TrendLabs, a leading information security firm, published this really awesome infographic about the cybercriminal underworld. It’s certainly worth a look.
(click to enlarge)
An Aggregator for Blogs About Social Engineering and Related Fields
TrendLabs, a leading information security firm, published this really awesome infographic about the cybercriminal underworld. It’s certainly worth a look.
(click to enlarge)
Ryan Fogle, an alleged CIA officer being detained by Russian
counterintelligence after his cover was “blown” (Source: AFP)In light of the news a Central Intelligence Agency officer was detained by Russian counterintelligence, I felt it would be good to examine what it means to have good “cover discipline”. In order to accomplish missions that require stealth in plain sight, intelligence operatives use what is commonly referred to as “cover” which is a fictional persona adopted by individual officers so that their true identity and purpose remain unknown to their target. “Cover” takes a significant amount of time to develop and assimilate into the officer. Persons who operate “undercover” will spend a great deal of time studying and perfecting their “cover”. Where most officers get caught is when they lose “cover discipline”. This could be something as simple as confusing one’s “cover” name with their “real” name. In some cases, like the one depicted in this film, “cover” is often lost due to carelessness.
A recent display of good “cover” discipline came coincidentally during an exchange with a “hacktivist” known as The Jester and Jeff Bardin, a leading information security expert. The Jester and Bardin engaged in a phony confrontation regarding The Jester’s alleged betrayal of Bardin’s “cover” during an information security intelligence operation. The “feud” ended with Bardin “revealing” The Jester’s “real” name which was actually a “cover” he developed for this operation over two years ago. It was very elaborate but according to those involved, it was a success.
Here’s a snippet from The Jester and Bardin’s “feud”:
@th3j35t3r Fix in DM my ass. YOU blew my op and and exposed my resources. It is time your shit was blown.
— Treadstone 71 (@Treadstone71LLC) May 9, 2013 The Jester posted this with regards to his “cover” on another website:
For just such an occasion…..
——————————-
On the 1st July 2011 – I myself left this on pastebin >> http://goo.gl/JtI46
I also purposely left this in source code of my blog: http://goo.gl/8lwUC
Later I created this: http://goo.gl/S0UAb
and to bolsert I also created this http://goo.gl/O7EtX
It’s taken almost 2 years for anyone to spot the deliberate mistake. Well Done.
He doesn’t exist. It’s a decoy. Good to know who’s who though. Thanks.
You will notice the meticulousness of the preparation involved in developing a good cover. The Jester has been active for a few years and has yet to be successfully unmasked because of his adherence to good “cover discipline”.
I’m not an intelligence expert nor have I ever claimed to be. However, I have studied intelligence gathering and espionage for quite some time. What I have learned is that spies on rely on secrecy, deception, and disguise to conduct clandestine operations. In order to be successful, spies must “live, eat, and breathe” their cover story. As it’s stated in this article, “Cover is a mosaic, it’s a puzzle,” said James Marcinkowski, a former CIA case officer who attended the dinner. “Every piece is important [to protect] because you don’t know which pieces the bad guys are missing.”
For more information on “cover”:
http://www.slate.com/articles/news_and_politics/explainer/2003/09/how_deep_is_cia_cover.html
http://en.wikipedia.org/wiki/Non-official_cover
http://www.npr.org/templates/story/story.php?storyId=4757713
http://seattletimes.com/html/nationworld/2002400477_ciaculture25.html
It never ceases to amaze me how many of the cardinal rules of security and threat mitigation are relevant know matter which era or platform they are adhered to in. This video is a perfect illustration of that. It’s a video produced by the National Security Council for government contractors who worked with classified projects. It follows a fictional case wherein a company loses a key piece of classified information they produced. Of interest to security practitioners are the human security vulnerabilities exposed. Many of the fictional characters are exploited using social engineering. While the manner in which the information is much more elaborate than what we say in modern corporate espionage, the lessons are the same.