Tscm Risk Management Presentation June 2012
Click here to load reader
Transcript of Tscm Risk Management Presentation June 2012
TSCM Risk ManagementTSCM Risk Management_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
WelcomeWelcome _________________________________________________________________________
Threat of Electronic Eavesdropping “Focussing on GSM Bugs”
29 June 2012Radisson Blu HotelPort Elizabeth – South Africa
S hi h dSteve WhiteheadManaging Member E d i D i S l i ®
© 2012 info@tscm‐za.com www.tscm‐za.com
Eavesdropping Detection Solutions®
Lets Meet!Lets Meet!_________________________________________________________________________
Please feel free to askWhat is your name?
What is your role in
Please feel free to ask questions and to share your experiences!What is your role in
your organisation?
H l h
y p
How long have you been in this role?
© 2012 info@tscm‐za.com www.tscm‐za.com
ObjectiveObjective_________________________________________________________________________
T id li i i f h l d i k i d i h• To provide a realistic view of the value and risks associated withcorporate information protection and to determine who is at risk
• Technical vulnerabilities and latest attack methodology
• Indicators that eavesdropping could be taking place
• Countermeasures to protect informationfrom technical attacks
Indicators that eavesdropping could be taking place
from technical attacks• To raise awareness of the realconsequences of intellectual property andconsequences of intellectual property andinformation vulnerabilities
© 2012 info@tscm‐za.com www.tscm‐za.com
Status of Technical ThreatsStatus of Technical Threats_________________________________________________________________________
In recent years the technical aspects of electronic• In recent years the technical aspects of electronicsurveillance detection have become much more complex
• Growth in surveillance enabling technology and newterminology – convergence, virtualisation, GSM, GPRS, GPS, IP,l h i i d i l d idBluetooth, VoIP, Wi‐Fi, SD memory cards, wireless, android,
embedded web services and more
• Miniaturisation regarding al three phases of eavesdropping
• Convergence• Convergence
• Technology ‐ empowering people
© 2012 info@tscm‐za.com www.tscm‐za.com
• Cyber‐espionage
Our Work Terrain Then & NowOur Work Terrain – Then & Now_________________________________________________________________________
• Offices and buildings were drab lifts were manned by building• Offices and buildings were drab – lifts were manned by buildingemployees and receptionists formed the 2nd line of defence
W ll i t d d k h i d fili bi t• Walls were painted green or grey, desks, chairs and filing cabinetswere wooden, warn and scarred
• Office machines were few, heavy, manual in operation andfrequently old
Offices are designed for• Offices are designed for beauty and efficient
functioningfunctioning• It has atmosphere with expensive equipmentp q p• Blurring boundaries
© 2012 info@tscm‐za.com www.tscm‐za.com
ConvergenceConvergence_________________________________________________________________________
Telephone systems have changed from the traditional PBXand voice to IP based systems and controlled by the ITDepartment
Voice data and video use shared resources and interactVoice, data and video use shared resources and interactwith each other synergistically
Unified communications deployment!
IP telephony transcends the traditional job boundaries of data communications and telecommunications
© 2012 info@tscm‐za.com www.tscm‐za.com
TechnologyTechnology________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Technology________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
“Power To The People”________________________________________________________________________
Apple sold 15 million iPad’s duringApple sold 15 million iPad s during2010. The craze for tablet computerscannot be ignored by organisations andthey will find their way into the officewhether supported by IT or not.Banning personal de ices is also not an
The question is what do youdo from an IT security
Banning personal devices is also not anoption!
do from an IT securityperspective to control whataccess these devices have toyour corporate networks? Yet another channel via
which corporate data can b t l i d!
© 2012 info@tscm‐za.com www.tscm‐za.com
be stolen or misused!
Technology – Digital CopiersTechnology Digital Copiers________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
VoIP Eavesdropping AlertVoIP Eavesdropping Alert________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
“Wiretapping” Fibre Opticsetapp g b e Opt cs________________________________________________________________________
The fibre cable to be tapped is placed into ai b d l i d i ( ) h li hmicro‐bend clamping device (1). The light
pulses leaking from the cable are detected bythe optical photo detector (2) and sent to anp poptical‐electrical converter (3). The converterchanges the light pulses to electricalinformation that is placed on an Ethernetinformation that is placed on an Ethernetcable attached to an attacker's laptop. Thelaptop, running sniffer software, provides the
k i h i i h d lliattacker with a view into the data travellingthrough the tapped fibre cable
Optical taps have been found on police networks in the Netherlands andGermany. The FBI investigated one discovered on Verizon's network in theU S Networks used by U K and French pharmaceutical companies have also
© 2012 info@tscm‐za.com www.tscm‐za.com
U.S. Networks used by U.K. and French pharmaceutical companies have alsobeen attacked, probably for industrial espionage
“Wi‐Fi Warping Wallpapera p g a pape________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Attack MethodsAttack Methods_________________________________________________________________________
1. Hard wired attacks
2. Telephone attacks
3. Radio Frequency (RF) transmitter attacks
4. Esoteric attacks
© 2012 info@tscm‐za.com www.tscm‐za.com
GSMGSM________________________________________________________________________
GSM (Global System for Mobile Communications) is a communicationstandard to describe technologies for second generation (2G) digitalcellular telephonescellular telephones
The GSM standard has improved with the development of thirdp pgeneration (3G) standard and GSM networks will evolve further withthe incorporation of the fourth generation (4G) standard
© 2012 info@tscm‐za.com www.tscm‐za.com
How Does GSMWorkHow Does GSM Work________________________________________________________________________
Th GSM k i f ll E h ll i ll i hThe GSM network consists of cells. Each cell is a cell site thatconsists of an elevated tower that contains transceivers(transmitters and receivers) signal processors a timing receiver(transmitters and receivers), signal processors, a timing receiverand electrical power sources. The GSM network refers to thesetowers as base stations or Base Transceiver Stations (BTS)towers as base stations or Base Transceiver Stations (BTS)
© 2012 info@tscm‐za.com www.tscm‐za.com
How Does GSMWork (2)How Does GSM Work (2)________________________________________________________________________
Th S b ib Id i M d l (SIM) i d hi hThe Subscriber Identity Module (SIM) is a smart card whichsecurely stores the key identifying information of a mobile phoneservice subscriber as well as subscription informationservice subscriber, as well as subscription information,preferences and text messages. The SIM card is used toauthenticate you to your GSM carrier!authenticate you to your GSM carrier!
The SIM stores network state information such as its currentThe SIM stores network state information such as its currentlocation area identity (LAI). If the handset is turned off and backon again it will take data off the SIM and search for the LAI it was
© 2012 info@tscm‐za.com www.tscm‐za.com
in before it was turned off!
How Does GSMWork (3)How Does GSM Work (3)________________________________________________________________________
A GSM phone mustpconnect to a base stationvia a signal. When aphone is turned on, thephone searches for asignal to connect with!Behind the scenes, a cellh i i t tphone is in constant
contact with the availablebase station makingbase station makinghandshakes every fewminutes and sending
© 2012 info@tscm‐za.com www.tscm‐za.com
minutes and sendingdata!
Evolution of GSM InstrumentsEvolution of GSM Instruments________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
GSM ExploitationGSM Exploitation_________________________________________________________________________
The BBC reported on 2 March 2004 thatThe BBC reported on 2 March 2004 that“Nokia mobile phones that doubles aslistening devices can be bought on thelistening devices can be bought on theInternet”
In spy mode the phone• will not ring• will not vibrate• will not show anything on the screen• phone will auto answer calls• microphone sensitivity is increased
© 2012 info@tscm‐za.com www.tscm‐za.com
GSM ExploitationGSM Exploitation_________________________________________________________________________
C|net reported on 1 December 2006 that the FBI hasC|net reported on 1 December 2006 that the FBI hasremotely activated a criminal’s cell phone microphone tolisten to the surrounding conversations The eavesdroppinglisten to the surrounding conversations. The eavesdroppingtechnique functioned whether the phone was on or off!
© 2012 info@tscm‐za.com www.tscm‐za.com
GSM Based BugsGSM Based Bugs _________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
GSM Based BugsGSM Based Bugs _________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
3G Engine Based Video Devices3G Engine Based Video Devices _________________________________________________________________________
• Concealed in everyday items
• Higher bandwidth enablesvideo product
• Much improved sound qualityand better compressionand better compression
© 2012 info@tscm‐za.com www.tscm‐za.com
Detecting GSM Based BugsDetecting GSM Based Bugs _________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Detecting GSM Based BugsDetecting GSM Based Bugs _________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Technology – Cell SpyingTechnology Cell Spying________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Millionaire Investigated!Millionaire Investigated!________________________________________________________________________
The Sunday Times reported on 27 November 2011 that that aThe Sunday Times reported on 27 November 2011 that that aPretoria businessman is at the centre of a criminalinvestigation over the alleged illegal interception of hisg g g pestranged wife's private e‐mails, SMS’es and BlackBerrymessages, or BBMs
© 2012 info@tscm‐za.com www.tscm‐za.com
Detecting SpywareDetecting Spyware_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Phone “Hacking”Phone Hacking_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Not in the BoardroomNot in the Boardroom_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
GSM SafeGSM Safe_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
“Spycam” InformationSpycam Information_________________________________________________________________________
Type the word “SpyCam” in Google search and you will get 2 020 000hits. Not bad for a word that is not even in dictionary.com
Whole websites are devoted to selling them such as spycam.com, my‐spycam.com and spycamwarehouse.com
“Spycams” are selling big time!
Man eb sites offer ho to instr ctionsMany web sites offer how to instructions
Some “spycam” videos get posted on the Internet
Occasionally someone gets caught
© 2012 info@tscm‐za.com www.tscm‐za.com
Hidden SpycamsHidden Spycams_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Hidden Video Camera FoundHidden Video Camera Found________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Africa ExamplesAfrica Examples_________________________________________________________________________
Sudan’s opposition leader Hassan al‐Turabi buggedFebruary 2012
Bugging devices were found in the hotel rooms ofDr. Willibrod Slaa and another oppositionmember of Parliament at the Hotel 56 in thecapital city of Dodoma Dar Es Salaam Februarycapital city of Dodoma, Dar Es Salaam ‐ February2009
Ugandan government tappingprivate telephone conversationsi H t l ill ll M h 2009
© 2012 info@tscm‐za.com www.tscm‐za.com
in Hotels illegally – March 2009
Local ExamplesLocal Examples_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Ministers Offices CheckedMinisters Offices Checked_________________________________________________________________________
News 24 reported on 10 May 2012News 24 reported on 10 May 2012that the Minister of State Security,Dr Siyabonga Cwele hasDr Siyabonga Cwele hasannounced in Parliament that“Cabinet members have asked toCabinet members have asked tohave their offices swept for fearthat they are being tapped”that they are being tapped
© 2012 info@tscm‐za.com www.tscm‐za.com
Local ExamplesLocal Examples_________________________________________________________________________
The Business Day reported on 8September 2011 that the University’sAd i i t t P f Th bAdministrator, Professor ThembaMosia, has confirmed that buggingdevices were discovered in thedevices were discovered in theoffices of senior management at theUniversity and that a senior staffymember has been suspended.
© 2012 info@tscm‐za.com www.tscm‐za.com
UpdateUpdate_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Who is Breaking the Law?Who is Breaking the Law?_________________________________________________________________________
The Witness (KZN newspaper)reported on 18 March 2011 that aPi t it b d t i dPietermaritzburg advocate is underinvestigation by the South AfricanPolice in connection with a buggingPolice in connection with a buggingdevice that was discovered in theceiling of the Bar Administrator’sgoffice. The same advocate is alreadyunder investigation in connection withthe alleged theft of a hard drive fromthe CCTV surveillance system at thePi t it b d t ’ h b
© 2012 info@tscm‐za.com www.tscm‐za.com
Pietermaritzburg advocates’ chambers
It Does Not Matter Who You Are?It Does Not Matter Who You Are?_________________________________________________________________________
Th S d Ti d 22 AThe Sunday Times reported on 22 August2010 that former President NelsonMandela’s Houghton house was buggedMandela s Houghton house was buggedprior to the ANC’s 2007 national conferencein Polokwane The SAPS VIP Protection Unitin Polokwane. The SAPS VIP Protection Unitfound the listening device during one oftheir regular sweeping exercisestheir regular sweeping exercises
© 2012 info@tscm‐za.com www.tscm‐za.com
Fairweather Trust vs InvestecFairweather Trust vs Investec_________________________________________________________________________
Th S d Ti t d 01 A t 2010 th t th Ch it f ilThe Sunday Times reported on 01 August 2010 that the Chait familyof Cape Town is suing Investec for R 170 million. Former Telkomtechnician Seun Briel alleged in a Cape Town court that he illegallytechnician Seun Briel alleged in a Cape Town court that he illegallytapped telephones at the offices and residences of the Chait familyat the request of Investecq
k l bInvestec spokeswoman Ursula Nobregatold the Sunday Times that "is not ourpolicy to spy on clients (or) violate thepolicy to spy on clients (or) violate theconstitutional rights of individuals"
© 2012 info@tscm‐za.com www.tscm‐za.com
“Bugging” Scandal Rocks SAFABugging Scandal Rocks SAFA_________________________________________________________________________
Ci P d 25 J l 2010 h D J d hCity Press reported on 25 July 2010 that Danny Jordaan, whois the FIFA Local Organising Committee’s CEO; former SAF b ll A i i (S f ) id M l fi Oli h iFootball Association (Safa) president Molefi Oliphant, vice‐president Mandla Mazibuko and CEO Leslie Sedibedi d hi h h hi l i i d i h ddiscovered this month that vehicle monitoring devices hadbeen secretly fitted to their cars
© 2012 info@tscm‐za.com www.tscm‐za.com
Internal Problems!Internal Problems!_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Recent DiscoveriesRecent Discoveries_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Recent DiscoveriesRecent Discoveries_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Recent DiscoveriesRecent Discoveries_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Eavesdropping QuestionEavesdropping Question _________________________________________________________________________
Assuming youAssuming you would not get caught, what iscaught, what is
the least payment
you would want to plant an
d ieavesdropping device at work,
just once?just once?
Source : Kevin Murray March 2009
© 2011 info@tscm‐za.com www.tscm‐za.com
What is TSCM?What is TSCM?_________________________________________________________________________
TSCM is a counterintelligence activity and refers to a set ofmeasures employed to identify and to investigate hostilep y fy gtechnical devices planted by an adversary for collectionpurposesp p
TSCM is largely directed at the protection of informationg ybut will often reveal physical and other security problems,lack of education and can help to assess the vulnerability of
© 2012 info@tscm‐za.com www.tscm‐za.com
sensitive facilities
What is Our Task?What is Our Task?_________________________________________________________________________
To detect and to neutralise hostile penetration technologies thatTo detect and to neutralise hostile penetration technologies thatare used to obtain unauthorised access to information. Thisincludes the detection of equipment or building componentsincludes the detection of equipment or building componentsthat have been modified for direct or indirect transmission ofinformation
Basically we are still looking for a recorder, microphone, a videocamera or a transmission that should not be there!camera or a transmission that should not be there!
Acquisition & Transmission of Processing &Acquisition & Conversion
of Information
Transmission of Information
Processing & Storage
of Information
© 2012 info@tscm‐za.com www.tscm‐za.com
TSCM AngleTSCM Angle_________________________________________________________________________
• Eavesdropping detection (Debugging)
• VIP protection programmes
• Provision of secure environments
• Consulting regarding information protection
• Communications system integrity testing
© 2012 info@tscm‐za.com www.tscm‐za.com
CountermeasuresCountermeasures_________________________________________________________________________
• Policies and Procedures– Ensuring Technical Countermeasures Becomes Due Diligence
• Outsourcing and Contracting– Choosing a Sweep Team
if i d i l– Verifying Credentials
• In‐house Capability– Equipment
– Training
Certification– Certification
• EducationExecutive Briefings
© 2012 info@tscm‐za.com www.tscm‐za.com
– Executive Briefings
– Staff Awareness
Guidelines Choosing a Service ProviderChoosing a Service Provider
________________________________________________________________________
One of the most difficultthings is to choose the correctgservice provider
Prospective clients are facedwith a myriad of information
h das each service provideremphasise their experience,backgro nd opinions andbackground, opinions andmarketing messages
© 2012 info@tscm‐za.com www.tscm‐za.com
Things to Consider When Choosing a Service ProviderChoosing a Service Provider
________________________________________________________________________
1 Is the company recognised by the industry or others?1. Is the company recognised by the industry or others?2. Who will conduct the survey(s)3. Make enquiries about experience and training/refresher3. Make enquiries about experience and training/refresher
training4. Make enquiries about equipment5. On what level will the services be performed6. Certificate of Quality
l d d7. Report, analysis and recommendations8. Do they perform other business services as well such as
electronic surveillance?electronic surveillance?9. Are they prepared to have their findings verified?10. Will they testify in Court on your behalf?
© 2012 info@tscm‐za.com www.tscm‐za.com
10. Will they testify in Court on your behalf?11. Membership of professional institutions
EquipmentEquipment_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
OSCOR Green_________________________________________________________________________
OSCOR Green_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
TALAN DPA 7000_________________________________________________________________________
TALAN DPA-7000_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
ReportingReporting_________________________________________________________________________
The survey consists of a radio frequency spectrumThe survey consists of a radio frequency spectrumevaluation on various levels, power line sweeps, physicalsearch non linear junction detection and various telephonesearch, non‐linear junction detection and various telephoneand line tests to detect illicit voice and data taps
All signals and measurements are noted, recorded andstored for future comparisons
A complete report is submitted detailing the results of thesurvey with recommendations where applicablesurvey with recommendations where applicable
© 2012 info@tscm‐za.com www.tscm‐za.com
Reporting_________________________________________________________________________
Reporting_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Reporting_________________________________________________________________________
Reporting_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Final ThoughtsFinal Thoughts_________________________________________________________________________
Espionage is one of the oldest professions because as longa there was one person who had an advantage overanother, one army, or one agricultural or tradingadvantage, someone was skulking about trying to get theirhands on that information or technology
“the most valuable thing in the world is not gold ordiamonds, it is information.”
© 2012 info@tscm‐za.com www.tscm‐za.com
Final Thoughts (2)Final Thoughts (2)_________________________________________________________________________
• Serious espionagewill include technical surveillance• The possibility must be resolved before accusing people• Bugging is the easiest spy technique to discover• Smart clients don't wait until they "think they are beingbugged"• Intelligence collection is a leisurely process. Conversationsand information are collected – in many ways – long beforethey are used against you. Until this collected intelligence isused, no harm is done. No losses suffered. Pro‐active sweepsdetect snooping early – thus, drastically reducing the
© 2012 info@tscm‐za.com www.tscm‐za.com
potential for loss Source : Kevin Murray – Spybusters.com
Your Approach?Your Approach?_________________________________________________________________________
I h i f i i h ldi b k?Is your approach to information security holding you back?
Organisations need a clear definition of information security th t i i t t th h t ththat is consistent throughout the
organisation
A weak security culture, training, and attitude can easily open up anorganisation's security to attack Executives play a key role in influencingorganisation s security to attack. Executives play a key role in influencingemployees to pay more attention to awareness training and security. Ifemployees do not see executives making statements and demonstrating the
© 2012 info@tscm‐za.com www.tscm‐za.com
importance of security, they are not likely to treat it as a priority either
Phone Hacking Kills Multi gBillion Dollar Business
_________________________________________________________________________
News Corp.’s News International unit recently announced thatit will shut down its News of the World tabloid. Why is this
You are responsible for your employee's
yimportant to you...
You are responsible for your employee sactions. Ethics, like security is a top‐downcorporate culture. A strong corporatecorporate culture. A strong corporatecounterespionage programme sends twomessages: spying is not tolerated (in eitherdirection), and employees are obligated topro‐actively protect corporate intellectual
© 2012 info@tscm‐za.com www.tscm‐za.com
assets! (Source : Kevin Murray – Scrapbook)
About UsAbout Us_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
A Complete PackageA Complete Package_________________________________________________________________________
Awareness Briefings
P li iPolicies
Procedures
Standards
VIP Protection Support
Communications S itSecurity
Provision of Secure Environments
© 2012 info@tscm‐za.com www.tscm‐za.com
Environments
MembershipMembership_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Join UsJoin Us_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com
Questions?Questions?_________________________________________________________________________
© 2012 info@tscm‐za.com www.tscm‐za.com