Secrets of Computer Espionage: Tactics and Countermeasures
by Mirko Zorz - Monday, 24 November 2003.
Author: Joel McNamara
Pages: 408
Publisher: Wiley
ISBN: 0764537105



Available for download is chapter 1 entitled "Spies".

Introduction

All the books I've reviewed so far are there to teach you how to protect your system from various intrusion attempts, show you how to configure things for optimal performance or provide you with an understanding of an operating system. The book I've read this time deals with a topic that is often overlooked but still very important - computer espionage. We live in an age where information means power, not only to an organization but also to the average home user. You might have nothing to hide but you still want to keep your data private. Let's move to meet the author and get into the book so you can see what knowledge it contains.

About the author

Joel McNamara is an internationally acclaimed security and privacy consultant and the creator of Private Idaho, one of the first popular open source Internet privacy tools. A former Microsoft technical writer and training manager, he is credited with developing one of the first Microsoft macro viruses and then publicizing the security risks. He is also the author of the "The Complete, Unofficial TEMPEST Information Page," a Web site that demystifies classified government surveillance technology.

Inside the book

McNamara starts to guide you through the book by explaining who spies are and what they're after. You learn about amateur and professional spies and encounter several real life examples on the way. As I see it, you must be at least a bit paranoid to be interested in this book. I know I am, and I believe a little paranoia is a good thing. Anyhow, the author provides a set of questions that will help you determine your level of paranoia.

Next McNamara presents and overview of laws and their relation to computer espionage. Even if you're an employer that has the right to monitor employee activities to a certain extent, you have to be familiar with the limitations imposed by the law. All in all, a very interesting chapter that brings you closer to realizing the repercussions of spying. Moving on you learn about the so called "Black Bag" jobs - a term used by spies to indicate breaking and entering a building to gather information. The author discusses physical and network Black Bag jobs and various spy tactics. Mentioned is also social engineering, a tactic made popular by Kevin Mitnick.

Now you get closer to vital information about breaching the system. McNamara introduces the various levels of security and begins pointing out how each layer can be breached by writing about BIOS passwords. You discover manufacturer implemented backdoor passwords and tools for attacking BIOS passwords.

What follows next is a chapter dedicated to the search for evidence. The author notes that the information provided here is mostly aimed at the computer cop although the majority of the material also applies to the forensic examiners. Presented in detail are many vulnerabilities that allow examiners to retrieve information. Throughout this chapter a plethora of software titles are introduced. McNamara makes it easy for you to find the right tools and gives you the URLs where you can obtain them.

Once you break the security of a system and gain access, you think you're done? Think again. Many users choose to encrypt their data and that's where you run into more problems. You learn about weak encryption, weak passwords, attacks, etc. A myriad of cracking tools are mentioned as well as countermeasures that should allow you to efficiently upgrade the security of your system.

Another very important topic when it comes to computer espionage is copying data. The author dedicates a lot of space to the subject and discusses the strengths and weaknesses of various types of storage media before moving on to learn about snooping with keyloggers. You learn how they work and you see various hardware and software keyloggers available on the market. Countermeasures are presented and even readers with not much technical experience should be able to protect themselves after reading this.

Spying with Trojan horses is something most of you heard about. McNamara teaches you how trojans work, how they avoid detection, and more. Probably the topic the majority of you are interested in is network eavesdropping and that's exactly what comes next. Illustrated are the types of network attacks and the various tactics attackers might use.

We've heard a lot about the insecurities of wireless networks this year. Along with those stories came many that pointed out the overwhelming acceptance of wireless networks everywhere. No wonder there's a chapter about 802.11b wireless network eavesdropping in this book. Some of the things discussed are: MAC spoofing, wardriving, warchalking and sniffing.

What makes this book even more interesting is the vastness of material it covers. The last part of the book deals with advanced computer espionage and spying on electronic devices such as fax machines, telephones, answering machines, and more. To close the book, McNamara writes about TEMPEST, Echelon and surveillance cameras.

Final thoughts

Despite the title that may lead you to believe this is a manual used in the National Security Agency (NSA), this is actually a book for anyone worried about the security of their information. If you're into computer forensics, administering a network or just a concerned home user, you'll find interesting material for yourself in this book. The author covers a lot of material and manages to display the most important facts in every chapter. This is not surprising because of his skilled background.

McNamara provides insightful details backed up by a wealth or real life examples that clearly depict how vulnerable to computer espionage we all are. This is certainly a valuable addition to your bookshelf.



Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //