Category Archives: Intelligence

Russian student accused of penetrating state systems on the orders of FSB

This past weekend, Estonian Internal Security Service agents at the border checkpoint in Narva arrested a man on his way to Russia suspected of acting as an agent for the Federal Security Service of the Russian Federation (FSB). The Russian citizen is suspected of non-violent activities against the Republic of Estonia and the preparation of computer-related crime. The targets in his activities against Estonia were Estonian state agencies.

The suspect is a young man with a very high IT skills proficiency. He arrived in Estonia «some time ago» with a valid visa. This was supposed to dispel all suspicions. The Estonian Internal Security Service (KAPO) believes the man was instructed by the FSB on what to do and take interest in while still in Russia. The young man was supposed to use his skills to find weaknesses in the computer networks of Estonian state agencies. Because KAPO needed proof of the agents actions, and because there was no direct and acute threat to the state, the agency placed the spy under surveillance and allowed him to continue his activities. Postimees has been told that all attempts by the IT specialist to penetrate Estonian networks failed. The man was apprehended a few hundred yards from the Russian border in Narva while on his way back during the weekend.

Story by the Russian news agency 47news.ru:

On suspicion of cyber espionage, the special services of Estonia detained a 20-year-old student from Kingisepp – Aleksei Vasilev. He was called an agent of the FSB. And 47news believes that so treacherous neighbors want to humiliate our State security.

As far as it is currently known, Aleksei from age 16 to 19 studied in the Estonian college (Ida-Virumaa Vocational Education Centre). Then a year he worked in Russia, at age 19 he returned to Estonia and started studies (in Virumaa College of TUT) as a programmer. In Estonia he resided on the basis of student’s residence permit.

With the Aleksei’s 38-year-old mother, Elena Pesovets, the embassy already talked. She is also a resident of Kingisepp. The 47news also talked with Elena.
– Aleksei graduated from some kind of a specialized class?
No, the usual Kingisepp school. Nine classes. Then he went to Sillamäe College (Ida-Virumaa Vocational Education Centre) to study as a programmer. Then for the higher education in Kohtla-Jarve (Virumaa College of TUT). He planned to work in profession.
– But why he did not try to study in Petersburg?
In St. Petersburg, tuition fees must be paid, but in Estonia it is free.
– But to work, to build a career he planned in Russia?
He did not think about it yet, he wanted to get the higher education, and after that to choose.
– Did he had any problems with the Estonian language?
He does not know Estonian well. But in Sillamäe and Kohtla-Järve studies are in Russian. It was not required to know Estonian to study.
– Computers are his main hobby?
Yes, he was fond of computers. But his friends, like for every guy – classmates. He does not smoke, does not drink alcohol, does not rove. Every weekend he came home. He has two brothers. All the time at home with them.
– And he lived on a scholarship or worked part-time somewhere?
He got a scholarship, and I gave him money. Like all students.
– Did you spoke with your son?
There is no connection. No possibilities to meet. I am preparing the documents. I only know one thing: my son is not a criminal.

In this story there is an incomprehensible or unpleasant yet nuance. When, after detention, an employee of the Russian embassy arrived at the detention center, instead of Aleksei, a police officer came out. He acquainted our diplomat with the paper signed by the detainee. In it, Aleksei says that he is acquainted with his rights, but he does not need the services of the embassy. But most likely, this is a childish step.

Links:
http://news.err.ee/641144/estonia-s-internal-security-service-arrests-fsb-agent-at-border-in-narva
https://news.postimees.ee/4301995/estonian-officials-detain-suspected-russian-fsb-agent
https://news.postimees.ee/4304097/fsb-agent-tried-to-penetrate-computer-networks
http://news.err.ee/642040/russian-consul-to-meet-with-alleged-fsb-agent-arrested-in-narva
http://47news.ru/articles/129730/
http://www.delfi.ee/news/paevauudised/eesti/arvatav-fsb-agent-oppis-ttu-virumaa-kolledzis-tootmise-automatiseerimise-erialal?id=80143588
http://www.delfi.ee/news/paevauudised/valismaa/mis-portaal-on-arvatavast-fsb-agendist-kirjutav-47newsru?id=80133554
http://www.delfi.ee/news/paevauudised/valismaa/eesti-piiril-vahistatud-fsb-agendi-ema-mu-poeg-ei-ole-mingi-kurjategija?id=80133274
http://www.delfi.ee/news/paevauudised/krimi/fotod-vene-portaal-narvas-kinnipeetud-arvatav-fsb-agent-on-20-aastane-noormees-kes-oppis-eestis-programmeerijaks?id=80132390
http://epl.delfi.ee/news/eesti/kas-vahistatud-fsb-agent-uritas-tungida-eesti-riigiasutuste-arvutisusteemi?id=80089576
http://www.delfi.ee/news/paevauudised/krimi/arvatav-fsb-agent-oli-kutsekoolis-oppides-viks-ja-viisakas-soprade-hinnangul-aus-ja-kohusetundlik?id=80147726
https://geenius.ee/uudis/kirglikust-arvutimangurist-luureagendiks-erakordne-see-et-onnestus-toestada-side-fsbga/
http://news.err.ee/642503/russian-embassy-puzzled-by-allegations-of-arrested-russian-being-fsb-agent
http://epl.delfi.ee/news/arvamus/urmas-sutrop-fsb-puuab-oma-arvatavast-agendist-teha-kannatajat-keda-koik-lausa-peavad-armastama-head-poega-ja-leebet-melomaani?id=80153888
https://news.postimees.ee/4333375/arrests-take-romance-out-of-spying

Yearbook of Estonian courts 2015

estonian_courts_yearbook_2015
The focus of this Yearbook is on criminal procedure with special emphasis on surveillance operations. There are three articles that are of our interest.

“Supervision over surveillance”,  Uno Lõhmus, Visiting Professor at the University of Tartu:

In conclusion
First, full judicial pre-approval of surveillance operations, judicial supervision of the operations at the time of conduct thereof, and effective review of the operations after their completion are not ensured. Second, the rules on surveillance are laconic, incomplete and ambiguous, and the case law has not been able to improve this situation. In other words, legal clarity of the law is not ensured. This adds to the complexity of judges’ work and may also contribute to superficiality.

In addition, the case law does not clarify whether the installation of spyware in a computer system should be regarded as the installation of a technical means.

As of 1 January 2013, examination of traffic and location data in electronic communication is not considered to be a surveillance operation.

“Problems related to surveillance – the perspective of a defence counsel”, Küllike Namm, attorney-at-law:

In conclusion
This article focuses on the questions that have arisen in connection with surveillance operations and to which the current law does not provide answers. The discussion of these issues is intended to point out that the activities of public authorities in organising surveillance are inadequately regulated by the Code of Criminal Procedure. This creates a situation where the provisions on access to information on surveillance operations do not guarantee that a person subjected to surveillance can examine the data collected by surveillance operations and, where necessary, take possession of the data in a format that can be played back.

“Some problems encountered in computer system searches”, Eneli Laurits, Adviser to the Penal Law and Procedure Division of the Ministry of Justice:

Summary
The Code of Criminal Procedure of Estonia does not regulate computer system searches. It is relatively difficult to apply the existing rules to the collection of evidence in the manner described in this article, but it is still possible.

When performing an inspection, the body conducting proceedings is not entirely free of jurisdiction-related issues: for example, if the object of inspection is the social media website of a victim or a suspect, then the inspection of the website is complicated in theory, but simple in practice – a mouse click is enough to display various data within the territory of Estonia. An inspection can be based on cooperation (the subject voluntarily provides the user IDs and passwords), but there is always the possibility that voluntary cooperation fails. An investigative body should be able to rely on a legal regime in such cases.

Links:
http://www.riigikohus.ee/vfs/2071/Riigikohtu_aastaraamat_eng_veebi.pdf

License plate-reading cameras to be installed at border crossings

estonian_border-licence_plate_recognition

In efforts to crack down on an increasing issue with Estonians crossing the country’s southern border in order to buy cheaper alcohol there, the Estonian Tax and Customs Board (MTA) wants to install license plate-reading cameras at ten or so currently unsupervised Estonian-Latvian border crossings.

This summer season’s record violation, for example, was discovered last week, when customs officials detained a commercial vehicle in Estonia whose driver had picked up a ton and a half of beer with the intention of delivering it to Finland; the likely intention was to resell the alcohol in Finland, as the cost of beer in Finland is currently twice that of Latvian prices.

“He had already completed a number of successful trips across the border at Ikla and from here on to Finland,” explained Urmas Koidu, director of the customs department at the MTA. “We were able to track him down specifically thanks to the license plate recgnition system.

It is strange that there are still some borders that are not covered by the system. Compared to the intelligence gathering capabilities the system provides, the motive to fight alcohol smuggling is a joke.

Links:
http://news.err.ee/v/news/c6c29079-4a1b-414f-819d-a1272018d477/tax-authority-wants-alcohol-tourists-watched-by-cameras

Kapo eavesdropped on Savisaar outside criminal procedure

kaitsepolitsei

Lawyers defending Edgar Savisaar are hopeful to kill criminal case against the Centre chairman with just one move – asking that the initial evidence, the basis for all the rest, be declared invalid. This would be the piece of information acquired by security police which afterwards triggered the whole criminal case – by eavesdropping a private conversation between then Mayor of Tallinn Mr Savisaar and Meriton Hotel owner Aleksander Kofkin at the Balalaika.

While talking about the food, a topic slipped in which made police ears perk up. [..] After years of eavesdropping on Mr Savisaar, this for the security police seemed to be a sign that the mayor was involved in issues outside of official responsibilities. [..] While Mr Savisaar is contesting that, the main issue is the method of acquiring the information may not have been legally justified and thus the basis for all the rest of the case would fall off.

In Estonia, security agencies are allowed to eavesdrop on people and institutions outside criminal procedure to prevent danger and in the interests of security. For this, special permission is granted by an expert administrative judge. All related information and related issues (such as statistics) is state secret.

Years of eavesdropping without having a right to ever find it out, and overall statistics being a state secret. As EFF says: When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy.

Links:
http://news.postimees.ee/3785723/lawyers-of-savisaar-see-ray-of-hope

Russian special forces operated fake GSM base station in Pärnu

imsi-catcher_Parnu

In April 2015 NATO brought their special forces to Estonia for a secret NATO exercise. In the days that followed Russia unleashed a series of aggressive counter measures to monitor their exercises.

Estonian signals intelligence quickly discovered an IMSI-catcher – a false cell phone tower in the local cellular network. NATO believes that the Russians attempted to identify the key NATO personnel.

Classified NATO report: “The ghost tower came online briefly twice during the day. It overtook all local towers and hijacked all the local recipients before it dropped offline.”

Links:
https://www.aldrimer.no/claims-russian-special-forces-are-operating-inside-estonia/
http://news.postimees.ee/3680481/experts-say-lion-s-share-of-nato-leak-is-hot-air
http://tehnika.postimees.ee/3682041/drooniluureskandaal-eestlaste-koned-on-rangelt-kapo-kontrolli-all

Plan to regulate private detective market

private_detective

In February 29th interior ministry sent interest groups a letter inquiring about how many private detectives there might be in Estonia and how the domain ought to be regulated.

Mr Rüütel says almost everything is currently possible with help of public registers, but it is complicated to the absurd. For instance, anyone may have recourse to population register, pay €5 and ask is some definite individual has a mother and a father. «If they should answer that yes but they are dead, then I have a new question: do they have sisters or brothers. But for that I will again need to pay five euros. This is ridiculous,» said Mr Rüütel.

Pursuant to the Security Service Act in force, security companies are forbidden to provide private detective services i.e. security and private detective business cannot be combined. «For us, this is questionable. I think these services definitely should not be mutually exclusive,» said Mr Kuusik.

But if a law is created, he says it should grant expanded rights to private detectives. «The law makes no sense if covert photographs are not allowed in public space, which is a much needed service to collect evidence. The same with recording etc,» listed Mr Kala.

Links:
http://news.postimees.ee/3611981/private-detectives-behold-business-boom-on-horizon

Report of Estonian Information Board: International Security and Estonia in 2016

teabeamet_logo

In cyberspace, Russia is the source of the greatest threat to Estonia, the European Union and NATO. Estonia is a target of hostile cyber acts both as an individual country, and as a member of the EU and NATO.

Cyber operations and cyber warfare have become a part of modern warfare.

Page 45 has section “Cyber threats”. Two pages of text contain no new information.

Links:
http://www.teabeamet.ee/pdf/2016-en.pdf