[WIKILEAKS] investigative journalists, pressure groups top new threats to national security

[Wikileaks Press Office]

WIKILEAKS NOTABLE DOCUMENT RELEASE
Mon Oct  5 00:31:35 GMT 2009

"2389 classified pages on how the UK stop leaks"

http://tinyurl.com/wlmod

This significant, previously unpublished document (classified "RESTRICTED",
2389 pages), is the UK military protocol for security operations, including
counter-intelligence.

The document includes instructions on dealing with leaks, investigative
journalists, Parliamentarians, foreign agents, terrorists & criminals, sexual
entrapments in Russia and China, diplomatic pouches, allies, classified
documents & codewords, compromising radio and audio emissions, computer
hackers.and many other related issues.

The document, known in the services as the "JSP 440" ("Joint Services Protocol
440"), was referenced by the RAF Digby investigation team as the protocol
justification for the monitoring Wikileaks, as mentioned in "UK Ministry of
Defence continually monitors WikiLeaks: eight reports into classified UK
leaks, 29 Sep 2009".

Example excerpts (bolding by WikiLeaks, [see http://bit.ly/CgxBY], "D Def Sy"
means Directorate of Defence Security):

"Non-traditional threats

The main threats of this type are posed by investigative journalists, pressure
groups, investigation agencies, criminal eleme nts, disaffected staff,
dishonest staff and computer hackers. The types of threat from these sources
can be categorized in six broad groups: a. Confidentiality. Compromise of
politically sensitive information. This threat is presented by: (1) Pressure
groups and investigative journalists attempting to obtain sensitive
information. (2) Unauthorized disclosure of official in formation (leaks)..."

"Investigative journalists have exploited personal tax information; they also
target commercial and financial information as do criminal elements seeking
financial advantage. "

[..]

"Leaks of Official Information

Leaks usually take the form of reports in the public media which appear to
involve the unauthorised disclosure of official information (whether
protectively marked or not) that causes political harm or embarrassment to
either the UK Government or the Department concerned. Such disclosure may have
been made either orally, whether deliberately or carelessly, or followi ng the
unauthorised sight or passage of a document. Information that is formally
reported as lost to a security authority, and subsequently appears in the
public media, should not be treated as a leak but judged to be a compromise of
lost information and treated as a loss. First news of a leak may come direct
from a journalist attempting either to verify the information obtained or
wishing the Department or agency to know what access to official information
has been gained. In the rare cases where this occurs prior to publication, it
may be possible to seek an injunction to prevent publication. Leaks of
official information are to be reported to the appropriate PSyA or Command
security staff in the first instance. Where the leak is judged to be serious,
the PSyA or Command security staff are to bring it to the attention of D Def
Sy as soon as practicable, and within 24 hours if possible. The consequences
of leaks of official information are considered serious when they undermine
government policy or cause embarrassment to the government. Examples are: a.
The premature leaking of information on Defence Estimates or other financial
details. b. The leaking of MOD correspondence on issues that are controversial
at the time.

c. The leaking of details of overseas defence equipment negotiations prior to
formal agreements being signed. 0258. The following factors need to be taken
into account by the relevant PSyA or Command security staff in preparing to
report the incident as a leak to D Def Sy: a. The medium/media and journalists
(if known) concerned.

b. The intrinsic importance of information leaked. (If there is any doubt as
to whether or not the information is important, D Def Sy should be consulted
for advice). c. d. e. How widely the information was circulated and in what
form. Can a specific document be identified for the contents of the leak. The
identity, if immediately apparent, of the source of the leak.

f. Whether or not the Official Secrets Acts are believed to have been
breached, if immediately apparent. 0259. In general there is likely to be
advantage in pursuing a leak investigation in those cases where..."

[..]

"The threat to operations against these targets is less likely to arise from
positive acts of counter-espionage, than from leakage of information through
disaffected members of staff, or as a result of the at tentions of an
investigative journalist, or simply by accident or carelessness. 1706. In this
wider definition of Threat, the "enemy" is unwelcome publicity of any kind,
and through any medium. The most effective safeguard is to reinforce those
aspects of security that minimise the risk of leakage of sensitive
intelligence operations or product into the public domain - whether by
accidental exposure or deliberate intent. The STRAP System aims to achieve
this."

[..]

"The security measures in this chapter are aimed primarily to cover contacts
made in CSSRAs and have been drawn up to protect the individual from action by
FISs, extremist groups, investigative journalists and criminals."

[..]

"An Annual Threat Assessment (ATA) is issued to all Government Departments
giving generic statements as to the main sources of Threat. This will include
personnel who may be from or influenced by Foreign Intelligence Services
(FIS), authorized users who, for whatever motive, may seek to gain access to
official information they have no 'need to know', subversive or terrorist
organizations, and investigative journalists."

[..]

"The threat from subversive or terrorist organisations, investigative
journalists and others must also be considered."

"Experience has shown that at least half the attempts to hack into systems
arise from this group and that external hackers use "social engineering"
techniques to trick authorised users into revealing information which may aid
an external penetration. 7. The Media. Investigative journalists are
increasingly interested in State IT systems, particularly those operated by
the police and the Security and Intelligence agencies. There has been evidence
of premeditated attempts to acquire protectively marked information from IT
systems. 8. Members of the Public. The fact that inform ation held
electronically may be open to novel forms of surreptitious attack provides a
special attraction to certain individuals, commonly known as 'hackers'. Whilst
the efforts of hackers are unlikely to be directed specifically against
protectively marked information, there is added kudos in breaking into Defence
systems, so much information might be discovered fortuitously. "

"..The threat from subversive and terrorist organizations, criminal activity,
investigative journalists, and members of the public cannot be discounted..."

"..Malicious software can originate from many sources such as disaffected
staff, foreign intelligence services, investigative journalists or
terrorists..."

[..]

"..The main elements of the Audio security threat are: a. The threat from
deliberate attempts to overhear conversations posed by FIS (especially at
locations overseas), sophisticated terrorist and subversive organisations and
in particular from criminals, investigative journalists, private investigators
and some members of the public..."

[..]

"..Identify possible threats to your site, such as from: Foreign Intelligence
Services. Terrorist groups. Disaffected staff. Criminals. Investigative
journalists."

[..]

"The protective marking of the definitions of the BIKINI Alert States is
RESTRICTED but the codewords BIKINI WHITE, BIKINI BLACK, BIKINI BLACK SPECIAL,
BIKINI AMBER and BIKINI RED are not protectively marked. These codewords may
be passed by telephone provided that they are not qualified in any way.
Notices displaying the current Alert States are to be sited so as to minimize
the likelihood of the general public seeing them. These codewords and their
meanings are understood by the civil police. The codewords and their
definitions are not to be communicated to the media or any other unauthorized
person."

[..]

"Chinese Intelligence Aims

3. Chinese intelligence activity is widespread and has a voracious appetite
for all kinds of information; political, military,commercial, scientific and
technical. It is on this area that the Chinese place their highest priority
and where we assess that the greatest risk lies. 4. The Chinese have realised
that it is not productive to simply steal technology and then try to `reverse
engineer it'. Through intelligence activity they now attempt to acquire an
in-depth understanding of production te chniques and methodologies. There is
an obvious economic risk to the UK. Our hard earned processes at very little
cost and then reproduce them with cheap labour. 5. It is also, potentially,
more serious than the above. In certain key military areas China is at least a
generation behind the West. The Chinese may be able to acquire illegally the
technology that will enable them to catch up. The real danger is that they
will then produce advanced weapons systems which they will sell to unstable
regimes. They have a track record of doing so. The consequences for the
world's trouble spots and any UK involvement there could be disastrous.

Characteristics of Chinese Intelligence Activity

6. Chinese intelligence activity is very different to the portrayal of `Moscow
Rules' in the novels of John Le Carre. The Chinese make no distinction between
`information' and `intelligence'. Their appetite for information, particularly
in the scientific and technical field, is vast and indiscriminate. They do not
`run agents' <AD> they `make friends'. Although there are Chinese
`intelligence officers', both civilian and military, these fade into
insignificance behind the mass of ordinary students, businessmen and locally
employed staff who are working (at least part-time) on the orders of various
parts of the S tate intelligence gathering apparatus.

Cultivation

7. The process of being cultivated as a `friend of China' (ie. an `agent') is
subtle and long-term. The Chinese are adept at exploiting a visitor's interest
in, and appreciation of, Chinese history and culture. They are expert
flatterers and are well aware of the `softening' effect of food and alcohol.
Under cover of consultation or lecturing, a visitor may be given favours,
advantageous economic conditions or commercial opportunities. In return they
will be expected to give information or access to material. Or, at the very
least, to speak out on China's behalf (becoming an `agent of influence').

Locally Engaged Staff

8. Most companies operating in China are obliged to employ a number of locally
engaged staff supplied by organisations such as the `Provincial Friendship
Labour Services Corporation'. It is probable that the Chinese civilian
intelligence service will have briefed such staff to copy all papers to which
they are able to gain access. Many Chinese students and some businessmen also
work to a brief from the Chinese intelligence services.

Technical Attacks

9. The Chinese intelligence services are known to employ telephone and
electronic `bugs' in hotels and restaurants. They have also been known to
search hotel rooms and to use surveillance techniques against visitors of
particular interest.

Compromise

10. The Chinese intelligence services have been known to use blackmail to
persuade visitors to work for them. Sexual involvement should be avoided, as
should any activity which can possible be construed as illegal. This would
include dealing in black market currency or Chinese antiques and artefacts,
straying into `forbidden' areas or injudicious use of a camera or video
recorder."

[..]

"TRAVEL BRIEF FOR VISITS TO RUSSIA AND THE FORMER SOVIET REPUBLICS

About this brief

1. The purpose of this brief is to provide security advice for travellers to
Russia and the rest of the former Soviet Union (FSU). It describes both the
risks involved in travelling to Russia and the other former Soviet Republics,
and the action to be taken should trouble arise. The information in the brief
is based on the actual experiences of recent travellers to the FSU.

Why should I read this brief?

2. As a visitor to Russia and the FSU you may attract the attention of the
local security and intelligence services. Although most travellers experience
little or no trouble, it would be unwise for you to assume you are immune to
this attention. As you will see from the examples given in this brief, all
visitors to Russia and the FSU are potentially of interest to foreign
intelligence services, irrespective of the purpose of the visit.

What are the RFIS after?

3. In view of the poor state of the Russian economy, the Russian Federation
Intelligence Services (RFIS) place a high priority on information to bolster
their economy, scientific and technical information, and on information to
help advance their pol itical influence. This extends to the theft of patents
and to seeking detailed information on Western scientific developments. They
also have an interest in political reporting, alongside their more traditional
targets such as Western Defence and Security, eg NATO. The SVR (foreign
intelligence service) and the GRU (military intelligence) try to recruit
British subjects to work for them in the United Kingdom and elsewhere, often
initially in minor support roles. They are always on the watch for any British
subject who may be induced, either wittingly or unwittingly, to cooperate.
They do not necessarily concentrate on those who already have access to
information of value to them.

The approach to Overseas Visitors

4. From the moment a visitor enters the country, he or she may be reported on
by a wide variety of people, including officials, business contacts, tourist
guides, hotel employees and apparent casual contacts. People who speak the
visitor's own language may be introduced in such a way as to make him think
that it was the visitor who took the initiative, or that their meeting was
entirely fortuitous. We know it sounds like a spy movie, but as well as having
wide networks of agents and informers, the FSB (Russian security service)
makes extensive use of sophisticated technical devices. In the main hotels all
telephones c an be tapped and in some rooms visual or photographic
surveillance can be carried out, if necessary using infrared cameras to take
photographs in the dark. If is perfectly possible for the FSB to ensure that
the visitor is placed in such a room. There is also a wide range of technical
devices, which can be used outside and even in places such as restaurants and
cars. These technical devices pick up indiscreet talk which could be of use to
the FSB.

Methods of Compromise

5. Careful behaviour should be sufficient to avoid difficulties with the FSB,
but visitors should bear in mind that they can get into trouble in many ways.
Unofficial financial transactions, such as obtaining local currency at
favourable rates or sel ling personal possessions to acquaintances, are all in
contravention of local laws. A Russian friend or acquaintance may ask a
visitor to deliver a letter or a present to some relative living in the West,
but this is again in breach of local regulations. Taking works of art out of
Russia is a serious offence, while drink-driving regulations are rigorous.
There are strict r ules about taking photographs in Russia and it is advisable
to find out in advance where cameras may be used. 6. Irregularity in personal
behaviour may also lead to trouble. The FSB may attempt to capitalise on
sexual liaisons between visitors and lo cal nationals. In addition, the FSB
may attempt to compromise and subsequently blackmail through knowledge of
marital infidelity or sexual activity the target may wish to hide.

Risk of Arrest

7. A visitor who commits any offence against local laws runs the risk of being
arrested and threatened with the withdrawal of business facilities,
imprisonment or exposure unless he or she agrees to work for the FSB. Attempts
may be made to induce the victim to sign a confession or to agree to
cooperate. Alternatively, the evidence may be stored away for use at a later
date, perhaps when their circumstances have changed (for example, after the
visitor has married, or entered a different field of employment).

8. Visitors may face any of these hazards whenever they visit Russia but the
FSB is especially active during Trade Fairs. At these times particular care
should be taken.

SVR and GRU Approaches Worldwide

9. As a general point, it should be borne in mind that both the SVR and GRU
are known to have approached British nationals, in particular businessmen, in
many parts of the world. The threat is especially high in some Third World
countries where the R FIS believe they have little to fear from the local
security services. People who have been regular visitors to Russia are more
likely to come to notice since the FSB will hold some record of their personal
details, which can be passed onto the SVR a nd the GRU. An indiscretion or
irregularity committed in Russia, even if apparently unnoticed at the time,
may be exploited by RFIS officers elsewhere. In addition, RFIS officers may
make approaches using the cover of another nationality, for example Eastern
European or Scandinavian, to disguise their true allegiance.

Advice about visits to Other Former Soviet Republics

10. Visitors to the other former Soviet Republics should heed the advice given
to visitors to Russia. Although these republics now have their own independent
security services, many of them continue to cooperate closely with the RFIS.
The RFIS are so comfortable operating in some former Soviet Republics that
they regard them as virtually home territory. The advice about co mpromising
offences and risk of arrest also applies. It should be noted that many of
these republics are not used to Western visitors and may pay particular
attention to them."
[..]

For more information, see: http://tinyurl.com/wlmod


+--------------------------------------------------
| Why you receive this mail and what to do with it:
|
| You are receiving this mail because you were invited to
| the Wikileaks Press Release list run by the transparency group Sunshine
Press.
|
| Releases ensure you are aware, before the rest of the world,
| of significant geopolitical and other disclosures released
| by Wikileaks, an international platform for the first release of
| of classified, confidential or censored materials of political,
| diplomatic, ethical or historical interest.
|
| We rely on you to distribute the content of this mail to your
| community, industry, press and regulators, to defend us in your
| country and to invite people of integrity and commitment via
| via https://lists.riseup.net/www/subscribe/wl-press
|
| Our materials range from secret Guantanamo documents to political
| assassinations to confidential reports of children's hospital
| corruption, and have spawned tens of thousands of press articles,
| many reforms and changed electoral outcomes.
|
| Releases average one per week but can be higher or lower depending on
| events. You can easily set the frequency to monthly or change your
| subscription via https://lists.riseup.net/www/sendpasswd/
|
| If you know people that have access to sensitive documents of public
| interest, tell them about us. We have an unbroken record of protecting
| sensitive sources and defeating censorship attacks from all corners of the
globe.
| See https://secure.wikileaks.org/wiki/Wikileaks:Submissions
|
| If you are about to release an investigative report or article, we can
release the
| underlaying source material concurrently to substantiate the allegations,
| draw attention away from the true source, deflect legal or censorship
| attacks and promote secondary investigations and public awareness.
|
| Live bank-grade encrypted chat to the office is available via
| https://secure.wikileaks.org/chat/irc2.cgi (multiple languages spoken)
|
| Inquiries for speaking engagements, comment, interventions, |
investigations, source-protection and censorship consultations
| may be addressed to http://wikileaks.org/wiki/Wikileaks:Contact
|
| If you are serious about analysis, translation,
| legal, coding, network, financial or other contributions, please contact
| us via: http://wikileaks.org/wiki/Wikileaks:Contact
|
| See http://wikileaks.org for all other information and
| https://secure.wikileaks.org for secure access.

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE