Cooke Report: Why it doesn’t support the “nothing happened” headlines


The die has been cast and the first news cycle after the publication of retired Judge Cooke’s report on alleged bugging of #GSOC produced a wealth of “nothing proved so nothing happened” type headlines.

Read it and you can’t come to the same conclusion.

The Wifi Threat

GSOC’s boardroom has a lot of audio visual equipment including microphones. Contained within this equipment was a device which had been tampered with and original manufacturer parts were found to have been replaced. This device – called 4B throughout the report – was repeatedly trying to connect with the wifi network in a nearby cafe. The significance of this was in the belief of Verrimus that an …

“eavesdropper could gain access to the microphone-enabled units connected on the network in the Boardroom and the Media Room and use them to listen to conversations in those areas.”

Further alarms were raised when during Verrimus’s security sweep Device 4B was observed to be connecting to the cafe’s wifi – with which it “exchanged 121 data packets.” One of GSOC’s officers was present when the data exchange occurred. He said …

I was told that the display that I was watching was a visualisation of data moving in and out of GSOC. …and data was coming into GSOC via the same device. I saw that and it went on for an extended period.”

Verrimus wasn’t asked to prove bugging was taking place only assess what threats existed. So the didn’t prove beyond all doubt that recordings of conversations that had taken place in the boardroom were being smuggled out of GSOC via a neighbours wifi. With the benefit of being able to review Bitbuzz’s own log of data exchanged on that network Judge Cooke says that nobody has provided him proof that that there was any content in those Data Packets. He says that it is possible that Device 4B

“could have continued repeatedly to probe for connection thus generating what appears to be a high number of data packets without necessarily transferring any corresponding high volume of actual data.”

The White Van

While Verrimus was conducting its second survey in GSOC one of GSO’s officers noticed a white van with blackened out windows parked in the street with a direct line of sight to the GSOC Boardroom. The officer who had extensive experience of counter surveillance walked around the block and saw two men walking together on three separate occasions. His evidence to the judge was that he “considered this to be a possible indicator of a surveillance operation in the vicinity of GSOC”

At the same time that this was happening the Verrimus operatives detected a fake UK GSM/3G mobile telephone signal which they concluded was an IMSI catcher capable of decrypting phone signals and stealing data. This was only ever detected by Verrimus when the White Van was present.

Judge Cooke finds an innocent explanation though. He made contact with a mobile phone operator who indicated to him it was “highly likely that the detection was caused by the testing of a new 4G installation by that network which is confirmed as having been taking place over the period of weeks during which the detection was made.”

As for the physical surveillance he concludes that Verrimus’s presence in Ireland could have raised suspicions about who they were selling their technology too and it might have been them and not GSOC who were being snooped on “such surveillance (if that is what it was) was directed at the activities of Verrimus operatives rather than at GSOC personnel.”

The Landline

The second threat to GSOC’s security identified by Verrimus was from the hands free landline telephone in Simon O’Brien’s office called a Polycom because it is used for conference calls. Verrimus conducted many tests on it but the final one was to send a burst of music down the line at a quarter to two in the morning with the express intention of letting anybody who might be listening know they had been rumbled. Verrimus then claimed the following happened …

“The test device was still connected and neither operator was touching the device. The device received a call in of around three rings’ duration. Meaning a person must have made a call to the device direct, as the organisation’s switchboard was on out-of-hours service.”

Their opinion of this was “The likelihood of a ‘wrong number’ at that time to that exact unknown number at the time of an alerting test is so small it is gauged at virtually zero.”

Who made the call then and why? Verrimus speculated that “the ‘listener’ found the intermittent music on the line at 01.40 hours an odd occurrence and without thought or consideration to the possibility of a counter surveillance operation decided to test the call line to ensure it was working. Assuming there would be nobody there at that time.”

Judge John Cooke’s finding on this middle of the night call back with a coincidence factor of virtually zero is very far removed from this morning’s headlines of “No evidence of surveillance found”. The judge can find no explanation for this occurrence and does not attempt to come up with a hypothesis.

It remains the case however that this ‘ring-back’ occurrence has not been explained and further extensive tests in conjunction with the device’s manufacturer would probably be required to advance the matter further.


In summary then the judge notes about the wifi that packets of data may have been exchanged between the device in the boardroom and a wifi network outside GSOC but it has not been proved to his satisfaction that that those data packets contained audio recordings of conversations that took place. He considers the legitimate testing of a 4G network as the “likely” but not proven explanation for a fake GSM network. And he cannot provide any explanation for why a phone with an unlisted number should receive calls in the middle of the night just moments after it has been tested for a tap.

Under the circumstances Judge John Cooke says he can only conclude “it is ultimately extremely difficult to determine with complete certainty whether unexplained anomalies of the kinds identified in this instance were or were not attributable to unlawful intrusion.”

Absence of evidence is not evidence of absence. Judge Cookes terms of reference asked him to establish whether it was proved bugging took place. He could not establish that. The terms of reference did not ask him was there a sufficient amount of unexplained and coincidental activity to give rise to the justifiable suspicion that somebody was attempting surveillance. The headlines would be very different today if it had.

Separate to the technical anomalies there are now new questions raised in the report about the conduct of unidentified agencies possibly connected to the security services if not the security services themselves. When leaving Ireland via Dublin Airport two Verrimus operatives reported to Judge Cooke that having checked in and passed through security a man stood directly in fromt of them as they were seated and produced a camera from his shoulder bag.

They turned away to avoid being photographed but “the individual waited and when they turned back he photographed them. Mr described this as a “trade craft procedure” known as being “burned” which is a strategy used by the “opposition” to let them know that they are aware of their presence and that, in other words, “their cover has been blown.”

Verrimus was also contacted twice by a businessman who appeared to be attempting to influence the evidence that Verrimus would give to the inquiry. In a conversation recorded by Verrimus this man claimed that efforts were being made by the security services to place somebody inside the inquiry.

Caller: Well, you know, there is work going on behind the scenes there to put in a man in there who may understand the whole significance of it. Right. And I know that the boys in green are trying to get a man who is, let me say.

Verrimus: Is in to advise?

Caller: Someone who would know what he was on about, he would know exactly who I would be talking about right.

Not long after the inquiry had commence Judge Cooke says that the Department of Taoiseach passed him a letter which contained an offer of unsolicited help from someone who had worked in the Irish Defence Forces as an Intelligence Officer for over twenty years. Judge Cooke reports that “The Offer was not taken up.”

Who? Why? To what end? Prompted by who? Why did the Department of Taoiseach think it appropriate to pass this on?

All this leads you to the inescapable conclusion that while GSOC bugging was not proven there is far more to this episode than we yet understand.


Filed under Uncategorized

7 responses to “Cooke Report: Why it doesn’t support the “nothing happened” headlines

  1. Donal

    If the 121 data packets carried a full payload they would have carried 0.27 MB in total. 0.27MB amounts to under a minute of compressed audio. In reality the amount of audio sent would be less due to encryption and network configuration data hogging space on the packets. Also if the audio wasn’t being compressed then it would be much much less.

    If Verrimus were able to tell that 121 packets were transferred they must have used a packet sniffer, why weren’t they able to tell the type of packets (a packet trying to connect to a WiFi hotspot will have a different signature to one transferring audio). Also, packet sniffers allow for recording why didn’t Verrimus provide the recorded packets to Cooke?

    The problem with the callback is the time of the night that it occurred. Eircom didn’t have a call data record for the call yet they did have a record of the call the GSOC officer made to the switchboard which means that the person surveilling the line would have to be located between the device and the PBX and not in a remote location. If someone was watching the GSOC phone why were they watching it after midnight? The offices must normally have been empty at this hour, the security sweep was a once off event. Verrimus’ own tests proved that the device wasn’t sending audio when it was ‘hung up’ so if the line was bugged it was only bugging during actual calls. Was an operative waiting around for someone to pop in at the dead of night to hold a conference call? A more plausible explanation is that the other tests that Verrimus ran which involved attaching extra devices to the phone line and sending signals down the inactive pairs within the line caused something the internal network to do something funky and cause the phone to ring without leaving a record.

    • Donal

      I made an error in my last comment, Verrimus didn’t sending signals down the inactive pairs within the line, they just listened to the inactive pairs. They were passive, not active, but they still attached another device to the phone line which could still cause something funky to happen.

  2. Jfrak

    The test on the phone using loud music that you describe as having ‘the express intention of letting anybody who might be listening know they had been rumbled’ does not actually seem to have been for that purpose. The music was played in order to check that audio was only going down the expected pair of wires, and not down those supposed to be inactive. This has the unavoidable consequence of alerting a listener, but this alerting is, if I’m not mistaken, not the primary purpose.

    If the phone line was bugged, it is strange that it passed all of the various tests that were conducted on it, before the phone rang.

    If Verrimus’s phone bug test depends on listening posts being manned at 1.45 on a Sunday morning and on inexperienced operatives ringing them back, then maybe they should develop a better test?

  3. Reblogged this on kevinpmoriarty and commented:
    This, as a dramatization on RTE, would write itself. OK. Yeah. That’s totally unrealistic. Channel Four, then.

  4. John Muligan

    Ah Philip!!! You’ve been listening to your own conspiracy theories and believing everything that GSOC have told you for so long that you even know who was behind the Kennedy assassination!
    The member of GSOC who saw the van didn’t even take the number of the van. Why not? A trained expert in counter-surveillance perhaps but no policeman it seems. Despite having full Garda powers he didn’t even approach the men he saw carrying out surveillance and confront them. Most certainly not a policeman and apparently not an investigator either.
    It is EU law that you cannot take photographs airside in any airport yet this man openly takes out a camera in front of trained security and intelligence operatives and waits until they turn their faces to him to take their photo????? And these highly skilled and experienced operatives do nothing about it, do not confront him, do not report it or even pass it on the GSOC so that they can requisition the CCTV from the airport????? If they are that incompetent then they are all in the wrong business as you are too for swallowing their nonsense!

  5. My spouse and I stumbled over here coming from a different web page and thought I
    might as well check things out. I like what I
    see so now i’m following you. Look forward to looking into your
    web page repeatedly.

  6. We’re a bunch of volunteers and opening a new scheme in our
    community. Your website provided us with useful info to work on. You’ve done a formidable job and our whole group will likely be thankful to

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s