[ARG] Operation Malm

[Naio90]

​

OPERATION MALM Classified Information ​

Operation Background

In order to improve security threats and favor national interests, the argentine government instructed the Federal Intelligence Agency to conduct a special surveillance operation on swedish activity abroad. As a first step, the confiscated and secured swedish computer equipment from the former swedish embassy in Buenos Aires would be secretly sent to the cyber-intelligence department of the FIA to intervene and extract all possible information, including possible classified documentation, encryotion codes and passwords. The computers would be used in an offline environment unless otherwise stated. Paper documents would also be studied in detail. Follow-up Operations exploiting the obtained data would be planned.

Deployed Forces
Federal Intelligence Agency personnel at the FIA HQ and labs. Total directly involved specialists and analysts: x11

Logistical Details
Everything would take place at the FIA HQ, which was a secure and private building, with no access to non-registered personnel with the proper clearence.

 

[Naio90]

The IT specialists and engineers would begin working on the confiscated computers in an safe environment (no outside connection). The computers would be set up and turned on to check what security meassures were on place. It was assumed that they had at least a password requirement to access the traditional interface, which would give at least way to the files and documents stored on the local hard drives.

Since there was no internet connection or any other type of connection to the outside world, it would not be possible for these operation to be detected.

The first stage of the recovery mission was to determine what security meassures there were in place and what the best way was to decipher and access as much information as possible. The ultimate goal was to gain access to diplomatic cables, if not current, at least one from the recent past, issued before the confiscation of the equipment. The minimum goal was to get all local stored documentation and information.

Obviously, 90s technology in terms of cybersecurity was not that advanced yet.

The operation was kept secret.

Connor

 

[Connor]

The hardware would be in a well-maintained condition and whilst seized would remain in a fully operational capacity should the Argentine Federal Intelligence Agency require it to. In an offline mode the computer they were attempting to access would operate a business model of Windows XP and in-turn produce a basic log-on screen requiring the standard username and password connection details; in this case these details were exclusive to each and every member of staff within the diplomatic missions which would provide a natural audit trail when required by the Department of Foreign Affairs. This was not an unusual operating model, especially when managing personal and sensitive information in relation to Swedish nationals, diplomatic relations and intelligence. None-the-less the bulk of the isolated computer's systems would require a connection to the centralised server within the Swedish Department of Foreign Affairs, this works by means of a client-server model where multiple individual clients (computers and devices) request services, resources, files and software, amongst other things, from the centralised server which not only minimises cost but also effectively served as one of the strongest barriers of cyber security given the technological era. A centralised client-server model has existed since the mid-60s to 70s.

In short, the Argentina IT specialist personnel would be met with a Windows XP package and a screen demanding the username and password, it would be impossible to analyse further security measures in-place without having the capability to penetrate this screen. Externally computers hardware different very little from that of any other business computer.

At this stage, the Swedish government would remain unaware of the analysis.

Naio90

 

[Naio90]

The IT personnel would continue working with the swedish systems on an offline environment. After studying the components and making the corresponding technical runthroughs it would be determine that the best way to access the information saved on the sweidh computers hard disk would be to hook up an Hard Drive-to-USB adapter to the hard drive of the swedish CPUs, plugging afterwards that USB cable into the USB port of local computer (also on an offline environment). In addition to this, power would be provided to the removed swedish hard drives in order to get them working. This also would give access to the Operating System files.

Since there was no encryptioned mentioned on all the files and data saved on the computers local hard drives, and office-wide servers (which had also been seized), access would be gained all this information, which would be downloaded into a secure computer run by the argentine intelligence service.

While it would be evident to the IT specialists that the swedes employed a client-server system that required connection to the central server (and something to be studied later), the swedish diplomatic personnel and support staff would have saved on their local drives a lot of information regarding their day to day operations. This would include personal and sensitive information in relation to swedish nationals, diplomatic relations and intelligence.

Clearly, the most sensible information was not accesible at the moment, but it was a good start to see how the swedish foreign service and intelligence operates in general terms.

The IT team would now focus on studying the details of the client-server system.

Again, all this would be done secretly on an offline environment.

Connor

 

[Tim]

⌈ ROLEPLAY NOTICE ⌋

Hello Naio90 and Connor,

The conents of post #4 have been brought up in a dispute by one of our members. The dispute was regarding the gathering of information in reply to post #3.

As described in post #3 the confiscated computer uses a client-server model. In post #3 it is also further explained what this entails: the computer lacks local files and programs and fetches these from a server when a connection is established with this server.

In post #4 the files were taken off the computer. This action was totally within our rules as no encryption was mentioned in post #3. However, as described in post #3 the downloading of local files would not yield the files as they are described in post #4:

"the swedish diplomatic personnel and support staff would have saved on their local drives a lot of information regarding their day to day operations. This would include personal and sensitive information in relation to swedish nationals, diplomatic relations and intelligence."

This is because it must be logically concluded from post #3 that all files are on the client-server model, as no other type of digital storage was mentioned. To attempt to gather data from another type of storage (local) would need to be done in a post, giving the other player time to respond. The roleplaying of this attempt, and it's immediate succes (getting certain files), is considered godmoding.

Because of this post #4 is considered void. Please send a support ticket if you have any questions or disputes regarding this Roleplay Notice.

The Modern Nations Staff Team
Tim

 

[Naio90]

With the apparent impossibility of obtaining relevant data from the seized computers, the argentine intelligence service would focus on the phyisical archives and documents extranted from the former embassy building.

As it is usual in the day to day operations of embassies and consulates, among the documents would be series of blank swedish passports and IDs, emergency laissez-passer and security foils for notarial letters, that are always present and this kind of offices, among other things. This documentation was stored in the embassy/consulate with no special protection or safeguarding meassures.

These valuable assets would be secured in a safebox and stored for potential uses in the near future.

All this was being done without the knowledge of the swedish authorities, who almost 2 years after the incident did nothing to try retrieve or account for the documentation.

All this would be private.

Connor

 

[Connor]

The physical archives were somewhat fruitful with the Argentine analysts being able to retrieve a small amount of emergency passport documentation, each attributed to its own unique referencing number collated by the Swedish Department of Foreign Affairs within the centralised server, but nonetheless they would have access to the basic proforma alongside the necessary mundane behind-the-scenes risk assessments and staff auditing paperwork. It goes without saying however that the foreign-based embassy and consulates did not keep a stock of blank passports as not only would this big a substantial security risk but it also made very little sense as Swedish embassies do not issue full passports as this process is not directly managed by the Department of Foreign Affairs but rather the Swedish Police who manage the biometric, photography and issuance processes for passports and national identification cards at local police stations. In addition to this the Argentine analysts would sift through fire safety procedures, fire evacuation protocols, health and safety posters, holiday leaflets, tourism brochures amongst other miscellaneous and useless documentation.

The amount of time and money spent by the Federal Intelligence Agency was certainly worth it for a proforma with very little value, but none-the-less the world remains hypothetically poised for their next move... perhaps it'll be photocopied?

The Swedish Department of Foreign Affairs long wrote off the physical documentation unlawfully seized by the Argentina authorities denoting the very low level of risk to national security alongside the public relation and investment required to liaise with a nation possessing all the gear with no idea. The most important part was the fact Swedish nationals were safely on Swedish soil, everything else is material... replaceable.

Naio90

 

[Naio90]

Securing all gained information and documentation, the argentine intelligence officers would redact a report regarding their findings and present it to the Executive and the military command for information pourposes.

The rest of the evidence would be safely stored for future inquiries and opportunities that might present themselves.

As a consequence, this Operation would be considered concluded and the assigned ressources would be relocated to more urgent tasks and missions.

Aside from the obtained data, the argentine intelligence officers would also have gained additional insight in foreign operating systems and procedures, which might come in handy in future ocassions as well.

Mission complete.