TSCM Overview for Stakeholders


Published on

A TSCM presentation that we provide to stakeholders. If you would like us to speak please provide a 4 hour time period and we will schedule your briefing.

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

TSCM Overview for Stakeholders

  1. 1. Electronic Countermeasures What is involved in a TSCM Sweep? Recommendations for Stake Holders
  2. 2. Minimum Computer Security Countermeasures <ul><li>Conduct background investigations on new hires or watch for disgruntled trends </li></ul><ul><li>Provide proper training on computer security and usage </li></ul><ul><li>Do not allow dialup modems </li></ul><ul><li>Limit access to computing facilities and servers </li></ul><ul><li>Do not allow magnetic or media to leave the building without audit or chain of record </li></ul><ul><li>Antivirus and security software protections </li></ul><ul><li>Install access control devices and monitoring </li></ul><ul><li>Frequent Inspections of servers and workstations by a trained TSCM expert </li></ul>
  3. 3. Viruses and Trojan Horses <ul><li>Computer code the is malicious in nature or that has a hidden spy mechanism </li></ul><ul><li>Used to steal information or take control of remote computer systems </li></ul><ul><li>Antivirus software is not a cure all </li></ul><ul><li>Cost companies millions of dollars annually to ensure they are not infected </li></ul>
  4. 4. Employee Considerations <ul><li>Can cause damage if controls are not in place it may be difficult or impossible to recover the data or loss </li></ul><ul><li>Files copied to removable media – stolen </li></ul><ul><li>Remove access granted to third parties that are unauthorized </li></ul><ul><li>Malicious viruses introduced onto your corporate network </li></ul><ul><li>Physical damage </li></ul>
  5. 5. Destroying Media <ul><li>One of the worst things in corporate America is that employers throw away formatted media </li></ul><ul><li>This media can be recovered by utilities such as EnCase™ or UnEraser and is not truly deleted on the media when it is thrown out </li></ul><ul><li>Suggest a low level format (7X or greater rewrite) – Downside is that its time consuming or destruction of the drives </li></ul>
  6. 6. Personal Equipment Onsite <ul><li>Need clear policies on the personal use of equipment onsite </li></ul><ul><li>Most mobile phones are now Internet enabled </li></ul><ul><li>Should not allow 1 or 2 way communications devices in secured areas </li></ul><ul><li>Search when personnel leave the building to locate and detect theft of information </li></ul>
  7. 7. Suggestions – Policy is Important! <ul><li>Create comprehensive security policies and ensure the enforcement in your work environment </li></ul><ul><li>Ensure your staff have the proper equipment to protect your data </li></ul><ul><li>Make the process as easy as possible </li></ul><ul><li>FORMAL TRAINING IS A MUST – Have your employees attend security training such as this course at a minimum annually </li></ul>
  8. 8. Who are the spies? <ul><li>Foreign Governments (i.e.. China, Russia)‏ </li></ul><ul><li>Corporate Competition </li></ul><ul><li>Divorce or Separated Parties </li></ul><ul><li>Hackers and Phishers </li></ul><ul><li>Intelligence Gathering Organizations (Government and Private)‏ </li></ul><ul><li>Anybody with a need to know or with a desire to learn the information that you hold dearest </li></ul>
  9. 9. What does an audio surveillance operation consist of? <ul><li>The next section will go into detail concerning an audio surveillance operation. This is by no means the only methods used and this field is changing as we have mentioned before. </li></ul>
  10. 10. The Target <ul><li>Usually somebody with sensitive information </li></ul><ul><li>We typically think that it is somebody with Classified or Sensitive information which may not be the case </li></ul><ul><li>A typical target is attacked at many different levels </li></ul>
  11. 11. The Target <ul><li>We think of targets as someone with power but it could be any ordinary person with useful information </li></ul><ul><li>The target may not be the final target but rather somebody that has information on your final target – A doctor, lawyer, spouse, etc. </li></ul>
  12. 12. The Target <ul><li>A target can be anybody that you can use to get to the bottom of what information you are interested in </li></ul><ul><li>Children are great targets because they are care free and open with information about their parents </li></ul>
  13. 13. Targets <ul><li>As you can see just about anybody can be a target if they have useful information </li></ul>
  14. 14. Typical Audio Surveillance <ul><li>Is normally used to get operational information useful to pull of other information gathering </li></ul><ul><li>Only once operational or intelligence is gathered can more successful attacks be carried out </li></ul>
  15. 15. High Profile Targets <ul><li>Corporate Leaders </li></ul><ul><li>Industry </li></ul><ul><li>Research </li></ul><ul><li>Military </li></ul><ul><li>Universities </li></ul><ul><li>Activist Organizations </li></ul><ul><li>Agents and Double Agents </li></ul><ul><li>Families and Friends of High Profile Targets </li></ul><ul><li>Intelligence Organizations </li></ul><ul><li>Foreign Countries </li></ul>
  16. 16. Stages of an Attack – Information Gathering on the Target <ul><li>Collection of information such as targets schedule and locations </li></ul><ul><li>Collection of trash </li></ul><ul><li>Information and routine locations, etc. </li></ul><ul><li>Electronic research (look for myspace, resumes, online post, etc)‏ </li></ul><ul><li>Personality observation and psychology </li></ul><ul><li>Used to pretext or have operatives make contact with something in common, emotional play </li></ul><ul><li>Known associates and organizations </li></ul><ul><li>Preparation for Surveillance </li></ul><ul><li>The Plant – Installation of Listening Devices </li></ul>
  17. 17. Issues Encountered by the Bugger <ul><li>Limits of battery (Lithium is usually a stable good choice, button batteries are also use frequently because of their size profile)‏ </li></ul><ul><li>Being caught planting or servicing the device </li></ul><ul><li>Legal Issues if operating outside of the law </li></ul><ul><li>Plant under duress </li></ul><ul><li>Technical hurdles and compromise for the specific application </li></ul><ul><li>Double cross is a possibility in some situations (emotional stress and physical threats if the bugger does not comply)‏ </li></ul><ul><li>Plant of illegal substance and escalation </li></ul>
  18. 18. Electronic Communication Intercepts – Legal Issues <ul><li>The legal issues surrounding the interception of electronic communications are many and varied, primarily because they arise in different contexts: criminal investigations, corporate espionage, employer-employee relationships, and the intelligence activities of the federal government conducted against foreign countries. In recent years, two primary issues have arisen. One, rapid changes in technology can sometimes outpace legislation designed to protect United States citizens from unwarranted electronic intercepts. Two, in response to the threat of terrorism against the United States, the federal government passed legislation that, in the eyes of some, weakened constitutional protections against unwarranted interception of electronic communications. </li></ul>
  19. 19. Legal Issues <ul><li>Electronic intelligence. Traditionally, intelligence-gathering operations have been divided into two broad categories: human and electronic. Human intelligence gathering, or what the intelligence community refers to as HUMINT, involves the use of on-the-scene human operatives who, for example, prepare maps, observe enemy troop movements, steal documents, recruit others to provide information, or physically eavesdrop on conversations. </li></ul>
  20. 20. Legal Issues <ul><li>HUMINT </li></ul><ul><li>The possibility always exists that the operative will be caught, forced to reveal information about his or her activities and purposes, and even imprisoned or executed. For this reason, intelligence agencies whenever possible have come to rely more on electronic intelligence gathering, or ELINT. Spy satellites and high-altitude planes such as the U2, for example, can be used to provide accurate and timely information about troop deployments or missile installations, while wiretaps and hidden microphones allow communications to be intercepted without placing an operative in danger. Further, ELINT can be conducted by those who have no particular training in spycraft (tradecraft) from positions thousands of miles away. </li></ul>
  21. 21. Legal Issues <ul><li>ELINT </li></ul><ul><li>Divided into two types: trespassory and nontrespassory. As its name suggests, trespassory ELINT requires some sort of trespass; the target's physical premises have to be entered—to install a transmitter or microphone, for example. Non-trespassory ELINT, in contrast, does not require physical invasion of the target premises. Since the end of World War II and throughout the Cold War, the intelligence community has devised various forms of non-trespassory ELINT, enabling it to intercept information transmitted by satellite, radio, cell phone, and microwave transmissions. While ELINT was and is valuable for gathering foreign intelligence, cell phones calls. </li></ul>
  22. 22. Legal Issues <ul><li>TEMPEST technology </li></ul><ul><li>The chief legal issue surrounding non-trespassory interception of electronic communications stems from the use of the word communication. Under the act, it would be illegal for authorities to, for example, tap a phone without a court order, because the purpose of a phone call is to communicate a message. But modern electronic devices emit all sorts of information that is never intended to be &quot;communicated.&quot; They do so in the form of what are called emanated transient electromagnetic pulses (ETEP), which can be received and reconstructed. A computer screen, for example, displays information in the form of pixels that glow when they are struck by an electron beam. To keep the pixels on a computer screen lit, the electron beam fires perhaps 60 times per second. The beam's high-voltage electromagnetic emission that the machine is performing. </li></ul>
  23. 23. Legal Issues <ul><li>The potential for abuse is clear. A person or agency with the know-how could intercept from a business computer information that would be beneficial in, for example, making stock market transactions, or steal proprietary information about the development of a new product. But because the U.S. government uses TEMPEST technology to conduct intelligence on foreign governments and potentially to monitor the activities of terrorists, it currently prohibits non-government agencies or individuals from owning TEMPEST equipment, making it difficult to research ways to protect legitimate computer users from this modern form of &quot;eavesdropping.&quot; </li></ul>
  24. 24. Legal Issues <ul><li>Echelon. In 1947, the United States and Great Britain agreed to join forces to form a &quot;worldwide listening network,&quot; primarily to keep themselves apprised of the activities of the Soviet Union and its allies. In the United States, this agreement in 1971 evolved into Echelon, a global communications interception and surveillance system. In its early days, the U.S.-UK system and Echelon focused on phone and radio traffic. Later, the focus shifted to satellite and microwave communications. More recently, Echelon has also been used to monitor digital communication, principally on the Internet. </li></ul>
  25. 25. Legal Issues <ul><li>The workings of Echelon remain secret; the U.S. government barely acknowledges that it exists, and personnel who work for the agencies of foreign governments with access to Echelon (currently, Australia, Canada, Denmark, Germany, New Zealand, Norway, and Turkey) sign lifetime confidentiality agreements. Echelon functions by tapping numerous sources, including ground-based radio antennae, cable devices, satellites, equipment housed in the U.S. embassies of foreign nations, and the Internet. With regard to the Internet, Echelon can intercept e-mail and file transfers, and by using so-called sniffer devices, it can monitor Web browsing. It then uses a &quot;dictionary&quot; to filter information through key words and addresses, as well as to translate messages and even to interpret their content. It is estimated that Echelon can intercept three billion communications per day, including 90 percent of Internet and satellite traffic. </li></ul>
  26. 26. Legal Issues <ul><li>Echelon was formed for the purpose of conducting foreign intelligence operations. Under the Foreign Intelligence Surveillance Act, no proof of criminality has to be shown to conduct such operations; the only safeguard is the secret Foreign Intelligence Surveillance Court, which verifies that the target of an operation is an &quot;agent of a foreign government&quot; rather than a U.S. citizen (or permanent resident alien). Once again, though, the potential for abuse is clear. Many governments have pressured the United States to reveal information on surveillance targets and intelligence operations conducted through Echelon. They are concerned because of reports that economic and business information gathered through Echelon has been passed to American companies, giving them an advantage over their foreign competitors. In recent years, too, civil libertarians have expressed concern that Echelon could be used in a way that violates the Fourth Amendment, which preserves the right of American citizens to be free from unreasonable searches and seizures. </li></ul>
  27. 27. Legal Issues <ul><li>The USA Patriot Act. These developments—the pervasiveness of electronic intelligence-gathering capabilities, the existence of sophisticated surveillance technologies, the evolution of Echelon—all coalesced on October 26, 2001, when President George W. Bush signed into law the USA Patriot Act, more formally the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (Public Law 107–56; 115 Stat. 272). The act was passed in response to the terrorist attacks against the United States on September 11 that year. Its goal was to provide law enforcement and the intelligence community with tools to combat international terrorism. </li></ul>
  28. 28. Legal Issues <ul><li>Even before it was signed into law, the bill was controversial. Its supporters argued that it was necessary in an environment when attacks could emanate not only from recognized states with identifiable borders but also from loosely affiliated transnational groups such as militant Islamic extremists. These groups, it was pointed out, include American citizens and others living inside the United States, such as many of the September 11 hijackers. To communicate across national borders, launder money, and channel funds, these groups rely on phones, radio, and especially the Internet, and law enforcement's efforts to monitor their communications were shackled by legislation that restricted electronic intercepts. The bill's opponents argued that the act poses significant risk that civil liberties will be infringed and that it does not provide for legislative and judicial overview of the purposes for which such information is used. </li></ul>
  29. 29. Legal Issues <ul><li>The 342-page USA Patriot Act amends fifteen different statutes, including the Electronic Communications Privacy Act, the Computer Abuse and Fraud Act of 1986, and the Foreign Intelligence Surveillance Act. Many of the changes are scheduled to expire on December 31, 2005, unless they are extended by Congress. While many of the changes are minor, they collectively give the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), other federal agencies, and local law enforcement sweeping new powers to conduct intelligence operations against terrorists inside the United States. For example, the government can now legally monitor Web surfing, including terms entered into search engines, by informing a judge that doing so could lead to information &quot;relevant&quot; to a terror investigation. Again, civil libertarians fear that a ten-year-old who innocently conducts a Web search for bomb or a student doing Internet research on Allah (the name of the deity in the Islamic faith) could actually attract the attention of the CIA—and never know it. </li></ul>
  30. 30. Legal Issues <ul><li>The act made other significant changes in the law. Both the FBI and the CIA had complained that earlier laws requiring a court order to tap a phone were unduly restrictive in the age of cell phones, when a user is not wired to a location and can easily use multiple phones while on the move. Under the USA Patriot Act, they have the authority to conduct roving wiretaps; instead of getting a court order to tap a phone, they now can get such an order to tap a person or organization. This means that if a terrorist suspect uses a cell phone, throws it away, then uses another phone, the government can monitor calls made and received on both phones rather than just one. Similarly, the new law makes it easier for the government to get so-called pen/trap orders, referring to &quot;pen register&quot; and &quot;trap-and-trace device&quot; orders. This change authorizes the collection of telephone numbers dialed to and from a particular communication device, including phones of course, but also computers with Internet connections. </li></ul>
  31. 31. Legal Issues <ul><li>Another change involves Internet service providers (ISP's). Previously, the government had to obtain a court order to access the records of an ISP. Now, the government can seek information from ISP's with just a subpoena. This information includes records of session times and durations, network addresses, and methods of payment. The law also authorizes the ISP's themselves to turn over information they believe suggests that a threat against American lives exists. This includes not only &quot;noncontent&quot; information (account numbers, phone numbers, credit card account numbers, and the like) but &quot;content&quot; information—that is, the actual content of messages that suggest a terrorist threat. Again, the purpose of all these changes is to enable law enforcement to monitor the &quot;chatter&quot; of terrorist groups and, on the basis of information gathered, warn the American public about impending threats, thwart terrorist attacks, and round up suspected terrorists. </li></ul>
  32. 32. Legal Issues - Reading <ul><li>Ewing, Alphonse B. USA Patriot Act. Hauppauge, N.Y.: Nova Science Publishing, 2003. </li></ul><ul><li>Reams, Bernard D., Jr., and Christopher Anglim, ed. USA Patriot Act: A Legislative History of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act. Littleton, CO.: Fred B. Rothman, 2002. </li></ul><ul><li>Richelson, Jeffrey T. The Wizards of Langley. Boulder, CO.: Westview, 2001. </li></ul>
  33. 33. Legal Issues <ul><li>Illegal to own a device capable of intercepting private communications without the parties knowledge </li></ul><ul><li>Each state has recording laws. Some are 2 party consent states and some only require the consent of 1 participant in the conversation </li></ul><ul><li>Federal laws restrict devices, export and the release of information as well as the manufacture and possession of spy type devices </li></ul><ul><li>Federal Wiretap laws also are always enforceable </li></ul><ul><li>Instruments of crime laws – Due to interpretation </li></ul>
  34. 34. Some History on Bugs <ul><li>A key part of intelligence gathering and surveillance is the installation of listening devices. The classic Cold War image of Soviet espionage agents secretly planting &quot;bugs&quot; in an office of the United States embassy is an accurate historical picture of the use of these listening devices. Police forces and private investigators also use bugging devices (with legal approval). </li></ul>
  35. 35. History <ul><li>The use of listening devices is often a race to acquire information before the devices are discovered and removed. For example, rooms where top-secret intelligence activity occurs are frequently examined, or &quot;swept&quot;, for bugs. </li></ul>Homebuilt RF Detector
  36. 36. History <ul><li>A typical electronic bug consists of a microphone and a radio transmitter. The microphone receives sound waves and either vibrates a thin membrane called a diaphragm (a dynamic microphone) or a thin metal ribbon suspended in a magnetic field (a ribbon microphone). Vibration of the diaphragm produces an electrical signal. Vibration of the metal ribbon produces a voltage change, which can be converted to an electrical signal. </li></ul>
  37. 37. History <ul><li>The electric signals are then beamed out of the transmitter portion of the bug to a receiver. The conversation transmitted by the bug to the receiver can be recorded or listened to directly. Other types of bugs exist. For example, radio frequencies passing through the electrical wiring of a building can be intercepted. Bugs can also intercept the electrical transmissions from portable phones, wireless computers linked to a network, and even from a computer monitor. </li></ul>
  38. 38. History <ul><li>The designation of secret listening devices as bugs is entirely suitable, given their small size. Modern bugs can be concealed in pens, calculators, and even buttons (although the latter need to be replaced frequently, as their power supply is so small. </li></ul>Sinn Fein President Gerry Adams displays an electronic tracking and listening device, found in a car used by Sinn Fein leaders, during a press conference in Belfast, Northern Ireland in 1999.
  39. 39. History – A Key Point <ul><li>The miniaturization of electronics has made it possible to pack more devices into the small package. For example, video equipment can be contained in a bug, enabling sight as well as sound surveillance. </li></ul><ul><li>The transistor made the creation of bugging devices easier to conceal! </li></ul>
  40. 40. History <ul><li>Up to the 1980s, bugs operated using very high frequency, or VHF, radio waves. However, the development of mobile communications technology, particularly digital telephones, paved the way for the development of bugs that operate using ultrahigh frequency wavelength or microwaves. This has made the detection of bugs more difficult than simply detecting the output of radio waves. Some modern bugging devices can also disguise the output signal or vary the frequency of the signal, which can thwart detection. </li></ul>
  41. 41. History <ul><li>Some bugs contain voice-activated recorders that are capable of storing up to 12 hours of conversation. The information can then be rapidly sent to a receiver in a &quot;burst&quot; transmission. Because detection of the bug is geared toward the frequencies emitted during transmission, the detection of these bugs is difficult. Counter systems are designed to try and activate the bug and then detect it. The transmission range of bugs has improved from mere yards to miles. Some bugs can even transmit to satellites, making monitoring from thousands of miles away feasible. </li></ul>
  42. 42. History <ul><li>Another surveillance option is the use of a microphone. Conventional microphones operate electronically; the electrical signals representing the converted sound waves are passed through a wire to a receiving device located elsewhere. Microphones that operate using magnetic fields also exist. </li></ul><ul><li>Shotgun microphones equipped with a parabolic reflector can record conversation outside at a distance. Electronic filters screen out extraneous background noise in order to enhance the sensitivity of the microphone. </li></ul>
  43. 43. History <ul><li>Laser microphones bounce a laser beam off of an object that is near the conversation. The object must be something that resonates, or is able to move as pressure waves created by noise in the room encounter it. As the object vibrates back and forth due to the sound waves from the conversation in the room, the distance traveled by the laser beam will become slightly shorter and longer. These length differences can be measured over time, and the pattern of the vibrations translated into the text of the conversation. </li></ul>
  44. 44. History <ul><li>Microphones are extremely hard to detect , especially when used in a room where other electrical appliances (i.e., computers, telephones) are operating. </li></ul><ul><li>Bugs are detected by virtue of the frequencies they emit . Essentially a bug detector is a receiver. When brought near an operating bug, the detector will collect and amplify or demodulate the bug's transmission. Bug detectors are now portable enough to be carried in a &quot;sweep&quot; of a room. </li></ul>
  45. 45. History <ul><li>Bugs and microphones have moved from the arena of political espionage to the boardrooms of corporate offices and police surveillance operations. Recognizing the prevalence of electronic eavesdropping devices and their threat to privacy, the United States Congress passed the Electronic Communication Privacy Act in 1986, which made bugging illegal. Nonetheless, the use of eavesdropping devices and detectors is widespread in the intelligence and business communities. One estimate places the annual sales of such devices in the United States alone at $888 million . (Old Figure from 2006)‏ </li></ul><ul><li>This figure is old. It is now estimated that the loss is nearly 2 Billion dollars annually . </li></ul>
  46. 46. Domestic Intelligence <ul><li>Domestic intelligence is a term for efforts by a government to obtain information about activities that pose an actual or putative threat to internal security. In authoritarian or totalitarian regimes, domestic intelligence-gathering by the government is a regular part of daily life, but in a liberal democratic system such as those of North America or Western European countries, it is more problematic. </li></ul>
  47. 47. Domestic Intelligence <ul><li>United States domestic intelligence programs of the post World War II era raised Americans' ire after they came to light, but in the wake of the September, 2001, terrorist attacks, many Americans and Europeans put aside fears of government surveillance in favor of a new demand for heightened security. </li></ul>
  48. 48. Domestic Intelligence <ul><li>World War II to Watergate. Whereas most Americans of the postwar era knew that the intelligence services of the Soviet Union and other totalitarian states kept a close watch on their citizens, most had no idea of the extent to which their own government was watching certain elements. During the 1970s and later, information about massive domestic intelligence programs came to light. Among these was Shamrock, which involved the interception of telegrams and other forms of communication between 1945 and 1975. In another domestic intelligence/surveillance program, Chaos, the Federal Bureau of Investigation (FBI) monitored Vietnam War protesters between 1967 and 1972, looking for ties to the Soviets. </li></ul>
  49. 49. Domestic Intelligence <ul><li>Revelation of these and other activities came to light in the wake of the Watergate scandal, which influenced an attitude among some citizens of suspicion toward the government. Questionable as they may have been in some regards, Shamrock and Chaos subjected only a fraction of the population to government scrutiny, but in the atmosphere of reaction that pervaded the mid-to late 1970s, many Americans began to assume that there was no limit to the government's desire for information on its citizens' private lives. These fears both led to, and were fueled by, investigations in Congress, most notably that of the Church Committee in the Senate. </li></ul>
  50. 50. Domestic Intelligence <ul><li>The twenty first century. Since that time, government agencies have been placed under much tighter restrictions with regard to domestic intelligence and surveillance. The September, 2001, attacks, however, influenced a shift in a different direction. Congress, once suspicious of domestic intelligence-gathering, called for a new effort to root out potential terrorists on U.S. soil. The same was true in Europe, where countries such as Belgium—which had always restricted domestic intelligence efforts—gave their internal security services much freer rein. </li></ul>
  51. 51. Domestic Intelligence <ul><li>During 2002, the U.S. executive and legislative branches debated the question of which agency should handle a new domestic intelligence effort: the FBI (formerly in charge of counterterrorism) or the Central Intelligence Agency (CIA). In February 2003, President George W. Bush placed the CIA in charge of a new domestic counterterrorism intelligence agency, to be formed later that year. The FBI would work with the CIA in the new unit. </li></ul>
  52. 52. Additional Reading <ul><li>Alden, Edward, and James Harding. &quot;CIA Wins Battle to Defend U.S. Against Terror.&quot; Financial Times (February 15, 2003): 1. </li></ul><ul><li>Crawford, David. &quot;Europe Eases Limits on Police, Intelligence Services—Fear of Islamist Terrorism Erodes Traditional Divide Between the Two Branches.&quot; Wall Street Journal (December 17, 2002): A15. </li></ul><ul><li>Eggen, Dan. &quot;Bush Aims to Blend Counterterrorism Efforts.&quot; Washington Post (February 15, 2003): A16. </li></ul><ul><li>Johnston, David. &quot;FBI Director Rejects Agency for Intelligence in United States.&quot; New York Times (December 20, 2002): A22. </li></ul><ul><li>Lichtblau, Eric. &quot;FBI and CIA to Move Their Counterterror Units to a Single New Location.&quot; New York Times (February 15, 2003): A14. </li></ul><ul><li>Polmar, Norman, and Thomas B. Allen. Spy Book: The Encyclopedia of Espionage. New York: Random House, 1998. </li></ul><ul><li>Priest, Dana, and Juliet Eilperin. &quot;Panel Finds No 'Smoking Gun' in Probe of 9/11 Intelligence Failures.&quot; Washington Post (July 11, 2002): A1. </li></ul>
  53. 53. Internet Tracking <ul><li>Electronic passage through the Internet leaves a trail that can be traced. Tracing is a process that follows the Internet activity backwards, from the recipient to the user. As well, a user's Internet activity on web sites can also be tracked on the recipient site (i.e., what sites are visited and how often). Sometimes this tracking and tracing ability is used to generate email to the user promoting a product that is related to the sites visited. User information, however, can also be gathered covertly. </li></ul>
  54. 54. Internet Tracking <ul><li>Techniques of Internet tracking and tracing can also enable authorities to pursue and identify those responsible for malicious Internet activity. For example, on February 8, 2000, a number of key commercial Internet sites such as Yahoo, Ebay, and Amazon were jammed with incoming information and rendered inoperable. Through tracing and tracking techniques, law enforcement authorities established that the attacks had arisen from the computer of a 15-year-old boy in Montreal, Canada. The youth, whose Internet identity was &quot;Mafiaboy,&quot; was arrested within months of the incidents. </li></ul>
  55. 55. Internet Tracking <ul><li>Law enforcement use of Internet tracking is extensive. For example, the U.S. Federal Bureau of Investigation has a tracking program designated Carnivore. The program is capable of scanning thousands of emails to identify those that meet the search criteria. </li></ul>
  56. 56. Internet Tracking <ul><li>Cookies. Cookies are computer files that are stored on a user's computer during a visit to a web site. When the user electronically enters the web site, the host computer automatically loads the file(s) to the user's computer. </li></ul><ul><li>The cookie is a tracking device, which records the electronic movements made by the user at the site, as well as identifiers such as a username and password. Commercial web sites make use of cookies to allow a user to establish an account on the first visit to the site and so to avoid having to enter account information (i.e., address, credit card number, financial activity) on subsequent visits. User information can also be collected unbeknownst to the user and subsequently used for whatever purpose the host intends. </li></ul>
  57. 57. Internet Tracking <ul><li>Cookies are files, and so can be transferred from the host computer to another computer. This can occur legally (i.e., selling of a subscriber mailing list) or illegally (i.e., &quot;hacking in&quot; to a host computer and copying the file). Also, cookies can be acquired as part of a law enforcement investigation. </li></ul><ul><li>Stealing a cookie requires knowledge of the file name. Unfortunately, this information is not difficult to obtain. A survey, conducted by a U.S. Internet security company in 2002, on 109, 212 web sites that used cookies found that almost 55 percent of them used the same cookie name. Cookies may be disabled by the user, however, this calls for programming knowledge that many users do not have or do not wish to acquire. </li></ul>
  58. 58. Internet Tracking <ul><li>Bugs or Beacons. A bug or a beacon is an image that can be installed on a web page or in an email. Unlike cookies, bugs cannot be disabled. They can be prominent or surreptitious. As examples of the latter, graphics that are transparent to the user can be present, as can graphics that are only 1x1 pixels in size (corresponding to a dot on a computer monitor). When a user clicks onto the graphic in an attempt to view, or even to close the image, information is relayed to the host computer. </li></ul>
  59. 59. Internet Tracking <ul><li>Information that can be gathered by bugs or beacons includes: </li></ul><ul><li>the user's IP address (the Internet address of the computer) </li></ul><ul><li>the email address of the user </li></ul><ul><li>the user computer's operating system (which can be used to target viruses to specific operating systems </li></ul><ul><li>the URL (Uniform Record Locator), or address, of the web page that the user was visiting when the bug or beacon was activated </li></ul><ul><li>the browser that was used (i.e., Netscape, Explorer) </li></ul>
  60. 60. Internet Tracking <ul><li>When used as a marketing tool or means for an entrepreneur to acquire information about the consumer, bugs or beacons can be merely an annoyance. However, the acquisition of IP addresses and other user information can be used maliciously. For example, information on active email addresses can be used to send &quot;spam&quot; email or virus-laden email to the user. And, like cookies, the information provided by the bug or beacon can be useful to law enforcement officers who are tracking down the source of an Internet intrusion. </li></ul>
  61. 61. Internet Tracking <ul><li>Active X, Java Script. These computer-scripting languages are automatically activated when a site is visited. The mini-programs can operate within the larger program, so as to create the &quot;pop-up&quot; advertiser windows that appear with increasing frequency on web sites. When the pop-up graphic is visited, user information such as described in the above sections can be gathered. </li></ul>
  62. 62. Internet Tracking <ul><li>Tracing email. Email transmissions have several features that make it possible to trace their passage from the sender to the recipient computers. For example, every email contains a section of information that is dubbed the header. Information concerning the origin time, date, and location of the message is present, as is the Internet address (IP) of the sender's computer. </li></ul>
  63. 63. Internet Tracking <ul><li>If an alias has been used to send the message, the IP number can be used to trace the true origin of the transmission. When the message source is a personally owned computer, this tracing can often lead directly to the sender. However, if the sending computer serves a large community—such as a university, and through which malicious transmissions are often routed—then identifying the sender can remain daunting. </li></ul><ul><li>Depending on the email program in use, even a communal facility can have information concerning the account of the sender. </li></ul>
  64. 64. Internet Tracking <ul><li>The information in the header also details the route that the message took from the sending computer to the recipient computer. This can be useful in unearthing the identity of the sender. For example, in the case of Mafiaboy, examination of the transmissions led to a computer at the University of California at Santa Barbara that had been commandeered for the prank. Examination of the log files allowed authorities to trace the transmission path back to the sender's personal computer. </li></ul>
  65. 65. Internet Tracking <ul><li>Chat rooms. Chat rooms are electronic forums where users can visit and exchange views and opinions about a variety of issues. By piecing together the electronic transcripts of the chat room conversations, enforcement officers can track down the source of malicious activity. </li></ul><ul><li>Returning to the example of Mafiaboy, enforcement officers were able to find transmissions at certain chat rooms where the upcoming malicious activity was described. The source of the transmissions was determined to be the youth's personal computer. Matching the times of the chat room transmissions to the malicious events provided strong evidence of the youth's involvement. </li></ul>
  66. 66. Internet Tracking <ul><li>Tracking, tracing, and privacy. While Internet tracking serves a useful purpose in law enforcement, its commercial use is increasingly being examined from the standpoint of personal privacy. The 1984 Cable Act in the United States permits the collection of such information if the information is deemed to aid future commercial developments. User consent is required, however, if the information that is capable of being collected can exceed that needed for commerce. </li></ul>
  67. 67. Additional Reading <ul><li>Bosworth, Seymour, and Michel E. Kabay, eds. Computer Security Handbook. New York: John Wiley & Sons, 2002. </li></ul><ul><li>National Research Council, Computer Science and Telecommunications Board. Cyber Security Today and Tommorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press, 2002. </li></ul><ul><li>Northcutt, Stephen, Lenny Zeltser, Scott Winters, et al. Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems. Indianapolis: New Riders Publishing, 2002. </li></ul>
  68. 68. Operational Issues of the Bugger Continued <ul><li>OPERATIONAL information is the real goal of most A/S operations </li></ul><ul><li>PERSONALITIES - Corporate leaders </li></ul><ul><li>ACTIVITIES/ORGANIZATIONS - Projects or departments </li></ul><ul><li>COUNTER INTELLIGENCE (CI) INFORMATION - in conjunction with other investigative techniques to identify means and methods of information protection and security weaknesses. </li></ul><ul><li>AGENT CONTACTS - Develop contacts within an organization/department. </li></ul><ul><li>POSITIVE INTELLIGENCE - Determine what information may be of use and methods in which it can most effectively be obtained. </li></ul><ul><li>KEEPING TRACK of the opposition to find out what they are up to in order to counter their moves. </li></ul>
  69. 69. Operational Bugging Types <ul><li>TYPES OF SYSTEMS AVAILABLE Generally three types (1) Microphone and wire (2) Energy Transmitters (3) Telephones </li></ul>
  70. 70. Microphone Considerations <ul><li>Microphone connected to wire must be routed to a listening post. </li></ul><ul><li>Microphone concealment </li></ul><ul><li>Wire run concealment </li></ul><ul><li>Listening Post (LP) location and </li></ul><ul><li>Maintenance </li></ul>
  71. 71. Microphone Advantages <ul><li>Very reliable </li></ul><ul><ul><li>Little that can go wrong once it is in place. </li></ul></ul><ul><ul><li>Pre-amplifiers and line drivers provide a fairly long distance capability. </li></ul></ul><ul><li>Difficult to detect if properly installed. </li></ul>
  72. 72. Microphone Disadvantages <ul><li>Most time consuming of the installations if it is done properly. </li></ul>
  73. 73. Energy Transmitters RF Advantages <ul><li>Quick and dirty in most instances. No wire runs. </li></ul><ul><li>Wide variety of modulation schemes and variations. </li></ul><ul><li>Battery eliminator for alternating current (AC) voltage installations. </li></ul><ul><li>Remote control capability. </li></ul>
  74. 74. Energy Transmitters RF Disadvantages <ul><li>Servicing can be a problem if using batteries. </li></ul><ul><li>Receivers - Once on the air, anyone with a receiver scanning that frequency range can pick up the transmissions. </li></ul>
  75. 75. Energy Transmitters Carrier Current Advantages <ul><li>Servicing can be a problem </li></ul><ul><li>Receivers - Once on the air, anyone with a receiver scanning that frequency range can pick up the transmissions. </li></ul>Picture of an actual carrier current Transmitter disguised as an adapter.
  76. 76. Energy Transmitters Carrier Current Disadvantages <ul><li>Noise on the line. </li></ul><ul><li>Listening post location must be on the same leg of the transformer. </li></ul><ul><li>Installation time. </li></ul><ul><li>Nothing to prevent others on the same power line to listen to the transmission </li></ul>
  77. 77. Telephone Taps <ul><li>Probably most common Audio/Surveillance technique used. </li></ul><ul><li>Can be accomplished anywhere between the telephone and central office. </li></ul><ul><li>Easy to install. </li></ul><ul><li>Easy to detect. </li></ul><ul><li>Physical search is the best method of detection </li></ul>
  78. 78. Hot or Compromised Phone <ul><li>Access to target areas. </li></ul><ul><li>Two (or three) built in microphones. </li></ul><ul><li>Remote - RF tap. </li></ul>
  79. 79. Telephone Run <ul><li>Infinity transmitters </li></ul><ul><li>Carrier transmitters - on line </li></ul><ul><li>Radio transmitter - on line </li></ul>
  80. 80. Instrument Compromise <ul><li>Microphone and wire </li></ul><ul><li>RF transmitter </li></ul><ul><li>Carrier transmitter </li></ul>
  81. 81. Types of Targets <ul><li>Safe Houses </li></ul><ul><li>Reception Rooms </li></ul><ul><li>Hotel Rooms </li></ul><ul><li>Public Lobbies </li></ul><ul><li>Libraries </li></ul><ul><li>Police Departments </li></ul><ul><li>Attorney Offices </li></ul><ul><li>Residential Homes </li></ul><ul><li>Business Offices </li></ul><ul><li>Government and Intelligence Offices </li></ul>
  82. 82. Opposition Structures <ul><li>Embassies – Foreign Governments </li></ul><ul><li>Consulates – Foreign Governments </li></ul><ul><li>Military Installations and Housing </li></ul><ul><li>Cabinet Offices </li></ul><ul><li>Heads of State </li></ul><ul><li>These targets are attacked to collect information on the adversaries of a Government </li></ul>
  83. 83. Types of TSCM Threats (Buggers)‏ <ul><li>Freelance : Freelance buggers are people that provide bugging services to individuals, usually little or no training </li></ul><ul><li>Officials : Police, Government, DEA,CIA, FBI, Legal Entities, Private Investigators, Foreign Intelligence </li></ul><ul><li>Rogue Elements : Activist, Unions, Criminal Elements, etc. </li></ul>
  84. 84. A Note on Security <ul><li>Security is only a deterrent </li></ul><ul><li>Dogs, alarms and other methods can and do fail </li></ul><ul><li>Security is only as good as the weakest link, the people who have information are usually the weakest link </li></ul>
  85. 85. Types of Security <ul><li>Monitoring – Cameras, etc. </li></ul><ul><li>Active systems that take preventative action – Alarms that notify the authorities or lock down a building on activation </li></ul><ul><li>Man traps </li></ul><ul><li>Physical Barriers </li></ul><ul><li>Armed or Unarmed Guards </li></ul><ul><li>Perimeter Monitoring </li></ul><ul><li>Training and Awareness – People and knowledge are your best asset in security! </li></ul>
  86. 86. SLC Security – Contact Info <ul><li>Contact Information: </li></ul><ul><li>SLC Security Services LLC </li></ul><ul><li>2664 Timber Dr Suite 342 </li></ul><ul><li>Garner NC 27529 </li></ul><ul><li>(717)831-TSCM </li></ul><ul><li>(866)585-5115 x1 </li></ul><ul><li>www.slcsecurity.com </li></ul><ul><li>[email_address] </li></ul><ul><li>Training </li></ul><ul><li>TSCM Sweeps </li></ul><ul><li>Investigations </li></ul><ul><li>Surveillance </li></ul><ul><li>Background Checks </li></ul><ul><li>Networking </li></ul><ul><li>Auditing and Compliance </li></ul><ul><li>IT Security </li></ul>