Anonymous
Posted April 21, 2004
You and your computer face a dizzying array of security threats, writes tech consultant Joel McNamara. Competitors, cops, crooks and even disgruntled kin would love a peek at your hard drive. But don¿t hyperventilate just yet. If you calmly analyze the desirability and vulnerability of your secrets, you can figure out how to protect yourself. McNamara¿s prose is surprisingly clear given the degree of difficulty of his topic, and he offers a number of useful sidebars, charts and examples from inside the tech business to juice up his instructional tome. We suggest this practical book to managers charged with protecting corporate data, and to people who are unsure just how safe their computers are.
Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.Anonymous
Posted November 25, 2003
Joel McNamara's book is one of the very, very, few books that I classify as a 'Must Read' for anyone involved in business or technology. This book does an amazing job of avoiding the 'paranoia for paranoia's sake' tone seen so often in computer security books while still taking the issues seriously and discussing them intellegently. The conversational tone is fun and often quite funny while not making the user feel talked down to. And Mr. McNamara does an equally great job of explaining very complex topics in way that works for both extremely sophisticated computer technology professionals and non-techies alike. I've brought this book around for side-discussions in the seminars I've given since it came out and my students, ranging from small business owners to 30+ year professional tech veterans in Fortune 50s have learned new and important lessons from it. For a book to address all these audiences is rare. For a book to succeed and be invaluable for all of them is virtually unheard of. This book succeeds amazingly well. I've not only read the book through in one sitting, I keep referring back to it and it's incredibly useful web site on a regular basis. Joel, thank you for writing one of the key books of the year!
Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
More About This Textbook
Overview
* Covers electronic and wireless eavesdropping, computer surveillance, intelligence gathering, password cracking, keylogging, data duplication, black bag computer spy jobs, reconnaissance, risk assessment, legal issues, and advanced spying techniques used by the government
* Author shares easily-implemented countermeasures against spying to detect and defeat eavesdroppers and other hostile individuals
* Addresses legal issues, including the U.S. Patriot Act, legal spying in the workplace, and computer fraud crimes
* Companion Web site contains links to security tools and useful security information resources
Editorial Reviews
From Barnes & Noble
The Barnes & Noble ReviewTo paraphrase Humphrey Bogart in Casablanca, "Who’s looking at you, kid?" Your boss? Your competitors? The government? Your ex-spouse’s private investigator? Some kid down the street? Your kid? How paranoid should you be? Secrets of Computer Espionage will tell you. Want to know the latest “spy vs. spy” tricks -- and countermeasures? This book will tell you that, too.
Author Joel McNamara is a leading security and privacy consultant who created Private Idaho -- for years, one of the top Windows email privacy tools. He was among the first demonstrate the risks of Word macro viruses. He also maintains The Complete, Unofficial TEMPEST Information Page, which demystifies secret government techniques for reconstructing data from your PC’s electromagnetic emanations.)
In this book, he systematically reviews the art and technologies of high-tech espionage. He also presents effective countermeasures -- many surprisingly easy and inexpensive. Most important, he teaches you to “think like a spy” -- so you can identify vulnerabilities you’d never have considered before.
McNamara starts with risk assessment. What do you have? Who might want it? How badly? How might they get it? What would happen if they got it? How can it be protected? Is protecting it worth the cost?
There’s a full chapter on the current laws on computer espionage. What are you (theoretically) protected against? If you’re the spy, what can’t you do, and what must you do? How has the USA Patriot Act of 2001 changed things?
Next, there’s a full chapter on “black bag jobs” -- e.g., burglaries designed to steal critical information or plant “bugs” or computer software designed to compromise information later. (The technologies have changed since the ’72 Watergate burglary that sank Richard Nixon, but the tradecraft hasn’t.) McNamara also outlines five sets of countermeasures.
Once a spy gains physical access, there are a laundry list of techniques for getting inside. McNamara covers them all. BIOS attack tools. CMOS zapping. Circumventing screen savers. System password recovery disks. Booting alternate operating systems (e.g., running DOS to access an NTFS drive with NTFSDOS). Even pulling the hard drive.
You’ll go behind the scenes with forensics specialists searching for evidence on your PC. You’ll discover their tools and procedures, and the key files and filesystem locations most likely to be searched (for instance, slack space, Windows swap files, browser artifacts, Sent Mail folders, IM and IRC logs). You’ll also learn what to expect from countermeasures such as encryption and “evidence eliminator” software.
You name it, McNamara covers it: password crackers, Trojan horses, data duplication tools, keyloggers, and anti-spyware such as Pest Patrol and Who’s Watching Me. There’s extensive coverage of network eavesdropping, including a full chapter on wireless vulnerabilities.
McNamara goes beyond PCs to discuss spying on fax machines, PDAs, voicemail systems, cell phones -- even shredders. He concludes with a well-informed chapter on secret government spying programs such as ECHELON.
Ignorance is no longer bliss. Know what’s out there. Know what to do about it. Read Secrets of Computer Espionage. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.
From the Publisher
“…provides insightful details backed up by a wealth ofreal-life examples….clearly a valuable addition to yourbookshelf…” (www.net-security.org, May 2004)“…surprisingly clear given the degree of difficultyof his topic,…we suggest this practical book topmanagers…” (www.getabstract.com, May 2004)
"…an informative book which should help keep thosedefences up and those intruders out…" (PC Utilities,No.39, 2003)
“…will definitely open your eyes…quirky casestudies and good coverage of latest technology…”(Internetworks, November 2003)
“…informative…entertaining…next time yougo to your local bookseller, locate a copy. I bet you’ll behooked…” (Linux Journal, 22 August 2003)
Product Details
Related Subjects
Meet the Author
Joel McNamara is an internationally acclaimed security and privacyconsultant and the creator of Private Idaho, one of the firstpopular open source Internet privacy tools. A former Microsofttechnical writer and training manager, he is credited withdeveloping one of the first Microsoft macro viruses and thenpublicizing the security risks. He is also the author of the "TheComplete, Unofficial TEMPEST Information Page," a Web site thatdemystifies classified government surveillance technology.
Table of Contents
Acknowledgments.
Introduction.
Chapter 1: Spies.
Chapter 2: Spying and the Law.
Chapter 3: Black Bag Jobs.
Chapter 4: Breaching the System.
Chapter 5: Searching for Evidence.
Chapter 6: Unprotecting Data.
Chapter 7: Copying Data.
Chapter 8: Snooping with Keyloggers.
Chapter 9: Spying with Trojan Horses.
Chapter 10: Network Eavesdropping.
Chapter 11: 802.11b Wireless Network Eavesdropping.
Chapter 12: Spying on Electronic Devices.
Chapter 13: Advanced Computer Espionage.
Appendix A: What's on the Web Site.
Index.
First Chapter
Secrets of Computer Espionage
Tactics and CountermeasuresBy Joel McNamara
John Wiley & Sons
ISBN: 0-7645-3710-5Chapter One
Spies"I could have been a devastating spy, I think, but I didn't want to be a devastating spy. I wanted to get a little money and to get out of it." -Robert Hanssen, FBI agent and convicted Soviet spy
Getting to Know Spies
Computer spies typically don't wear trench coats. They don't dress in tight black clothes and hang upside down from trapeze wires over your keyboard. They probably aren't named Boris and don't speak with heavy Slavic accents. Most of them aren't even hackers or crackers, and likely wouldn't know the difference between a rootkit and root beer. If computer spies don't match the popular media's perceptions, just who are they?
As with most avocations, computer espionage is divided into the amateurs and the professionals.
Amateurs are casual spies. Although they may have very good reasons for snooping, their livelihood doesn't depend on it. These spies have a bit more experience with computers than the average user. That doesn't mean they're extremely technical; it means only that they have taken the time to learn about various technologies that can be used for computer eavesdropping and then applied that knowledge for espionage purposes. Learning about spying tools and then acquiring them is only a point and click away with an Internet connection. When you think about these types ofspies, don't picture Tom Cruise or Sandra Bullock. Instead think of your boss, coworker, spouse, children, or the neighbor next door.
Professional spies tend to have more technical experience than the amateurs. One aspect or another of the professionals' jobs is to spy on people. This spying can be legal, as in the case of a law enforcement officer collecting intelligence for a child pornography criminal case, or illegal, in the case of a spy hired to obtain trade secrets from a corporation's network. Although these spies use some of the same tools and technologies that the amateurs use, they have a deeper understanding of the technology as well as access to more advanced and sophisticated eavesdropping tools. As with amateurs, you usually can't tell a professional spy by his or her appearance. Consider Aldrich Ames or Robert Hanssen: white, middle-class, average-looking CIA and FBI insiders who successfully spied for the Russians but blended in with society for years. Again, professional computer spies don't match the popular media's romanticized versions of espionage reality - although perhaps one or two might have a partner in crime named Natasha.
There are two reasons why it's important to have insights into the different types of spies:
The famous Chinese military strategist Sun Tzu said, "If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."
Throughout this chapter, the concepts of knowing the enemy, knowing yourself, and knowing both the enemy and yourself are applied to computer spying.
What Spies Are After and Who They Are
Let's start with knowing the enemy. Computer espionage is about the purposeful discovery of information or evidence. If you use a dictionary definition (in this case, the American Heritage Dictionary of the English Language, Fourth Edition), information is "knowledge of specific events or situations that has been gathered or received by communication, intelligence, or news." Evidence, on the other hand, is "a thing or things helpful in forming a conclusion or judgment." An industrial spy may be looking for secret information on a Microsoft project manager's laptop that specifically relates to the company's future and hush-hush Longhorn operating system. A wife who suspects her husband of having an online affair may be looking for evidence in e-mail messages in an attempt to confirm her suspicions. Depending on what the information is, it could evolve into evidence. For example, a phone number stored in a PDA address book could belong to a known drug dealer and become supporting evidence for a criminal case.
Remember that spying is a purposeful activity. Although the suspicious wife may have stumbled across evidence that her husband was cheating because he accidentally left an Instant Messenger window open on the family computer, that's not spying. She wasn't actively seeking the information.
The types of information and evidence gathered can be very targeted or generalized, depending on what the spy is trying to accomplish. Perhaps he is looking only for financial information that relates to an upcoming merger and will be content with snooping through spreadsheet files with accounting information. On the other hand, a government intelligence agency may examine the entire contents of a hard drive that belonged to a terrorist, seeking not only evidence, but any information that may relate to future terrorist attacks.
In addition to information and evidence, there are two other important concepts in computer espionage: The activity is typically unauthorized and unknown. In most cases, you aren't going to give explicit or implicit permission to have someone snoop through your computer. Exceptions might be in the workplace in which employee monitoring takes place or when you tell the friendly police officer that you don't have anything to hide, you don't need a lawyer, and certainly he can look at your computer. Also in some types of law enforcement investigations you won't have a say if a court has granted permission to a police agency to spy on your computer because of suspected illegal activities on your part. Remember that unauthorized doesn't necessarily mean illegal. Although breaking into a computer network to steal trade secrets clearly violates a number of laws, placing a keylogger on your son's computer without his permission to see if he talks to his friends about doing drugs would not be illegal, though it may be unethical to some people.
The second element of computer spying is that if you're the target, you don't know it's taking place until perhaps after the fact. Unlike clothing manufacturers, eavesdroppers don't go around leaving tags on computers that read "Snooped on by Spy #39." Sometimes, spies do leave tracks, but they usually aren't that obvious. Whoever is spying doesn't want you to know they are looking for information or evidence. Exceptions would be a publicized employee-monitoring program or the government's ECHELON data surveillance system (discussed later in this chapter), which is known about-much to the chagrin of those running the program.
x-ref ECHELON is an example of the government's frequent "cult of secrecy" attitude. Although the existence of ECHELON has been exposed, the government steadfastly refuses to acknowledge its existence. For more on ECHELON and other data surveillance systems, turn to Chapter 13.
So far, this discussion has all been about what spies are generally after, but we still haven't answered Sun Tzu's question of knowing who the enemy is. This is important because it gives us insights into their motivations and methods. Thinking like the bad guys is a valuable exercise in helping you protect yourself from them.
In general, spies can be lumped into seven different categories:
Let's take a quick look into the world of each type of these spies to better understand who they are and what they are after.
Business Spies-Economic Espionage
Economic espionage is a large, yet often ignored problem. Trade publications and organizations and the news media have been warning businesses about the dangers of economic espionage, formerly called industrial espionage, since the 1980s. The warnings seem to have fallen on deaf ears.
Consider these key points of a study released in 2002 by the American Society for Industrial Security, U.S. Chamber of Commerce, and PricewaterhouseCoopers, a survey of Fortune 1000 corporations and 600 small to mid-sized U.S. companies:
Companies suffering economic espionage attacks don't just suffer simple financial losses. They also have to contend with eroded competitive advantages, legal fees in the case of litigation, and diminished stockholder and public trust if an attack is publicized (which many are not publicizing for this reason alone).
Business spying isn't confined just to large corporations, either. Smaller companies, from mom- and-pop retailers to light manufacturers that operate at thinner margins without the cash reserves of a larger corporation, may actually suffer more significant damage from economic espionage.
Former employees, domestic and foreign competitors, and on-site contractors are the usual perpetrators of economic spying. (It's worth noting that economic espionage is very different from competitive intelligence. Competitive or business intelligence is practiced by using legal and open source methods. Economic espionage is where illegal means are used to obtain information. Granted, at times there can be gray areas, but most business intelligence professionals adhere to a fairly strict set of ethics.)
x-ref For more information on the differences between legitimate competitive intelligence and illegal espionage, visit the Society of Competitive Intelligence Professionals Web site at scip.org.
Although movies and TV shows portray corporate spies as shadowy mercenaries who cleverly break into super-secure locations, the reality is that insiders who have access to unsecured information are responsible for most economic espionage. Current or former employees with greed or revenge as motivation are much more of a threat than professional spies hired by a competitor.
The problem isn't confined only to lower-level employees. Jose Ignacio Lopez, the head of purchasing for General Motors, abruptly resigned in 1993 and took a job with Volkswagen. GM later accused Lopez of masterminding the theft of more than 20 boxes of research, sales, and marketing documents. Included were blueprints for an assembly plant GM hoped would displace VW's dominance in emerging small-car markets. In 1997, the case ended when VW admitted no wrongdoing, but settled the civil suit by paying GM $100 million and offering to buy $1 billion of GM parts over the next seven years. German prosecutors eventually dropped industrial espionage charges against Lopez, but ordered him to donate a quarter of a million dollars to charity.
Outsider attacks still occur though, and are either committed by an employee or agent of a competitor. Outside attacks typically fall into two categories:
Because computers are used to store all sorts of corporate information, they present a prime target for business spies. Networks, laptops, desktop PCs, and PDAs are all vulnerable to attack. The technical skills that business spies have range from eavesdroppers with minimal skills, such as copying a confidential file to a floppy disk, to skilled technicians who can easily bypass a firewall to access a corporate database.
x-ref There are strict penalties for economic espionage in the United States. Turn to Chapter 2 for details.
Bosses-Employee Monitoring
Employee monitoring in the United States is growing rapidly. In the American Management Association's (AMA) 2001 survey on Workplace Monitoring & Surveillance, 77.7 percent of major U.S. companies stated that they recorded and reviewed employee on-the-job communications and activities. This amount is double what the AMA reported in its first monitoring report released in 1997.
If you work for someone else, there's a good chance the boss is spying on you. That means your e-mail, Web surfing, instant messaging, and hard drives could all be under scrutiny.
Continues...