Monthly Archives: December 2010

Bugged? and Your Computer

2 Replies

Come with me now to those thrilling days of yesteryear, when there was a Soviet spy behind every tree, the KGB had infiltrated every agency of the U.S. Government, and your aunt Sally was a traitor, selling nuclear secrets by the basketful. Oh, yes, and the KGB was sitting across the street, picking up the electronic emanations from every computer in every government contractor office building. 

Keeping the Grass Green

Does that sound like so much fertilizer? Well, it was enough to keep Virginia green for a year! You need a realistic appreciation of threat and vulnerability, so consider this, with regard to emanations: There is no computer that emanates anything far enough for an intercept across the street. However, as I mentioned in a previous post, all electronic devices do emanate. Picture the scenario of a 20-floor office building with maybe a couple of hundred computers on each floor, all of them in use at one time or another during work hours. Each one is emanating, so there is, in theory, a vulnerability to intercept. But from where? And how would the interloper separate the desired signals from over a thousand computers, across dozens of companies?

          If he worked for the NSA, he could. And if the stakes were high enough, he would. But that’s a whole other story of deceit, intrigue, and law-breaking.

Abuse and Misuse

Okay, back in the eighties, when PC’s were coming into standard usage, people began abusing them right from the get-go. Employees began playing with their new toys on company time, instead of working.  Underhanded employees began sharing company secrets they had sworn to protect. Employers began defending themselves by having kernels installed on their PC’s. These kernels actually did pick up and transmit every keystroke to employers’ monitoring stations. As a result, some employees found themselves without jobs, for having violated a trust.  [No, the public does not have  a right to know company secrets!] But how many computers do you suppose were involved in any one company, in those days? That’s right — not so many as to make their surveillance a monumental task, as it would be today.

Examine the Claim

A few days ago, on 20/20, a so-called computer security expert made the sweeping statement that every computer is being bugged. Consider that for a moment: “Every computer”….? He further stated that everything you type is being intercepted, keystroke by keystroke.  “Everything”….?  Really?

          That sounded sufficiently sensational so that the interviewer and the program director of that segment bought it hook, line, and sinker. And sold it to the viewing public. Really bad reporting. No explanation, no qualification, no parameters. Just sensationalistic reporting.

          Well, okay, let’s look at that more closely. Today we have hackers and ne’er-do-wells that don’t have a life; social misfits that want to make peoples’  lives miserable by destroying, denying, or distorting information. So yes, the threat is there. And (as the computer security expert stated) if you fail to frequently update your computer programs, and fail to use plenty of protection, you make your data vulnerable to myriad threats. But wait a minute. In this case, your data are not being intercepted on tranmission. That is no longer the vulnerability. The vulnerability is that your data may be corrupted while still in your automated system. It doesn’t have to go anywhere; it just has to be there.

          But suppose someone does intercept your information during transmission, whether from a PC, its peripherals, or from a telephone conversation. What do they do with it?

Interested in discussing these topics? Want more information?

Send an email to PITORRI AND ASSOCIATES, LLC, at http://www.pitorriassociates.com

Ambush!

One way that telephone intercepts can be used is to determine in advance where a person is going to be at a given time — and with whom. The investigative team arrives at the identified location early, prepared to take photographs, notes, or to conduct remote technical surveillance. All this without the expense and risk of a mobile surveillance, that is, following somone around town in a car.

          Another use, applied by law enforcement or even intelligence agencies, is to verify information that may implicate people in a conspiracy. The tech surveillance team hopes to hear deteails such as names, dates, places, and proposed or completed transactions. The same information provided to an industrial spy would allow him to target additional persons for the solicitation of information.

IE

And then there is the jackpot of bugging. The Nirvana. The Experience. Do you know how many perfectly honest, loyal employees or company officers give away proprietary information and trade secrets over the phone? Many. They refuse to believe that (1) Anyone would “stoop so low” as to eavesdrop (2) that such a thing is possible, and (3) that anyone would listen to them!  Consequently, company officers may discuss a topic like customer lists or production plans on the telephone. That makes the information vulnerable to Industrial Espionage (IE).

          Industrial espionage is a billion-dollar-a-year business. Industrial espionage is fluorishing in the United States, Europe, and the Far East. Could your company be at risk? Well, I don’t know….

          Does your company have information anyone else could use?

Explain Me To Not Easy Understand……..

1 Reply

The Big Puzzle

Why is it that people who read my posts in English, and only English, write to me in many other languages? On the one hand, I am immodestly flattered to think you believe I understand Russian, Portuguese, Chinese, Thai, and others, but you forget an important fact:

          The purpose of writing is to communicate. If you want to communicate with me, write in English, French, Italian, Spanish, or German. I have saved some of those comments in other languages, just for kicks, but unfortunately, I cannot answer their authors.  (Okay, I can struggle with reading Portuguese, but I am not capable of writing it.)

Cheers.