←All Posts Posted on April 28, 2015 By admin
Bugging, you might think, is the stuff of 1960s spy movies; microphones hidden in desk lamps and reel-to-reel tape recorders slowly turning in the next room. In fact it’s still very much a part of the modern world and our reliance on computers, mobile phones and other digital technology leaves us more open than ever to various types of eavesdropping.
Whilst there are companies around that will help you detect conventional bugs like concealed microphones and hidden cameras, tracking down cyber-snooping is a much more specialist task. It involves technical surveillance countermeasures (TSCM) as well as digital forensics and information security experts.
Cyber TSCM uses a combination of techniques including network and site surveys, vulnerability assessments, data flow and IP mapping, malware detection, threat analysis and more. Let’s take a closer look at some of what’s involved.
The first step towards tracking down unwanted surveillance is to understand your network infrastructure, whether wired or wireless. This begins with an asset discovery process to determine the visibility of the network, track down access points, understand the protocols in use and identify any devices with additional communication capabilities such as Bluetooth. An insecure access point can provide a way in for a hacker but can also lead to people connecting unauthorised devices like smartphones and tablets to poach company bandwidth.
Even on a wired LAN it’s necessary to identify switches, routers and other devices to get a clear picture of data flows around the network. Armed with this information it becomes easier to spot any rogue devices, misconfigurations or departures from the network design specs. A hub or badly configured, out of date router for example can provide a way for a hacker to remotely monitor network traffic.
Having identified and catalogued network devices it’s necessary to carry out a vulnerability assessment. This looks for any potential weaknesses that a hacker could exploit. A Cyber TSCM inspection looks at specific sections of the network identifying insecure protocols or weak passwords on wireless systems, or open ports on wired ones. It also looks at data security, which folders are shared for example and the effectiveness of any encryption systems in use.
Looking at data flows allows analysts to understand how information travels on the network. Internet Protocol (IP) analysis goes a step further by using specialist tools and techniques to capture and examine the packets being transmitted to determine exactly what data is entering and leaving the network.
This will allow specialists to spot illicit data transmission, uncover hidden encrypted channels, or identify communication with known malicious IP addresses or with blacklisted countries.
However good your security protection is, it’s possible that some types of malware can slip through the net, particularly if you’re being targeted by people trying to steal your company secrets. Detecting malicious software involves a forensic examination of computers and mobile devices looking at memory, storage and network traffic to spot unwanted or potentially dangerous activity.
The examination will also verify any installed software, ensuring that it’s carrying out its functions correctly and that no ‘backdoors’ have been introduced allowing data to leak.
One of the most common types of attack is the so called ‘drive by’ download. This gets the user to install malware by tricking them into visiting a compromised website, clicking a link in an email or opening a booby-trapped attachment. This type of attack is often successful on mobile devices where owing to the small screen size the address bar is often hidden making it harder to verify that a site is secure or legitimate.
This and other techniques like hiding malware in a seemingly legitimate app are common to ordinary malware attacks as well as attempts at surveillance and stealing data. Part of the solution lies in educating staff to be aware of the threat.
Forensic analysis of network traffic can identify malware that’s collecting sensitive information from desktop computers and mobile devices. Although some malware attempts to avoid normal anti-virus tools, or reverse engineering by obfuscating its code or using encryption, forensic analysis can uncover its presence by spotting the network traffic it generates.
Forensics also allows specialists to look at machines and determine which documents or files have been sent or viewed even if the files have subsequently been deleted.
Prevention is of course better than cure and Cyber TSCM can help by identifying threats before they become a problem. Outdated hardware or software can leave devices vulnerable. For example some types of office IP phones can be turned into listening devices if they’re running vulnerable software.
Computer forensic specialists can also take in the competence and knowledge of IT staff to ensure that they understand the systems they’re running and aren’t inadvertently leaving systems vulnerable. They can also evaluate threats or suspicious emails sent to the business.
From simple old-fashioned bugging devices, the world of surveillance has come a long way. Our increasing reliance on technology has opened up more routes for criminals or even government agencies to eavesdrop on our activities. It’s also made it easier to steal intellectual property or customer details by accessing information directly from computer systems or networks.
Companies need more than ever to be aware of the potential threats they face. They also need to acknowledge that their current computer security procedures and technical surveillance countermeasures may no longer be sufficient to protect them.