Monday, July 29, 2013

Mexican authorities accuse 5 detainees of being cartel lookouts in Reynosa - The Monitor: Local News

Mexican authorities accuse 5 detainees of being cartel lookouts in Reynosa - The Monitor: Local News

Excellent work by the Mexican Authorities, these look outs are what help keep the Drug Cartels in business.  As you cross over the pedestrian bridge from Hidalgo into Reynosa you always see lookouts on the bridge itself.  Normally it is a He, with multiple phones, if he see something of interest, I can often see the look out at a bar visible from the bridge answering the call, and looking up to see who is coming over.  If there is enough interest, the second look out at the Bar, quickly goes into the Bar and will come out with others.

Part of what we teach US State Department Staff is how to recognize these look outs.  Often we can see them on the US side of the Hidalgo bridge.   For a long while it was a taxi driver who never seem to take fare's but did get on the phone a lot as cars came into the area.  Sometimes he would give warnings to car's coming into the US, and you would see them avert their path to take either the road to the right, or blast off down the main road.

Teams of look outs have been seen near military road giving hand signals and sometimes using small flags as to the level of security at the bridge they where watching.  If to much security, then the drivers go to the next bridge to check the security levels there.

In the Mid East, we would conduct surveys to see where the look outs where, and where they may want to be if they target a State Department Employee.  There are many if not all hotels in Russia, where look outs are paid by multiple sources to keep an eye on visitors.   Some even would help delay people till an outside surveillance team could get in place.

In the Valley, we have conducted these assessments of people's homes and offices and the travel routes between to determine one if they are under surveillance, and two to teach people how to recognize surveillance teams.

In every case in the valley that we have looked at regarding a kidnapping or car jacking the victim always reports that yes after the fact they did notice people watching them.  The key is to become aware before it happens.  Even purse snatchers and pickpockets conduct surveillance prior to attacking.

Saturday, July 27, 2013

The O'Reilly Factor on NSA Spying and what is possible

The O'Reilly Factor | Bill O'Reilly | Fox News   Mr. O'Reilly doubted that all voice could be recorded, I think the confusion here is, what is a telephone call now days.  In most offices, and many homes now days, with the use of Vonage and similar Computerized voice devices, the voice is turned to data from the start.  In any case if a phone call over 20 years go or more traveled more than 20 miles in distance, and a lot less these days, it is digitized.  

Once a phone call is digitized it becomes just another data stream, just like the email.  NSA should be thought of in the realm of a big pipe, that data instead of water flows thru.   NSA takes in all the data on in this big pipe.  Data, is data, once it has been captured it is stored as that as data, nothing more until analysts and computer analysis is done to it.  This is where the Meta data comes in, the meta data tells what the data from the pipe that has been captured is.  IE a phone call, or an email, or a picture, or video.  The key is that you need to be in a place where all the data flows thru, and NSA is in most if not all those places.

The US is not the only one doing this, England has a number of capture points as well as most countries.  Add to this the Satellites up in sky. We all beam up data to it, often the data is passed between satellites, then at some point it is beamed back to earth.  At any of these points the data can be captured, some is voice, some is emails, some is large contracts for major companies, or new schematics of weapons.

This data is sent in what are called packets, with meta data telling the packets where to go, and who sent it.  In many cases if the data is encrypted, we really do not need to know much more than that.  If we know it comes from your plumber to you, that even if encrypted, is probably not a problem.   But since we store the data, if we find you or your plumber affiliated with a terrorist group, we can go back and decrypt the data, and see what was going on.

Since NSA captures so much data, it sometimes is a problem to decide which to actually look at.  So it just sits as raw data, stored for some period of time, until it is considered irrelevant.  We still have data from WWII that has not be decrypted.  

Now back to meta data, computer programmers are always looking for new ways to analyse the meta data.  Templates are I assume some of the newest ways to analyse.  Developed by a young lady a number of years ago when she was doing analysis of corporate communications for large firms.  She developed an analysis tool that allowed her to tell how information best flowed in a corporation.  She found that once she developed a template of the best or most profitable corporations information flows, she could go into another corporation and  analyse their data to find the best communications flow using the template.

Some of our three letter intel agencies heard about her work, and took her in.  What they found is that they could use these templates to analyse terrorist communications.  If a known terrorist group's data could be analysed, then a template developed, then that template can be used to analyse the vast meta data, looking for the same communications paths.  Then suspect meta data can be analysed even further.  This template is constantly updated and changed as more terrorist cells are discovered.

By the way, this method is being used to track financial crimes, hackers, the uses are endless.  For instance flash mobs, have a particular pattern of starting that if templates are used can help in stopping them before they actually happen.

Mr. O'Reilly is one of my most admired  gentlemen on TV, and hearing his interview, I felt I had to add some information.

Tuesday, July 16, 2013

Fact or Fiction: Encryption Prevents Digital Eavesdropping: Scientific American

Fact or Fiction: Encryption Prevents Digital Eavesdropping

This is a great article and starts out with a premise that if you are in the business says it all.

"There are effective ways to encrypt data, whether it is in transit or in storage, but if that data is left in the clear at any point along its path, it is vulnerable to theft or tampering" 

There are also some other problems with encryption, one is that somehow the decryption pass word must be known by the person receiving the encrypted file.  There are passwords that use a  mathematics capability to allow the receiver to get the key to the password in the clear, per say.  So in this case you can attack the encryption, or you can attack the encryption key, sort of a two chance play.

As the premise starts with if the file sits anywhere in a decrypted form, which it must a some point so you can write the message or the other person can read the message.  So if you follow some intelligence agencies game plan, you look for very well encrypted data streams coming by in the big internet pipe of the world.  Once you see one that looks very hard to decrypt, you find out where it started, and you find out where it stopped.  Now you have even more ways to get at the data.  Give the encrypted data to the decryption guys, if they send a coded password give that to another team to beat.  While at the same time send in teams to break into the original computer where the message was written, and another team to the point where it was read.  Now the race is on who will break the message first.

So once the message is in the targets building or control, they often they send clear copies to people in the building,  Back where the message was developed, there often are people that have helped developed the message and have it or even parts of it in clear form. 

Ok, now the teams attacking have even more computers they can attempt to break into, or even if they get only a part of the message, they can give that to the decryption teams, which will allow them to break the code even faster. 

Now lets look at another attack, most encryption programs are fairly well known, and have formatting that tend to let the decryption attack teams know which one is being used.   Now part of a good encryption program is that you only get three attempts at the password and then the program shuts down.  That would make attacks on the passwords very slow, so most attack teams have either altered the encryption programs to by pass the three attempts and you are out part of the program, or buy an already altered program from the same vendor you used.  Now, you use a very very fast computer to do nothing but run passwords at the file till they gain access to the message.  So if you use a 4 digit or letter or symbol password, it will take x amount of time to run virtually any combination of symbols at the password, if you use 6 it take x plus a little more time to break the password.

Now you see why we used to use all letter passwords, which meant the password breakers only had to run letters against the password.  Then you had to run letters and numbers, which upped the amount of possible passwords taking longer to break them.  Add capital letters and symbols and you add even more possible passwords to the ones the attacker must try.   The amount of time to beat these is still pretty quick, since we have some pretty fast computers. 

Ok, but at the same time we have attackers hitting the places the message started and landed.  We have folks that have put malware out there that inserted code that will allow them into your computer, we have other folks that installed bogus computer chips out there in routers and other points that will allow them into your computer.  So part of our team is looking to see if any of those little trapdoors into your computer exist.  Experts say that is a very large number of computer or networks that have these trapdoors into your computer, and these are just sitting there waiting for the time they need to get into your computer. 

The Chinese went to IPV6 long before the rest of the world and made a lot of routers that could handle both the normal IPv4 to the IPv6 and go both ways thru the router or other device.  There are a number of paths or attacks that just exploit the difference in security protocols between the IPv4 and IPv6 standards. 

To just make sure that they have some access the Chinese also made a lot of counterfeit routers from some of the worlds main vendors.  In one case they used a Chinese mole or spy to take in the routers on the west coast, and his brother on the east coast.  When, say the US Air Force needed to by routers, they put it out for bid, and the west coast brother would put in a low bid, and order them from his source his brother who was in the US, and so it was a US vendor selling to a US vendor, and passed all the security checks.  If the brother on the east coast saw a bid come up, he would low price the bid and get them from his brother on the west coast, once again bypassing all the security checks again.  The only way they where found was by very sophisticated checking of the chips.  Since the Chinese were not always sure which router would end up in a good place for spying, they just made all of them with the bypass in them.

If you take it the next step, you low price the computer chips that go into routers made in the US, so they are built using Chinese chips with the same security problem in them.

In a little while you have a lot of compromised routers and other network equipment out there.   In fact more that you can really do much about.

Let's back up to software, and do the same thing.  Let's put a little bit of code in a lot of software that is cheap out there that allows us access to the persons network.  We are not sure what we may need to infect, so lets hit as many as we can, and they can just sit there till we need to use them.

This is all very problematic, but if you take it to the next step, which many have said has been done years ago, you compromise some of the leading software makers, or their employee's who write the code, and now you are into most of the systems out there with your own little trap doors, just waiting to be used.

So back to the title, Encryption Prevents Digital Eavesdropping,,,, Fact or Fiction.

NSA in perspective, and what are we facing IT espionage wise

Keeping the NSA in Perspective | Stratfor

This is a good report, we have to put what NSA is doing not only in perspective, but face the realty of a non state foe, vs a State like Germany or Japan, or even a State Sponsored faction like what Russia used to attack us for so many years.  Back then most of the attacks even terrorist attacks where sponsored by a large State, the USSR being the biggest user. 

Encryption has also made a lot of changes over the years.  I remember working to get clients encryption products thru NSA for an export license,  the key was could NSA beat the code.  There is a simple test to start the processes it is called an A block, basically you make a document using all capital A's, then encrypt it and see what you get out of it.  In most cases everyone will see a pattern start to show with in the first line, and then carries thru, which means yes we can break it.

I think one of the funnest statements out there is that NSA can not break this code or that one, the proof being that they are not saying they can.  Folks sort of the key to this whole thing is not letting the other guy know you can read his stuff.   As far as, is there code that has not been broken, there is code that has not been broken, usually because there is no need felt to do it at the moment.  Some code from WWII, are still not broken, but more due to the time it would take to break a code no longer used, than it can not be.  I remember back in the 80's and 90's of clients asking me to beat Microsoft Word and Excell encryption.   At one point we had a short routine that just pointed us to the place in the document where the password was kept, in open text.  It got a little harder, but up to the point when we stopped getting asked to break the code, it was just another piece of software we would buy as the code changed.

In many cases, the fact of encryption of a train of data passing you was the reason to pay attention to that line of text.  At that point you analyzed the beginning and end points of the data.  This would tell you who was sending it, so then you had a pretty good idea of what kind of data was being encrypted, and could make up your mind if you wanted to extend the effort to break the code. 

With out breaking any classified info, my last briefing from the alphabets,  made it very clear that at that point nothing out there was immune to being cracked.  I keep hearing from IT types that a VPN properly set up was not breakable, the CIA has directly addressed this in the past two years, and can tell you that is not true.  People can break anything, Libya, when it was taken over from it's Dictator, had an expose of it's code and communications  capture and breaking equipment.  The wall street journal had a picture and listing of all the equipment they had.  It was very impressive, and very state of the art.

We are not in Kansas anymore Dorthy, get over it.

Rich


Wednesday, July 10, 2013

The Canada train crash, like the West Tx incident Points to threats always there

Police: Evidence criminal act may have led to Canada train crash - CNN.com

Or it could have been an accident caused by not fully understanding the risk to the town, by both the firefighters and the City Fathers.  Understanding Risk is a key part of Government protecting its Citizens.

In any case how this incident happen could be the unimportant part.  The fact that a train, is often parked above the town, often with a large load of fuel is the key issue of Risk, it is always there, whether it is a criminal action, terrorist action, or an accident.  If you look at the city of West in Texas, the Fertilizer factory in the middle of town was always a risk, and one the City Fathers and Fire Departments should have been more aware of.

When a risk assessment is conducted for a City, County, or State, I often hear from the City Fathers, we do not expect a terrorist incident here, so we do not really feel we are at risk, but just are checking.

Risks like the railroad problem in Canada or the factory in West a small town in Texas are there.  The question is how to we mitigate the risk, from Terrorism, Criminal Incident, or accident.  At some point a value assessment has to be made.  Does the factory in the small town rate a lot of mitigation, or should it be removed from the town.  The same for the railroad in Canada, if the risk it potentially high enough that mitigation does not handle it cost effectively, should it be removed.

In most cases a mitigation plan can be established to meet the risk, or at least a town, County, State, even country believes it to be so.   Nuclear plants are a prime example, they are a risk, most of the money spent of reducing this risk has been to increase security, yet all the events associated with devastation caused by a Nuclear plant have been everything but security related.   So the risk is there, never changes, just the mitigation costs, should probably be more effectively used in non security events, which by the way will also mitigate a security related incident.

If we take this to the Plane crash in San Francisco, it is the same, the risk of death or damage from a crash is always there.  But we spend most of our mitigation funds on security, when in the end it may turn out that a first responder vehicle killed the victims.  Fire and EMS vehicles approaching an incident are often moving in a  low visibility situation.  Even in drills and exercises at airports when smoke is used, near accidents have occurred of running down actors in the drill.  This is a well know risk in these events, yet very little mitigation funds have been spent on this issue.

I am a security guy, but can not help but notice that events other than security issues cause the most deaths and destruction in the world.  Risk, is always there, throwing money at security always is a good answer, but is rarely the best way to spend the money.

We all need to take a sober look at risk, and evaluate what our mitigation money is spent on.


Monday, July 1, 2013

Smart Traveler Enrollment Program (STEP) Put the odds in your Favor even for Mexico Canadian Travel

Smart Traveler Enrollment Program (STEP)

When traveling overseas, even to Mexico or to the Mid East, you want to put the odds of having a safe trip as much in your favor as possible.  One of the key issues is using what is available to you, one way is to use the State Departments STEP program.  There are a number of parts to this program, one is when you enroll and sign on to the State Department updates, they will send you key information as to the safety or problems with any area you are going.  I never completely rely on it, because of Political issues that do not allow them to disclose some information.  But they will keep you up on issues that can prove life threatening.  I supplant this information with other sources like Stratfor, SSI, and others which keep a good eye on what is going on around the world.

The second part of this is that when you establish an account with the STEP program, you will have key data on yourself available where ever you can get onto the internet.  Like your Passport information, even some data on health that you may find useful to have available when traveling anywhere in the world.

The third and perhaps most important is that you can log in and tell the system where you are going, when your are going, even flight and hotel information during the trip, or trips.  This is critical information to the State Department, and even gets to the Regional Security Officer or RSO in the region you are traveling.  In many cases if the RSO sees something in his intel traffic than could effect you he can leave messages or even email you to contact him.  This has been a life saver a number of times in my life.  But just the fact they know you are in the area is a big help.

But here is when all this really comes in, if you are missing or someone thinks you are missing, if they call the State Department, there will already be a record of travel.  The RSO will know very quickly that it is not a crank call, and even what hotel's or other places like a friends home that you are supposed to be.  This does not mean the RSO will start a search for you with the police, but it does give them the RSO a place to start checking.  This can save days even hours on someone starting to look at your problem, remember the RSO has a lot of duties, and one is not searching for every missing American around the world.  Flight delays, hotels over booked all can lead to people thinking the person is missing, so do not get flustered when the RSO does not start a world wide man hunt for you.

This is just one more thing you can do to put the odds of a satisfactory solution in your favor.  If I am in a tough place, I normally make a call to the RSO just to have a quick chat, and let them know what I am doing in their area.

You still need to take the normal precautions, like leaving copies (digital is best) of key documents in a place that people can reach to help find you.  If traveling on business, I leave it with my work and family, if on vacation, I may just leave it where family can find it.  I make sure if the trip requires a visa, that I leave a copy of that page of my passport as well.  I also leave my flight information as well as the hotels I am staying or home if with a friend.  If I am renting a car, I leave the reservation number as well.  It helps when they need to know what type of car, even what actual car I was last in.

Most of the time I leave a voice recording or where I am going hour by hour on a telephone answering machine that if the trip is successful I can just erase, but if I am missing people can reach it and give the authorities the last known information from it.  Like when I go to a meeting, or dinner, or even someplace I perhaps should not be.  Remember if you get back OK, you can erase the information, but if missing it could be the critical info to get you back.

By the way I use the trick with the telephone answering machine when ever I go somewhere I am not sure of, or even when I see a suspect car around me, I will call in and leave a licence number and description of the car and what is going on.  If nothing happens I simply erase the message later on.  It is also a good way to keep track of suspect vehicles that you may notice more than once.

When my phones messaging service is working I usually send pictures of cab drivers and their licence to my wife's phone.  Then if I go missing we have a better place to start.

On the next posting we will deal with what to look at, at what hotel you are staying at.  Be safe.