When we’re in public, particularly in a noisy environment, we don’t expect that our conversations can be overheard. But voices carry. And it’s not hard to spy on someone who isn’t careful about what they say and where they say it. The art of eavesdropping isn’t hard. If someone wanted to listen in, and practiced a few easy-to-learn tricks of human intelligence “tradecraft,” they could.
You may not be having a classified discussion, but over the course of a long conversation with a colleague in a public space such as a restaurant you’d be surprised the tidbits of useful information that can be gleaned by an eavesdropper.
Without elaboration of names, dates or places, here’s an example of a real conversation that was overheard a few years ago and what information was obtained simply by listening carefully.
Person 1
- He’s into Pokemon
- Lives in the area
- Has Wednesdays off
- His company’s work week starts on Thursdays
- Has a deep and broad knowledge of cyber security and White Hat Hacking
- Familiar with the DC metro area, particularly Falls Church and McLean Virginia
- Is familiar with specific attack signatures on certain unspecified government networks
Person 2
- He has recently met Person 1 in the area and the relationship is professional
- He is a student at the local university and is studying computer security
- His live-in girlfriend is a waitress at Chili’s and they’re having relationship problems
- He is seeking career advice from Person 1
What could a foreign intelligence service do with this information? If they are targeting a local company involved in government cybersecurity the answer is a lot; particularly if they are in the preoperational phase of their espionage mission. When used with other information they may already know they can assess Person 1 and 2 to determine what they might know and assess their vulnerabilities to recruitment or blackmail. They even have an innocuous icebreaker subject if they attempt to recruit Person 1: his interest in Pokemon. Person 2 in particular has added one more person they could target: his live-in girlfriend. Or they could simply be passively collecting information that might help them fill in the gaps in their knowledge about sensitive programs and technologies.
When it comes to discussions, there is one very important rule about eavesdropping: the longer you talk the more they know. And you don’t have to be involved in classified work to be targeted or for the information you reveal about work at the lab to be useful.
The bottom line is you don’t need to be paranoid and think there is a spy behind every stop sign. But you do need to practice good operations security, also known as OPSEC. Be aware of your surroundings. Be cognizant of what you are saying, how long you’re talking about a potentially sensitive subject and who might be listening.
We have seen an example of how to protect information in a conversation. But operations security is more than just about making it harder for someone to glean information from eavesdropping. It is a mindset and philosophy on how to operate in a security conscious way across a wide range of organizational functions and activities.
You can learn more about OPSEC on Argonne Today.
You can find more information on Argonne’s Counterintelligence Office on Inside Argonne.