Gordon Corera - Russians Among Us

One of the curious, almost uncomfortable, aspects of the FBI’s work was the voyeuristic insight it gave into a couple’s marriage and their family life. Living such a strange double life could strengthen the bonds of marriage—providing the sense of a shared mission and the chance to support each other. But it could also introduce strains. The fact the Murphys did not turn to each other to share the burden—even in pillow talk—surprised the FBI team. “It’s a little strange that Richard would never turn to Cynthia, but I think there was a competition between them,” explains Pieper. The FBI team came to believe that Cynthia felt her husband was not performing as well as he should as a spy and there was tension in the household. Recordings would even have captured the couple’s most intimate moments. How do agents deal with that? “Throughout all monitoring, the FBI is diligent in managing what is not relevant,” one agent involved in the case explains. “So with regards to intimate moments, professionally you skip ahead.”

An important goal in covert searches was to find any evidence of “tradecraft”—the kind of gadgets or paraphernalia that are used by spies and which would provide hard evidence to prove these individuals were Russians. The team would photograph anything that looked even the slightest bit interesting while tech experts would copy any electronic media like CDs or memory sticks and leave them in place. A key question was how the group was communicating back to Moscow Center.

IT WAS DURING the 2005 Hoboken search that the FBI team hit pay dirt thanks to the boxes of photos in the TV cabinet. When the FBI first got onto the trail of the illegals, they could not see inside their covert communications. All they could see was that they were using code pads and encryption techniques that made messages unbreakable. Unlike Lazaro, the Murphys had been in the United States since the 1990s and so were able to update their covert communications to take into account new technology and particularly the emergence of the World Wide Web. From 2000, they started using a new technique, one that it would take the FBI five years to understand. When they did, it would prove to be one of the great breakthroughs in the entire case.

Inside the shoe box were floppy disks and notebooks. This looked interesting, but when you were searching a suspected spy’s house, everything looked potentially interesting and you never knew what would turn out to be some kind of hidden piece of spy equipment. But the instincts in this case were right. The box would be pivotal to the investigation. But it would not yield its secrets easily or quickly.

The contents of the box were taken away to be analyzed. An initial forensic computer analysis of the floppy disks found them to be blank. But that did not seem right. So they carried out another check. Again they came up blank. Next the team asked the FBI’s computer experts to copy the disks onto other disks—to re-create them so they could play around with them a bit more. Among the papers in the shoe box was one page that had “alt-control-e” written on it along with twenty-seven seemingly random characters. Was it a password? It was time to experiment a little. They put in one of the floppy disks and pressed alt-control-e. Nothing. They tried a different disk. Same process. Nothing. But just when it looked like a dead end, they tried another disk. This time the seemingly empty disk sprang to life. There was a prompt for a password. There was elation for the team. But it was short-lived. They put in the twenty-seven characters from the piece of paper. Nothing. They tried again. Same response. Maybe it had been written down backward? They tried the combination every which way. Nothing. But then another member of the team walked by the agents sitting huddled over the computer. He looked over their shoulder at what they were doing and then at a digit on the piece of paper and said, “You know that’s a one, right?” It had looked like a seven because of the way the Murphys had written it, but in Russian it was the way they wrote the number one. “No—we did not know that was a one,” they replied sheepishly and quickly went back to the screen. This time as the last character went in, the screen suddenly changed. A prompt appeared. “Please insert picture disc.” They were inside the illegals’ covert communications system.

Imagine a picture on any normal website. It is made up of data—ones and zeroes—that when downloaded tell a computer how to reconstitute the image on-screen. What if hidden among that data are ones and zeroes that have nothing to do with the image but actually make up a secret message? Thousands of people could visit that website. But only if they had the right software would the message be downloaded. And even if it were spotted by an unintended recipient, it is encrypted, so it cannot be read. This is steganography—the trick of hiding a message inside an image.

Hiding messages has been around for some time. One story from a couple of thousand years ago involves a courier’s head being shaved and a message being tattooed on his scalp. The hair is allowed to grow back and anyone intercepting the courier on route will not see anything. But the person whom the courier arrives to see knows that all they have to do is shave his head again to reveal the message. Another example from the twentieth century was the microdot. This was so small as to be invisible and could be put on a stamp or postcard but contained a message that could be read if you knew it was there. By the twenty-first century and the illegals, a new world of digital steganography had arrived.

The FBI team realized you had to insert a disk that had six pictures on it and then another disk with the message you wanted to send. The computer would analyze the pictures to work out which picture was best suited to hiding the message. Once it had done so, it would say something like “number six” to indicate the best one and then encrypt—or scramble—the message. Each time it would be encrypted differently, so you needed a program to be able to decrypt it each time. Moscow Center had created its own bespoke software. In order to extract and then decrypt and read the data, you needed the same SVR-supplied software. Without it the message was unbreakable.

There was also a list of public blog sites on the Web where people could upload their pictures. Richard Murphy loved taking pictures of flowers, and often these pictures would have the message hidden inside them. They would be uploaded to the Web and then at the other end Moscow Center could download and decrypt them. The FBI also copied the hard drive of a computer. On it they found an electronic address book with links to website addresses along with a history of which sites the computer had accessed. They downloaded images from the site that looked entirely innocent—including some of colorful flowers. But when the steganography program was applied, readable text files magically appeared. The FBI team asked their tech expert to create their own version of the encryption program that had every different encryption key on it. They were able to go back and decrypt some earlier messages, as well as new ones that arrived.

The shoe box had been the key to understanding the illegals’ communications and would transform the investigation. This item would become known to grateful FBI officers as the “tradecraft box.” There was one moment, though, when they feared they might lose their access. One winter Maria Ricci was going back into the Murphys’ house just before New Year’s Eve. You always did a search for a reason and this time it was because there were indications that there was a change in the communications system—most likely new disks. This was a night search. These are more stressful. Neighbors are likely to be sleeping but if you are discovered there are fewer ways to explain why you are in someone else’s house. Ricci was being as quiet as she could with her small team as they hunted for new disks. They found them quickly. But what about the new password to go with them? They were not in the shoe box. Nor any other obvious place. So they started looking anywhere and everywhere else. Still nothing. Minutes turned into hours and the tension was rising. In the end they had to give up. The team made their way back deeply discouraged, assuming they had blown it—without the password they could no longer be able to read the messages. After all that worry when they returned to base and inserted the new disks, it turned out the password had not been changed.