Tweet
So much for all those movie images of spies handling serious tech with aplomb, all while sipping a drink, or playing hide the salami with a member of the opposite sex. These people definitely weren't from SMERSH. Actually, it seems they were just short of "Natasha! Am cooking up big trouble for Moose and Sqvirrel!"
The full story is here: http://www.networkworld.com/news/201...-spy-ring.html
It's actually pretty amusing from the standpoint of people in our line of work. They apparently did some things right: Steganography was used, and encrypted peer-to-peer wireless networks were employed to limit other people connecting. On the other hand, they made the same operational security mistakes that we see a lot of users make: things like posting passwords on sticky notes, and using bad encryption on the peer-to-peer networks.
Of course this raises a question: If real life, deep cover sleeper spies are making those mistakes, can we ever get regular users to get security right?
Russian spy ring needed some serious IT help
By Tim Greene
Network World
June 30, 2010
The Russian ring charged this week with spying on the United States faced some of the common security problems that plague many companies -- misconfigured wireless networks, users writing passwords on slips of paper and laptop help desk issues that take months to resolve.
In addition, the alleged conspirators used a range of technologies to pass data among themselves and back to their handlers in Moscow including PC-to-PC open wireless networking and digital steganography to hide messages and retrieve them from images on Web sites.
They also employed more traditional methods including invisible ink, Morse Code and ciphers, according to assertions made by federal agents in court papers seeking arrest warrants for the suspected spies.
One of the most glaring errors made by one of the spy defendants was leaving an imposing 27-character password written on a piece of paper that law enforcement officers found while searching a suspect's home.
They used the password to crack open a treasure trove of more than 100 text files containing covert messages used to further the investigation.
[...]
By Tim Greene
Network World
June 30, 2010
The Russian ring charged this week with spying on the United States faced some of the common security problems that plague many companies -- misconfigured wireless networks, users writing passwords on slips of paper and laptop help desk issues that take months to resolve.
In addition, the alleged conspirators used a range of technologies to pass data among themselves and back to their handlers in Moscow including PC-to-PC open wireless networking and digital steganography to hide messages and retrieve them from images on Web sites.
They also employed more traditional methods including invisible ink, Morse Code and ciphers, according to assertions made by federal agents in court papers seeking arrest warrants for the suspected spies.
One of the most glaring errors made by one of the spy defendants was leaving an imposing 27-character password written on a piece of paper that law enforcement officers found while searching a suspect's home.
They used the password to crack open a treasure trove of more than 100 text files containing covert messages used to further the investigation.
[...]
It's actually pretty amusing from the standpoint of people in our line of work. They apparently did some things right: Steganography was used, and encrypted peer-to-peer wireless networks were employed to limit other people connecting. On the other hand, they made the same operational security mistakes that we see a lot of users make: things like posting passwords on sticky notes, and using bad encryption on the peer-to-peer networks.
Of course this raises a question: If real life, deep cover sleeper spies are making those mistakes, can we ever get regular users to get security right?
Comment