| I spend a great deal of my time dealing with | | | | developing and distributing new types of spy |
| highly sensitive, highly confidential information. | | | | ware. Then there is another niche market |
| Over the years I have noticed that many of the | | | | dedicated to selling protection against these pieces |
| institutions I have worked with have gone to | | | | of malware. Folks, I talking millions of dollars each |
| great pains and considerable expense to make | | | | year, connected to these two enterprises. Would |
| certain their computer systems have state of the | | | | it surprise you to know that many of the same |
| art firewalls and "hacker-proof" encoding systems. | | | | people writing the protection software also write |
| Nonetheless, they continue to leak data like a | | | | the malware?Any who, how to these insidious |
| sieve!How can this be? Simple, they are guarding | | | | pieces of data stealing malware get into your |
| the air conditioner duct instead of the front | | | | systems? Simple, you or one of your associates, |
| door.So, what do I know about it? My knowledge | | | | put them there.I know what you're thinking, "Not |
| of the field is pretty backdoor in nature.First of all, | | | | me! I would never do such a self destructive |
| I work a lot with people who love nothing more | | | | thing. Neither would anyone I work with." And, at |
| than to stir up hate and discontent wherever | | | | least intentionally, you're right. But, take look at |
| they go. They will intentionally uncover and publish | | | | the most common avenues of entry and think |
| sensitive information. It is fun for them. In order | | | | through your response again.Most Common |
| to find out why they do these things I do a lot of | | | | Sources of Spyware: |
| debriefing with them when an incident | | | | 1. Screen savers |
| occurs.Second, I have two brothers who made | | | | 2. Emoticons |
| carriers out of law enforcement. One of my | | | | 3. Clip Art |
| brothers served many years as a state trooper | | | | 4. Spam |
| and another as a sheriff's deputy. They were | | | | 5. Email attachments |
| both extremely successful in the investigation | | | | 6. Unprotected web browsing (cookies) |
| facet of the job and I am about to tell you why. | | | | 7. Peer to Peer applications (mp3 files) |
| Then you can see if you are vulnerable to the | | | | 8. Shareware |
| same kind of attack.The sources of data loss, in | | | | 9. Freeware |
| no particular order, are as follows.1. Waste | | | | 10. Involuntary Download (may present as a |
| Archeology. | | | | fictitious error you must click to correct) |
| Simply speaking, someone who really wants to | | | | So, have you EVER added any of this to your |
| know your secrets will go through your trash. | | | | system, even to an email? I know me too. |
| And guess what? It is completely legal. Buy a | | | | Oh well, as MaElla (my grandmother) used to |
| $20.00 shredder, and use it.2. Taps. | | | | say, "Once bitten, twice shy."What have we |
| Seriously, if you have a wireless system it is | | | | learned?Basically, don't put anything unverified on |
| pretty simple to eaves drop via laptop from the | | | | your system, even if it is really, really cool.Bye |
| coffee shop next door.3. Pop-ins. | | | | the way, does anyone know where MaElla got |
| Be extremely wary of maintenance crews and | | | | "Once bitten, twice shy"?Part VFirst and |
| repair staff you haven't called in. Check ID's. Also, | | | | foremost, never use a cordless phone for |
| be aware of someone who comes in asking a lot | | | | anything other than the convenience of answering |
| of questions. You may be surprised what the | | | | a call. Switch to a corded line for any specific |
| reception staff will tell someone who smiles and | | | | communications.Monitoring cordless and cellular |
| asks nicely.4. Hacking in. | | | | phone calls has become a million dollar hobby in |
| Do you know the easiest way to hack in to a | | | | America. Some even sell their monitored |
| secure system? Steal the password taped to the | | | | conversations on line. Think ex-girlfriend |
| computer screen at Ed's work station. Trust me, | | | | sites.Mobile phones are an even greater liability. |
| I see it every day. You know what else? Most | | | | Not only are means available to monitor the |
| people use the same password for every system | | | | conversations, but it is not particularly difficult to |
| they need to access.5. Cordless phones. | | | | track the location of the parties based on their |
| Remember most cordless phones and cells are | | | | signal. Now, that is scary.This tracking will become |
| basically fancy radios. If it puts out a signal, the | | | | even easier when newer 3G phones come online |
| signal can be picked up with a scanner.6. Ticking | | | | because their base stations are even closer |
| bombs. | | | | together.What can you do? |
| Answering machines, voice mail, fax machines | | | | 1. Use a regular line for increased security. |
| anything that requires an access code can be | | | | 2. Dedicate a secure line in your office for |
| beaten (remember the password taped to the | | | | sensitive communication. They are not cheap. |
| computer?).7. Starbucks. | | | | Or-Com offers one that has fair reviews for |
| Never discuss sensitive information in a public | | | | about $300.00. |
| restaurant! If I wanted to know about a | | | | 3. Use first names on non-secure lines. |
| corporations business, I go to the snack bar at | | | | 4. Speak in general terms on non-secure lines.If |
| lunch and read the paper over coffee. You won't | | | | you think these precautions a completely paranoid, |
| believe the things you hear (if you're in education, | | | | you may be right. On the other hand, browse |
| teacher lounges are hair raising!).8. Brain cramps. | | | | Spy Emporium for an overview of just a few of |
| Unlocked cabinets, offices, desks, paper work | | | | the surveillance devices available.Part VI.If you |
| left out, answering stupid questions over the | | | | work with confidential data, and you use any of |
| phone. Hello?9. Traitors. | | | | the following pieces of technology, it is just a |
| Face it, some folks will sell you out for the right | | | | matter of time until your confidentiality is |
| price. The right price might be as simple as | | | | compromised.1. Disposable roll fax machines. |
| someone asking, "So, what confidential things are | | | | Used rolls contain copies of every item the |
| you working on these days?" You really wouldn't | | | | machine has received.2. Unattended fax machines. |
| believe what people have told me in answer to | | | | Fax machines left on are excellent sources for |
| that question. Keep sensitive information on a | | | | stealing confidential data. When I expect a fax, I |
| need to know basis.10. Describing a spy. | | | | alert the office staff to put it in a folder in my |
| The typical spy is a short, fat, tall, thin man, with | | | | in-box.3. Dictation machines. |
| curly, bald hair. She often wears provocatively | | | | If you use dictation machines and leave tapes on |
| conservative clothing and is liberally conservative. | | | | the secretaries' desk to be transcribed don't be |
| In other words, ANYBODY is the typical spy.Now | | | | shocked when a tape goes missing (Tell the truth, |
| I will expound upon each section individually.Part | | | | this has already happened hasn't it?).5. Answering |
| 1One of the first areas I mentioned in breaches in | | | | machines. |
| security was "rifled" trash. I believe this to be | | | | Most are accessible with a 3 or 4 digit code. Most |
| foremost method of stealing confidential | | | | people don't change the factory set "3, 4, and 5." |
| information. In reality it isn't even stealing. In | | | | These are easy to hack.6. Cordless microphones. |
| California Versus Greenwood the Supreme Court | | | | Crystal clear signals for about 1,300 feet or a |
| held the Constitution does not prohibit warrant | | | | quarter mile.Part VII.One of the most popular and |
| less search and seizure of garbage left for | | | | reliable methods for gathering information from an |
| collection outside the curtilage (the enclosed area | | | | organization is to "scout the perimeter." Although, |
| immediately surrounding a home or dwelling) of a | | | | this is not as sexy as the "mission impossible" |
| home. This could include places of business.Here | | | | methods, it is very popular and very |
| are some pro-active steps you can take.1. Don't | | | | effective.Here are your most frequent weak |
| transfer confidential documents to recycling | | | | spots.1. The company lunch room. Many people |
| vendors.2. If you have a copier, install a shredder | | | | actually carry confidential files with them to |
| next to it.3. Purchase a cross-cut shredder for | | | | review over lunch. |
| extremely sensitive documents.4. Destroy all | | | | 2. The neighborhood coffee klatch. This is true |
| waste paper.5. Get shredders for each individual. | | | | for the same reason as above. |
| People won't wait in line to use a bulk shredder.6. | | | | 3. The guy who is always at the newsstand |
| DON'T KEEP CARDBOARD BOXES OF | | | | when you pick up your paper. You know the one |
| UNINVENTORIED OLD DOCUMENTS LYING | | | | you discuss current office events with because |
| AROUND.Part II.Remember, James Bond is not | | | | he doesn't know the people anyway. |
| interested in your secrets.That being said, | | | | 4. The chatty new friend your spouse just made. |
| competitors, disgruntled employees, ex-spouses | | | | Think about this when discussing business with |
| and other wreakers of havoc are interested in | | | | your spouse. |
| your secrets.There are many methods of | | | | 5. Any off-site meeting places. Luncheon rooms, |
| "bugging" out there.The five main categories are, | | | | county offices, etc.Part VIIINext to going through |
| in alphabetical order: Acoustic, Optical, RF, Tie-In, | | | | the trash, the most vulnerable area for |
| and Ultrasonic.1. Acoustic - low tech glass to the | | | | exploitation is the human brain. |
| wall, ventilation, electrical out-let, out side the | | | | The major offenders: |
| window, stand by the door, close proximity | | | | 1. Unsecured offices, cabinets, drawers and |
| listening.2. Optical - high end and expensive.3. RF - | | | | doors. |
| radio frequency and receiver devices.4. Tie-in - | | | | 2. Files left on the desk over night. |
| hooking directly in to a phone line. The box is | | | | 3. Group passwords. |
| usually easily accessible on an exterior wall.5. | | | | 4. Company phone directories. |
| Ultrasonic - think transmitter, receiver but with | | | | 5. Desktop rolodexes.Part IXAnother source of |
| audio pressure rather than radio waves.The most | | | | compromised confidential information is the office |
| prevalent and dangerous of this is alphabetically | | | | traitor. Most people have a price. The price may |
| and most destructively listed first. Always be | | | | have been paid the last time they were insulted, |
| aware of your immediate surrounding when | | | | degraded or unappreciated at the office. One the |
| discussing confidential information.Part IIIAlways | | | | other hand, there may be an actual monetary |
| check the identification of persons who pop in to | | | | price for which a trusted associate can be |
| do technical work around your office. This is | | | | turned.Here are some of the characteristics you |
| especially true if you PERSONALLY have not | | | | may need to be on the look out for.1. Those |
| called them for service. These folks are known as | | | | passed over for raises, passed over for |
| "spooks".You see, "Spooking" is a hide in plain site | | | | promotion. |
| method of gaining access to confidential | | | | 2. Those experiencing significant financial difficulty. |
| informationIt seems carrying a clipboard will gain a | | | | 3. Those who gamble. |
| spook access to most places, even those with | | | | 4. Those that employ recreational |
| confidential data to protect.But, there are other | | | | pharmaceuticals (including alcohol). |
| common tools the spook may carry to increase | | | | 5. Those involved in labor and management |
| their appearance of authenticity: 2-way Radio, | | | | disputes. |
| Maglight, Construction worker hard hat, and my | | | | 6. Those that seem to always be on the lookout |
| personal favorite the attention tone cell phone. | | | | for the next big deal.Part X.Basically, if you take a |
| Now, this particular ruse means the spook has a | | | | look at the qualifications for a field agent for the |
| partner but is anything more impressive than that | | | | CIA you can build a fair profile of what an office |
| tone from the "base office" checking the | | | | spy may "look like."1. A Bachelors Degree, rarely |
| technicians' status?However, the most powerful, | | | | more. |
| by far, access granting technique (I mean this will | | | | 2. Solid academic record, not outstanding. |
| get you in anywhere) is a set of Dickies. Yes, | | | | 3. Interest in inter-business and international |
| Dickies. The same things you wore for summer | | | | affairs. |
| jobs in high school and college. They are a virtual | | | | 4. Solid interpersonal skills. |
| cloak of invisibility in our culture.Most common | | | | 5. Solid communication skills. |
| guises:1. Telephone/communications technicians - | | | | 6. Frequent traveler. |
| (typically wearing blue/grey Dickies)2. Computer | | | | 7. Interest in foreign languages. |
| service technicians - (polo shirt and tan Dickies | | | | 8. Prior residence outside the area. |
| pants)3. Copy machine technicians - (polo shirt and | | | | 9. Possible prior military experience. |
| blue Dickies pants)4. Custodians - (typically anyone | | | | 10. Experience in business and/or economics (but |
| with a set of blue/grey Dickies is granted cart | | | | with deficit skills in their own finance |
| blanche access)5. Messenger services - (typically | | | | management). |
| wearing brown Dickies)6. A/C heating technicians - | | | | 11. The person is usually between the ages of |
| (typically wearing blue-green Dickies)The beauty | | | | 21-35. |
| of this type of "spooking" is nobody ever | | | | 12. Previous work in law enforcement or |
| challenges these folks. And if some particularly | | | | corrections. |
| diligent person does question them, the spook | | | | 13. May be considered a loner, not a joiner. |
| goes into his, "fine with me, but it will be at least | | | | 14. No police record. |
| four weeks until I can get back here. We're really | | | | 15. Hobbies include martial arts, scuba, hunting, |
| backed up." That is usually enough to intimidate | | | | proficiency with firearms, chess, math, avid |
| even the most on top of things staff member.I | | | | reader, may write prolifically or play a musical |
| don't usually recommend testing out these | | | | instrument, etc. |
| surveillance techniques, the power of the Tricky | | | | 16. The person may be interested in training |
| Dickie is not to be believed unless you actually see | | | | manuals and field guides.In other words, just |
| it in action. So, get your lazy brother-in-law a set | | | | about anybody who would make a good |
| of Dickies and send him through your office. You | | | | employee. The key is to look for unusual |
| won't believe the results. Afterwards, get the lazy | | | | groupings of these skills. Most people will meet 3 |
| bum to do your yard work so you get your | | | | or 4 of the criteria. Those who meet 6 or more |
| moneys worth from the Dickie investment.Part | | | | should be considered possible candidates.This |
| IVThere are many ways of stealing computer | | | | section completes a ten part series concerning |
| files. As a matter of fact there is a whole niche | | | | confidentiality and security. |
| market dedicated to nothing more than | | | | |