Over at Canadian Security Magazine, my first article explained the nature of security intelligence (SI) and its OPSEC challenges. This second article explains the OPSEC challenges facing security intelligence in an iconic commercial enterprise or location.
Archive for the 'Intelligence Services' Category
So you want to use Chrome as your browser. Are you aware that it has recently been reported that a Chrome Bug Allows Sites to Listen to Your Private Conversations?
The best way to avoid this threat is as follows:
- Go to chrome://settings/content
- Scroll down to Media
- Select “Do not allow any sites to access my camera and microphone.
This will disable Google’s Conversational Search, etc. but security will be increased.
I never liked the way Chrome ‘phoned home’ to Google with user tracking, bug tracking etc. I have also found extensions that had malware-filled updates. However, it is faster than Firefox, which over the course of a research project may save hours of extra time. I resisted using Chrome due to security & privacy issues.
I now use is Comodo Dragon, which is based on the open-source Chrome browser, however, it is more private and secure if used properly. I disable the camera & mic as SOP, so I haven’t investigated how Dragon responds to this exploit. The setting change that I outlined was in reference to the actual Chrome browser and this particular exploit, there may be more that I don’t know about.
I am very careful about exposing myself to the internet. My outward-facing computers don’t have cameras or mics to entirely circumvent malicious software like this and the likes of Finspy.
Windows Error Reporting (WER) is a crash reporting technology introduced by Microsoft with Windows XP. However, we now know that it may send Microsoft unencrypted personally identifiable information contained in the memory and application data that may make you vulnerable to attack. WER is turned on by default. WER from Windows 8 may now use TLS encryption.
The Snowdon leaks described how the U.S. National Security Agency intercepts the unencrypted WER logs to fingerprint machines like some malware to identify potential system, network and application weaknesses to execute attacks that move through an enterprise network. WER reports on more than Windows crashes. It reports hardware changes, such as the first-time use of a new USB device and mobile devices. It sends time-stamp data, device manufacturer, identifier and revision, along with host computer information such as default language, operating system service pack and update version, hardware manufacturer, model and name, as well as BIOS version and unique machine identifier. This creates a blueprint of the applications running on a network to help an attacker develop or execute attacks with little chance of detection.
This is only one example of the OS, applications, browsers, etc. leaking information that the investigator must be aware of when conducting investigative internet research.
To shut-off WER in Windows 7 go to Control Panel>System and Security>Action Center>Change Action Center settings>Related settings>Problem reporting settings. The selections for “Each time a problem occurs, ask me before checking for solutions” and “Never check for solutions” disable WER. Choosing Never check for solutions will fully disable error reporting in Windows 7.
In a previous article, I wrote about a system that created a single point of failure. In a strategic sense, computers and IT as a whole have become a single point of failure in both government and industry.
Chinese military leaders call automation the great equalizer, since its enemies heavily depend upon computers. An effective attack upon their enemy’s IT infrastructure provides an immediate and disproportionate impact which is the core concept of asymmetric warfare.
This asymmetry benefits the attacker, regardless of his motives or methods.
This is how to built yourself a very robust personal Intelligence Agency. Every intelligence agency in the world tracks key words, information patterns, and news events from a central aggregated location.
- Create a Google account while being discrete with the information you put in the profile.
- Log on to your Google account and in the top left of the screen go to more then down to even more and select Alerts, which appears as the first link on the More Google Products page. Set up a number of these alerts for “news” and “blogs” based on your search terms. Set each of these to “as-it-happens” to e-mail you with a link to the article.
- Set up your smart phone to receive these alerts, and code the incoming messages with a special sound. You’ll then get a specific sound on your smart phone with each Google Alert.
- Establish a Google Reader account. Subscribe to all the blogs you can find on your topics of interest. Google Reader includes a search bar to help search through the dross to find the good stuff. You now have an online central location from which you can manage your information intake.
- Over time, add more and more RSS feeds. Intelligence agencies have them, and so should you. You will be surprised Google Reader and the Google Alerts you will consistently outperform major news organizations in bring actionable intelligence to your attention. The may give you a competitive edge.
- Check your favorite blogs and and those that they are linking to consistently. Add these RSS feeds to your reader. Check the blog rolls of the blogs to which you subscribe and add all of their RSS feeds to your reader. To vet these new sources, use the reader’s search facility.
The CIA announced that their World Factbook Web site had been redesigned. I’m not the only person who constantly relies on this — over 3 million visitors access the online Factbook monthly. That’s not surprising as the World Factbook provides information about the background, geography, people, government, economy, communications, transportation, military, and transnational issues for 266 countries and other entities.
I really like the new features of reporting world rankings for data like life expectancy. Another new feature is the “Field Listing” icon that gives you an alphabetical listing of countries for that field so that you can do your own comparison of data that can’t be ranked.
This is a timely resource — it is updated every two weeks and the updates are logged on a special page. Though I wish either the country entries or data fields indicated the last update, but that might be asking too much.
If you want to avoid all the Flash content use the text-only version. I’m not a big fan of Flash, but this is a very well executed use of it that makes the World Factbook more useful.
An excellent article about the “recent discovery of Chinese cyber warfare attacks on foreign computers, on communication computers of visiting dignitaries, and espionage activities to assist a friendly country is building weapons of mass destruction (WMDI)” entitled China’s Silent Warfare at BLOg Source INTelligence reveals a lot about China’s espionage and cyber attack strategy.
Under certain circumstances, if you lose sight of your mobile telephone, then you may reasonably assume it has been compromised. These circumstances are more common than you might think. Here are two cases of this that I have encountered over the last year or so. Continue reading ‘Mobile Phones & Tin Foil Hats’
I’m sometimes referred to dismissively as the Investigator who searches databases, or the guy who gets other people to do research and just manages the report writing (they can’t grasp the concept of a Project Manager). These people dinosaurs just don’t understand that the conduct of knowledge work has changed and that it will continue to change. Industrial technology brought about the Industrial Revolution, now information technology is bringing about an Intelligence Revolution.
For example, the news media acknowledged that Wikipedia was the clearing house for information about the Virginia Tech shooting. Over 8000 amendments to the Wikipedia article were posted in 2 weeks. A former director of the National Security Agency told congress in 2002, “Al-Qaida did not need to develop a telecommunication system. All it had to do was harvest the products of a three trillion dollar a year telecommunications industry; an industry that had made communications signals varied, global, instantaneous, complex, and encrypted.”
Open sources, open systems, and advanced telecommunications technology are changing how any form of intelligence collection and reporting is done. These developments have also changed how we have to look at the Intelligence Cycle. The decision-makers and intelligence professionals must now come together within the same space and time to focus on the target in a collaborative model using easily configurable open systems. ( An open system, in management science, is a system that is capable of self-maintenance on the basis of throughput of resources from the environment and usually operated on a computer system that provides a combination of interoperability, portability, and open software standards.) In effect, contributors, analysts, and end-users must employ every tool available simultaneously. There is no time for the traditional Intelligence Cycle to function. Clark’s Intelligence Analysis: A Target-Centric Approach, 2nd Edition and the “fusion cells” in Iraq may offer models for this more focused, collaborative, and time-compressed intelligence process.
This presents management difficulties associated with the resistance to change, training, organisational structure, the introduction of new technology, and outsourcing. Contractors will collect and fact-check data before entering it into an open system for further processing. Portions of intelligence projects will be managed by outside contractors who compile data from many sources and then feed the results into the open system. Contractors will create chronologies, social network maps, link diagrams, and databases, all of which will be available through an open system. Everybody involved with collection will have some contact with the end user or project manager.
These changes are starting to happen in the public sector. If you do competitive intelligence or complex investigations in the private sector, then you need to start changing your work processes or be left behind by your competitors. Adapt, or become a fossil.
Massively Multiplayer Online Role-Playing Games (MMORPG) like World of Warcraft are little more than communication tools and some terrorism and intelligence experts are concerned that it is theoretically possible that such platforms as MMORPG’s and Second Life might be used to plan terrorist attacks. For an overview of this topic see The Ongoing Debate About The Possibility of Terrorists in Virtual Worlds at The Evince Blog.
Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption, or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, US Customs and Border Protection and US Immigration and Customs Enforcement… DHS officials said that the newly disclosed policies — which apply to anyone entering the country, including US citizens — are reasonable and necessary to prevent terrorism… The policies cover ‘any device capable of storing information in digital or analog form,’ including hard drives, flash drives, cell phones, iPods, pagers, beepers, and video and audio tapes. They also cover ‘all papers and other written documentation,’ including books, pamphlets and ‘written materials commonly referred to as “pocket trash…”
It seems the best thing is to keep encrypted files on a network drive at home, and download the needed encrypted data after crossing the border.
By now you have heard of the secret intelligence files left on a commuter train in England.
Keith Vaz MP, chairman of the powerful Home Affairs select committee told the BBC: “Such confidential documents should be locked away…they should not be read on trains.”
This should be a reminder to the private sector regarding trade secrets.
A trade secret is not protected by a Patent, Trademark, or Industrial Design. A trade secret is confidential and proprietary information that you protect because of its commercial value and the competitive advantage that it produces for your company.
Exposing a trade secret in public by working on a critical document on an airplane, leaving a trade secret on a commuter train, or exposing it in an proposal, may eliminate the confidential nature of the data, and once you do that, you have, by definition, given up protecting it, therefore, it is not a trade secret that you can claim as proprietary — your former trade secret moves into the public domain for all to see and use.
As a competitive intelligence practitioner, I often find former trade secrets loose in the public domain due to irresponsible security practices. If the owner does not protect the trade secret, it ceases to be confidential and proprietary data, and is likely to become somebody else’s competitive advantage, or worse still, it might become a standard practice for an entire industry.
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB “thumb drive” that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer.
It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
COFEE, according to forensic folk who have used it, is simply a suite of 150 bundled off-the-shelf forensic tools that run from a script. None of the tools are new or were created by Microsoft. Microsoft simply combined existing programs into a portable tool that can be used in the field before agents bring a computer back to their forensic lab.Microsoft wouldn’t disclose which tools are in the suite other than that they’re all publicly available, but a forensic expert told me that when he tested the product last year it included standard forensic products like Windows Forensic Toolchest (WFT) and RootkitRevealer.
With COFEE, a forensic agent can select, through the interface, which of the 150 investigative tools he wants to run on a targeted machine. COFEE creates a script and copies it to the USB device which is then plugged into the targeted machine. The advantage is that instead of having to run each tool separately, a forensic investigator can run them all through the script much more quickly and can also grab information (such as data temporarily stored in RAM or network connection information) that might otherwise be lost if he had to disconnect a machine and drag it to a forensics lab before he could examine it.
Chinese Use Front Companies, Students, Tourists, & Businessmen to Spy
Two men attempting to board a plane to China with nearly a dozen sensitive infrared cameras in their luggage were arrested on Saturday, a federal official said.
Yong Guo Zhi, a Chinese national, and Tah Wei Chao, a naturalized U.S. citizen, were arrested for investigation of trying to take thermal imaging cameras with potential military use to China without the proper export licenses, Weir said.