Hacker Lexicon: What Is a Dead Drop? (2024)

For almost three years starting in the fall of 2015, a 56-year-old Chinese-American tour guide named Xueha "Edward" Peng would periodically carry out a strange errand: Every few months, he'd book a room at a certain designated hotel—first in California and later in Georgia—and leave $10,000 or $20,000 in cash in the room, inside a dresser drawer or taped to the bottom of a desk or TV stand. Later, he'd come back to the room and search out an SD card similarly taped to the underside of a piece of furniture, sometimes in a package like a cigarette box. He'd pick it up, leave, and later board a flight to Beijing, where he'd personally deliver the card full of classified secrets to his handlers at China's Ministry of State Security.

According to court documents, Peng was carrying out a practice intelligence agents and pawns like Peng have used for years, known as a "dead drop." That term of art was helpfully defined by the FBI special agent who would later sign the criminal complaint charging Peng with espionage: "A dead drop is a method of spycraft used to pass items or information between two individuals using a secret location thus not requiring them to meet directly, so as to maintain operational security." Peng agreed to plead guilty to the charges on November 25.

A dead drop, in other words, is a coordinated handoff in which a source leaves a physical object—papers, data, cash, or even secret machine or weapons parts—in an agreed-upon hiding spot. The recipient can then retrieve them more easily, and with less chance of being spotted, than they could in a simple meet-up. As old-school as that trick may sound in an age where gigabytes of digital contraband flow freely around the internet, Peng's case shows that the venerable dead drop remains a very viable tool of the spy trade.

As rarely used and paranoid as they may sound, dead drops still benefit those who want to send information or an object to a recipient undetected or anonymously, says Runa Sandvik, a security consultant who has worked as the senior director of information security at The New York Times and a developer for the anonymity software Tor. "Meeting a reporter or a source in person may not be ideal. You can send something in the mail, but then you’re trusting another party, and the mail service may be able to inspect and review the contents before it’s delivered," says Sandvik, who adds that she has, in fact, helped to arrange a dead drop between a reporter and a source in the past. "A dead drop is a way to control exactly how and when a package is delivered and who has the the ability to pick it up, to control more of the variables and never have to meet in person."

For intelligence agencies, dead drops have been mainstay for decades. Vladimir Rezun, a defector from the USSR's GRU military intelligence agency who wrote a series of books about his experience under the pen name Viktor Suvorov, describes in his memoir Inside the Aquarium how setting and checking dead drops was a core part of his routine as a Soviet spy in the 1970s.

"Every free moment we have is given over to looking for these dead drop sites," Rezun wrote. "We poke about in corners. A spy needs hundreds of these places, the sort of where he can be absolutely sure of being alone and know that he has nobody on his heels, where he can hide secret papers and objects and be quite certain that no children from the street or chance passers-by will find them, that there's not going to be any building work going on and that there will be no rats or squirrels, no snow or water to damage what has been hidden. A spy has to have many such dead drops in reserve and must never use the same place more than once."

Both CIA agent Aldrich Ames and FBI agent Robert Hanssen, who betrayed their employers to become double agents for the KGB in the 1980s, used dead drops to feed secrets to their handlers, too. Hanssen, for instance, would hide documents and computer disks in a bag of trash hidden under a footbridge over a shallow stream in a Northern Virginia park. He'd then place a piece of tape on a signpost in the park to signal to his Soviet contacts that he'd "loaded" the dead drop and that they should check it.

Hacker Lexicon: What Is a Dead Drop? (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Clemencia Bogisich Ret

Last Updated:

Views: 5435

Rating: 5 / 5 (80 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Clemencia Bogisich Ret

Birthday: 2001-07-17

Address: Suite 794 53887 Geri Spring, West Cristentown, KY 54855

Phone: +5934435460663

Job: Central Hospitality Director

Hobby: Yoga, Electronics, Rafting, Lockpicking, Inline skating, Puzzles, scrapbook

Introduction: My name is Clemencia Bogisich Ret, I am a super, outstanding, graceful, friendly, vast, comfortable, agreeable person who loves writing and wants to share my knowledge and understanding with you.