Info Security in 2 Steps - Train Your Humans, Have Your Technical Vulnerabilities Checked and Patched

There’s a famous saying that “amateurs hack systems, while professionals hack people.” The point is that security technology designed to stop hackers, spies, phishers and frauds are always compromised by timeless human weaknesses: inattention, incompetence and complacency.

Click to enlarge.

The only thing standing between your company’s information systems and the people who are out to compromise them is employees. Technical security vulnerabilities can be patched but humans are always vulnerable. (more) (need patching?)

Just in time to celebrate "International Speak Like A Spy Day"

THE DICTIONARY OF ESPIONAGE: SPYSPEAK INTO ENGLISH

We use words to tell each other what we mean. Words illuminate reality. But sometimes, and it seems increasingly so in these troubled times, words can be used to conceal truth.

This is why “The Dictionary of Espionage” is so timely and will appeal to the average citizen who is made vaguely uneasy when he is told that his government is engaged in “surgical strikes” against our enemies, which on occasion, unfortunately, result in “collateral damage” - that is, the U.S. government set out to kill someone but ended up killing someone else.

In this accessibly written book, Washington author Joseph C. Goulden illuminates and defines much of the standard jargon of the intelligence community with refreshing asides about many of spying’s urban legends - many of which may or may not be true. 

Informed by remarkable access to the intelligence community, the book, first issued in 1986, has been significantly updated and contains a foreword by Peter Earnest, the founding executive director of the International Spy Museum in Washington and a former CIA operations officer. (more)

Security Quote of the Day

"The Android platform is where the malware action is. I believe that smart phones are going to become the primary platform of attack for cybercriminals in the coming years." ~ Bruce Schneier, author of the best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish, Twofish, Threefish, Helix, Phelix, and Skein algorithms.

Today in Eavesdropping History...

On Nov. 17, 1973, President Nixon told an Associated Press managing editors meeting in Orlando, Fla., that "people have got to know whether or not their president is a crook. Well, I'm not a crook.''

Kennedy "I have never had Addison’s disease."
Johnson "We still seek no wider war"
Nixon SEE ABOVE
Carter "I would not use military force to free the hostages"
Reagan "We did not -- repeat did not -- trade weapons or anything else for hostages nor will we."
GHW Bush "Congress will push me to raise taxes...and I'll say read my lips, no new taxes!"
Clinton "I did not have sexual relations with that woman Miss Lewinsky"
GW Bush "We have found Weapons of Mass Destruction in Iraq"

Quote of the Day = The Number One Ring Tone in Egypt

"I deny all these accusations completely."
HOSNI MUBARAK, the former president of Egypt, in court on charges of corruption and complicity in the killing of protesters. (more)

Business Espionage: Quote of the Week

Kommersant, a leading financial newspaper in Russia, interviewed Raili Maripuu, WhiteRock’s Managing Director for this week’s major business trend analysis. The article is dedicated to the growing threat of industrial espionage from China and following the trade secrets theft scandal surrounding the French car producer Renault. 

Miss Maripuu explains that: "Any successful company with a value is a likely target to its competitors. Information gatherers do not necessarily choose a particular sector to attack - espionage happens across the board." (more)

Quote of the Week

Not the actual eavesdropper.

The eavesdropper who overheard Jim Kirk of Kelley Drye & Warren (adjacent post), in the first-class car on the Acela heading back to his office in New York offers some advice to fellow travelers: "Just because the person in front of or beside you has ear buds in, doesn't mean they're listening to music."

Business Espionage - "I worry about it every day... I'm sure it is happening." - GM CEO

The chief executive of one of the world's biggest car makers has acknowledged that industrial espionage is a major threat to the company that worries him "every day".

General Motors' chief executive, Dan Akerson – speaking as revelations of leaked corporate secrets rocked rival Renault – said he is sure there are "attacks on GM's intellectual property". "I worry about it every day," Mr Akerson said, expressing sympathy with Renault's plight. "I don't know of any individual cases but I'm sure it's happening." (more)

You can also bet he is doing something about it. ~Kevin

Why you want us on your team in 2011...

“The secret of business is to know something that nobody else knows.”
—Aristotle Onassis (1906-1975)

You know some things.

We help you keep them confidential.

Have us check your offices for bugs, taps and more in 2011.

—Kevin D. Murray, counterespionage.com

Time to Recycle the Quote of the Century

“The growing use of the electric automobile, with its many advantages of simplicity, ease of operation and noiselessness, has resulted in a demand for some means of conveniently charging the batteries.” — GE Bulletin No. 4772, September 1910.

Spy Story #771 - Famous Last Words

"Let's go with the low bid on this sweep thing." 

(Corporate takeover victim. Not a member of the Murray Associates client family.)

Quote of the Week - On NSA Extroverts

"Last NSA party I was at was pretty boring, it was full of NSA extroverts, they were too busy looking at everyone else's shoes!" ~ William Knowles

Hope everyone finds a better party this weekend.

Quote of the Week - The BugNets are Coming

"Remote surveillance is a significantly invasive threat, arguably even more so than identity theft. As it stands now, most vulnerable devices (mobile devices and computers) do not have the protection necessary to distinctly address microphone or camera hijacks. As a growing number of mobile devices with exploitable operation systems gain more reliable Internet access, this long standing problem is reaching a critical potential." 

from Roving Bugnet: Distributed Surveillance Threat and Mitigation
by Ryan Farley and Xinyuan Wang

From the Art imitates life file: "Eavesdropping is...

"Eavesdropping is the easiest form of investigation in Assassin's Creed." - via Assassin's Creed wiki

Quote of the Week - On Bug Sweeps

"...if a client thinks they are being 'bugged' at home or work you would be remiss if all you did was 'sweep' the office for listening devices." Ed Stroz, quoted in "Private Investigations in the Information Age" (more)
 

Ed is correct. There are many ways information leaks out and secrets are stolen. A good counterespionage specialist take this into consideration. However, the inspection for electronic surveillance devices comes first. 

Why are sweeps done first?

• Bugging is the easiest intelligence collection technique to discover.

• To eliminate (or prove) bugging before accusing people.

And, why are the most effective sweeps conducted pro-actively?

• Intelligence collection is a leisurely process. Conversations and information are collected – in many ways – long before they are used against you. Until this collected intelligence is used, no harm is done. No losses suffered. Pro-active sweeps detect snooping early – thus, drastically reducing the potential for loss.

• Smart clients don't wait until they "think they are being bugged."

• Losses are always more costly than bug sweeps.

Quote of the Day - The Off-Site Meeting

"And, if you're into taxes...the American Institute of Certified Public Accountants kicks off its National Tax Conference at the J.W. Marriott in Washington. Hanging around the hotel and eavesdropping between now and Friday, when the conference closes, could save you thousands of dollars." ~ Marc Ambinder, The Atlantic (more)

This is an off-handed, humorous comment.
It is also deadly accurate.

I handle counterespionage strategy for my client's off-site meetings. Hotels and conference centers are the worst. It is not at all unusual to catch the competition (and unidentified others) hanging around, eavesdropping, crashing meetings and banquets, picking up unsecured papers and engaging meeting participants – one indiscretion can blackmail a loyal employee into becoming a million dollar problem.

The technical possibilities for eavesdropping are considerable as well. Bugs are easy to plant. Most meeting presenters use wireless microphones.

Competitors reserve a cosy hotel room above the meeting rooms. They arm themselves with a sensitive radio receiver and a directional antenna. Crashing a meeting is a no-brainer.

You can see how a 2-3 person team from the competition could clean up with very little investment. One might almost call them negligent if they weren't there.

Having an off-site meeting?
Get a counterespionage strategy.
Avoid leaking your corporate blood.

Quote of the Day

"In essence, unless the company premises have been swept for bugs, there’s no guarantee that somebody hasn’t been listening in to your conversations regarding sensitive issues. This could of course result in information regarding the company’s products or services being leaked to competitors in the field. Of course not many corporate managers like to acknowledge the fact that this could happen but the truth is; it can and does happen." - Jacques Amaya, The Tech Edition

Quote of the day - Grapes of Wrath

"I hate cameras. They are so much more sure than I am about everything."
--John Steinbeck

Quote of the Month - Hail to the Chief

"I came out with an encrypted drive. Every country in the world wanted me to put a back door into it [for security eavesdropping]. We refused. It’s not a secure drive if it has a back door." Bill Watkins - chief executive of Seagate, the $13 billion Scotts Valley, Calif.-based hard disk drive maker. (more)

What It Takes to be a Spy

Former MI6 spy Harry Ferguson has revealed the skills necessary to be a real-life James Bond.

Resourcefulness: "It might surprise people, but unfortunately in real life out gadgets often don't work when we need them and so you have to adapt."

Observation: "You have to understand what you see, like if someone has you under surveillance or if you spot a face you saw in a briefing a few months earlier."

Empathy: "People must have trust in you, and you must protect them."

Weapon skills: "In the past agents did not really have to use arms, but with the work now in Iraq and Afghanistan that has changed."

Coolness: "The ability to stay unshaken involves keeping your level of eye contact normal and retaining a relaxed body posture."

Social skills: "You have to move in playboy circles, and go to Monte Carlo and drive a flash car and be able to carry it off like a natural.

Languages: "The more easily you can slip intro a foreign country without drawing attention, the better."

"If we're going to use gadgets, a lot of the stuff you can get in shops will do. If you plant a commercially made bug and it's found, it's not tied to a government organisation. The last resort would be a gadget made by the technical sections at MI6." (more)

You might also want to review...
What does a spy look like?
Quiz - Would you make a good spy?
Why do I mention this?
So you will know who you are up against.