Killing with Keyboards

[George Wallace]

Killing with Keyboards

Websites, Blogs and Other Sources of Program Information and Identity Theft


Who? 

This briefing was developed by Raytheon in conjunction with
The Boeing company Future Combat Systems Office of the CIO, for Policy and Standards.
who were inspired by a series done up by the
National Security Agency’s IOSS www.IOSS.gov (pdf file)



Why?

Increasing your awareness that you really are a potential target,
remembering that being “clever” in a conversation or email is very likely to fail,
limiting what you can on the Internet, and encrypting all email and drive storage you are able to –  Really can make the difference!

 

[George Wallace]

We'll start with our main character

Chris

Husband, father of two, weekend little league coach

He is a talented and dedicated engineer for Bright Company

In the year 2010
  Chris will kill 238 U.S. Soldiers…


…because of a decision he made tonight.

 

[George Wallace]

On rare occasions

At night Chris will log on to
engineering community web sites
and blogs, just to stay current
with the industry.

Chris works for a defense contractor and has listened to all of the security briefings.  He knows to be careful about what he tells anyone.

Chris never uses his name and rarely posts anything at all.  When he does, he only uses his on-line name.


“EaglesFan54”

 

[George Wallace]

He posts on a site:

09/13/2004 EaglesFan54 I know for a fact that WIRENUT207 is dead wrong, but I can’t say how I know.  You really need to go back and get some updated information, but that’s all I can say about it.

The next year he posted:

05/11/2005 EaglesFan54 Kyle Boldgers new book “Beyond Advanced Electronics” is by far the best industry book I have read in 10 years.  Everyone should check it out.

Later he posts:

02/18/2006 EaglesFan54 I don’t agree at all that the HLT5807 chip is out of favor.  Even the military uses it on their major new programs.

 

[George Wallace]

Meet Alice

She is 16, and for the last two years her government has been teaching her English.

Alice has done well, so eight months ago they started to teach her to use a computer and to search the Internet.

Alice’s favorite English word is Google.

Just like every day, Alice is using Google today.  Searching for words and phrases from a list her government gave her.

Alice knows if she works hard for five years and creates lots of files for her government, they will move her family to a nicer apartment and maybe even send her to more school.

Today Alice found Chris.

 

[George Wallace]

This is what Alice found:

 

[George Wallace]

So Alice created a file to collect all relate information in:

 

[George Wallace]

The day started great for Chris.

The team he leads hit a major program milestone, and each was given an unexpected performance bonus.  For Chris it was one step closer to his retirement fishing cabin.

And then the day went bad


Yet another half day spent in a quarterly security update briefing.  Chris promised his team he would talk to senior management about not wasting their time on these anymore.

It did give the team an excuse to get some good coffee for a change.

After the briefing his team walked across the parking lot to the new “American Tea” that was just built.  It catered to the large Bright Co. team that worked at their site.

It was a great place to unwind.

The store offered free Wi-Fi (wireless Internet access),
six free small “quiet rooms” to make phone calls,
and a 15% discount to Bright Company employees (just show your employee badge at the time of purchase).

Chris was still angry about the briefing…


While in line Chris complained to one of his team, “Do they really think a person with a Secret clearance needs to be reminded about this stuff?  And no one goes ‘dumpster-diving’ any more!  These security guys have no clue what they’re talking about.”

 

[George Wallace]

Alice’s progress was slow and steady.

Her group leader often repeats that the searchers need to be very patient.  It may take weeks to find something important, but each petal helps you identify the flower it came from.

Each piece of the puzzle provides a new search opportunity…

 

[George Wallace]

Alice followed the information from one website to another.

What seemed like unimportant information from one site was the start of the Google search leading to other sites.

Even items which are now deleted  from web sites can still be searchable within the Google cache (history)

 

[George Wallace]

The search results produced even more new sources to follow:

 

[George Wallace]

Alice's file is growing:

Chris Raddick
(215) 555-1784 (cell phone?)
[email protected] (employer?)

Beth Raddick (wife?)
(215) 555-3159 (home phone?)
[email protected]
alltheraddicks.com (website?)

Kyle Raddick, 16 (son?)
MySpace (blog) website

 

[George Wallace]

Each new site produces more information.

Family and club web sites can be used to find new information or confirm data.

 

[George Wallace]

The information was all there, on sites Chris had never visited or posted information to....

 

[George Wallace]

And eventually Alice was done searching.


It was a great day for Alice.

Her leader rewarded Alice for completing her 200th file.  She was allowed to recommend a family member to join her at school.  Soon Alice would have the honor of teaching her thirteen year old sister all she had learned about computers and Google.


The information about Chris was now  available for use as needed…

 

[George Wallace]

In early 2008

Alice’s government became aware that a vulnerability exists in technology which may have been integrated into certain U.S. defense projects.  To benefit from the information, they needed to know for sure.

Later that same year, Chris attended an out-of-town engineering conference for defense and related industries.

Although held at the unclassified level, conference attendance was very restricted.  Every attendee required a government sponsor.

The hotel conference center had guards outside the meeting rooms, and conference badges had to be worn when attending sessions.

Chris sat in the hotel bar.

He was tired after four days of conference

At the other end of the bar Chris noticed a guy wearing an Eagles hat.  He had seen him several times around the hotel in the last several days.  In the restaurant, lobby and elevators.  Chris walked over.

“Eagles! – In this town?” Chris said.
“I know, I’m getting grief from everyone,” the man replied.
“Not from me. I’m actually a diehard ” Chris said.
“You’re kidding me!”  The man introduced himself as Tom.
“Well that’s definitely worth a beer,” Tom said smiling.
“Greatly appreciated,” Chris said. “You at the conference?”
Tom nodded. “First week out of my lab in two years.”
Chris grinned. “DOD project?” Chris asked, drinking his beer.
“Sorry, can’t say,” Tom replied. “You know, that always sounds bad no matter how you say it.  Nothing personal.”
Chris smiled “No problem.  Really, I totally understand.”

Tom insisted on buying dinner.

They talked sports and generally about work, careful not to say too much.

Tom bought a second pitcher of beer, reminding Chris that Tom’s company was more than happy to pay his expense account since he traveled so rarely.

“I was actually hoping to hear if anyone else was thinking of using Clariden’s new Digital Signal Processors,” Tom mentioned casually.  “I hate being the first program to use a new chipset.”
“Don’t worry then,” Chris said, “Army is using them.”
Tom grinned.  “You must be working on that new Army program.”
“Can’t say,” Chris said smiling, “but you definitely don’t need to worry that your program will be the first military program to use it.”

Dinner was now over

Tom was very pleased that it has gone so smoothly.  He had the confirmation he needed, and would even be able to contact Chris again if need be.

He had told Chris that he had to leave the conference the next morning to catch an early flight.  No risk of having to explain why he was not registered to attend the conference.

Tom never even had to threaten Chris with the picture in his pocket, designed to show Chris how close Tom’s supporters had come to using Chris’ family as “motivation.”

 

[George Wallace]

2009 was a very good year!

For Chris and his family...

Kyle Raddick, Chris and Beth’s oldest son had joined the Army.  They were very proud of him.  Chris took extra pride in knowing what he contributed to the success of the Army’s new system.


For Alice’s government...


Alice’s government used the information they had developed from Chris about the system vulnerability to trade with another government, who was very interested in using it against the United States.

 

[George Wallace]

In the year 2010

Another 238 U.S. Soldiers were killed.

Chris will lie in bed and watch the news tonight, and worry about the life of his son.

What will you do the next time all of those security warnings seem like they apply only to someone else?

 

[George Wallace]

The information and scenarios in the preceding self-assessment presentation were all true.

The characters and the vulnerability were the only fiction.



QUESTIONS TO ASK YOURSELF

1     “I am no one they care about?”  

That may be true for now, but you never know when one on-line posting will bring YOU to their attention.

Chris was just another name in a file until they needed some inside information about his program.  It never occurred to him that an intelligence agency would target him for a piece of information, but they did.


Some things to think about.

Chris had no idea that just confirming that the Clariden DSP chip was in use would be enough to hurt or kill.  But that one small piece of information was the last piece in the puzzle that the enemy was putting together.

While Chris thought he was careful, it is difficult to know exactly what an adversary is looking for, and if what you have may be of benefit.



2     “I don’t have ANY adversaries!”

Feel like all of this “war” and “terrorist” or “adversary” talk is about someone else?

Take a quick look at some other groups that use these exact same on-line information gathering techniques.

Some things to think about.

Former girlfriends, boyfriends, divorced spouses.
Angry neighbors, people you only knew casually.
Disgruntled co-workers, employees, temporary workers.

Identity thieves.  (Try a Google search on your name.)
Pedophiles seeking information to convince your children that they should be trusted

Anyone else who might want a little information about you, even just to know you better than you want them to.



3     “I’m smarter than the enemy!”

It’s a common feeling.  People interviewed often say they know they are smarter than “some guy who is now just sitting in a cave hiding from us.”

Chris knew he was smarter than any adversary when he used careful expressions like, “I can’t say how I know.”

Some things to think about.

In addition to small radical groups, our adversaries are some of the largest nations in the world, who are willing to spend BILLIONS of dollars to gain an economic advantage.  Information theft is a good investment for them, even if they just trade it for something they want.

Some of the world’s best intelligence agencies are training young people as experts to go and gather information for them.  You are up against the experts!


4     “I don’t post on the Internet”

Not posting may help you somewhat, but it is just one example of how you can come to the attention of someone with bad intentions.

Another source is unencrypted email messages which are either misrouted, intercepted, or gathered by adversaries on discarded or poorly protected backup tapes.  Stealing backup tapes is a common occurrence.

Some things to think about.

Remember that Chris did not know about all of the information sources that had information about him.  He only thought about the sites he dealt with.  Most of the others you don’t have control over, but you do have control to encrypt email and post as little “account” information as you can on web sites.



5    “What about the Coffee Shop?”  

The coffee shop was a reminder that while there are good business reasons to target defense contractors, etc., as customers, those methods are also good ways to gather sensitive information.

Most front businesses will not be called “Terrorist Coffee” so you need to pay attention to the less obvious.

Some things to think about.

Free Internet also provides a way to capture network traffic, including personal email passwords that are often similar to work passwords.  Every puzzle piece helps them.

Free Quiet Rooms encourage “sensitive” conversations in rooms that may have listening devices.

By showing a badge, “bad guys” know any time a facility changes its badge, and when new security like “smart chips” are rolled out.  If they have infiltrated a facility, they know to update their fake badges by the next day.





Now.......... Do you really feel safe after you post on the Internet?



Don’t feel hopeless

Increasing your awareness that you really are a potential target,
remembering that being “clever” in a conversation or email is very likely to fail,
limiting what you can on the Internet, and encrypting all email and drive storage you are able to –  Really can make the difference!

 

[George Wallace]

Now on to PHISHING your cellphone and WiFi transmissions:

Thanks to E.R. Campbell for this update:





Any of you who are out there, anywhere, using cell phones and WiFi for anything except the most innocuous purposes need to read this article, reproduced under the Fair Dealing provisions (§29) of the Copyright Act from the CBC web site:
--------------------
http://www.cbc.ca/technology/story/2008/12/08/f-forbes-phishing.html

Phishing at gate B22
Travelers beware: Poorly secured airport Wi-Fi networks are catnip for snoops

Last Updated: Tuesday, December 9, 2008 | 7:58 AM ET

By Taylor Buley Forbes.com

Farina booted up his computer on an American Airlines flight in October from New York to San Francisco. It was one of the first commercial flights to offer wireless Internet service. Within a couple minutes of reaching 10,000 feet, Farina was snooping the airwaves with the ability to see what his fellow passengers were doing without having to leave his cramped middle seat.

Farina isn't a bad guy. He was just doing his job as a so-called white-hat hacker for AirTight Networks, a manufacturer of wireless intrusion protection hardware and software that was invented in India and brought to market in the U.S.

AirTight's chief executive, David King, sends hackers out for unsolicited security assessments. Earlier this year he dispatched Farina and a few other of his 100-plus employees (most of whom work out of the company's offices in Pune, India) to collect wireless security data at 20 U.S. airports and eight in Asia.

They found rampant phony Wi-Fi hot spots created by phishers and, at several large airports, plenty of open or insecure networks run by critical operations such as baggage handling and ticketing. Almost all public networks allowed data such as user names and passwords to pass through the air unencrypted. Only 3 per cent of people used something more secure.

To be sure, King's missions are self-serving; he runs a business that sells the devices that plug security holes. But King says that U.S. airports have a genuine problem.

Very few, such as McCarran International in Las Vegas, monitor all wireless traffic for intruders. (The Vegas airport officials are quick to add that they don't censor for content.) Others, like San Francisco International, are laissez-faire. AirTight found that 47 wireless networks used for SFO's airport operations were wide open or poorly secured.

The most common means of protecting Wi-Fi networks, the Wired Equivalent Privacy encryption standard, or WEP, was broken in 2001.

Wireless networks are some of the most easily hacked. Indian terrorists this summer broke into underprotected networks to e-mail a warning prior to bomb blasts in Delhi and Ahmedabad. In August the U.S. Justice Department indicted 11 members of a retail hacking ring, accusing them of grabbing millions of credit and debit card numbers off networks inside stores run by TJX Companies, BJ's Wholesale Club, OfficeMax, Barnes & Noble and Forever 21, among others.

The most common means of protecting Wi-Fi networks, the Wired Equivalent Privacy encryption standard, or WEP, was broken in 2001. Nowadays a moderately skilled hacker needs only a couple of minutes to crack its key with an off-the-shelf wireless card.

In November a pair of German computer science students made a critical first step toward cracking the Wi-Fi Protected Access encryption standard, or WPA, once heralded as the solution to WEP's insecurity.

Five Public Wi-Fi Do's and Don'ts

• Do access the Web using a more secure virtual private network, if your company has one.
• Do avoid joining networks with enticing names like "Free Public Wi-Fi."
• Don't leave your laptop radio on when it's not in use.
• Don't transmit private info on an "http://" connection; make sure you're on an encrypted "https://" page.
• Don't use POP e-mail software like Outlook. It doesn't encrypt your log-in info. Use secure Web mail instead.

The market for wireless intrusion prevention systems is still small: $168 million US worldwide this year, according to research firm Gartner, but that represents a 40 per cent gain from 2007.

King's AirTight competes with other sellers of Wi-Fi security gear such as AirMagnet and AirDefense, which was recently acquired by Motorola for an undisclosed sum. Publicly traded Aruba Networks and Cisco Systems sell wireless security systems that are already built into their networking gear. Four-year-old AirTight has 600 customers, including Samsung and ICICI Bank, paying between $40,000 and $50,000 a year. The private company in Mountain View, Calif., also licenses its products to hardware makers Siemens and 3Com.

King says that most of his clients are retailers, which are compelled by credit card industry audits to protect the financial data that travel on their networks, but airports are high on his prospect list. He and other security vendors say airports have been slow to harden their airwaves because of cost. It might require $200,000 to cover a place as big as San Francisco International, and the airports lack any mandate from the federal government to take control of the networks run by airlines and the companies that service them.

AirTight's system consists of a $5,000-to-$10,000 central server that can manage a few hundred sensors at a time. The sensors, which look like a home Wi-Fi access point, cost $500 to $1,200 apiece. AirTight's server sends out what the company calls marker packets that identify radios actively connected to the network. Those packets are bounced back to the sensors from any active connection. All unauthorized connections are cut off. The server continues to monitor the airwaves for unauthorized attempts to connect.

McCarran airport is one of those willing to spend money for wireless security. It runs two wireless networks, one for public use and another for airport operations.

"It was our intent to put the passenger in a bubble. He can go out to the Internet, but he can't touch anything on the airport side, and he can't see anyone else who is using the network," says Gerard Hughes, IT service manager at McCarran, which pays Aruba Networks $20,000 a year for software and hardware maintenance.

AirTight's David King will continue to cause headaches for airports with his surreptitious security scans to raise awareness and woo them as customers.

"For any security product, there is this learning curve," he says. "We're somewhere in the getting-past-the-awareness stage."
--------------------

I don’t know what ‘security’ is available for ‘public’ telecomm in e.g. KAF or the FOBs but I suspect/fear that it is about zero. I also suspect that all ‘public’ telecomms in most places where the CF operates and lives is monitored by people who you would rather did not know too much about you and your your business.