A client that operates a security guard company called recently to ask a question spawned by a structure fire near one of the buildings his company guarded. He wanted to know if his guard posts could monitor the news and social media for events near the sites that they guard. All these sites have high-speed internet access. Continue reading ‘Social Media Monitoring for Security Departments’
Archive for the 'Security' Category
Page 2 of 9
Windows Error Reporting (WER) is a crash reporting technology introduced by Microsoft with Windows XP. However, we now know that it may send Microsoft unencrypted personally identifiable information contained in the memory and application data that may make you vulnerable to attack. WER is turned on by default. WER from Windows 8 may now use TLS encryption.
The Snowdon leaks described how the U.S. National Security Agency intercepts the unencrypted WER logs to fingerprint machines like some malware to identify potential system, network and application weaknesses to execute attacks that move through an enterprise network. WER reports on more than Windows crashes. It reports hardware changes, such as the first-time use of a new USB device and mobile devices. It sends time-stamp data, device manufacturer, identifier and revision, along with host computer information such as default language, operating system service pack and update version, hardware manufacturer, model and name, as well as BIOS version and unique machine identifier. This creates a blueprint of the applications running on a network to help an attacker develop or execute attacks with little chance of detection.
This is only one example of the OS, applications, browsers, etc. leaking information that the investigator must be aware of when conducting investigative internet research.
To shut-off WER in Windows 7 go to Control Panel>System and Security>Action Center>Change Action Center settings>Related settings>Problem reporting settings. The selections for “Each time a problem occurs, ask me before checking for solutions” and “Never check for solutions” disable WER. Choosing Never check for solutions will fully disable error reporting in Windows 7.
Managers sometimes tie themselves into knots worrying about the risk or threat rather than analysing the impact of interrupted business processes. My advice is to stop fretting about the cause and concentrate on alleviating the impact of the interrupted business processes.
To do this, defeat the problem in detail as follows:
- Decide which processes are critical and which are not.
- Determine how long any particular process can be interrupted before it’s loss become detrimental to operations, profitability, and customer satisfaction.
- Design a plan of action to determine if the disruption will continue beyond the tolerable time limit.
- Have a plan to replace each missing process.
- Plan for the concurrent loss of several critical processes.
The key to a successful business continuity plan is concentrating on the critical day-to-day operations.
How does this relate to investigtion and research? The answer is quite simple:
- Have you ever done a security survey?
- Have you ever done a competitor SWOT analysis?
- Have you ever done due diligence on a critial supplier?
A few months later and another practice disaster is under way. These practice sessions are supposed to take the emergency out of emergency management.
The building’s automated locking system is working properly now. The new security guard provider is more responsive and the guards are performing their jobs in a more professional manner this time around. The performance of the maintenance staff has improved and the ground floor windows are completely boarded-up. Ten hours into the exercise and the generators are running flawlessly. Everything inside the building is working properly, people included. After breakfast, I decided to look for something that is screwed-up.
A Vapour on the Wind
It’s a nice Sunday morning — cool but slightly overcast as the sun rose. I decide to take a walk around the neighbourhood. Not much is moving about this early.
The additional soundproofing surrounding the generators eliminates their sound entirely when standing at street level, even at dawn on a Sunday.
I start to crave another coffee but nothing is open this early so I take another walk around the building. Somebody is up early, that bacon smells better than the oatmeal I had for breakfast.
Now I realise how I screwed-up this time.
Nine Meals From Anarchy
Nine meals from anarchy is an expression coined by Lord Cameron of Dillington who headed the Countryside Agency to describe the precarious nature of Britain’s food supply. If some catastrophe occurs and the supermarket shelves are not restocked, he estimated that they had three full days without food on supermarket shelves before law and order started to break down and British streets descended into chaos. This isn’t far-fetched – it happened in New Orleans in the aftermath of Hurricane Katrina.
The smell of cooking bacon would be very enticing to somebody who hasn’t eaten for three days. If this occurred during a protracted cataclysm, then it would add some emergency back into emergency management. Hungry people, especially normally over-fed but now hungry people, will do almost anything to get food.
Practice doesn’t make perfect – it shows you how many ways you can screw-up. I’m a big believer in practice.
I was working on a project to improve a company’s emergency preparedness that began with a risk assessment which then led to many interesting adventures. One adventure was a little bit of practice to test how they could operate during an extended power outage.
The extra guards didn’t show-up on time. The maintenance staff didn’t want to play the game unless they got time and a half. Someone had pilfered about half of the plywood with an intumescent coating intended for window coverings. The fancy locking system left all the doors open on one side of the building. So far, so good!
Wandering around outside, I was marvelling at how quiet the generators were – those mufflers were really good. Things were going just fine and I was enjoying the nice spring day and then the generators started to make strange sounds, then they belched black smoke. Then they died an ignoble death. Oh well, we got through four and one half hours and the imaginary blackout became permanent.
Now it was time to earn my keep. I had to quantify the screw-ups. The worst was the generator failures. All the generators died as if on cue. We traced this to a single diesel fuel source for all the generators. A single point of failure is never good.
I learned that the new low sulfur diesel creates a storage problem. While the reduced sulfur is good for the environment, it eventually mixes with water that condenses in the fuel tank to form black sediment or emulsified water that can damage the engines. No system was in place to deal with this problem. Some research revealed the type of filtering system needed to maintain the usability of the fuel.
No good deed goes unpunished. I became the point man for the efforts to correct this situation. Product sourcing, procurement, and construction – who knew I could do all that stuff?
Google and other search engines are wonderful things for gathering information, we all know that, but what if people with evil intent are gathering information about you?
Getting out of Street View
Google Street View provides a great deal of data that can be used to plan an attack on a facility, a person, or to conduct a kidnapping. Google offers an easy, free, and effective way to restrict access to this data.
At a client’s home, I found that his car licence plate was legible. This usually occurs when the car is parked inside a garage or car port. At the client’s workplace, several security measures were clearly visible as were other features of the facility that raised concerns.
Google’s solution is to place an opaque digital wall around your house or facility. To get out of Google Street View, first search for the street address. Once the property is visible, you will find a small box at the bottom right of the image that says “Report a problem”. Click on this to select a reason for blurring the image of the property. I usually select Other: This image presents security concerns. Add some discriptive data to help Google identify the property and complete the CAPTCHA (an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”) thing that takes me several tries to get right. In 2 or 3 days a blurred wall should appear around the property.
Far too often, security relies on brawn alone — uniformed guards, guns, alarms, locks, armoured vehicles, blast and ballistic resisent engineering. Unfortunately, force can be defeated by guile and superior force.
An example of brawn’s failure is that of Alfred Herrhausen, the Deutsche Bank Chief who was murdered by the Red Army Faction in 1989.
He knew that he was a target. He had a thirty-man security detail and armored vehicles. His murderers had work clothes, a city works vehicle, and explosives. Posing as city workers, his murderers engaged in their own construction project to mine the road that their victim frequently used.
Brawn thrice failed. The first failure was to notice the initial surveillance that led to the terrorists identifing the attack site. Second, brawn failed to recognize and regularly inspect an obivous attack location. Finally, the terrorists were engaged in their construction project for about one month and the security detail didn’t call the city to confirm that the construction activity was legitimate.
The brain would have had a surveillance detection detail. The brain would conduct a route survey to identify likely attack locations. The brain would assign the surveillance detection detail to observe possible attack locations to look for unusual activity. The brain would have called the city about the construction activity.
The brain’s greatest enemy is the budget wala. Brawn is tangible, surveillance detection isn’t. Surveillance detection is like insurance — an expense for something you probably won’t use. Budget walas want proof that surveillance detection is worth the cost because when they spend money on brawn they get something tangible.
A working group for Internet regulators at ICANN wants to close all Whois databases. They what to force anybody needing this data to grovel before them before granting access. They are trying to centralize global control over a key component of the Internet. WHOIS allows you to find out who owns a domain name. Without this data, fraud and other crimes will become easier to commit and harder to solve.
Recently, I wrote about the dangers of government action when preparing for adverse conditions. While conducting some research on this topic for a planning document I came across a couple of interesting examples.
In the old Soviet Union during the Chernobyl reactor catastrophe, it became illegal for an ordinary citizen to possess any type of radiation meter. I came across reports that Japanese police confiscated radiation meters from citizens who were taking their own measurements after the Fukushima disaster.
Perhaps I should have recommended that the client read Fuller’s The Day We Bombed Utah.
Security professionals undertake planning in relation to threat spirals. As a threat escalates, it inspires new defensive countermeasures. The security professional endeavors to get inside an opponent’s threat spiral. This means anticipating the next escalation and instituting countermeasures that insulate his principal from the future threat. Getting inside an opponent’s threat spiral requires tools, technology, and manpower.
Some form of surveillance usually precedes attacks against people and facilities. This hostile effort will include research using open sources, social engineering, and both technical and physical surveillance.
One powerful tool to get inside the threat spiral is surveillance detection. Hostile surveillance is a precursor to attack – recognising the surveillance activity gets you inside the opponent’s threat spiral.
Operational Security (OPSEC) is the first consideration when preparing for adverse conditions.
In Canada, I always advise clients to read the Emergencies Act (R.S.C., 1985, c. 22 (4th Supp.)), Section 8 carefully before they take any action or commit to any preparations. The same applies to any individual preparations. Section 8 (1)(c) allows public officials carte blanche to loot your storehouse of supplies during a declared emergency. The provinces have similar legislation, for example, in Ontario it is the Emergency Management and Civil Protection Act, R.S.O. 1990, c.E.9. Politicians wrote all of these acts so that the government can always find a ‘legal’ way to do whatever it wants to do. This problem isn’t unique to Canada. During Hurricane Sandy, so called ‘First responders’ broke into Shore Army-Navy in Seaside Heights and looted it for supplies. During Hurricane Katrina, officials in New Orleans went further, and according to many accounts, committed armed robbery. In the face of armed troops or police, you will be helpless to prevent such looting. Of course, when government is the looter, they get a free pass from government lawyers and politicians.
Undertaking business continuity planning requires a very high degree of OPSEC given the propensity of governments, rioters, and criminals to take what they want. This leads to the question, what are the OPSEC requirements of business continuity planning?
I always advise that all business continuity (BC) assets be separated geographically, and in other ways, from the business they serve. Transfer ownership of BC assets to obscure sole-purpose subsidiaries. For example, one entity owns the BC site while another buys the supplies and equipment. Yet another entity takes delivery of the supplies at an unrelated location. Execute all the BC planning and implementation on a strict need-to-know basis. The quick dissemination of the BC plan during an emergency must occur on a need-to-know basis. The employees only get the information they need to accomplish their part of the plan. Large-scale rehearsals should not reveal the actual location of the real BC site. To reveal the location of the BC site to all those involved in the rehearsal invites the looting of the site long before it is needed. Experience dictates the use a rented property in the general area of the real BC site for rehearsals.
These considerations are not irrational paranoia for any business located in an area subject to catastrophic disruptions such as riots, protests, natural disasters, or terrorist attack. Discontinuing business activity during such an upheaval is surrendering to these adverse forces.
Awhile back I wrote about one of my adventures in risk assessment. This involved identifying the risks to a Business Continuity site located in a rural area outside a large metropolitan area.
When Havoc Strikes
What happens to Spot when havoc strikes?
The U.S. Humane Society say that 46% of U.S. households own at least one dog and there are 78.2 million dogs owned. In the Canadian Census of 2006 there were 6,070,783 dogs in Canada.
After a prolonged catastrophic event, feral dogs will form packs and begin to hunt. They have all the tools they need — fangs, claws, and a fur coat to keep warm. Feral dogs will interbreed with other canids. Over time, you will encounter dog-wolf and dog-coyote hybrids. The domestic dog ancestry will ensure that they are not afraid of man, and their offspring will inherit this trait.
Feral dogs have better noses, better ears, and sharper teeth than humans. Their reflexes are faster, they possess better protection from the elements, and they move through the environment in near silence. They will attack as a pack and they will do so silently. Their arsenal includes stealth and surprise. When they don’t fear us, we are at a disadvantage.
The dog pack will be hunting you. You’re not the hunter, you’re prey. How good is your gun-handling? Can you hit a 2 foot tall predator charging at you? How about several of them at once?
Security in such a situation will entail modified small unit tactics, marksmanship, and muzzle control. This client took our advice on training and on-site rehearsals. Twelve bore shotguns and 30-30 lever-action rifles won’t get a doomsday prepper’s heart racing, but they get the job done safely when combined with proper training, rehearsals, and forethought.
Note: This article about an attack by a pack of feral dogs appeared in one of my news feeds:
Houston woman in critical condition after pack of 15 dogs attack
This clearly illustrates how dangerous a pack of feral dogs can be. Even feral cats can inflict dangerous wounds as illustrated by this article:
The Emergency Response Guidebook published jointly by the Canadian Department of Transportation, Mexican Transportation agencies, and the USDOT lets you identify the hazardous contents of pipelines, trucks, or trains from the placards on the side of the tanker, rail car, or pipeline. The guide lists specific hazards and evacuation distances for spills or fires. However, it doesn’t provide any spill/fire/explosion protocols.
If you are around hazardous materials and their transport conveyances then you need this guidebook.
An article titled, Tim Hortons apologizes for blocking gay and lesbian news website by The Canadian Press on Friday, July 19, 2013 caught my attention. Tim Hortons is a popular Canadian coffee shop chain.
The online site of a popular paper that caters to the gay community was blocked by the coffee shop chain as “not appropriate for all ages viewing in a public environment.”. Once the outrage got going, Tim Hortons relented and changed its WiFi network policy.
What has all this got to do with Investigative Internet Research (IIR), you ask? Well, think about it. We often work while on the road and that means doing some aspects of IIR in places like coffee shops.
When you do IIR outside your normal work environment, different rules apply. How do you know what the WiFi network allows and what it doesn’t? How do you know if some things are censored and others are not? How do you know that your results are complete?
Now do you understand the dangers that doing this presents? I haven’t even mentioned the security issues.