The Security Dialogue

Review: Identitythefttoday.net

noreply@blogger.com (Scriven King) — Sat, 17 Oct 2009 13:45:00 +0000

Ladies and gents, I know its been extremely too long since I worte and I know I promised I would write more when I did. Unfortunately, my professional commitments have kept me from writing. Well, I'm back now. So why not start off talking about something pretty cool.

I've recently found a site called Identity Theft Today. What they cover in quite detail is the subject of the week in crime prevention - identity theft. "No kidding! I got that from the title, you moron!" That's fair. But it is a pretty cool website nonetheless. It covers the latest identity theft trends with current news as well as tip on how to prevent it and protect yourself and others from it.

I particularly like where they cover identity theft protection services such as LifeLock. While these services do provide some coverage should your data gets out. The onus, as we all know, is on the potential victim to take the most effective measures to ensure the least amount of personal information gets out.

We'll cover more on this topic in the coming weeks. I've had a bit of an education on this both as a victim and as a law enforcement officer and crime prevention professional.

Who says crime doesn't pay? It does in Austria!

noreply@blogger.com (Scriven King) — Mon, 16 Mar 2009 01:31:00 +0000

Central Prison in Austria....

Boss, I swear those guys weren't there when I did my advance...

noreply@blogger.com (Scriven King) — Mon, 16 Mar 2009 01:08:00 +0000

Check this site out. All you have to do is click on a picture of your favorite celebrity and voila! You can find out which hotels they have been spotted at in the past. Not as bad as GawkerStalker. Just goes to show you should spend a significant part of your advance online. If I have enough online data and other open source intelligence, anyone can figure out your principal's probable location. A poster at TacticalForums was kind of enough to provide the link to the hotel site.

Some days at work, I wish I had this on my forehead

noreply@blogger.com (Scriven King) — Mon, 16 Mar 2009 01:01:00 +0000

If their pirates didn't scare you, wait until you read this!

noreply@blogger.com (Scriven King) — Mon, 16 Mar 2009 00:23:00 +0000

My favorite magazine in the whole-wide world, Security Management, has just posted a new article on some scary testimony given to Congress. As al-Qaeda becomes more decentralized, splinter groups, inspired by the success of squad-level attacks such as Mumbai, are seeking new members to bring into their organizations to increase their operational reach and membership size. According to the article,

"Experts and Somali community leaders yesterday told Congress that a suicide attack carried out by a Somali-American youth in Somalia could mean that a terror group based there is recruiting in the United States, raising the specter of homegrown terrorism.
Last October, Minneapolis resident Shirwa Ahmed carried out a suicide bomb attack in Somalia. He is believed to be the first American suicide bomber ever.
“We are concerned that if Somali-American youth can be motivated to engage in such activities overseas, Ahmed’s fellow travelers could return to the U.S. and engage in terrorist activities here,” Andrew Liepman, deputy director of intelligence for the National Counterterrorism Center (NCTC), told the Senate Homeland Security Committee yesterday.

In recent years a number of Somali-American youths and American converts to Islam have traveled to Somalia to fight with the al Shabaab militia. The Islamist insurgent group has used terror and guerilla tactics to fight the the country's weak Transitional Federal Government (TFG) and Ethiopian forces, according to intelligence officials.

Even scarier is finding out there are 150,000 to 200,000 Somalis that currently reside in the United States.

Professor Ken Menkhaus of Davidson College told lawmakers that Somalia’s 9 million people, “almost all of whom are Muslims, have endured 19 years of complete state collapse, periods of civil war, chronic insecurity, lawlessness and warlordism, massive displacement, the destruction of major cities, disruption of already fragile livelihoods, and recurring humanitarian crises, including the 1991-92 famine in which 250,000 people died.”

So why are these radical groups looking at Somalis? Because since their migration, they've failed to do what most immigrants try to do - assimilate. According to the article, ".....intelligence officials worry that Somali immigrants are more prone to radicalization and recruitment."

The question you have to ask is "Is this happening now or we talking about a vulnerability?"
Osman Ahmed, a Somali community leader in Minneapolis, alleged many of the young man that fled to Somalia were indoctrinated at the city's Abu-Bakar As-Saddique mosque.

Here's where I tell you to put down your gun and step back a minute and read the rest of the article.

Liepman said he wanted “to emphasize that we do not believe we are witnessing any form of community-wide radicalization among Somali-Americans.”

How do we solve this problem before it grows bigger? What's the government doing about it? We learned after 9/11 that "actionable intelligence" was useless if you never acted on it.

Philip Mudd, associate executive assistant director of the FBI’s National Security Branch, said the agency has crafted extensive outreach programs to Muslim communities and have also initiated a pilot program in Minneapolis to help FBI field offices and the Somali community deal with young men leaving to fight in their homeland.

The DHS Office of Civil Rights and Civil Liberties has also organized roundtable discussions to engage Muslim community leaders, Liepman said.

And you thought you had a sh*Q@$ job!!

noreply@blogger.com (Scriven King) — Sun, 15 Mar 2009 23:46:00 +0000

I just read a report, titled "The Safety of the Volunteer", on the safety and security of Peace Corps volunteers . It was written by the Peace Corps Office of Safety and Security and provides some interesting statistics for 2007. One should keep in mind the Peace Corps does have a global mission which is to say these crimes were reported in various locales to include many Western countries. Of course, the report was leaked by the world's most notorious leaker - WikiLeaks. Check out these stats:

Global Composite of All Physical Assaults (2007)

Type Of Incident Number of Incidents Percentage of All Physical Assaults
Aggravated Assault 36 47%
Major Physical Assault 15 20%
Other Physical Assault 25 33%
Total 76 100%

Rape/Attempted Rape Profile

Gender: Female
Age: 20s
Ethnicity/Race: Caucasian (71%)
Time in service: 7-12 Months (43%)
Relationship of Assailant: Friend/Acquaint. (33%)
Motive: Sexual Activity (95%)
Medical Attention: Yes (86%)
Location of Incident: Volunteer Residence (43%)
Occur at Vol. Site: Yes (76%)
Weapon Use: No (67%)
PCV Accompanied: No (76%)
Time of Occurrence: Early Morning (midnight-5:59 a.m.) (48%)
Number of Assailants: One (81%)
Day of Week: Weekday (57%) Weekend (43%)
Alcohol: Volunteer - Yes (52%), No (38%)/Assailant - Yes (52%), Unknown (43%)
Intention to Prosecute: Yes (43%) No (33%)

These statistics just prove that crime can follow you anywhere and to never ever let your guard down!

Red Alert!! Don't buy Sentex locks!!

noreply@blogger.com (Scriven King) — Sun, 15 Mar 2009 22:22:00 +0000

Bruce Schneier, much hyped security-guru, writes in his blog to be wary of Sentex locks:

It has a master key:

Here's a fun little tip: You can open most Sentex key pad-access doors by typing in the following code:
***00000099#*

The first *** are to enter into the admin mode, 000000 (six zeroes) is the factory-default password, 99# opens the door, and * exits the admin mode (make sure you press this or the access box will be left in admin mode!)

Wow! This is why it is extremely important to properly vet ALL security appliances before installation. I used my "Google-fu" on a different device and got this little gem. You should check the vendor's web site to see if they have product manuals online. If they do, guess who also has the manual in their files. You get a 1, 000 points if you said "The Bad Guys".

I'm baaaack!

noreply@blogger.com (Scriven King) — Sun, 15 Mar 2009 22:16:00 +0000

That's right.....It's been - what - a year since I was last seen on this blog. A lot has happened since then - Mumbai, US Presidential elections, numerous major security vulnerabilities, Sri Lankan cricket incident, and more. I won't try to turn back the hand of time. Sure, we'll discuss what happened since I last wrote anything but I'd like to begin with the current news. Oh where, oh where shall I begin?

Now, You Know Why I Have Issues With Doctors

noreply@blogger.com (Scriven King) — Thu, 22 May 2008 15:38:00 +0000

Jacksonville Police are looking for a guy who's been posing as a doctor at Wolfson Children's Hospital. To make matters worse, the guy was seen walking in the operating room. Wow, talk about a lawsuit!

The man was stopped because he smelled of alcohol and proceeded to leave once he realized his cover was about to be blown.

The following is a bit disturbing:

Later that day, an employee found the black computer bag the man was seen carrying. The bag was under a car in the parking garage and contained everything the man was seen wearing in the surveillance video, including a badge from Shands-Jacksonville Medical Center with a picture of a young child that was cut out and taped on the badge.

“That in and of itself shows you that this persons possibly was up to something but maybe his attempt was foiled,” Jacksonville Sheriff’s Office spokesman Ken Jefferson said.

The last comment by the spokesman was a bit disturbing because usually people don't impersonate professionals like doctors if they're not up to something. So how did he get access? He used the usual items like a medical coat, a badge, a stethoscope and a clipboard. I swear i you need to get into building in the world all you need is a clipboard and an ID badge.

Time for a Product Review - IronKey

noreply@blogger.com (Scriven King) — Thu, 22 May 2008 14:53:00 +0000

Let me say I was a bit skeptical at first. But one day, while listening to my favorite podcast - SecurityNow, I became intrigued by IronKey. If you know me, then you know "intrigued" usually me spending hours on Google learning as much as I can before I put down the cash to buy anything. I did just that.

I'm avid user of encryption so I have a slightly above basic understanding of how encryption works. Looking into the product, my first impression was that it was just another USB drive with the software on it. Nope. This thing has the encryption on its RAM chip - embedded. To say the least, I was impressed. The casing is almost indestructible without destroying the chips inside. It even has an aluminum backing which you use to engrave you signature in pen - very thin overcoat. It also has a serial number.

To make it sound even cooler - would you believe this thing has a self-destruct sequence? I'm not talking about Mission Impossible countdowns, but it only gives you ten tries to guess the wrong passphrase and then it destroys your data to include the encryption making the drive useless. I love this thing. I HIGHLY recommend this product. Did I forget to mention that IronKey also has its own TOR router with FireFox preloaded? Very cool!

Chinese Really Dig Cyberwarfare...You Think?

noreply@blogger.com (Scriven King) — Thu, 22 May 2008 14:32:00 +0000

My ultra-favorite security magazine Security Management has written an articlle detailing the testimony of certain government officials and contractors before the U.S.-China Economic and Security Review Commision. They informed the panel "that the Chinese government has embraced cyberwarfare and is directing its intrusions at U.S. government and critical infrastructure networks." According to Colonel Gary D. McAlum, director of operations for the Joint Task Force for Global Network Operations,

"The People's Republic of China has concentrated primarily on cyber-reconnaissance, particularly data mining, rather than cyberattacks."

What about all of the attacks originating from China we've been reading about? Don't fret. The Chinese have set a goal of 2050 to achieve "electronic dominance" through attacks on information infrastructure.

The DoD won't come out and say the world's second largest econoomy is vying for supremacy through hacking, it did note "a 31percent increase in malicious activity on its networks from 2006 to 2007." What attraction does cyberwarfare have fo such a country as China? It provide anonymity and an "asymetrical advantage", according to Dr. James Mulvenon, director of advanced studies and analysis for Defense Group, Inc..

Commission Co-chairman Peter T.R. Brookest cited attacks last spring on Estonia recalling that it wanted to evoke the collective defense clause of the NATO Charter and said "this is a question of escalation" moving from non-conventional to conventional, i.e. military, responses.

Mulvenon said there's no reason why the United States should restrict itself to trying to deter cyberattacks electronically. His next remark should sound familiar.

"We should ... begin with the premise that we have all the tools of ... national power, and in many cases it might not be to the U.S. advantage to respond to an electronic or cyberintrusion or cyberattack simply in that realm," he said. "We may, in fact, want to take advantage of escalation dominance that we have in other elements of national power, whether it’s military or economic."

CyberCommand anyone? What about this little tidbit from the article?

Michael R. Wessel said he fears that the perimeter security methods such as routers and firewalls used to protect against network intrusion are produced overseas, increasingly in China." Can we in fact have a secure perimeter," he wondered, "if in fact the Chinese are helping to build that perimeter?"

The nasty Cisco routers are keep creeping back into the blogosphere. For more information from Security Management, click here.

Duck, Boss!!

noreply@blogger.com (Scriven King) — Tue, 20 May 2008 22:56:00 +0000

Microsoft CEO Steve Ballamer hid behind a desk, as a man was throwing eggs at him. He was addressing the audience at a university in Hungary. As he asks the group about their final exams, this guy stands up and began asking Ballmer about a deal between Microsoft and the Hungarian government that he claimed is costing Hungarian taxpayers.

The man, then, begins to throw an egg at Ballmer. The crowd laughs, at first, at the spectacle of Ballmer hiding behind a desk. For some reason, once he began throwing the final two volleys, people got upset and started yelling at the man.

One would hope Ballmer would have better security. I wonder why no one was there to get him out of there immediately. It might be time to review Microsoft's executive protection program.

Finally...Some Good news

noreply@blogger.com (Scriven King) — Tue, 20 May 2008 22:50:00 +0000

It looks like the TSA has found something other than actor Dennis Farina's gun. Shemeka Greaves, a TSA officer at O'Hare International Airport, read a newspaper account about Janisia Grant, 8, who had disappeared with her mother a week ago Thursday, the TSA said in a news release.

According to the article, "Greaves checked the security tapes and confirmed that Janisia had been through an airport security checkpoint and boarded a plane to Atlanta with a companion, the TSA said. "

As you might imnagine, Grant's mother does not have custody of the child.

FBI: China Using Bootleg CISCO Router to Infilitrate DOD

noreply@blogger.com (Scriven King) — Tue, 20 May 2008 21:16:00 +0000

This really should come as no surprise, but every day there's a new thing that grabs my attention. The feds have seized over 400 counterfeit Cisco routers worth in the neighborhood of $76 million. I don't how much your firm allocates to competitive intelligence but the Chinese have a slightly larger budget. The FBi believes the routers were being used to penetrate both private and gpublic sector networks. These routers, as you might imagine, would certainly have vulnerabilities and a backdoor these agents could then use to access the networks which were targeted.

Who in government would purchase such routers? According to the article, "Among the purchasers of the fake equipment were the U.S. Naval Academy, U.S. Naval Air Warfare Center, U.S. Naval Undersea Warfare Center, U.S. Air Base at Spangdahelm, Germany, the Bonneville Power Administration, General Services Administration, and the defense contractor Raytheon, which makes key missile and weapons systems." Pretty big fish.....

Nosy Employee...Oh, How do I love thee?

noreply@blogger.com (Scriven King) — Tue, 20 May 2008 17:53:00 +0000

Turns out the lady pictured above, Nadire Zelenaj, was arrested for using computers at work to access secure government websites containing information about suspected terrorists. Her site of choice while employed as 911 dispatcher - a terrorist watch list. It should be noted there is a difference between accessing information and having the ability to change it. Her job as a 911 dispatcher would only have granted her access privileges (I hope). So far, she's only been charged with illegally accessing that information 232 times! A fellow employee became suspicious (I love nosy employees....They keep the rest of us honest) and reported her. Investigators then tracked her accessing the list over the course of almost 2 years from January 2006 and December 2007.

A new kind of war to fight....

noreply@blogger.com (Scriven King) — Tue, 20 May 2008 17:39:00 +0000

Looks like the US Air Force Cyber Command is looking to establish the same level of superiority the Air Force has in the skies as it wants in cyberspace. The Cyber Command wants a new set of "hacker" tools to engage in both offensive and defensive attacks against cyber-based threats which pose a risk to American interests. No word yet on where the headquarters will be. As we hear more and more in the news about the growing murky criminal/hostile terrain that exists online, I suspect we'll see more justification for such units to exists. China has their own unit dedicated to this. Why not us?

Super Sweet Link

noreply@blogger.com (Scriven King) — Tue, 20 May 2008 01:00:00 +0000

If you do any international travel in conjunction with your business, then I HIGHLY recommend Executive Planet. They cover everything from making appointments to how to properly address people in the country you're visiting. So far the site covers the following countries:

Argentina	Australia	Austria	Belgium
Brazil	Canada	Chile	China
Colombia	Czech Republic	Denmark	Egypt
Finland	France	Germany	Greece
Hong Kong	India	Indonesia	Iran
Ireland	Israel	Italy	Japan
Jordan	Malaysia	Mexico	Netherlands
Norway	Peru	Philippines	Poland
Portugal	Russia	Saudi Arabia	Singapore
South Africa	South Korea	Spain	Sweden
Switzerland	Taiwan	Thailand	Turkey
United Arab Emirates	United Kingdom	United States	Venezuela
Yemen

You have to be kidding..right?

noreply@blogger.com (Scriven King) — Mon, 19 May 2008 23:31:00 +0000

Two idiots had an altercation with Tasers over a parking spot in Boulder, Colorado according to AP. The "duel" involved a restaurant co-owner and security supervisor over a boot that was placed by the supervisor's subordinates on the restaurant co-owner. Harvey Epstein, co-owner of Mamacitas restaurant, was arrested on suspicion of felony menacing and using a stun gun. Casey M. Dane told police he was afraid Epstein was going to hit him with a 2-foot-long pair of bolt cutters. Epstein and Dane both draw down on each other. I'm a proponent of Tasers for potential victims of violent crimes not for two grown men like this. Absolutely hillarious!

WIFI Hotspots not secure?!?!

noreply@blogger.com (Scriven King) — Mon, 19 May 2008 23:13:00 +0000

Who would have thunk it? I had to chuckle when I saw this article jump across my screen. I don't know what's funnier - the FBI catching on to how insecure airport "hot spots" are or that this was even news. The FBI released a statement this week warning citizens who use the WIFI connections at airports to be careful as the connections were suseptible to being hacked. According to the article,

"While many of these hot spots have secure networks, some do not, according to Supervisory Special Agent Donna Peterson of FBI's Cyber Division. And connecting to an insecure network can leave one vulnerable to attacks from hackers.

Agent Peterson said one of the most common types of attack is this: a bogus but legitimate-looking Wi-Fi network with a strong signal is strategically set up in a known hot spot...and the hacker waits for nearby laptops to connect to it.

At that point, your computer and all your sensitive information, including user ID, passwords, credit card numbers, basically belongs to the hacker, Peterson said.

The intruder can mine your computer for valuable data, direct you to phony webpages that look like ones you frequent, and record your every keystroke."

I'll accept this is news to most people who are unaware of the risks but most serious web users as well professionals have known this for years. This could have been an attempt by the FBI to curb a trend of online thefts from WIFI connections which would certainly under their jurisdiction. As you can tell from the article, there isn't much detail regarding why this is suddenly newsworthy.

The Benefits of Talking....

noreply@blogger.com (Scriven King) — Mon, 19 May 2008 22:16:00 +0000

There's been a lot of news in the press lately regarding criticism Senator Obama has faced regarding his suggestion that the United States begin dialogue with certain rogue states like Iran. Most of his critics point out the US government has an official policy that we do not negotiate with terrorists or their sponsors. They say it creates a certain degree of legitimacy to a government which engages in terrorism and oppresses its people. While I agree with this to a small extent, I'm beginning to ask myself the very same questions Senator Obama faced when preparing this a talking point in his campaign.

Has this ever been pursued by other presidents when faced with like-minded regimes?
Are we not doing the same with a nuclear North Korea?
What's the harm in trying?

This has been tried by numerous other heads of states. People within President Reagan's administration conjured up a plan to begin talks with moderate Iranian officials who wanted to depose the Ayatollah. The idea was to ship weapons to the Iranians who promised to do whatever they could to free the American hostages in Tehran at the time. The proceeds of those sales would then be funneled to Israel and the rest is history.

Bush administration officials are negotiating right now with North Korea. One could argue North Korea has a worse track record in regards to the inhumane treatment of its citizens and an equal standing when it comes to preferred sponsor status with certain terrorist organizations. We could even look at other regimes who also advocate terrorism and go to more overt means to legitimize it such as Lebanon or Palestine. The PLO and Hamas have political parties and hold government posts throughout their respective territories. Their stance in regards to terrorist activity is notorious and dare I say just as lethal as Tehran. Yet, we honored Yasar Arafat with official White House visits and a seat at major negotiations with Israel.

I'm no friend of Tehran and I am completely against the tactics the current regime supports. But I'm beginning to wonder how much longer can we afford to wait for this current homicidal ideology which exist there to die. Nothing we've done to Tehran seems to be working. Sanctions only increase the rhetoric and support inside the regime. Military strikes would only inflame the Muslim world and bring us to a major regional conflict in a place where all of our friends are dying off like that monkey from Outbreak. Maybe, it is time for something different. I'm not proposing opening up embassies in Tehran but let's at least sit down and lay the groundwork for a "peaceful" future. "Peaceful" should not imply "harmonious". Even I'm not that optimistic.

Does anyone remember who we fought in the Korean War other than the North Koreans? We fought Chinese soldiers. Some 50 years later, China is becoming the world's largest economy. This didn't come about through military strikes or sanctions, but through a quiet dialogue through diplomatic back-channels and trade negotiations. Slowly, our two governments could build to a dialogue like this and "peace" could be acheived. What I'm proposing takes courage and a will to see "peace" acheived. This is something all warriors should want.

You can run, but you'll only die tired....

noreply@blogger.com (Scriven King) — Sat, 17 May 2008 05:47:00 +0000

I'm a firm believer in conducting extensive advance work when given a protective service assignment. While the Barrett sniper rifle is meant to be used by the good guys, videos like this always help reinforce the notion there is no security from a sniper in a brick building or an armored car. The only thing that brings your protectee home at the end of the day is well-thought out and expertly carried out advance work.

Old School Fallout Video

noreply@blogger.com (Scriven King) — Sat, 17 May 2008 05:46:00 +0000

No Tech Hacking

noreply@blogger.com (Scriven King) — Sat, 17 May 2008 05:14:00 +0000

This presentation was done by Johnny Long at ShmooCon last year. For those of you unaware of who Johnny Long is, he's a hacker turned security expert who has written a book of the same title as his presentation. He talks about how easy it is for most attacker to gain access and information without having to use a computer. This is a must read for any whose main purpose in life is the safeguarding of resources. I'll be doing a book review on this soon. Stay tuned for more.

YouTube Crimeware

noreply@blogger.com (Scriven King) — Sat, 17 May 2008 05:10:00 +0000

Draw Bridge Hacker

noreply@blogger.com (Scriven King) — Sat, 17 May 2008 05:08:00 +0000

This is the video of a guy who manages to hack a draw bridge with his PDA. Watch the crowds' reaction as the bridge stays put during rush hour.