28 January, 2009

Old-fashioned spying

Dave Aitel, who once worked at the NSA, had a funny email on his list that included a mention of Saubhe Aldellemy, who operated a restaurant near NSA headquarters and Ft. Meade. Aldellemy was charged and apparently accepted a plea agreement for acting as an unregistered foreign agent (PDF) of Iraq, which is essentially legal speak for spying on behalf of the Iraqi Intelligence Service.

Using a restaurant near desirable targets is a well known method of gathering intelligence. It has been going on for decades at the least, and possibly as long as restaurants and a desire for non-public information have existed. I expect that the method was used extensively in the post-WWII and Cold War era.

Ira Winkler
, another former NSA employee, discusses the method in his book, Spies Among Us. Winkler also mentions a related method he uses when penetration testing, which is to go into restaurants near his target and take the business cards out of the fishbowls that a restaurant will set up for free drawings. Once he finds business cards from people at the target business, it gives him information to assist in social engineering and at times, in lieu of work identification, a business card can get him onto the grounds of the target business.

I suspect that spying against private entities is more attractive than it used to be, while spying against governments is still widespread. Whether it is for profit or government intelligence, you can bet that countries like the U.S.A., China, Russia, and many in the Middle East and EU all have programs like this. I also assume that at least some of the governments assist with spying against foreign corporations, not just government entities.

No matter the method of intelligence gathering, spying still goes on. Any company or government with sensitive information needs to be careful about methods like this. I have been in restaurants near government agencies, military bases and large companies, and they are definitely target-rich environments. Even the most paranoid and careful employees are likely to talk about something that could be useful to outsiders, either directly or to leverage additional information.

If you have information that is valuable enough, any company or entity that does not actually address the issue is asking for trouble.

07 January, 2009

Harlan Carvey's memory tool round-up

Harlan Carvey has a good round-up of incident response tools for collection and analysis of physical memory. His blog is definitely a good read for security professionals, particularly those that do any incident response or forensics. He is really good at posting his analysis processes and explaining which tools he uses for which tasks.

This post is just a reminder to myself to try some of the tools on his list that I have not yet used and to look more deeply into the tools that I have used. I hope to play with a number of the tools in a lab environment.

02 January, 2009

December Dailydave; a recurring topic and 25C3

I've posted links to Dailydave quite a few times. The month of December had the last discussion * on a recurring topic. It also had some good guesses beforehand then a discussion of the rogue CA attack that was presented at 25C3.

* of 2008