Translated by Ollie Richardson & Angelina Siard
How the special services eavesdrop on Ukrainians, how Poroshenko protects himself from wiretaps, and why meetings in private can be more dangerous than correspondence in Facebook…
The question of safety of personal information is paramount for public people in Ukraine, including the President.
Petro Poroshenko has his own special manner to build communication with his immediate environment. He hasn’t used open mobile communication for a long time, says a source from the immediate environment of Petro Poroshenko.
“The President calls a person to visit, sets for them a task, and then asks to send a ‘plus’ if it is fulfilled, a ‘minus’ if the affair wasn’t fulfilled, and then he makes a new appointment. And it is in this way that they communicate in ‘pluses’ and ‘minuses’,” reports one of confidants to the President.
According to the source of “Strana”, the President doesn’t carry a mobile phone with himself in a pocket. He ‘dumps’ it either on the head of his protection Yury Fedorov, or to his closest assistant who is physically nearby on this day.
“The phone is stored by a special person for special calls. The scheme is as such: there is a call, the person presents themselves, and informs the intermediary for what reason they call. The representative of State Protection Service reports to the First [Poroshenko – ed], receives the answer, and either passes him the phone, or reports that he will be called back later,” describes our interlocutor. He emphasizes that earlier the President communicated on various messengers, however since August of the 2015 he stopped to do it. Until recently he kept only iMessage (instant messenger through gadgets of Apple).
“At the same time the Bloc of Petro Poroshenko Deputy Aleksandr Granovsky likes the confidential chat Telegram, while the partner of Poroshenko Igor Kononenko uses the Signal program,” adds the source of “Strana”.
Pranker Lexus, who often pranks representatives of the Ukrainian elite, emphasizes that among the Ukrainian politicians Viber is surprisingly still popular despite the fact that concerning security it is unreliable: it is easy to hack it and read correspondence. In a conversation with “Strana” Lexus emphasizes that the need to “encrypt” dialogues and conversation in unique confidential chats of mobile applications arose after the publication of different compromising pieces of evidence that politicians used in information wars with each other.
“Strana” decided to understand how public people are being eavesdropped in our country, and the most important thing – how they protect themselves from curious ears and eyes.
Neither the court, nor the law will stop it
“Now it is fashionable to complain ‘I’m being eavesdropped’. People lower their voice, take the interlocutor aside, and I always want to say: ‘you flatter yourself’. Most often to record or ‘hack’ someone is done in order to distort the actions of those who are being eavesdropped, or to compromise an official. In reality, it is much easier to assemble the most interesting conversations than to record them. And it is also cheaper,” described to “Strana” the former deputy head of the SBU Vasily Vovk.
There are two universal methods to be protected from being wiretapped, said the Deputy Yury Voropayev, who in the past was an investigator of the KGB. “The first method: not to say too much and to carry on the conversation with the interlocutor, being aware that you are being recorded or eavesdropped. Always. And to be correct and careful enough. There is also a sign language: with a clever person it is possible to speak in such a way so that they understand everything, and with others — no,” said Voropayev, sharing his experience with “Strana”.
According to him, if the authorities have the task to wiretap you, it won’t be stopped by neither the court, nor the law. “It’s true, it’s the court that must approve the wiretap, moreover it must be the Court of Appeal, however in most cases they do it without formal permission, especially now, when in general the law is totally ignored,” Voropayev specifies.
The head of the Court of Appeal of Kiev is the guardian of valuable information. “In the Court of Appeal there is a secret office where all lists of names are kept, which is under the special control of the power. That’s why when they want to eavesdrop on any judge, for example, in Kiev, they transmit a request through the regional courts because there is a risk of the order being leaked,” describes the judge of one of the capital’s courts who wished to remain the unknown.
According to the lawyer Igor Cherezov, often the employees of the SBU imperceptibly note down the people who are interesting to them as minor characters in resonant affairs in order to eavesdrop on them.
“Under the law it is forbidden to eavesdrop on a conversation between a lawyer and a client, just like it is forbidden to eavesdrop on, for example, a Deputy,” said the lawyer. In order to bypass the ban, the person is being eavesdropped as if it was unintentional. “For example, one journalist communicates with any fugitive oligarch who is at war with the ruling regime. And from time to time she publishes articles with some videos compromising the power. The journalist and the fugitive oligarch call each other, which is natural. And it means that the journalist comes into the view of the special services, and that the SBU has the right to ask her to put her phone on a ‘wiretap’. Or inadvertently to write down her name as a minor character in the case of one of the witnesses,” describes Igor Cherezov.
The wiretap of the most interesting persons – Ministers, People’s Deputies – demands more efforts. “Imagine that you are the SBU. It is forbidden to eavesdrop on the judge without a legal basis, but you need to do it. In such a case the employees of bodies buy separate equipment, and tail behind the object in a small minibus. They park nearby, encrypt themselves as a coffee shop on wheels, and take root into the operator’s network. And it is precisely for this reason that sometimes in some zones of activity, or near high buildings in governmental quarters the connection disappears. From time to time at the place of the problem the employees of mobile companies arrive. But often they don’t come. Why? In order to continue to have a license of a mobile operator, it is necessary to come as seldom as possible, and it is even better not to pay attention to such hindrances at all,” describes one of the employees of the Presidential Administration.
A gift with a surprise
It is even possible to gift to a person the means to control them — a smartphone. “Never accept from influential people such a gift as an iPhone. The SBU arranged long ago the production of a special package in which the system of tracking is sewed in. Everything is simple: the phone is opened, software is download on to it, and it is packed back together as a new one. You are gifted it for a holiday. Or (a cheaper method) you are offered to buy the same illicit iPhone at a price below the market one,” said Cherezov.
Another cheaper and popular method is to install a program or a special system that reads the information on the phone. “The most important thing, never physically hand over your phone so that nobody is able to work with it. For example, not to leave it at the reception hall in the Presidential Administration. Remember, when you come into the Presidential Administration, the ensign kindly asks you for your mobile, takes it, and gives you a receipt. During your visit to the important official — an hour or two — they will have the time to do with it whatever they want. Sometimes people are specially invited into the Presidential Administration for an artificial occasion so that their phone ‘sits’ in a box for a couple of hours,” describes the former high-ranking employee of the Presidential Administration.
However, in the State Protection Service such a scheme is called into question. “I can still imagine that such tricks are in private structures, but not in State ones, where there is a protocol, the log of visits, surveillance cameras, cells where the equipment of guests is stored. There everything is strict,” notes one of the employees of the State Protection Service who wished to remain unknown.
There is one more method to “mirror” a phone – by means of those same mobile operators. “For this purpose it is enough for the employee of the SBU to know the number of your mobile phone and to have special equipment in order to intercept SMS. One more condition of their success is your negligence to habitually link codes of access of all messengers (Facebook, WhatsApp, Viber) to the number of the mobile phone. You come into a messenger, and it asks you for a password. You enter the phone number – the message with the password arrives, which – have no doubts – is intercepted by the SBU. They use it, and from this point all information is ‘mirrored’ on their phone,” said the lawyer Cherezov. Emphasizing that the employee of the SBU receives access to all new messages, without having the opportunity to study the previous correspondence if the object of attention has a habit to delete legends of dialogues.
Are messengers being breached or not?
In the professional world and among politicians for a long time there has been a discussion about whether it is possible to breach these or those messengers.
According to the general consensus, Viber can be breached. The intelligence services of developed countries received the corresponding opportunities to do this already in 2013. Now in Ukraine correspondence on Viber is also being breached (permission can be granted to breach this messenger is granted even quite officially by a court decision).
Concerning others, there are different interpretations.
“Recently in the political environment information is being spread that the SBU received the opportunity to breach Telegram, that’s why many politicians don’t communicate using it,” said the head of security of one of the large Ukrainian business groups to “Strana”. “But how correct this is – it is hard to say. Telegram, as well as other messengers, attached to phone numbers can be mirrored by the special services. Except a confidential chat. But, to breach Viber is another question. It isn’t excluded that these rumors are spread by the SBU itself. As for WhatsApp and Facebook messenger, our law enforcement officers can receive information from them by sending a request to colleagues in the US within the framework of international legal help. This is the long bureaucratic way, but theoretically the data can be provided”.
Last year the well-known tweet discussion between the former analyst of the US NSA Edward Snowden and the founder of Telegram Pavel Durov took place. Snowden doubted the confidentiality and security of users of the Internet messenger Telegram and considered it less protected than the similar WhatsApp application.
In reply, Durov asked Snowden a counter question: “did you consider that most users of WhatsApp store all their history of correspondence in the non-ciphered Google Drive or iCloud?”.
This concerns the fact that it is possible to hack into these storages and from there to take away information.
“But in most cases the special services and other structures interested in obtaining your data don’t use difficult methods of hacking,” said Snowden. “They prefer simpler, but no less effective ways. In March, 2017, Wikileaks published a huge number of documents that show how the CIA, using vulnerabilities in operating systems, received access to any computer and smartphone. Now these codes are in open access and anyone can use them to get access to your gadgets. That’s why I recommend to all to constantly update the operating systems that you use, loading the latest version. The second moment – access to your phones through public WiFi networks. Both in the first and in the second case, external people receive control over your gadget, and can download correspondence or turn on the phone in the regime of eavesdropping, and record your conversation”.
Waiters and restaurants are more dangerous than Facebook
At the same time, according to the lawyer Denis Bugay, paranoia surrounding the wiretap of everyone and everything is a little exaggerated – moreover this isn’t excluded by the employees of the SBU themselves. “I don’t trust these espionage stories, which became too much recently. The agitation surrounding the wiretap is artificially heated. Probably, they want to force people to go offline. In this way it will be easier for people to survey and record them,” said Bugay.
According to him, sometimes public places, such as cafes and restaurants (especially in the government quarter) can be equipped under some pretext with special equipment. “In some cases it is the waiter who can help to overhear a conversation for the field investigator,” said Denis Bugay. It is precisely for this reason that a conversation in the summer terrace of a Kiev cafe can be more dangerous from the point of view of an information leakage than correspondence on Facebook messenger.
The employee of the Court of Appeal shares the same opinion. “Pay attention, from time to time the SBU or the State Office of the Public Prosecutor brags about some correspondence from closed messengers that they allegedly received access to. Cheap show offs. Such a mountain of information falls into their hands if you were detained at the place of events, when your phone is physically confiscated, for example, during the search. At this time you forgot to remove the history of your correspondence. Or they confiscated your computer on which analog messengers are installed that exist on your phone,” he said. And pay attention to the market value of global companies like WhatsApp, which is estimated at $16 billion.
“How much would the WhatsApp company be worth if it was possible to take root in it so easily? And what kind of super-intelligence service would the Ukrainian SBU be if it managed to do it?” he asked.
What to do if you can’t do without privacy
The lawyers and law enforcement bodies questioned by “Strana” made some recommendations on how to avoid the consequences of wiretapping. The first and main one — not to say too much and always correspond in the tone and style of a person who is aware that they can be eavesdropped, and that already tomorrow this dialogue can appear on a social network.
If it is impossible to communicate with privacy, it is worth linking all text and colloquial program messengers (WhatsApp, Viber, Signal, Line, Telegram) to a SIM card of a foreign mobile operator.
Thus the lawyer Andrey Smirnov advises not to insert a foreign SIM card at all into your permanent phone in which your main Ukrainian card is installed.
“Buy a ‘disposable’ Nokia or Samsung, and insert a foreign SIM card into this phone. And in the course of activation of messengers on your permanent phone specify your foreign phone number. An activation code will come to the ‘disposable’ phone — enter it into the messenger on your permanent phone,” explains Smirnov. “After this, the foreign SIM card should be taken out from the cheap terminal (subscriber phone), the subscriber phone should be given to those who need it, and the SIM card itself should be hidden far away — most likely you won’t need it any more. And voila — on your permanent phone with a Ukrainian SIM, with messengers attached to a foreign number, the SIM card of which is inactive and isn’t attached to the IMEI of your permanent phone”. Smirnov recommends to change the numbers of messengers on the phone at a minimum once per six months.
It is possible to protect confidential information also using intricate passwords on the phone and messengers. Igor Cherezov emphasizes that many of his clients “were caught out” with primitive PIN codes — the employees of the SBU in a second breached the phone after detention.
“iPhone 7 without a password is very difficult to breach, especially if the lock is tied to the fingerprint sensor,” said the expert, sharing a story from his lawyer practice: “One of my clients burst out laughing in the face of the SBU employees when they asked him to enter the password of the phone. They soon returned and cheerfully told him that they didn’t even need it – they got the code themselves. They simply entered the date of his birth. This combination of numbers is the easiest to remember, and people both instinctively and habitually always set their password using the simplest combinations – dates of birth of wives and mistresses, names of children, car number. SBU employees know about these habits, and it helps them to breach your private information,” said Cherezov.
One more important rule – not to use public WiFi networks. It is precisely through them that most often there is unauthorized access to your correspondence. You should use on home and working networks modern protocols of enciphering and often to change passwords.
Also, changing SIM cards, it is worth remembering that the special services can by means of dedicated programs can establish what phones are constantly nearby to each other, or what phones are constantly at your place or at work.
However, if really the special services want to eavesdrop on you, you will not stop them by tricks such as changing phone numbers and using difficult passwords, recognise the experts.
“The described ‘secrets’ are useful only at the level of everyday life,” considers the former adviser to the Interior Minister, the journalist Konstantin Stogny. “If State structures pursue you, nothing from the aforementioned will help, no changes of numbers for messengers. Operating-technical divisions will begin their work (at least, it was like that earlier) with analytics, that’s why the replacement of cards that were at some point connected to the phone will be found out at the first stage of their investigation. While the disabling of the geolocation on your smartphone is useful only for the deception of a jealous spouse”.
Copyright © 2022. All Rights Reserved.