[ISN] Cyber cops & security orgs: DIRTy, stupid and out of control

From: InfoSec News (isnat_private)
Date: Mon Mar 18 2002 - 23:40:58 PST

  • Next message: InfoSec News: "RE: [ISN] Personnel Shortage Hindering Net Security"

    By Thomas C Greene in Washington
    Posted: 18/03/2002 at 13:41 GMT
    A number of what one would hope to call professional computer security
    and cyber law-enforcement figures in England, Australia, South America
    and Asia appear to have been duped by DIRT Trojan marketer Francis
    Edward "Frank" Jones, according to documents obtained by The Register.
    A second load of Codex Data Systems correspondence has been released,
    including contract paperwork in various stages of maturity. We don't
    know how much has been finally signed, sealed and delivered; but we
    can infer that the people named below have at least contemplated
    co-marketing deals with the hustler Jones. Many of them are in
    high-profile positions of responsibility and trust in the areas of
    computer security and law enforcement. It makes one wonder if anyone
    in these fields can ever be trusted.
    For background on the insidious Trojan Jones is misrepresenting as a
    crime-fighting tool, and Jones' criminal background, see our previous
    coverage here and here.
    First up we have a proposal for marketing DIRT to government spooks,
    industrial spies and private security firms in the United Kingdom with
    Dr Kevin A. O'Brien, a Senior Policy Analyst with RAND Europe, and
    Information Assurance Advisory Council (IAAC) Chief Operating Officer.
    According to a document dated 24 September 1998, O'Brien was
    "contemplating being involved in some or all aspects of [Codex's]
    creation, development, production or sale of intellectual property,"  
    in his capacity then as a representative of the Hussar International
    Research Group, "a virtual organization of professional research
    analysts based throughout the world. The prime research interests of
    the Hussar Group are issues of contemporary international security, in
    all of its aspects."
    The group, which now appears to have been disbanded or absorbed by a
    larger entity (in part by RAND, obviously), belonged to the Matrix
    GDSN (Global Decision Support Network).
    The Matrix describes itself as "an international network of specialist
    organizations providing business intelligence, knowledge management,
    risk assessment and technology evaluation services to future-oriented
    organizations throughout the world. "Our global resources include
    intelligence professionals, analysts, and systems designers with
    collective capability that rivals many intelligence agencies."
    As for IAAC, it describes itself as "a private sector led and
    government supported forum that brings together corporate leaders
    public policy makers law enforcement and the research community to
    address the challenges of information infrastructure protection. IAAC
    is developing policy recommendations for government and corporate
    leaders at the highest levels."
    Dr. O'Brien may be found at: 
    RAND Europe (Cambridge) 
    36 Regent Street 
    Cambridge CB2 1PG 
    United Kingdom 
    tel: +44(0)1223-353329 
    Information Assurance Advisory Council 
    36 Regent Street 
    Cambridge CB2 1DB 
    United Kingdom 
    tel: +44 (0)1223 307711 
    In Australia we have World Systems Resource (WSR), a discount (used)
    enterprise computing vendor supplying equipment from HP, SUN, Cisco,
    Compaq, IBM and EMC. A February, 2000 document indicates that the
    company was seeking a non-exclusive deal as a DIRT reseller in the
    Australian cyber-cop/securocrat market.
    World Systems Resource is located at: 
    Unit 8, 92a Mona Vale Road, Mona Vale, 
    New South Wales 2103 Australia 
    tel: (02) 9979 1455 
    Covering all of South America in one stroke, we have Mr Ramon Ignacio
    Izaguirre, who appears to have entertained a 17 March, 2002 agreement
    to distribute the DIRT Trojan to cops and securocrats throughout the
    land. Jones praises Izaguirre for his "expertise in marketing to the
    government, law enforcement and military sector in Argentina and South
    America," and offers him exclusive rights to market it throughout the
    Izaguirre also appears to operate a company called Segurama, which is
    involved in security.
    He may be found at: 
    1624 Bdo. Irigoyen Street, 
    Buenos Aires 1138, Argentina 
    tel: 54-11 4300-7539 
    And last, but not least, we have Mr Unho "Tiger" Choi in South Korea,
    who appears to have entertained a 24 February 2001 deal to get the
    DIRT circulating among eager government spooks and ambitious
    industrial spies in his home country. He's also a trusted member of
    the local CERT.
    Choi is affiliated with the Korean CERT-CC Computer Emergency Response
    Team Coordination Center, which, just as in the US and elsewhere, is
    an arm of the government.
    More properly, CERT-CC/Korea is run by the Korea Information Security
    Agency (KISA), which in turn is run by the Ministry of Information and
    Our "Tiger" is also affiliated with KISA. And he seems to have his own
    consulting business on the side as well. He skips about quite a lot,
    but should be available for comment at one of these locations:
    Unho "Tiger" Choi 
    Network and Security Consulting, Inc. 
    1329-4 Woonam Building, 15th Floor 
    Seocho-dong, Seocho-gu 
    Seoul, South Korea 
    cell: 82-17-263-3433 
    Korea Information Security Agency (KISA); 
    Information Security Technology Division 
    78, Karak dong, Songpa-Gu, 
    Seoul 138-160, Korea 
    tel: 82-2-4055-114 
    Senior Members of Technical Staff, CERTCC-KR 
    5F, Seocho-Donga Tower Bldg, 1321-6 Seocho Dong, Seocho-gu, 
    tel: 82-2-3488-4122 
    cell: 017-263-3433 
    And lest we forget, our friend Jones may be found at: 
    Codex Data Systems, Inc. 
    143 Main Street 
    Nanuet, New York 10954 
    167 Route 304 
    Bardonia, New York 10954 
    tel: 845-627-0011 
    tel: 914-627-0011 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 19 2002 - 02:08:39 PST