[ISN] Who's Watching Your Keyboard? (eavesdropping/bug)

From: mea culpa (jerichot_private)
Date: Wed Apr 22 1998 - 16:39:39 PDT

  • Next message: mea culpa: "[ISN] Firegates (firewall/filtering/cloaking)"

    Forwarded From: Nicholas Charles Brawn <ncb05t_private>
    Security sweeps for microphone bugs before confidential discussions may
    soon have to be extended to the PC world.
    A digital "bug" is available, says NCR marketing director Will Mooney, to
    stick to the bottom of a PC keyboard.
    It will capture every keystroke - private documents, confidential passwords
    - and store them in a microchip until retrieved.
    This is the far end of computer espionage, he admits. Today's information
    technology manager should be more concerned about a variety of simpler
    These include skilled invaders "labelling" their Internet messages to look
    as though they come from staff, staff going where they're not supposed to
    on the network, staff moving sensitive data off-site without authority and
    taking dangerous labour-saving shortcuts.
    NCR, like many a computer vendor before it, is trying to stir up interest
    and worry about computer security problems among management with
    out-of-date ideas about digital danger.
    NCR is looking to sell new services as a security monitor and adviser.
    But it seems to be caught in a marketing bind: trying to ramp up interest
    in the local market before it has any staff in New Zealand dedicated to, or
    expert in the field, or a very clear plan.
    Asked who would perform the services here, local representative Nick
    Halikias talks of "partners" expert in security. Some of these Optical Data
    Systems and Internet Security Systems - are United States-based companies
    with no current local representation.
    He mentions Cisco, maker of networking equipment, with Auckland and
    Wellington offices. A Cisco spokesman confirms the company is preparing to
    participate in the plan. Large accounting/ consultancy firms may also be
    interested, Halikias hints.
    Tools and procedures developed in the US for testing security and devising
    counter-measures are internationally applicable, Mooney says.
    "We have a defined approach, which is franchised, like the appearance of a
    McDonald's restaurant." It can be operated on the same basis by a local NCR
    branch and/or various partners.
    But he acknowledges the local operation may need to be flexible to the
    different size and practices of New Zealand businesses.
    "Different countries have different laws about[digital crime], and about
    what data you would have to collect and keep to bring a successful
    prosecution," he says.
    "McSecurity" begins to look less uniform. NCR's briefing material refers to
    the use of "white-hat hackers" - reformed intruders now willing to help NCR
    customers test their vulnerabilities.
    But Mooney says hackers will not be used. "We intend to train 200 of our
    own staff[worldwide] and use alliances with security specialists."
    Mooney warns companies to think beyond accustomed assumptions on security.
    A survey of 4,500 US firms by the FBI and the quasi-Government Computer
    Security Institute established that between 75% and 83% of security
    breaches were perpetrated by insiders intentionally and inadvertently.
    Unthinking breaches cover a wide range. A worker might prop open the door
    into a supposedly secure computer room with a chair, to avoid having to
    keep putting his/her card in the slot.
    In one case, a worker was told to store personal data on a designated disk
    drive, but when standard maintenance procedures kept deleting it because it
    had not been accessed for a certain time, he shifted it to another, less
    secure drive, precipitating a breach.
    A clear policy is the first line of defence, Mooney says. It should be
    strictly enforced, with sanctions for breaches.
    When it comes to breaches from outside, most companies open to the Internet
    or dial-in links set up a "firewall," a device programmed to allow only
    approved kinds of digital traffic from the outside world into the internal
    computer network. But this can lull the company into a false sense of
    Sophisticated policing equipment can conquer this problem by monitoring the
    timing of messages.
    If the automatic computer acknowledgement of an outgoing message comes back
    a little later than it should, it may not be coming from inside the
    The equipment is programmed with all access rights. Not only does this
    prevent irregular access by staff, but "if someone comes into the system
    >from outside pretending to be you, they'll probably try to go somewhere
    where you're not allowed, and the policing system will pick it up."
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:51:14 PDT