Friday, January 2, 2009

The spy doth protest too much, methinks.

Remember the story Queen's Electric Teapot 'Bugged'?
It happened in The Queen's Scottish Castle, Balmoral.
If not, take a moment to review.


A Scottish newspaper, The Press and Journal, is now reporting... Russian ex-secret agent rejects Balmoral samovar bugging claims. Unfortunately, reporter, Ryan Crighton's fact-checker must have taken the day off. (It was New Year's Day).

Let's review the story...
"A former Russian agent (Mikhail Lyubimov) has rejected claims that the Royal Family’s north-east residence was the target for Soviet spies." This reflects the official Russian position. Lyubimov, now a novelist with a Kim Philby book under his belt, backed Russian official position during the last British/Russian spy row, as well.

"...(Lyubimov) dismissed the reports, saying that the alleged bugging method was ineffective and useless." No surprise here, but no logic either.

“'Buckingham Palace and the Queen were never objects of great interest to us...'" No verisimilitude here, either. Russian surveillance, dating back to 1832, is famous. Everything is a possible target. Getting a bug into the Queen's Castle - even an "ineffective and useless" one - would be a major brag for the KGB.

"...a souvenir which had been given to the US in the 1960s contained a bugging device, however." Funny, one would think a Cold War secret agent would be more familiar with his agency's biggest hit. The Thing, as it was called, was "given to the US" in 1946 and discovered in 1952.

John La Carre, another ex-secret agent turned spy novelist, summed up his opinion of Lyubimov's last documentary novel this way: "Mikhail Lyubimov isn't just an ex-KGB officer. He's a ... mischievous novelist and a skillful self-publicist. My hunch is, we're dealing with one of his little fantasies..." Who knows if Mr. La Carre's hunch is correct, but...

"Madam, how like you this play?"
Hamlet Act 3, scene 2, 222–230

If you have read this far, you will really want to see this!

Thursday, January 1, 2009

SpyCam Story #505 - The Church Robber

NC - The Cleveland County Sheriff's Office is searching for a man who was caught on camera stealing electronics from a church. Anyone with information on the man should call Cleveland County Crime Stoppers at 704-481-TIPS. (more photos)

Side lesson: If you buy a CCTV system to document crime, be sure to consider picture quality. Just keep repeating, "Facial recognition. Facial recognition. Fac..."

Dog Bites Man Story (Bug Version)

Australia - Russian intelligence bugged Australia's embassy in Moscow, cabinet documents published by the National Archives today show.

The major security breach is revealed for the first time in a cabinet minute recording that foreign minister Andrew Peacock briefed cabinet on July 25, 1978...

It was not the first occasion that listening devices had been found at the Australian embassy in Moscow.
An extensive array of microphones were found in the newly established chancery in late 1946. Australian embassies in other Eastern bloc countries were also subject to ''technical attack'' by communist intelligence services. (more)

Recent USB Memory Stick Policy Poll

Many organizations have policies governing the use of thumb drives.
What best describes your situation?

A. Thumb drives are banned and not used. (41%)
B. Thumb drives are banned, but we still use them on occasion. (12%)
C. My company had no policy on the use of thumb drives. (46%)
(source)
(I know, it only adds up to 99%. Take it to PollDaddy.com)

Bugging Device Found - Şeref Sağıroğlu Smiles

Turkey - A covert listening device has been discovered at the headquarters of the main opposition Republican People’s Party (CHP) in Ankara.

The bugging device was found in the office of Algan Hacaloğlu, the CHP’s assistant secretary- general, earlier this week by his secretary. The CHP’s chief accountant, Mustafa Özyürek, said on Tuesday that experts were examining the device. (more) (told you so)

Wednesday, December 31, 2008

Lecture - “Electronic Eavesdropping on the Presidents — and Living to Tell About It”

Vero Beach Museum of Art’s
2009 Distinguished Professor Lecture Series

Feb. 18: George H. Gilliam, University of Virginia,
Electronic Eavesdropping on the Presidents — and Living to Tell About It

Budget Booster #493 - Economic Espionage, UP

"The Cold War is not over. It has merely moved into a new arena: the global marketplace." -- The U.S. Federal Bureau of Investigation

The U.S. Federal Bureau of Investigation also notes that foreign competitors try to find economic intelligence in three ways:
1. Aggressively targeting and recruiting susceptible people, often from the same national background, working for domestic companies and research institutions.
2. Hiring or bribing people to steal information, search through dumpsters and tap telephones.
3. Setting up seemingly innocent business relationships between foreign companies and domestic enterprises to gather economic intelligence including classified information.

During a recession, expect external and internal problem to increase...

Twelve Internal Spybusting Tips...

1. Recognize the threat. Economic espionage is more likely to happen if your business isn't prepared. Once the risk is acknowledged, management must take an active role in ensuring that the company puts into place tactics to effectively combat theft. Prime example.

2. Know the criminals' methods. Confidential information is often stolen, concealed or carried away. Data can be copied, duplicated, sketched, drawn, photographed, downloaded, uploaded, altered, destroyed, replicated, transmitted, delivered, mailed, communicated, or conveyed.
(Electronic eavesdropping is also common and very effective. Fortunately, you can discover it easily.)

3. Monitor database access logs. Many fraud detection engines can be used to keep an eye on the number of times a database is accessed, as well as the number of documents that are printed by each user.

4. Encrypt electronic files so that they cannot be read or taken off the premises.

5. Mark as confidential any sensitive documents, photographs and sketches.

6. Prohibit photocopying of trade secrets and other sensitive company information. Consider forbidding cameras on the premises, including those included in cell phones.

7. Remind departing employees during exit interviews of their obligations and your company's trade secret protection policies.

8. Warn all staff to change their passwords if there is the slightest chance they may have shared them with a former employee. Colleagues often share passwords even when that practice violates an enterprise's policy.

9. Coordinate denial to both the building and computer accounts as soon as an employee leaves the business. Let colleagues know a person has left the company. Otherwise, they might unwittingly allow a former employee on the premises.

10. Maintain logs of employees in the company who have rights to access trade secrets.

11. Review technical literature, service manuals, press releases and other material distributed outside the company. Similar reviews should be made of regulatory filings and patent applications. Watch what employees disclose at industry trade shows.

12. Consult with a forensic specialist to help your business set up the appropriate infrastructure to detect, classify and protect the intellectual property. Trade secrets are the core of your company. (more)

Occam's razor & TSCM

Occam's razor - a 14th Century principle which states that the explanation of any phenomenon should make as few assumptions as possible. Good advice.

These days Occam's razor is often -
incorrectly - paraphrased as, "All things being equal, the simplest solution is the best." Wrong, because a simple phenomenon - like information loss - may be complex in structure.

Occam's razor is more correctly interpreted as, "Simplify. Consider just essential and relevant elements. Exclude assumptions."
This is the basis of Murray Associates security consulting philosophy.

Historically...
1. Most information losses are caused by people - insiders, not spies.

2. Some information losses are caused by poor security - unlocked desks, not picked locks.
3. A few information losses (the worst, and easiest to discover) are technical - bugs in rooms, not laser beams bounced off windows.


Practical prioritization...

1. Before you accuse people, eliminate the eavesdropping possibility.

2. While doing this, conduct an information security audit.

Upon completion, pin-pointing problem people and bolstering defenses is easy.


It pays to think before acting;
plan before spending money.
Let's plan.
~Kevin

NSA patents a way to spot network snoops

The U.S. National Security Agency has patented a technique for figuring out whether someone is tampering with network communication.

The NSA's software does this by measuring the amount of time the network takes to send different types of data from one computer to another and raising a red flag if something takes too long, according to the patent filing. (more)

The first thing that everyone asks is, "If this was developed with taxpayer money..."

Calm down, your two cents were taken into consideration.
If you are an American taxpayer, you own a piece of this...
Assignee: The United States of America as represented by the Director, National Security Agency (Washington, DC)

"Are there any entry-level TSCM jobs?"

Not very many,
but here is one...

PRINCIPAL DUTIES AND RESPONSIBILITIES
The Technical Security Specialist responsibilities including, but not limited to:

• Review and make recommendations for technical security upgrades design based on counter-threat plans, physical security and technical security policies.
• Providing support services for a comprehensive technical security program designed to protect facilities and employees. Assists in developing and reviewing technical security designs for facilities. Providing input/review of proposed policies.
• Working under the direction of a Sr. TSCM specialist, to advise, and assist program office personnel on matters of technical security policy, procedures, and regulations.
• Conducting technical security needs surveys for preventing unauthorized access to facilities and possible loss of life or classified information. Providing a report of findings for each survey conducted...

REQUIREMENTS
The Technical Security Specialist shall possess the following background, knowledge, and skills... (
more)

Tuesday, December 30, 2008

1957 - How To Tap A Phone

Over 50 years ago, Mechanix Illustrated magazine promised us flying cars and ways to tap phones.

Guess which one people-of-the-21st-Century are doing today...

"There are many ways to tap a phone... used to great advantage at home or in the office." (more)

Alert: DECT Hacked

Heise Security is reporting that... researchers in Europe's dedected.org group have published an article (pdf) showing how to eavesdrop on DECT transmissions, using a PC-Card costing only EUR 23. The DECT protocol is the world's most popular wireless telephony protocol. The standard is also used in baby monitors, emergency call and door opening systems, wireless debit card readers and even traffic management systems. There are hundreds of millions of terminals using the DECT standard. Also announced, the next version of the WLAN sniffer, Kismet, will support DECT, thereby rendering tricks with laptop cards superfluous. (more)

Rare: A Bugger Speaks Out About His Craft

Today, the technologies for communications monitoring and recording conversations are so advanced, practically unnoticeable, and easily available...

An electronics technician from Skopje (Macedonia) who is selling these devices has had a very unpleasant experience with the victims of his clients. He insisted that we do not publish his name.

I’m only making these devices, and I am not responsible for how people are using them. My “bug” has a range of 50 meters, and the recording can also be heard on a mobile phone. It is recording excellent on an FM-radio frequency, except when waves from the radio stations in Skopje are causing interference – he says, while showing us the small transmitter...

“A professor from a gymnasium in Skopje called me. I could feel the anger in his voice. He caught his students cheating during an exam by using my “bug”. What can I say; I am not encouraging children to do this. I also explained to him that there are also other young electronics technicians, who are manufacturing transmitters” he said.

Let me be clear, I am not selling these devices so that they could be abused. Some people are using my “bugs” to discover marital infidelities. Sometimes people are calling me, as if I had placed the device. I want these devices to be used for noble purposes, so that mothers could hear their babies crying, for instance. I am even prepared to give one of my bugs to each mother with twins, he added.

The devices of the Macedonian electronics technician are just part of the technological array of devices that can be used for eavesdropping. Almost all of the mobile phones have voice recorders. The new voice recorders are so small that they can be hidden in one’s sleeve. Online store “e-Bay” and other websites are selling mobile phones worth up to 1,000 euros that can be used to eavesdrop on other mobile phones. Hacker websites on the Internet are offering small programs for free, that can be sent via e-mail, that are afterwards sending back usernames and passwords of the email’s user to the original sender. The list is quite long. There are even so called “spy shops” in the USA. (more)

Monday, December 29, 2008

Security Budget Cuts Cost More Than They Save

• "If it were to become manifest just how routinely hugely sensitive corporate and governmental data is being hacked, I can guarantee that none of us would rest easy in our beds again."

• "Sixty percent of office workers faced with redundancy or the sack admit they will take valuable data with them, if they could get away with it! 40% are downloading sensitive company secrets right now under their bosses nose in anticipation that they could lose their job."

• "Sixty-two percent of workers admitted it was easy to sneak company information out of the office."

• "In the wake of the recession, more businesses are facing a growing financial threat: employee theft. New research shows that employers are seeing an increase in internal crimes..."

• "More than half the workers surveyed who admitted to already downloading competitive corporate data said they would use it as a negotiating tool to secure their next post because they know the information will be useful to future employers."
To read the whole story behind each of these quotes, visit: interopsgroup.com

Thus proving, if they can read, they can spy...

"Password guessing is hard work. Why not just sniff credentials off the wire as users log in to a server and then replay them to gain access? If an attacker is able to eavesdrop on Windows login exchanges, this approach can spare a lot of random guesswork. There are three flavors of eavesdropping attacks against Windows: LM, NTLM, and Kerberos.

The most capable of these programs is Cain, which seamlessly integrates password sniffing and cracking of all available Windows dialects (including LM, NTLM, and Kerberos) via brute force, dictionary, and Rainbow cracking techniques..." (more)
Excerpt from the 10th anniversary (6th edition) of Hacking Exposed, published by McGraw-Hill/Osborne, "The World's Best Selling Computer Security Book." That's a lot of spy potential.