An excellent article at Sharp Ideas about software called Slurp that turns an I-pod into a covert data theft device.
An unauthorized visitor shows up after work hours disguised as a janitor and carrying an iPod…He walks from computer to computer and “slurps” up all of the Microsoft Office files from each system. Within an hour he has acquired 20,000 files from over a dozen workstations…
I see a lot of silly security measures against the most improbable risk scenarios. Yet the simplest attacks succeed over and over again. We have to do more to defend against these simple, direct, and constantly repeated attacks.
The following books illustrate that mundane attacks, which so often succeed, represent an enormous drain on our economy. Understanding why these attacks result in large losses is the first step in preventing them. To work both sides of the street, the Competitive Intelligence professional should understand these attacks. The Competitive Intelligence professional will understand the risk better than anybody and should educate his colleagues about the risks and solutions. The Competitive Intelligence professional will also be positioned to exploit the opposition’s failings where legally and ethically permitted.
Confessions of a Corporate Spy
A former National Security Agency analyst who is now an expert on corporate espionage offered chilling accounts yesterday of his easy penetration into a variety of U.S. companies. In one case, in just a few hours he was able to make off with product plans and specifications worth billions of dollars.
“Never measure security budgets by IT,” said Winkler, author of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don’t Even Know You Encounter Every Day.
Other excellent books in this area are:
101 Questions & Answers About Business Espionage
and Sticky Fingers: Managing the Global Risk of Economic Espionage.
Napoleon said, “The art of war does not require complicated maneuvers; the simplest are the best, and common sense is fundamental. From which one might wonder how it is generals make blunders; it is because they try to be clever.”
Applying Napoleon’s maxim on simplicity to protecting critical data throughout your organization would go a long way to securing your company’s most precious asset.
Is this proof that most tax authorities are crooks?
Vanished tycoon named in tax haven inquiry
…stolen bank documents that were sold to the tax authorities by a
whistleblowerthief who worked at LGT, one of the principality’s biggest banks.Tax authorities across the world are now using the data to investigate people suspected of hiding their assets in the tax haven.
Germany’s government last week bought another set of data listing the names of 1,850 more people with bank accounts in the principality.
A partner at one the world’s biggest accountancy firms said: “By buying stolen data, tax authorities have encouraged anyone in a bank in Liechtenstein, Monaco or any other tax haven to sell private banking records for cash.
The thief, Heinrich Kieber, according to Forbes, financed a real estate deal in Spain during 1996 with “uncovered checks”. He was not charged and did not have a criminal record when he joined the bank in Liechtenstein. However, the consequences of his Spanish real estate deal followed him to Liechtenstein. In 2001, he was fined 600,000 Swiss francs ($552,000) for fraud by the Liechtenstein judicial system. To get out of this, he tried to blackmail the authorities with the stolen data. When that didn’t work-out to his satisfaction he sold the data to Germany.
I wonder if this thief and extortionist is paying taxes on his $7.5 million blood money from under his rock or wherever he is hiding. On the other hand, I am certain that the public officials who were complicit in this crime kept their jobs or were promoted.
The U.S. government has published its policy regarding seizing laptops and other devices capable of storing data.
Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption, or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, US Customs and Border Protection and US Immigration and Customs Enforcement… DHS officials said that the newly disclosed policies — which apply to anyone entering the country, including US citizens — are reasonable and necessary to prevent terrorism… The policies cover ‘any device capable of storing information in digital or analog form,’ including hard drives, flash drives, cell phones, iPods, pagers, beepers, and video and audio tapes. They also cover ‘all papers and other written documentation,’ including books, pamphlets and ‘written materials commonly referred to as “pocket trash…”
It seems the best thing is to keep encrypted files on a network drive at home, and download the needed encrypted data after crossing the border.
With Windows XP, to clear the page file on shutdown go to Control Panel->Administrative Tools-> Local Security Policy->Local Policies->Security Options->Shutdown: Clear Virtual Memory Pagefile … enable it. It is wise to enable this setting on every computer you use.
We tell people to travel with a “clean” laptop. However, Windows creates a lot of temporary files. The most damaging can be the Page file. Everything that went into virtual memory is there in a file on the hard drive. Of course you should also use a good file erasure programme before shutting off the laptop.
Evidence Eliminator and similar software can kill out files and perform other tasks. But their use can raise red flags in a legal dispute.
But the wiper programs don’t ensure a clean getaway. They leave behind a kind of digital calling card.
“Not only do these programs leave a trace that they were used, they each have a distinctive fingerprint,” Kessler said. “Evidence Eliminator leaves one that’s different from Window Washer, and so on.”
I recommend the use of file erasure tools, especially when crossing international borders with computers. If you use such a programme regularly you have plausible deniability if you’re accused of erasing data to keep it from the police or the courts. If you always use it, then its “fingerprint” will always be there. If the install date matches the computer’s purchase date, then they can’t say you did this to eliminate the evidence the courts or police were seeking. Also, get a receipt for the wiper programme to show when it was purchased for the same reason.
File erasure programmes are part of prudent security practices and should not be viewed as something suspicious.
This is not a new issue. A 2004 PC World article described the technology. In February, 2008, I wrote about the EU concerns that these secret printer ID codes may break EU Privacy laws. The EFF has a list of the printers that print these secret codes used by the US government to match a document to the laser printer that produced it.
Another article about this appeared in USA Today a few days ago.
Printer dots raise privacy concerns
The dots, invisible to the naked eye, can be seen using a blue LED light and are used by authorities such as the Secret Service to investigate counterfeit bills made with laser printers…
Privacy advocates worry that the little-known technology could ensnare political dissidents, whistle-blowers or anyone who prints materials that authorities want to track.
The dots are produced only on laser devices and not ink-jet printers, which are most commonly used at home…
As an investigator, this might present an opportunity if the dot pattern is consistent enough to be matched to a particular printer or printer type without being able to decode the dots. If this were the case, then you might not need the ability to decode the dots in some instances. For example, at a company with many different types of laser printers. The process of elimination might indicate which printer(s) could have created a document.
Dumpster-diving — going through trash bins in hopes of finding paper records with valuable information like customer names or future product plans — is alive and well in the age of USB flash drives and portable music players.
An excellent article from Robert L. Scheier in Computerworld, on Monday, December 17, 2007 entitled, Dumpster-diving for e-data, discusses the risk factors and offers some solutions.
Popular Mechanics offers advice on how to destroy hard drives.
FoundStone (a division of McAffee) recently released a free tool called SiteDigger. The tool uses the Google API to scan cached pages of a web site and then performs security checks on those cached pages. One of the things it will look for is open security webcams.
The US authorities demand that everybody entering their country have a passport and identity documents compliant with their security standards, but when it comes to their own passports, they have a much lower security standard than they demand of other countries.
The blank passports travel to Europe where a microchip is inserted in the back cover and then onto Thailand where they are fitted with a radio antenna. The Netherlands company that makes the covers for the passport said in October that China stole the technology for the microchips, the Times said.
The Government Printing Office’s decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times.
This news story about the apprehension of a man who had child porn on his laptop illustrates how the data on your laptop could be compromised during a border crossing. The actions of this border guard appear to benefit society in this instance.
Texas man arrested at Ottawa airport for child porn faces up to 30 years
The Ottawa Citizen, Published: Sunday, March 23, 2008The officer asked if he had anything prohibited on his computer and Mr. Moore said he didn’t, but that his brother also used the laptop. When the computer underwent secondary screening, the child pornography files were discovered, and Canadian officials arrested Mr. Moore. He was later transferred to Texas.
When I was traveling and crossing borders frequently, only once did a border guard look at the papers I was carrying. Today, the same border guard is much more likely to probe my laptop.
For the business traveller, this poses significant risk, as the person examining his mobile computer and other electronic devices will either be incompetent or very knowledgeable. The border officials may also have motives for the search that are unrelated to their primary purpose. Each circumstance creates its own risk for the traveller.
I previously wrote about Bill C-27 and how it will make it an offence in Canada to recklessly make available or sell personal information knowing it will be used to commit fraud.
Google, and others, offer tools such as on-line word processing but your data is housed by that entity, usually in the USA, and is thus subject to the US Patriot Act, and other laws that allow government surveillance of your data.
In my view, using these Web-based collaborative tools amounts to Reckless Personal Information Handling.
The Globe and Mail recently published an interesting article about this:
Patriot Act haunts Google service
by SIMON AVERY, Globe and Mail March 24, 2008
Some other organizations are banning Google’s innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company, a problem even more acute in Canada where federal privacy rules are at odds with U.S. security measures.
When I travel for work, I undertake what some people consider extreme measures to protect proprietary client data from theft by officials at international borders. These officials do not need warrants to seize or examine anything in your possession when crossing a border and that makes border officials excellent spies. This issue arose recently regarding the actions of the US border officials:
In Canada, one law firm has instructed its lawyers to travel to the United States with “blank laptops” whose hard drives contain no data. “We just access our information through the Internet,” said Lou Brzezinski, a partner at Blaney McMurtry, a major Toronto law firm. That approach also holds risks, but “those are hacking risks as opposed to search risks,” he said.
Creating a “blank laptop” entails more than just hitting the delete key or even using a utility to overwrite existing data. The hacking risk is also greater than most people realize, especially with wireless connections. Even with secure end-to-end encryption, traffic analysis can yield very useful intelligence.
This book’s title is deceptive: No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing (It appears on our Books page)
Every surveillance operative should read this book for its description of what one can learn from proper observation. It is also a must-read for IT security people for its description of these attack methods. This book is about compromising somebody’s security through surveillance and deceit. It also includes many tips for improving what you observe and report as an Investigator.
A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.
To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.
With full access to the memory, the tool can then modify Windows’ password protection code, which is stored there, and render it ineffective.
“If you have a Firewire port, disable it when you aren’t using it,” Ducklin said.
“That way, if someone does plug into your port unexpectedly, your side of the Firewire link is dead, so they can’t interact with your PC, legitimately or otherwise.”
The moral of this story is: don’t let unauthorised people have physical access to your computer and shut off the Firewire port unless you are actually using it.
