Legal Phone Taps Vulnerable to DOS Attacks
Researchers at the University of Pennsylvania say they’ve discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.
The flaws they’ve found “represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial,” the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.
Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don’t suffer from many of the bugs they’d found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack. (more)
Business Espionage – This Zeus is no Cretan
The Zeus banking Trojan could be a useful tool in corporate espionage…
Zeus typically steals online banking credentials and then uses that information to move money out of internet accounts. In the past year, however, Gary Warner, director of research in computer forensics with the University of Alabama, who has been closely monitoring the various criminal groups that use Zeus, has seen some hackers also try to figure out what companies their victims work for…
“They want to know where you work,” he said. “Your computer may be worth exploring more deeply because it may provide a gateway to the organisation.”
That’s worrying because Zeus could be a very powerful tool for stealing corporate secrets. It lets the criminals remotely control their victims’ computers, scanning files and logging passwords and keystrokes. With Zeus, hackers can even tunnel through their victim’s computer to break into corporate systems. (more)
International TSCM Standards & Findings
I am fortunate enough to have clients across the globe and to therefore meet like-minded colleagues and clients on my travels. As it happens, I spent today, my first in the USA for this trip, with a true professional of the TSCM business, based in California. We did a lot of talking about technical surveillance countermeasure techniques and processes employed by each of us, and can confidentially state, that the counter-surveillance services we offer in the Asia-Pacific, definitely matches those services offered in the USA.
Amusingly, when discussing peripheral security reviews, we realised that the vulnerabilities typically identified within corporations, is not limited to our respective geographical boundaries. Desks are not kept free of paperwork, doors are not locked, access control is not installed and CCTV is not fitted. These are a few common items, shared by all!
Please don’t hesitate to post some information on your counter-surevillance systems and processes. We can then start to review how each of you operate in the hope of assisting those who might be new to the business.
Espionage Life in the Fast lane
Espionage Research Institute – Day 2
This is what I heard today…
• Display of most of the TSCM instrumentation designed and built by Glenn Whidden (with commentary by Glenn). Instrumentation provided by J.D. LeaSure.
• Discussions about topics for next year’s meetings.
The discussions continue tomorrow.
Kevin’s Security Scrapbook is prepared fresh almost daily for the clients and friends of Murray Associates – Eavesdropping Detection and Counterespionage Consulting for Business and Government
