Sunday, January 23, 2011

Icelandic Espionage, perhaps

There's something not quite right in my mind about the recent computer bugging reports from the Icelandic parliament, Althingi. See, for example, the report in Iceland Review Online. As reported, a computer was found attached to the parliamentary LAN in an empty room next to the offices of two minor parliamentary parties, The Movement and the Independence Party. This was back in February 2010. Some key "facts" that have been revealed include
  • “All identifiers had been wiped off the computer, all numbers and such, so it couldn’t be traced back to the owner. It was a very suspicious computer but we just couldn’t figure it out and neither could the police,”
  • "When the computer was disconnected a program automatically started which deleted all data on the hard drive."
  • There has been speculation that Wikileaks may have been behind it (denied by Birgitta Jónsdóttir)
Personally I doubt the Wikilinks speculation. Their style isn't to plant bugs, but to accept data leaked by others, nor was it likely to be a serious attempt to bug Wikileaks collaborators. According to this time-line Wikileaks wasn't to publish the Apache Helicopter video for another two months. At this time very few outside Iceland knew much about the link between Wikileaks and Birgitta Jónsdóttir. Sure the CIA, FSB, MSS, and so on would have had a pretty good idea what was going on, but I can't believe they would employ such a crude bugging attempt ... unless they wanted to send a message.

Next question, if a program started which deleted all data on the hard drive (presumably including system logs) how do they know there was ever anything there to delete? Did it give a nice little "Deleting files" progress bar?

I also find the whole business of the computer wiping its disk when it was found suspicious in the extreme. Any computer forensics worth its salt wouldn't give the rogue computer time to change anything on its disk. I would have thought any parliamentary IT service would have standing instructions to immediately take steps to prevent the computer taking any further activities, naively cut the power ... but I'm not an expert. Perhaps the IT "experts" are genuinely clueless, perhaps they were in on it.

So, who are the culprits? Perhaps an insider in The Movement or Independence party, wanting to monitor their own party, perhaps someone in one of the other minor parliamentary parties, perhaps the whole computer was a dummy designed to send a message and if so, why weren't the affected parties informed for ten months?

This whole thing raises far more questions than have been answered.

Edited to fix some badly worded text regarding knowledge of Birgitta Jónsdóttir - 24/1/2011 07:39 NZT

No comments: