiy, Notes of a Razvedupr Agent; Hellman, “Author Alexander Sipelgas.”
59. Agabekov, OGPU: The Russian Secret Terror; Agabekov, The ChK at Work; UK National Archives, Files KV 2/2398–2399.
60. Poretsky, Our Own People; Hede Massing, This Deception; Hede Massing’s compilation of the French and Swiss investigations, item number 160; Krivitsky, I Was Stalin’s Agent; UK National Archives, File KV 2/1898.
61. Granovsky, I Was an NKVD Agent; National Archives of Sweden, SUK Hemliga Arkivet, F4, Volume 7.
62. See note 54 above.
63. Khokhlov, “I Would Not Murder for the Soviets”; Khokhlov. In the Name of Conscience; U.S. National Archives and Records Administration, U.S. Army G-2 memo and attached Kukowitsch debriefing report; U.S. Congress. House. Special Committee on Un-American Activities, Investigation of Communist Activities.
64. Mahar, Shattered Illusions.
65. Carr, Loginov Spy in the Sun.
66. “A Covey of Spies is Flushed in Germany”; Central Intelligence Agency, “Biography of Yevgeniy Yevgen’yevich Runge”; U.S. Congress. Senate. Committee on the Judiciary, Testimony of Colonel Yevgeny Runge.
67. Sigl, In the Claws of the KGB.
68. Feifer, “Spy Defection Roils Russian Intelligence Service”; Parfitt, “Russian Double Agent Sentenced.”
69. Mandiant, M-Trends 2018, 3.
70. Ibid, 11–17.
71. U.S. Department of Justice, “Justice Department Announces Actions.”
72. FireEye, Threat Research Blog.
73. Corera, Cyberspies, 157.
Additional information
Notes on contributors
Kevin Riehle
Kevin Riehle is an assistant professor at the National Intelligence University. He spent over 25 years in the U.S. government as a counterintelligence analyst studying on the activities of foreign intelligence services. He is completing a PhD thesis at King’s College London on the topic of Soviet intelligence officer defectors, and has written on a variety of intelligence and counterintelligence topics.
Michael May
Michael May is a professor at the National Intelligence University, where he teaches various counterintelligence courses. He spent more than two decades working counterintelligence, counterterrorism, and cyber for the U.S. government. He has an M.A and Ph.D. in Political Science from the Maxwell School at Syracuse University.