| I spend a great deal of my time dealing
| |
| | investment.Part IVThere are many ways of
|
| with highly sensitive, highly
| |
| | stealing computer files. As a matter of
|
| confidential information. Over the years
| |
| | fact there is a whole niche market
|
| I have noticed that many of the
| |
| | dedicated to nothing more than developing
|
| institutions I have worked with have gone
| |
| | and distributing new types of spy ware.
|
| to great pains and considerable expense
| |
| | Then there is another niche market
|
| to make certain their computer systems
| |
| | dedicated to selling protection against
|
| have state of the art firewalls and
| |
| | these pieces of malware. Folks, I talking
|
| "hacker-proof" encoding systems.
| |
| | millions of dollars each year, connected
|
| Nonetheless, they continue to leak data
| |
| | to these two enterprises. Would it
|
| like a sieve!How can this be? Simple,
| |
| | surprise you to know that many of the
|
| they are guarding the air conditioner
| |
| | same people writing the protection
|
| duct instead of the front door.So, what
| |
| | software also write the malware?Any who,
|
| do I know about it? My knowledge of the
| |
| | how to these insidious pieces of data
|
| field is pretty backdoor in nature.First
| |
| | stealing malware get into your systems?
|
| of all, I work a lot with people who love
| |
| | Simple, you or one of your associates,
|
| nothing more than to stir up hate and
| |
| | put them there.I know what you're
|
| discontent wherever they go. They will
| |
| | thinking, "Not me! I would never do such
|
| intentionally uncover and publish
| |
| | a self destructive thing. Neither would
|
| sensitive information. It is fun for
| |
| | anyone I work with." And, at least
|
| them. In order to find out why they do
| |
| | intentionally, you're right. But, take
|
| these things I do a lot of debriefing
| |
| | look at the most common avenues of entry
|
| with them when an incident occurs.Second,
| |
| | and think through your response
|
| I have two brothers who made carriers out
| |
| | again.Most Common Sources of Spyware:
|
| of law enforcement. One of my brothers
| |
| | 1. Screen savers
|
| served many years as a state trooper and
| |
| | 2. Emoticons
|
| another as a sheriff's deputy. They were
| |
| | 3. Clip Art
|
| both extremely successful in the
| |
| | 4. Spam
|
| investigation facet of the job and I am
| |
| | 5. Email attachments
|
| about to tell you why. Then you can see
| |
| | 6. Unprotected web browsing (cookies)
|
| if you are vulnerable to the same kind of
| |
| | 7. Peer to Peer applications (mp3 files)
|
| attack.The sources of data loss, in no
| |
| | 8. Shareware
|
| particular order, are as follows.1. Waste
| |
| | 9. Freeware
|
| Archeology.
| |
| | 10. Involuntary Download (may present as
|
| Simply speaking, someone who really
| |
| | a fictitious error you must click to
|
| wants to know your secrets will go
| |
| | correct)
|
| through your trash. And guess what? It is
| |
| | So, have you EVER added any of this to
|
| completely legal. Buy a $20.00 shredder,
| |
| | your system, even to an email? I know me
|
| and use it.2. Taps.
| |
| | too.
|
| Seriously, if you have a wireless system
| |
| | Oh well, as MaElla (my grandmother) used
|
| it is pretty simple to eaves drop via
| |
| | to say, "Once bitten, twice shy."What
|
| laptop from the coffee shop next door.3.
| |
| | have we learned?Basically, don't put
|
| Pop-ins.
| |
| | anything unverified on your system, even
|
| Be extremely wary of maintenance crews
| |
| | if it is really, really cool.Bye the way,
|
| and repair staff you haven't called in.
| |
| | does anyone know where MaElla got "Once
|
| Check ID's. Also, be aware of someone who
| |
| | bitten, twice shy"?Part VFirst and
|
| comes in asking a lot of questions. You
| |
| | foremost, never use a cordless phone for
|
| may be surprised what the reception staff
| |
| | anything other than the convenience of
|
| will tell someone who smiles and asks
| |
| | answering a call. Switch to a corded line
|
| nicely.4. Hacking in.
| |
| | for any specific
|
| Do you know the easiest way to hack in
| |
| | communications.Monitoring cordless and
|
| to a secure system? Steal the password
| |
| | cellular phone calls has become a million
|
| taped to the computer screen at Ed's work
| |
| | dollar hobby in America. Some even sell
|
| station. Trust me, I see it every day.
| |
| | their monitored conversations on line.
|
| You know what else? Most people use the
| |
| | Think ex-girlfriend sites.Mobile phones
|
| same password for every system they need
| |
| | are an even greater liability. Not only
|
| to access.5. Cordless phones.
| |
| | are means available to monitor the
|
| Remember most cordless phones and cells
| |
| | conversations, but it is not particularly
|
| are basically fancy radios. If it puts
| |
| | difficult to track the location of the
|
| out a signal, the signal can be picked up
| |
| | parties based on their signal. Now, that
|
| with a scanner.6. Ticking bombs.
| |
| | is scary.This tracking will become even
|
| Answering machines, voice mail, fax
| |
| | easier when newer 3G phones come online
|
| machines anything that requires an access
| |
| | because their base stations are even
|
| code can be beaten (remember the password
| |
| | closer together.What can you do?
|
| taped to the computer?).7. Starbucks.
| |
| | 1. Use a regular line for increased
|
| Never discuss sensitive information in a
| |
| | security.
|
| public restaurant! If I wanted to know
| |
| | 2. Dedicate a secure line in your office
|
| about a corporations business, I go to
| |
| | for sensitive communication. They are not
|
| the snack bar at lunch and read the paper
| |
| | cheap. Or-Com offers one that has fair
|
| over coffee. You won't believe the things
| |
| | reviews for about $300.00.
|
| you hear (if you're in education, teacher
| |
| | 3. Use first names on non-secure lines.
|
| lounges are hair raising!).8. Brain
| |
| | 4. Speak in general terms on non-secure
|
| cramps.
| |
| | lines.If you think these precautions a
|
| Unlocked cabinets, offices, desks, paper
| |
| | completely paranoid, you may be right. On
|
| work left out, answering stupid questions
| |
| | the other hand, browse Spy Emporium for
|
| over the phone. Hello?9. Traitors.
| |
| | an overview of just a few of the
|
| Face it, some folks will sell you out
| |
| | surveillance devices available.Part VI.If
|
| for the right price. The right price
| |
| | you work with confidential data, and you
|
| might be as simple as someone asking,
| |
| | use any of the following pieces of
|
| "So, what confidential things are you
| |
| | technology, it is just a matter of time
|
| working on these days?" You really
| |
| | until your confidentiality is
|
| wouldn't believe what people have told me
| |
| | compromised.1. Disposable roll fax
|
| in answer to that question. Keep
| |
| | machines.
|
| sensitive information on a need to know
| |
| | Used rolls contain copies of every item
|
| basis.10. Describing a spy.
| |
| | the machine has received.2. Unattended
|
| The typical spy is a short, fat, tall,
| |
| | fax machines.
|
| thin man, with curly, bald hair. She
| |
| | Fax machines left on are excellent
|
| often wears provocatively conservative
| |
| | sources for stealing confidential data.
|
| clothing and is liberally conservative.
| |
| | When I expect a fax, I alert the office
|
| In other words, ANYBODY is the typical
| |
| | staff to put it in a folder in my
|
| spy.Now I will expound upon each section
| |
| | in-box.3. Dictation machines.
|
| individually.Part 1One of the first areas
| |
| | If you use dictation machines and leave
|
| I mentioned in breaches in security was
| |
| | tapes on the secretaries' desk to be
|
| "rifled" trash. I believe this to be
| |
| | transcribed don't be shocked when a tape
|
| foremost method of stealing confidential
| |
| | goes missing (Tell the truth, this has
|
| information. In reality it isn't even
| |
| | already happened hasn't it?).5. Answering
|
| stealing. In California Versus Greenwood
| |
| | machines.
|
| the Supreme Court held the Constitution
| |
| | Most are accessible with a 3 or 4 digit
|
| does not prohibit warrant less search and
| |
| | code. Most people don't change the
|
| seizure of garbage left for collection
| |
| | factory set "3, 4, and 5." These are easy
|
| outside the curtilage (the enclosed area
| |
| | to hack.6. Cordless microphones.
|
| immediately surrounding a home or
| |
| | Crystal clear signals for about 1,300
|
| dwelling) of a home. This could include
| |
| | feet or a quarter mile.Part VII.One of
|
| places of business.Here are some
| |
| | the most popular and reliable methods for
|
| pro-active steps you can take.1. Don't
| |
| | gathering information from an
|
| transfer confidential documents to
| |
| | organization is to "scout the perimeter."
|
| recycling vendors.2. If you have a
| |
| | Although, this is not as sexy as the
|
| copier, install a shredder next to it.3.
| |
| | "mission impossible" methods, it is very
|
| Purchase a cross-cut shredder for
| |
| | popular and very effective.Here are your
|
| extremely sensitive documents.4. Destroy
| |
| | most frequent weak spots.1. The company
|
| all waste paper.5. Get shredders for each
| |
| | lunch room. Many people actually carry
|
| individual. People won't wait in line to
| |
| | confidential files with them to review
|
| use a bulk shredder.6. DON'T KEEP
| |
| | over lunch.
|
| CARDBOARD BOXES OF UNINVENTORIED OLD
| |
| | 2. The neighborhood coffee klatch. This
|
| DOCUMENTS LYING AROUND.Part II.Remember,
| |
| | is true for the same reason as above.
|
| James Bond is not interested in your
| |
| | 3. The guy who is always at the
|
| secrets.That being said, competitors,
| |
| | newsstand when you pick up your paper.
|
| disgruntled employees, ex-spouses and
| |
| | You know the one you discuss current
|
| other wreakers of havoc are interested in
| |
| | office events with because he doesn't
|
| your secrets.There are many methods of
| |
| | know the people anyway.
|
| "bugging" out there.The five main
| |
| | 4. The chatty new friend your spouse
|
| categories are, in alphabetical order:
| |
| | just made. Think about this when
|
| Acoustic, Optical, RF, Tie-In, and
| |
| | discussing business with your spouse.
|
| Ultrasonic.1. Acoustic - low tech glass
| |
| | 5. Any off-site meeting places. Luncheon
|
| to the wall, ventilation, electrical
| |
| | rooms, county offices, etc.Part VIIINext
|
| out-let, out side the window, stand by
| |
| | to going through the trash, the most
|
| the door, close proximity listening.2.
| |
| | vulnerable area for exploitation is the
|
| Optical - high end and expensive.3. RF -
| |
| | human brain.
|
| radio frequency and receiver devices.4.
| |
| | The major offenders:
|
| Tie-in - hooking directly in to a phone
| |
| | 1. Unsecured offices, cabinets, drawers
|
| line. The box is usually easily
| |
| | and doors.
|
| accessible on an exterior wall.5.
| |
| | 2. Files left on the desk over night.
|
| Ultrasonic - think transmitter, receiver
| |
| | 3. Group passwords.
|
| but with audio pressure rather than radio
| |
| | 4. Company phone directories.
|
| waves.The most prevalent and dangerous of
| |
| | 5. Desktop rolodexes.Part IXAnother
|
| this is alphabetically and most
| |
| | source of compromised confidential
|
| destructively listed first. Always be
| |
| | information is the office traitor. Most
|
| aware of your immediate surrounding when
| |
| | people have a price. The price may have
|
| discussing confidential information.Part
| |
| | been paid the last time they were
|
| IIIAlways check the identification of
| |
| | insulted, degraded or unappreciated at
|
| persons who pop in to do technical work
| |
| | the office. One the other hand, there may
|
| around your office. This is especially
| |
| | be an actual monetary price for which a
|
| true if you PERSONALLY have not called
| |
| | trusted associate can be turned.Here are
|
| them for service. These folks are known
| |
| | some of the characteristics you may need
|
| as "spooks".You see, "Spooking" is a hide
| |
| | to be on the look out for.1. Those passed
|
| in plain site method of gaining access to
| |
| | over for raises, passed over for
|
| confidential informationIt seems carrying
| |
| | promotion.
|
| a clipboard will gain a spook access to
| |
| | 2. Those experiencing significant
|
| most places, even those with confidential
| |
| | financial difficulty.
|
| data to protect.But, there are other
| |
| | 3. Those who gamble.
|
| common tools the spook may carry to
| |
| | 4. Those that employ recreational
|
| increase their appearance of
| |
| | pharmaceuticals (including alcohol).
|
| authenticity: 2-way Radio, Maglight,
| |
| | 5. Those involved in labor and
|
| Construction worker hard hat, and my
| |
| | management disputes.
|
| personal favorite the attention tone cell
| |
| | 6. Those that seem to always be on the
|
| phone. Now, this particular ruse means
| |
| | lookout for the next big deal.Part
|
| the spook has a partner but is anything
| |
| | X.Basically, if you take a look at the
|
| more impressive than that tone from the
| |
| | qualifications for a field agent for the
|
| "base office" checking the technicians'
| |
| | CIA you can build a fair profile of what
|
| status?However, the most powerful, by
| |
| | an office spy may "look like."1. A
|
| far, access granting technique (I mean
| |
| | Bachelors Degree, rarely more.
|
| this will get you in anywhere) is a set
| |
| | 2. Solid academic record, not
|
| of Dickies. Yes, Dickies. The same things
| |
| | outstanding.
|
| you wore for summer jobs in high school
| |
| | 3. Interest in inter-business and
|
| and college. They are a virtual cloak of
| |
| | international affairs.
|
| invisibility in our culture.Most common
| |
| | 4. Solid interpersonal skills.
|
| guises:1. Telephone/communications
| |
| | 5. Solid communication skills.
|
| technicians - (typically wearing blue
| |
| | 6. Frequent traveler.
|
| grey Dickies)2. Computer service
| |
| | 7. Interest in foreign languages.
|
| technicians - (polo shirt and tan Dickies
| |
| | 8. Prior residence outside the area.
|
| pants)3. Copy machine technicians - (polo
| |
| | 9. Possible prior military experience.
|
| shirt and blue Dickies pants)4.
| |
| | 10. Experience in business and/or
|
| Custodians - (typically anyone with a set
| |
| | economics (but with deficit skills in
|
| of blue/grey Dickies is granted cart
| |
| | their own finance management).
|
| blanche access)5. Messenger services -
| |
| | 11. The person is usually between the
|
| (typically wearing brown Dickies)6. A/C
| |
| | ages of 21-35.
|
| heating technicians - (typically wearing
| |
| | 12. Previous work in law enforcement or
|
| blue-green Dickies)The beauty of this
| |
| | corrections.
|
| type of "spooking" is nobody ever
| |
| | 13. May be considered a loner, not a
|
| challenges these folks. And if some
| |
| | joiner.
|
| particularly diligent person does
| |
| | 14. No police record.
|
| question them, the spook goes into his,
| |
| | 15. Hobbies include martial arts, scuba,
|
| "fine with me, but it will be at least
| |
| | hunting, proficiency with firearms,
|
| four weeks until I can get back here.
| |
| | chess, math, avid reader, may write
|
| We're really backed up." That is usually
| |
| | prolifically or play a musical
|
| enough to intimidate even the most on top
| |
| | instrument, etc.
|
| of things staff member.I don't usually
| |
| | 16. The person may be interested in
|
| recommend testing out these surveillance
| |
| | training manuals and field guides.In
|
| techniques, the power of the Tricky
| |
| | other words, just about anybody who would
|
| Dickie is not to be believed unless you
| |
| | make a good employee. The key is to look
|
| actually see it in action. So, get your
| |
| | for unusual groupings of these skills.
|
| lazy brother-in-law a set of Dickies and
| |
| | Most people will meet 3 or 4 of the
|
| send him through your office. You won't
| |
| | criteria. Those who meet 6 or more should
|
| believe the results. Afterwards, get the
| |
| | be considered possible candidates.This
|
| lazy bum to do your yard work so you get
| |
| | section completes a ten part series
|
| your moneys worth from the Dickie
| |
| | concerning confidentiality and security.
|
