Tim
He wrote:
I am the Director of Corporate Security for a medium sized commercial company. My organization operates in the U.S. and has joint ventures in 8 or 9 foreign countries. Our CEO's office was contacted via telephone today by a person claiming to be with the CIA, asking if he could meet with our CEO and/or the group president of our overseas division in order to hear our executive's views about operating in various foreign countries and our company's opinions about operating overseas. The caller explained that the CIA routinely makes these types of calls and left a name, a direct phone number and the CIA's main number for their local office so we could verify his authenticity.
I criss-crossed the main number via the phone company and it does in fact come back to the CIA. I called that number (a "Hello" line), identified myself and explained the call my organization had received to the person at the other end. They asked me the name of the person who called and Iprovided it. They confirmed this person does indeed work for the CIA and that the call we recieved was legitimate. I asked what area the employee worked in and the specific type of information they were seeking to obtain. The person at the other end declined to provide further information and said that these questions were best answered by the individual who had called, so I gave them my number and asked that this person call me back tomorrow to further discuss how my organization can help.
Does this seem legitimate? While I know the CIA is interested in economic intelligence and such, why would they be calling domestic U.S. corporate executives to get their views and opinions? I know the CIA has been working hard to have a better image, thus this could all be on the up and up, it just seems a little unusual to me. I would be very interested in your views.
Thanks
Followup on a couple of other items we discussed in past issues.
Hello Tim -
I enjoy your B.B.'s and thank you as well as the contributors. The
interest in threat's into the microwave region will continue to escalate
I believe as new 'consumer products' evolve.
I have seen 'abuse' of such items, especially in domestic situations.
In one case here that I was involved in a husband removed all the hard wire phones from the house and left his wife with an older generation 'wireless' for obvious reasons. He was observed in his vehicle numerous times (obviously monitoring her calls). The situation went from bad to worse, he ultimately abducted their youngest, fled Canada and ended up in Hawaii. A Search of the house led to the discovery of a previously 'hard wire' tap in the basement, behind a locked workshop door, hidden behind plywood on the wall that held tools, as well as a transmitter in the bedroom which was inactive at the time of discovery. Federal police from Canada and US were involved in finding the child and the husband.
This is just one of many stories that can be told, and no doubt there are hundreds out there amoungst the TSCM practitioners.
Kevin Murray shared information about the upcoming 2.4 GHz cordless phone coming onto the market. Items such as this, while being a good tool to protect conversations also have the POTENTIAL to be abused as listening devices. I purchased one of the Uniden 900 MHz spread spectrum phones over a year ago, and it works fine, and enjoy the privacy attached. I also wanted to see what type of 'signature' it had during a spectrum analysis. It also has an 'intercom' feature, that can be remotely activated by the handset, and turns the base unit into a room monitor. Again - a handy feature for legal use, or a feature for abuse by someone wanting to discreetly listen to room conversation.
Wireless babysitting devices have evolved from the 49 MHz area to the 905 MHz area, yet another threat that has to be addressed by TSCM personnel. Then there are wireless mic's that not only serve a valid purpose, but also are IN FACT transmitters at sites that have the potential to be abused as selective bugging devices. It's not uncommon to find these operating VHF and UHF (ie Shure in the US from 782 - 806 MHz). I had one case recently in Toronto with a major Insurance Company, where the Boardroom had been equipped with a Transmitter, to convey the BR table mic's to the AV system, only 10 feet away (Unit concealed in one of the hollow legs of the BR table, freq of 208.2 MHz). Why hardwire link wasn't used I don't know, and an investigation is now ongoing, as it appears as though it was a deliberate measure commissioned by someone to literally 'broadcast' sensitive BR meetings outside the building. (Originally observed by a Gov't team doing a sweep a few blocks away, which prompted my involvement from the 'private' sector).
AS the frequency of devices, commercial 'convenience' devices as well as deliberate 'bugging' devices goes up in frequency, the TSCM operator has to try and stay one step ahead to meet the needs of his client base. AS well, he has to feed signals from his environment 'efficiently' to his spectrum analyzer, and not rely on a generic vertical antenna. Personally I have chosen antennaes from the US made by Electro-Metrics in NY. One standard for doing a generic sweep cost me just under $ 5000.00 CDN, but it couldn't work better and is designed over the range of 10 KHz to 2 GHz. Another one I use made by them is a conical type, from 30 MHz to 1 GHz, and yet another a beautiful miniature log periodic weighs around 1.5 lbs, and is good from 900 MHz to 18 GHz.
Then there is IR and Laser, that's a field all of it's own. I recently had a 3rd gen hand held NV device made for me, fits in the palm of the hand, made from one of the helicopter pilot's dual eyepiece units (Litton). Great for identifying IR sources, and Kaiser's 1080H with IR demod compliments the issue as it allows actual 'monitoring' of all IR sources to confirm if it is modulated or not. One of the major banks here in Toronto didn't realize that their wireless IR mic system was ON all the time, and any conversations could be monitored from another building a short distance away.
One last RF story - I was doing a sweep in Toronto, just prior to an extremely 'merger' meeting. Two signals were coming out of the BR (72 MHz range) from 2 'wireless teleconferincing 'pods' that were ON. A personal conversation was ongoing at the time, and I advised the person in charge of the meeting of the 'find', as well as saying that this had been identified as a 'threat' previously. The transmitters were turned OFF. It wasn't 5 minutes and one of the steno's came into the kitchen where I was set up beside the BR, she asked if I had done anything to the wireless teleconferencing system, as an outsider had telephoned the Company and said something was wrong with it, and whatever had been done to it, to fix it the way it had been !! True story.
Take care, All the best: Doug
Subject: INTERESTING STUFF
Tim,
Take a look at http://www.pimall.com/nais/n.state.html when you get a
chance. I think that you will find it very interesting. You might want
to extract some of the info for the BB or use it in your advertising.
Bob
Tim Johnson wrote:
Ah hah!!! Got one coming out of lurkdom with a question that has been posed to me (and others) on numerous occasions.
I'd really like to get some feedback from some of you who have experienced this same problem and some of the ways in which it can be controlled, etc.
Come on, now, he asked, ya gotta help. That's part of the code.
Tim
Bob wrote:
Subject: Technical Assistance Needed
Tim - That's quite the scenerio you paint my friend. The more I think
about it, the more hesitant I am (and you should be).
I can't for the life of me understand why the Police, with their
resources wouldn't do the operation themselves. COMPROMISE of an
operation such as you describe is ALWAYS a paramount concern, and to
entrust it to someone in the PI business who is looking for outside
advice just dosen't add up, at least to this 'ol man.
Police know how to address such a situation, have the legal and
technical resources to cope with it. I can't even see how a PI would
have the legal right to possess, instal, remove equipment - in Canada
there is no such 'legal' framework in place to involve a PI., and I
would think the same for the US.
I could go on and on about it, but I think the 'supposed' PI is up to no
good (or maybe it's a sting OP). I have had to attend not only
technical mandates under Court Orders, but also Hostage situations where
intelligence (technical) had to be obtained in the past for the better
part of 20 years. There is ALWAYS a way, as I am sure your US police
forces must know, but to start and entrust that kind of information to a
PI, sorry !!
It will be interesting to see the responses.
Best regards
Tim Long-Term Foreign Visits Threaten Security The Threat According to a recent article provided by the Defense Investigative Service, long-term foreign visits to cleared US companies-as well as non-DoD companies in the private sector-can pose a serious threat to security without appropriate countermeasures to mitigate the vulnerabilities associated with the foreign presence. Given access to scientific, technical, and other proprietary information, foreign experts can glean significant information to clarify and confirm reports obtained through intelligence channels to aid in their own research and development. The vast numbers of foreign scientists visiting the US make it difficult to assess the full extent of their collection effort. Often the difference between the technology used in unclassified research and a classified weapons program is nothing more than the "application" of the technology.
Some Real-Life Cases In one instance involving a cleared US company, the company security officer reported the company's desire to employ the son of a prominent foreign scientist from a European country. A name check of the scientist revealed he had previously cooperated with a foreign intelligence service. The company specializes in providing training, engineering, and other technical services. In another example, prominent foreign scientists take long-term employment with US companies and immediately begin sending acquired information via fax transmissions back to their former associates in their native language. In yet another case, a foreign student attempted to gain employment with a cleared US company (a company under contract with the US Government to perform classified work) for "free" in lieu of military service in his home country. This modus operandi had been used previously by the same foreign country and is still being used today. Countering the Threat US industry reporting of security countermeasures concerns continues to indicate that, without sustained security and counterintelligence (CI) awareness training programs, assimilation of foreign personnel into the work environment usually results in a relaxation of security awareness among US employees. In this type of environment, a security compromise frequently occurs.
Security countermeasures to consider in this instance include: Local Area Network (LAN) Restrictions. In anticipation of gaining access to a LAN, some foreign employees are trained in hacking techniques. Good risk management means reducing vulnerabilities to the technologies or information you are trying to protect. It may mean providing long-term visitors with a "stand alone" computer instead of access to a LAN. Fax Machine Restrictions. Unless a company has a trusted employee who is able to read and review the documents, a foreign visitor should not be given access to company fax machines. Foreign employees' uncontrolled access to fax machines reduces the risk of detection to them by eliminating the need to remove documents from the facility. A Technology Control Plan (TCP) or Other Similar Document. A TCP will educate all employees on what needs to be protected and what their responsibilities are to prevent the loss of classified, intellectual property, or proprietary information. It will also help educate facility employees on CI awareness issues. Facility employees should be pre-briefed prior to the arrival of a foreign national on the potential foreign collection techniques that could be used, particularly elicitation. Facility employees should also be aware of the reporting procedures for potential economic espionage indicators. Periodic Liaison. Periodic liaison with the local supporting CI office should be conducted on the issue. Periodic Interviews. To spot potential espionage indicators, facility employees should be periodically interviewed if they are in contact with foreign employees.
Internet Security: Unraveling the Gordian Knot Dr. James Kasprzak, Information Resource Management College, National Defense University, and Charles Crowl, Defense Information Systems Agency. Internet Security Issues The Internet has shown a wide range of vulnerabilities to hackers, viruses, and unintentional breakdowns. Since its original design emphasized easy accessibility rather than security, control, and integrity of data, it will be difficult and expensive to retrofit these qualities into the system. Because of these weaknesses, governments and others are reluctant to put critical national security functions on the Internet. By ''critical functions,'' we refer not only to classified data, command and control, and emergency operations but also to police functions, finance and banking, transportation, and other key civil support activities. This is not to say that all critical functions will not, or should not, be on the Internet. Worldwide experience with the Internet in times of disaster, oppression, and civil unrest has shown the critically pivotal role of Internet-style access to information. After earthquakes in Japan and California, typhoons in Hawaii, and hurricanes in Florida, national and local governments and individuals used the Internet to find relatives, distribute emergency supplies, and coordinate disaster relief. In Bosnia, China, and Mexico, it has been used for public information (and disinformation) in times of political and military conflict.
Thus, far more activities will inevitably move to the Internet, and some of these will be essential functions. Future concerns with potentially serious effects include the increasing interconnectivity of the Internet and the public switched network. About 90 percent of government telecommunications use the public network, and, if this infrastructure is attacked, government operations could be degraded significantly. The business community has also been reluctant to commit its most essential and sensitive functions to the Internet. Surveys reveal that many companies have experienced security intrusions through the Internet and that users and security personnel have perceived a rise in attempted break-ins of their systems. The notoriety surrounding the arrest of a hacker who stole 20,000 credit card numbers highlights and reinforces the widely held view that financial transactions may not be safe in cyberspace. In 1996, commercial enterprises transacted about $500 million worth on the Internet-an insignificant amount when compared with the US retail marketplace. To date, many of these transactions seem to be in a small number of industries- such as entertainment and computer equipment- and only involve a small number of buyers. The Internet is not secure, and many businesses and government organizations know this fact and conduct their activities in this medium accordingly. While the Internet will become an important vehicle of commerce, many risks must be overcome in the next few years of transition.
Threats to Internet Security The Internet has no special vulnerability to natural disasters because it is so geographically dispersed. Fires, earthquakes, and floods can only affect very limited segments of the Net at any one time. However, the great number and diversity of its machines, software applications, and networks render the Internet vulnerable to other kinds of problems. For example, computers on the Internet have the same susceptibility to software viruses as their non-networked cousins, but they arguably have greater exposure. Because the many aspects of computer, communications, and information security are too extensive to be covered here, only some peculiar vulnerabilities of the Internet will be surveyed. Malicious Software.
A variety of software threatens systems attached to the Internet or the Internet itself.
A Trojan horse program sabotages unknowing users with unforeseen built-in problems. A virus program spreads by making copies of itself in one way or another. Self-sufficient, a worm program spreads by spawning copies of itself on other hosts on the network. A back door, a "hole'' in the software, permits access without going through normal procedures. It can be inserted into a system by a programmer or hacker in order to circumvent normal security procedures.
While all of these programs can infect machines not connected to a network, the Internet's public and undisciplined nature permits faster and more widespread infection. For example, the worm spread by a student in 1988 infected thousands of computers and, within a day, effectively shut down the Net. Virus creators, however, continue to make rapid advances in the state of their art. A few years ago, virus infection could be avoided by just not running certain kinds of programs (.exe files and .com files, for example). Today, a much greater range of viruses exists, infecting a wider range of files. For example, "macro" viruses, programs attached to compressed files, "automatically decompress the file" (and infect your machine) and other ruses. New languages and "scripts" such as Java and CGI scripts download small programs (applets) and run them on remote computers.
Some believe that applets may provide significantly higher levels of risk to those browsing the Internet. Finally, some of the search engines send out software agents (called "spiders," "ants," and other insect names) to search through data files and index or fetch information. The difference between these "good" software programs and "worms" or "viruses" is a matter of debate. If somebody else's machine seeks to download large amounts of data just for indexing, and ties up access ports on another's machine, the victim might well conceive of this as an antisocial act-a partial denial of service.
Unauthorized Intrusion "Hacking" into computer systems has become more popular than ever, and a new generation of hackers appears to be motivated by more sinister motives: greed, ideological vengeance, and deliberately malicious behaviors. For example, one hacker assaulted emergency 911 systems, denying services for potentially life-threatening calls, while another changed the path of a hurricane on an Internet weather map, misleading viewers on the locations threatened by the storm. In addition, evidence indicates that a number of nations have taken a military interest in the Internet.
For terrorist states, organized hacking offers the advantages of low cost, low risk, and potentially a high gain against the most highly developed nations. This threat may be the most serious of all Internet vulnerabilities. Organized, well-planned, and appropriately timed attacks are potentially far more dangerous than the erratic sniping of amateurs- even brilliant amateurs. Break-ins occur at an alarming rate because the Internet provides an especially comfortable and interesting place for hackers.
For one thing, the Internet-a large, intricate network-has limited security and many software flaws. For another, it is easy to remain anonymous on the Net. An expert can weave a trail through a dozen systems, making it almost impossible to track him. Finally, the international, multiorganizational, multidimensional, and highly decentralized Internet makes it difficult to get attention and cooperation across such boundaries even under the best of circumstances.
In the latest development in hacking, hackers use sophisticated tools, including complex software programs, to exploit holes in the security of computer systems. Experts create and pass on to others these automated tools-war dialers, password crackers, "Satan," sniffers, and others. Because many are stored on the Internet, relative newcomers can download and use them-raising the level of sophistication of hackers of all types. Security Solutions
The United States now spends considerably more than $100 million a year to resolve the security problems of the Internet. Some avenues likely to bring success may depend on advances in technology. As computers increase in power and speed, some real-time enhancements become possible. These approaches look hopeful: Changes to TCP/IP (Transmission Control Protocol/Internet Protocol) that bring greater security. Cheap, very fast encryption that is highly secure. Smart cards containing complex passwords and perhaps biometric data. Low-cost "firewalls," continuously maintained, sealing off computers, including switches, from unauthorized access. Identification of Internet users by digital signatures. and... German Companies Warned of Rising Industrial Espionage
In late 1996, several German factions spoke out to warn companies and the government that they must tighten security precautions in the face of industrial espionage from Russia and Eastern Europe, which is costing them billions of dollars a year. In November, Germany's Federal Prosecutor warned that, although the end of the Cold War had reduced military and political tension between East and West, foreign intelligence services were more active than ever in trying to steal secrets from German companies. Citing damage to German industry by espionage at about 8 billion marks ($5.31 billion) a year, he said that many foreign intelligence services concentrated on industrial espionage in order to justify their continued existence, and he warned all sectors that it was not just the industrial giants who were being targeted by foreign spies.
Russia and Eastern Europe were identified as the biggest threat, but the rapidly growing economies of southeast Asia and Communist countries such as North Korea and China were also acknowledged as seeking German know-how. Modus operandi included placing agents in international organizations, setting up joint-ventures with German companies, and setting up bogus companies. The report also warned business leaders to be particularly wary of former diplomats or people who used to work for foreign secret services because they often had the language skills and knowledge of Germany that made them excellent agents.
Another source claimed that trade thefts cost German companies as much as 20 billion marks ($13 billion) in 1996, and a third source added that most thefts involve German companies spying on their German competitors. A growing number, however, involved intelligence services from East European countries. It was also alleged that about a 1,000 cases of espionage against German firms go unnoticed or unreported each year, primarily due to the ensuing negative publicity the cases would generate.
Australia Acts To Reduce Economic Espionage According to its annual report to the Federal Parliament, the Australian Security Intelligence Organization (ASIO) claims that foreign governments send agents into Australia with "shopping lists" of requirements for information and technology. In its preamble, the domestic intelligence agency noted the global trend toward concentration on economic, scientific, and technological espionage, as well as the traditional staples of political and military espionage.
The agency started an investigation in early 1996 by contacting industry groups, research centers, and manufacturing firms, and soliciting information about suspected espionage attempts against them. The responses helped assess the level of economic espionage activity and the identity of government sponsors. Underlining the continuing interest of foreign intelligence agencies in Australia, ASIO said that it rejected 16 people who sought temporary or permanent entry to Australia in 1995 and 1996. Of the 16 individuals, it rejected 11 because of their potential to commit espionage, and it suspected another one of seeking to procure technology for weapons of mass destruction.
In the News Indian Businessman Pleads No Contest to Spying According to recent press reporting, an Indian businessman, Aluru J. Prasad, was sentenced on 9 December 1996 to 15 months in prison for spying for the former Soviet Union during the 1980s. The suspected spy pleaded no contest to trying to gather secrets about the US "Star Wars" anti-missile defense system, the stealth bomber, and other classified defense projects. At the plea hearing, Prasad admitted to working with Subrahmanyam Kota of Northboro, Massachusetts-an Indian-born software engineer-to steal high-tech information from the Mitre Corporation, including the formulas for the paint used to cloak the stealth bomber from radar detection. Earlier in the year, Kota had testified against Prasad and pleaded guilty to wire fraud, three counts of tax evasion, and a charge relating to biotech theft. He is due to be sentenced in March. Another of Kota's contacts, Vemuri B. Reddy-a research scientist at a Framingham company with access to genetically altered cells used to produce blood pressure medicine-is scheduled to go on trial on 3 February 1997.
US Army Soldier Acquitted of Spy Charges According to various wire reports, Pfc. Eric Jenott-a US Army soldier accused of passing a classified computer code to a Chinese citizen-was cleared of spy charges, but he was found guilty of damaging government property and computer fraud. Jenott was sentenced to three years in prison and given a bad-conduct discharge. The sentence will be appealed automatically. Prosecutors contended that Jenott broke into Pentagon computers and gave a secret computer password to a Chinese national, hoping to gain favor with the Chinese Government because he wanted to defect to China.
Spy Charges Levied Against CIA and FBI Veterans Harold J. Nicholson-a 16-year CIA veteran and former station chief with access to "very damaging information," according to an FBI affidavit- was arrested on 15 November 1996 and charged with passing Top-Secret information to the Russians. Four days prior to his arrest at Washington's Dulles International Airport, where he was about to leave for Switzerland, Nicholson was allegedly observed photographing "Secret" and "Top Secret" CIA documents. Nicholson has pleaded not guilty and is tentatively scheduled to go on trial on 14 April 1997. Earl E. Pitts-a Special Agent with the FBI since 1983-was arrested at Quantico, Virginia, on 17 December 1996 and charged with compromising FBI intelligence operations and information to the SVRR (successor of the KGB), the intelligence service of Russia. The affidavit charges that Pitts conspired with officers of the KGB and SVRR to commit espionage from 1987 to 1992, after which he remained an agent of the SVRR in a dormant capacity. During this period, Pitts allegedly received in excess of $224,000 from the KGB and SVRR. From August 1995 until his arrest, Pitts allegedly attempted to commit espionage and committed numerous other violations of Federal criminal law in connection with his contact with certain individuals who he believed were agents of the SVRR but who were, in fact, undercover personnel employed by, or operating on the instructions, of the FBI. Pitts has pleaded not guilty and is scheduled to go on trial on 21 April 1997
That should be enough to get your thinking cap working. I'll be in Vegas overnight (tomorrow night), so I won't be answering messages tomorrow. See you on Friday
Tim Johnson
Questions from the non-technical lurkers, eh... guess I qualify. Basic CI threat from the PRC visitors to my area is always on my mind. Technical threats are one thing, and of course the humint threat against U.S. Chinese (I forget the Chinese term, but it means coercing them in the name of the homeland, and quite often works), but what else would they do while visiting our R&D facilites?
Bob,
The following article is a good primer on the threat... Fortune Magazine (3/31/98) - China's Spies Target Corporate America