Russian spy discovers the hard way how much his smartphone's metadata reveals about his activities

Privacy

from the imagine-what-it's-like-for-the-rest-of-us dept

Smartphones are not just amazing pieces of technology that pack a range of advanced capabilities into a pocket-sized device. They are also the best tracking device invented so far. They reveal where we are, and what we are doing, every minute we have them with us. And the most amazing aspect is that we carry them not because we are forced to do so by authoritarian governments, but willingly.

A permanent state of surveillance is something most people just accept as the price of using mobile phones. But for one class of users, the built-in tracking capabilities of smartphones are far worse than just annoying. For spies -- especially more senior ones -- the information revealed by their mobile phones is not just embarrassing but poses a serious threat to their future operational usefulness.

That's evident from a new investigation carried out by the Bellingcat team in partnership with various media organizations. Techdirt was one of the first to write about Bellingcat's use of "open source information" -- material that is publicly available -- to piece together the facts about what are typically dramatic events. The latest report from the group is slightly different, in that it draws on mobile phone data leaked by a whistleblower in Russia. According to Bellingcat's research, the account seems to be that of the mid-ranking Russian military intelligence (GRU) officer Denis Sergeev:

Newly obtained telephone metadata logs from a telephone number registered in the name of the (cover) persona "Sergey Fedotov" has allowed us to analyze Denis Sergeev's telephone usage -- including calls and data connections -- in the period of May 2017 -- May 2019. The data -- and especially the cell-ID metadata that we have been able to convert to geo-locations -- allowed us to recreate Sergeev's movements. These movements were both in Russia and abroad, as well as his pattern of communications during his overseas operations. Bellingcat obtained the telephone metadata records from a whistleblower working at a Russian mobile operator, who was convinced s/he was not breaching any data privacy laws due to the fact that the person to whom this phone number was registered ("Sergey Fedotov") does not in fact exist.

It's a nice irony that the use of a cover name meant that Russia's data privacy laws were not broken by leaking the telephone metadata. There are two Bellingcat posts. The first uses the records to track Sergeev's movements around central London. Nothing special in that, you might say. Except that Anatoliy Chepiga and Alexander Mishkin, the two Russians suspected by the UK police of attempting to poison a former Russian spy who had been a double agent for the UK, Sergei Skripal (and his daughter), just happened to be in London at exactly the same time:

according to the timeline of Chepiga and Mishkin's movements, as presented by British police, they arrived from their hotel to Waterloo station at approximately 11:45 on that day. Their train to Salisbury, however, would have left at 12:50. Waterloo station is approximately 10 minutes walk from the Embankment. Thus, had a meeting in person been necessary between Sergeev and the Chepiga/ Mishkin team -- whether to pass on final instructions or a physical object -- the area between the Embankment and the Waterloo would have been a convenient place, and the one-hour time gap between their arrival to the station and their departure would have likely sufficed.

The rest of the first Bellingcat post provides further fascinating details about Sergeev's movements in London, and telephone calls with a mysterious "Amir from Moscow", probably a senior intelligence officer who was his handler back home. The second post tracks Sergeev as he visited Switzerland multiple times between 2014 and 2018. As Bellingcat explains, it is not clear what he was doing there, but there are a number of tantalizing hints.

For example, Sergeev's mobile telephone connected to the cell antenna inside the Maison du Sport, where the Lausanne office of the World Anti-Doping Agency (WADA) is located. That's interesting given Russia's problems with doping in international sport. Sergeev's metadata also indicates that at one point he was physically close to the former US Ambassador to Switzerland, Suzan LeVine, but it's not clear why. Here's one suggestion from Bellingcat:

Was he keeping an eye on Suzan LeVine and her husband while another team tried to introduce a virus or hack into a laptop computer left at the Palace Beau-Rivage where the couple had left their luggage? No longer in office, the diplomat was not entitled to any special security, so perhaps this was seen as a low-hanging opportunity by a GRU team that was already in town. Targeting foreign former government officials -- who may or may not come back into positions of political relevance under a future administration -- appears to be compatible with the long-term strategy of an intelligence service.

There is the intriguing fact that the alleged assassins Chepiga and Mishkin were also present in Geneva during one of Sergeev's visits. Although there is no evidence that they met, it would have been remarkable had they not, since they were in the same city, and often travelled together. Finally, it seems that Sergei Skripal was also in Switzerland during one of Sergeev's trips -- another interesting "coincidence."

Both Bellingcat posts are worth reading for the fascinating insights they give into Russian spycraft. The fact that so much can be deduced about someone who has decades of experience of not leaving a trail is a useful reminder of how much more could be gleaned from the smartphone metadata of ordinary citizens, who aren't even trying to hide anything.