Books

Special Operations reading list: A few of my favorite hidden gems

I love reading about Special Operations history. It’s amazing what information can be found in published sources if you’re prepared to dig around. There’s a whole hidden history that can only be compiled by doing some deep research and really looking for sources.

Thankfully, some former operators penned books that are well worth tracking down. Here are four of my favorites that aren’t necessarily promoted in mainstream media but are well worth your time.

One Green Beret: Bosnia, Kosovo, Iraq, and Beyond by Mark Giaconia

I was fortunate to interview Giaconia for SOFREP Radio before reading his book. I was expecting some stories about how he supported the Kurds, calling in some airstrikes and such during the 2003 invasion of Iraq. However, Mark’s experiences go far beyond that.

He participated in Operation Viking Hammer: a CIA led mission to shore up what would be the coalitions rear areas prior to the invasion. To my surprise, Giaconia was also involved in what is probably the only joint U.S. Special Forces/Russian Spetsnaz mission in history.

Recce: Small Team Missions Behind Enemy Lines by Koos Stadler

The South African Recces performed some of the most audacious missions in Special Operations history that you’ve never heard of. This is largely due to political reasons. Although Recce teams combined white and black operators, the South African Defence Force served South Africa’s (then) apartheid regime.

Nonetheless, this is a history worth exploring, and Stadler wrote an amazing first-hand account of his time in this unit, including experiences with long range small team Recce patrols.

One Thousand Days with Sirius by Peter Schmidt Mikkelsen

Few people have ever heard of Denmark’s Sirius Sled Patrol— Slædepatruljen Sirius—which is a division of the country’s special operation component along with the Frogman Corps and the Jaeger Corps. Sirius deploys two-man dog teams for long durations to Greenland, where they have to constantly patrol the frozen wastelands. Due to a treaty obligation, they essentially have to provide a presence in Greenland and wave the Danish flag.

Additionally, they have a recon mission to ensure bad actors aren’t messing around in Denmark’s backyard. One Thousand Days with Sirius is an obscure but fascinating book, as Mikkelsen, a former Sirius member, explains the ins and outs of his profession—one that primarily relies on dog sleds to this day.

Guardian: Life in the Crosshairs of the CIA’s War on Terror by Tom Pecora

I’ve been able to interview Pecora twice now. He was a member of the CIA’s protective detail for case officers operating in high-risk environments. This detail started off as the POC and over time, evolved into what’s now called GRS. Pecora worked there long before 9/11, and afterwards in some very dicey parts of the world.

His book is a narrative history of these experiences as well as America’s fight in the Global War on Terror. This is the first book ever written on this particular subject, and I suspect it will be the last for at least some time.

I’m sure you’ll get a kick out of these books, but let me know what other recommendations you might be interested in. For instance, I have a pretty extensive collection of hard-to-find books about contemporary warfare in Africa.

And finally, a shameless plug for my own memoir, Murphy’s Law: My Journey from Army Ranger and Green Beret to Investigative Journalist. It includes my experiences serving in 3^rd Ranger Battalion and 5^thSpecial Forces Group in Iraq and Afghanistan. Some of my adventures in Syria, Iraq, and the Philippines reporting as a journalist are also highlighted.

Book Review: Perception Wars by Alex Hollings

“Actions are dictated by decisions, decisions are based on perceptions, and perceptions are subject to manipulation. That is the basis of the Perception Wars.”

Alex Hollings’ Perception Wars describes how foreign governments are trying to shape American public opinion by manipulating their perceptions. Hollings singles out Russia and China and their ongoing information operations (IO) on American society. Whereas Moscow is focused on shaping opinion through pseudo-accounts and unobjective journalism, China is purchasing its way toward the “stable, reasonable 21st century power.”

The book begins by introducing the concepts and historical background of IO. Articles on World War II and Cold War propaganda efforts provide a link to history and its continuity. Thereafter, Hollings enters the modern arena. He provides four sections (Russian, Chinese, North Korean, and American) that are brimming with colorful, informative, and entertaining articles on the ongoing battle for perceptions.

Hollings is essentially equating national propaganda and information operations to business marketing campaigns. He argues that the predominance of social media offers foreign governments the ideal platform to individually target Americans and shape their beliefs, perceptions, and subsequently their opinions. And it is a reasonable claim. It might seem simplistic, but, more often than not, people are motivated by the same incentives when it comes to buying a new iPhone or performing their citizen’s right (e.g., voting).

Whereas an insurgency is all about winning the hearts-and-minds of the local population, a modern Information Operation is all about winning the tweets and likes of people.

Alarmingly, Hollings asserts that the U.S. is losing the perception wars. Stuck in reactive mode, U.S. policymakers are too focused in ‘bad-actor’ narratives to be proactive in the perceptions and propaganda battlefield. For example, by focusing too much on Vladimir Putin’s or Xi Jinping’s autocratic and corrupt regimes, the U.S. is not seeking to create original narratives that would resonate with the ever-interconnected world population. As in all battlefields, once you have lost the initiative, it’s tough to gain it back.

A short (155 pages) and thought-provoking read, Perception Wars will offer you both an introduction to modern information warfare and a behind-the-scenes glimpse at the ongoing battle between American and its adversaries. Based on primary source research, the articles offer an original analysis of the unseen battle for your perceptions.

The book’s only shortfall is that it lacks a recommended bibliography section. Granted, however, not all readers will wish to go more in-depth.

After reading it, you will be in an optimal position to detect when you or your community is targeted by a foreign actor with a malign agenda. By understanding and recognizing the threat, you will be inoculated from it.

You can buy the book on Amazon.

This article was written by Stavros Atlamazoglou at NEWSREP

‘Murphy’s Law’ — Covering the war against ISIS alongside the Peshmerga

An excerpt from the new book, “Murphy’s Law: My Journey from Ranger and Green Beret to Investigative Journalist“

Another story developed when a fixer we had hired to help translate informed us that there was a big battle going down early the next morning near Kirkuk. No way were we going to pass that up. We left around four a.m. the next morning.

“Just keep driving until you get to the Daesh,” the Peshmerga checkpoint guard said. I was trying to get to the front line to follow along with the Kurdish offensive outside Kirkuk on September 11. Can’t really blame the guard for his concise instructions. As our car approached the front, we saw dozens of up-armored Humvees and pickup trucks. Peshmerga fighters stood around waiting for their orders, talking and smoking cigarettes. As I got out of the car and began walking down the road, a group of Kurdish journalists looked at me and began waving their hands, saying, “No good, no good!”

The puffs of smoke from either IEDs or mortar rounds rose into the air in the distance. Before even getting to the berm lines, I ran into a group of foreigners who had joined up with the 9th Brigade. They all wore MultiCam and balaclavas to conceal their identity. As I was soon to find out, one of them had already had his rifle confiscated because he was taking potshots at the Pesh, mistaking them for ISIS.

It was now about six a.m. The sun had not fully risen and burned off the cloudy haze that engulfed the battlefield. The Peshmerga’s mission today was to liberate a series of villages on the outskirts of Kirkuk, pushing ISIS farther away from the city. What I had come upon was a fighting column, firing on a Daesh village called Zanghar with machine guns and tanks, while hundreds of vehicles were stacked up, ready to roll forward.

For fans of the New York Times bestsellers “The Last Punisher” and “Lone Survivor,” a heart-pounding military memoir from a former Army Ranger sniper and Special Operations weapon sergeant-turned-journalist about the incredible highs and devastating lows of his career.

Growing up in small New York towns, Jack Murphy knew he wanted to lead a life far from the ordinary – a life of adventure and valor. After the 9/11 attacks, he immediately enlisted in the Army, knowing this was his chance to live the life he desired and fight for a cause he staunchly supported. After making it through the rigorous Ranger Indoctrination Program, he graduated sniper school and was promptly deployed to Afghanistan, where his experiences went from ordinary to extraordinary.

In this gripping military memoir, Murphy recounts the multiple missions he underwent as a Ranger, a Special Forces weapons sergeant, and ultimately, a boots-on-the-ground journalist. From enemy ambushes, dodging explosives, crashing terrorists’ weddings, and landing helicopters in the streets of Mosul, Jack provides a hard-hitting glimpse of what combat is like in some of the world’s most dangerous, war-torn places. With tours of duty in two of the most decorated units of the armed forces, Murphy brings a unique perspective to the military genre as he reflects on his great triumphs and shattering failures both on and off the battlefield.

Later, Murphy turned his attention to breaking news within the military. His stories have taken him from Iraq to Switzerland, from Syria to South Korea. From crossing Middle Eastern borders in the dead of night, to rolling into an IED-laden zone, Murphy’s stories are always a thrill a minute.

“Murphy’s Law” tells a story of intense bravery and sacrifice – both on and off the battlefield. Get it today as a hardcover, ebook, or audio book.

How secure is texting? This excerpt from the off-grid communications book ‘COMSEC’ will surprise you

Editors note: This is an excerpt from the book, “COMSEC: Off-the-Grid Communications Strategies for Privacy Enthusiasts, Journalists, Politicians, Crooks, and the Average Joe,” by Justin Carrol and Drew M. Make sure to check the bottom of the piece for a direct link to purchase this book from Amazon!

CHAPTER 1 (CONTINUED): THE INSECURITY OF SMS AND STANDARD VOICE CALLING

Cellular telephone calls and SMS messages are both insecure and non-private. Your calls are accessible to the CSP. The content of all your SMS text messages is fully saved and recorded by your CSP. In addition to the content, all of the metadata about these transactions is recorded and stored, as well. This creates a privacy nightmare that is just waiting to happen.

All it takes to verify this is a quick look at your cellular phone bill. The bill will show a long list of incoming and outgoing calls, incoming or outgoing SMS messages, and in some cases even the city where your phone was located at the time of the event. All of this metadata about your calls and texts, and the content of your texts, is stored for a minimum of five years. This information is consistently abused by CSPs who monetize it.

Verizon: On the counts of collecting and monetizing metadata and failing to provide meaningful protection to calls and messages, Verizon Wireless is perhaps the worst offender of the top-tier CSPs. Verizon sells your location data. While encrypting your calls is standard industry practice, Verizon fails to do so. We don’t mean to imply that any of the major cellular providers are much better; we only mean to point out that Verizon is particularly notorious in this regard.

Government Access: Because your cellular calls are either encrypted poorly or not at all, their content is available to governments. Governments may access the content of your calls and SMS through the application of legal pressure. Governments may also access your calls without the complicity of the CSP through the use of a cell site simulator. A cell site simulator is an electronic device that puts out a very strong signal that your phone will recognize as a cell tower. If you are within its range and your phone assesses its signal to the strongest signal available, your phone will connect to the simulator.

Once your device is connected to the cell site simulator, all of your traffic will flow through the simulator where it is collected. Your only defense against this type of attack is to use strong encryption. Though we are not anti-law enforcement, we do recognize that these types of devices are frequently used without warrants, and they frequently capture the conversations of people other than the intended target. Neither of us are criminals, nor do we condone criminal activity, but neither of us want to be swept up as “incidental collection”.

SS7 Vulnerability: Modern cellular carriers utilize a routing protocol known as Signaling System 7 (SS7). This protocol was designed in the mid-1970s and allows carriers to exchange information between each other. This information is used to pass calls and messages between carriers, and to keep track of billing and usage. It is also used to verify roaming plans before devices are allowed to access other networks. Unfortunately, this protocol has some major systemic vulnerabilities.

Hackers are sometimes able to break into the SS7 system. This provides capabilities similar to those of government actors. Hackers can forward calls and texts silently so that your device will give no indication of an incoming call. This could be used to deny you service, ascertain with whom you are communicating, or capture two-factor authentication tokens sent via phone call or text. Hackers can also view text messages sent via standard SMS between devices and track your location through the exact same protocols that CSPs and government actors do.

Unfortunately, there is very little you can to correct the underlying vulnerability. However, you can take steps to mitigate some of the symptoms of this problem. We will discuss these throughout successive chapters of this book.

THE APPLICATION PROCESSOR & APPLICATION PROCESSOR OS (APOS)

Wi-Fi, Bluetooth, and NFC: If you own a modern Smartphone it is almost certainly equipped with Wi-Fi, Bluetooth, and near-field communication (NFC) interfaces. Each of these present more attack surface.

Wi-Fi: Accessing the internet wirelessly opens up a number of dangers. When you connect to a Wi-Fi network you should consider the following threats and threat actors:

Packet Sniffers: Wi-Fi is nothing more than a radio that can transmit and receive data packets. Anyone within range of your radio (Wi-Fi) traffic to and from the router can potentially “listen in” on this traffic. All data packets that you transfer over Wi-Fi are vulnerable in the air-gap between your device and the access point. Hackers with a simple program like Wireshark and a Wi-Fi antenna that can be placed in promiscuous mode may capture all of your packets and exploit them for personal or financial information.

Rogue APs/Evil Twins: Hackers can setup access points whose SSIDs are the same or similar to real APs in the local area. For instance, the legitimate Wi-Fi hotspot SSID at the San Diego Airport is #SANfreewifi while a malicious hotspot might be #SANfreewi-fi (notice the very subtle difference) in hopes of getting some uninformed or inattentive travelers to connect. Alternatively, a hacker may see your device’s probe frame requests for networks it “knows” and will connect to automatically (probe frame requests are discussed in greater detail on page 14 in the section titled “SSID Broadcast”). He or she could then create an ad-hoc network using one of these names and your phone would connect to it, In reality, the hacker could name the network the exact same name: #SANfreewifi. Devices that receive a stronger signal from the malicious AP will connect to it rather than the “real” Wi-Fi unbeknownst to you. The attacker now has the ability to receive and record every packet that is passed through his device.

Hardware Owners: Even if you manage to connect to the correct hotspot at the San Diego airport, your traffic is still routed through hardware you don’t control. This means the network administrator at the airport will have access to all of your packets, as well. It is unlikely that most hardware owners are collecting all of your packets, but they do collect a substantial amount of metadata. This includes your device’s MAC address, the times your connection was initiated and terminated, and the amount of bandwidth used. In many public Wi-Fi hotspots the websites you visit may be recorded, too.

Internet Service Providers: When your traffic reaches the local access point it will go through a process called network address translation (NAT) in preparation for being passed along to the Internet Service Provider (ISP). The ISP will shuttle your traffic to its intended destination and return that traffic back to you. Again, because you are choosing to put that traffic onto someone else’s hardware, the ISP can retain your packets. If you are not using a Virtual Private Network (see Chapter 4) the ISP potentially has access to everything you do online.

Governments: There are no countries in the world where the government does not exert some level of influence over internet service providers. Though some countries have stronger legal protections than others, you should assume that if the government wants to monitor your internet traffic, it can do so by applying legal pressure to the ISP. Additionally, governments have extremely robust offensive digital capabilities. It should be assumed that governments can, by default, inspect your traffic even without the ISP’s consent or complicity.

Location Tracking: Wi-Fi is another mechanism through which your location may be tracked. Doing so requires access to the routers to which your device communicates in some way. This can be an explicit communication, like connecting to the router, or a subtler connection. Routers are capable of monitoring your device’s probe frame requests – the requests that are transmitted when the device is searching for Wi-Fi. Because the set of networks that your device “remembers” is very likely unique to only you, this is a valuable identifier. When you walk around some large department stores Wi-Fi receivers are in place for this very reason – to track your habits in the store.

This model scales very efficiently and can be used to track your movements around a city, as well. This model also scales very efficiently the other way – Wi-Fi can be used to track your movements with extremely levels of accuracy and granularity by a single router. An individual router to which you are connected can measure your signal’s round-trip-time (RTT) between the device and router. With enough data this can be used to map your entire house and tell exactly where you are within it at any given time.

Reverse Location Tracking: The previous paragraphs address Wi-Fi access points that can determine your location through probe frame requests, but this process also works in reverse. Apps that are installed on your device have the potential to see the networks that are within range of your device. By triangulating your position based on the observed networks and their relative strength, your location can be determined with a good degree of accuracy. This data can then be shared with the app developer, hardware manufacturer, and parties that are able to intercept this data in transit.

SSID Broadcast: When your device is not connected to Wi-Fi, it is broadcasting probe frame requests for all of the networks to which it has previously connected. This sets you up for an evil twin attack as described above, but it also reveals information about your day-to-day habits. Using open-source lookup tools like Wigle.net (https://wigle.net), a popular website that crowd-sources data about Wi-Fi hotspots, an attacker can map all the hotspots to which your device connects. This data can then be analyzed to reveal where you live, work, and frequent. You don’t have to be followed around constantly, or even be the target of constant electronic surveillance for an attacker to know where you will be at predictable times.

Bluetooth and NFC: Both of these protocols present some common dangers. Because both emit a very small electronic signal around your device, both can be used for location tracking. This signal is associated with your device’s MAC address, which can be used to identify you.

Bluetooth (or Bluetooth Low Energy, BLE) presents some unique challenges. Because of its versatility, Bluetooth is used for connecting all sorts of devices for all sorts of purposes. The Apple Watch pairs to one’s iPhone via this protocol. Bluetooth is used to connect your phone to your car so music can be shared. It is used in the Airdrop file-sharing protocol, and for connecting hands-free communication devices.

Because such a potentially large volume and wide variety of data is transmitted through Bluetooth, hackers have been hacking it since the moment it was released. Generally, we recommend you avoid using this protocol altogether, or use it only for benign purposes. Connecting your device to a Bluetooth speaker inside your home is relatively low risk but using Bluetooth to carry out sensitive phone calls in public is not. We also strongly recommend you avoid using Bluetooth in conjunction with devices like the Apple Watch. This device receives location data (from maps), text messages, and much more from your phone. Putting this data in transit (if only for a very short range) opens it up to a host of other attack vectors.

Like Wi-Fi, Bluetooth can also be co-opted to capture extremely granular levels of location tracking. Since the signal emitted by Bluetooth is so small, your proximity to a Bluetooth transceiver can be determined with accuracy down to a matter of inches. Tracking one across a larger are obviously requires the area be littered with many Bluetooth transceivers but they are fairly inexpensive and easy to implement. When location data is correlated with your device’s MAC address this location data is correlated with you.

Defeating These Vulnerabilities

Most books, blogs, and lectures on mobile device security focus on protecting the computer portion of mobile devices. Because they are so deeply embedded into our devices, and because we have so little control over them, defeating the baseband modem is extremely difficult. But it is not impossible. The remainder of this book will focus on interventions designed to protect you from the phone’s computer, it’s impressive sensor array, AND the baseband processor and its capabilities. Some of these techniques will seem drastic, but so are the capabilities of the modern mobile phone. Drastic measures are required, and in light of the slew of exploits against mobile devices, we feel they are completely justified. Ultimately it is up to you to choose your path and decide which of these techniques is right for you and your situation.

SUMMARY

By carrying a Smartphone, you are making an enormous privacy compromise. You have chosen to carry a device that marries an incredible sensor array and several radio interfaces with a baseband processor.

When combined, your device is capable of:

Constantly monitoring and recording your location, even when you have disabled location services and believe the device to be turned off
Refine your location through Wi-Fi and Bluetooth to a matter of a few feet, and determine your location within a building
Monitoring your microphone, even when you believe the device to be turned off, remotely activating the camera(s)
Betraying your standard voice and text data to the cellular service provider, law enforcement and government agencies, and malicious hackers
Mapping your home, and knowing when you sleep, wake, and your patterns of activity

Intercepting data from “leaky” applications is a tactic that has been used by state surveillance actors for many years. This is another reason to carefully consider the applications to which you give close persistent access by installing them on your device.

ABOUT THE AUTHORS

Justin Carroll is a former Marine, plank-owner in the elite Marine Special Operations Command (MARSOC) and has worked on a contractual basis with another government agency. After completing his last overseas deployment, Justin spent five years teaching digital security and identity management to hundreds of soldiers, sailors, and Marines of the United States Special Operations Command (USSOCOM) and was instrumental in the development of a highly technical surveillance program currently in use abroad by US Special Operations Forces. Justin resides just outside of Nashville, TN and is the author of Your Ultimate Security Guide: Windows 7, and Your Ultimate Security Guide: iOS. He co-authored The Complete Privacy & Security Desk Reference and is the co-host of The Complete Privacy & Security Podcast.

You can follow and contact Justin through his blog: https://operational-security.com

Drew is a Detective in one of our Nation’s largest cities assigned to high profile cases that often require covert investigative skills. He investigates crimes involving narcotics, gangs, adult & child sex crimes, human trafficking, and Internet crimes against children (ICAC Task Force). As an open source intelligence analyst and computer forensics and cyber-security specialist, he utilizes these skills to assist in criminal and private investigations of all types. He is a veteran investigator at his agency, and forever a proud United States Marine with overseas deployment experience. First and foremost, he is a privacy and security advocate with a passion for teaching digital operational security and identity management solutions. His classes are available nationwide to law enforcement, military organizations, and select groups in the private sector.

You can follow and contact Drew through his blog: https://hidingfromtheinternet.com

Feature image courtesy of Operational-Security.com