Saturday, January 19, 2008
Technology and Techniques Used in Industrial Espionage
Industrial Espionage. These methodologies are being used on a daily basis by competitors maybe even against you. I knew a Private Investigator who used to break into other firm s voicemail boxes. He was suspected of erasing messages and stealing potential clients. I know you may be thinking that is not right. Maybe so but if a Private Investigator cannot protect him/herself than what use are they to a client. This happens all the time. If you think it is bad here in the United States try overseas. It is pretty much considered fair game and rarely enforced. Even the Concord was remembered for being heavily bugged . What you may find surprising is just how easy it is to do. You could even use off the shelf items, although fully assembled models are readily available and cheap. The best way to learn is to do. A little bit of paranoia and a lot of imagination goes a long way. Just look around your house and see what can be used. Baby monitors can be remotely activated and used to listen in on you. Your cell phone can be hacked through its Bluetooth Feature, so not only can all the data be copied, but also settings could be changed. Your phone could be called and answered without you knowing; thereby listening to your conversation. Your phone can also be used to make a call to someone else without you touching a button ideal for incrimination purposes. There was a technique originally developed to remotely view what you watch on your television, now adapted for computer screens. You can find the plans to build this on the Internet from many sites. This is used in Europe, particularly the Balkans all the time against ATMs. There is still the good old fashion radio scanner to listen to cordless phone calls. Then you can say, Well I use a digital, spread spectrum model using 2.4 or 5.8 frequencies. True that is good protection, but given time the packets of data (digital remember) can be reassembled and decoded. Thankfully that takes time, but you can buy a digital scanner to listen to real time conversations. You can also buy software overseas to work with scanners and laptops for listening to cell phone calls. An interesting side note: Some of these same companies that provide such equipment constantly steal from each other. Outside your house or in the basement of your apartment building are boxes where your land line phone service comes through. You just need a telephone/ linesman butt set or build one from a phone to listen in. So you say, What does this have to do with industrial security? Well usually certain people are targeted when looking for a means into an organization. Plus, they can make a convenient scapegoat and distraction to investigators. Believe it or not it is often I.T. and security personnel who are targeted. Although they may be more aware of security they also have higher privileges than most. Many times they use a popular and recognized remote access program when telecommuting. If you can capture their username and password that may be all that you need. Sometimes there may be more advanced authentication procedures. For instance, the server you will log into or firewall you wish to bypass may require extra authentication. Sometimes it may request a MAC address. This is the unique serial number burned into network cards. This can be copied and you can change yours to that one with a software application. If you have the IP Address, then you can switch your IP Address as well. When you access the victim s computer and place a remote access program of your own, don t use one with obvious hacker names like Back Orifice. Using one that they already have, such as PC Anywhere or Remote Desktop would be ideal. Don t worry about tackling a wireless computer network. Even with security enabled that could just be a speed bump to the dedicated. If probing a victim s computer then I recommend making it appear as spam. If they have a firewall, you can probe it and see what version they are using. Afterwards look around for data on cracking that firewall. Any firewall can be cracked and guess what? You can always break into their home and place whatever it is that needs to be placed. Alarm systems can be defeated rather easily if you know how. Many times these burglar alarm systems were installed by poorly trained or overworked employees who take short cuts to get the job done. Sometimes you will actually see the keypads mounted outside the door to a home or easily viewable through a window. What happens if they cut the phone line or cover the siren box? Locks can also be bypassed by means other than just lock picking. You could install a high security lock, but if all the hardware around it is weak than what good is it? Dogs can be tricky and are usually the toughest obstacle to overcome. Believe it or not, little dogs that are the worst. Big attack dogs can be overcome and sedated or contained; even the well trained ones. But little dogs that run around and make a racket are a menace. Once a dog starts barking, the rest neighborhood s dogs will join in. Even using a high frequency sound device to annoy the dog on a property you wish to enter can alert other dogs. If you do break in, check the bedroom and den first. Bedrooms are where the most important items usually are. You are not there to steal but to place bugs, software etc. and to copy anything of interest, such as a security card, hard drive or key. Bring a digital camera and photograph the scene before moving anything. If there is too much dust then leave it alone. Dust leaves a telltale sign, which is very noticeable when moved. Most locks used to secure desks are easy to pick so that s not a big deal. Bring a hard drive cloning devices and a Linux Boot Disk to copy entire hard drives. This way even if they are password protected and encrypted you can crack them later at your leisure. You can carry MP3 players and iPods to act as a second portable hard drive. That can be particularly handy when in a public environment. Someone thinks you are fiddling with a MP3 player but you are actually downloading somebody s hard drive. Carry all the cables you may need since some machines may not have a particular port like firewire. If they do have a faster transfer rate type port, then by all means use it. You can do something else while it is busy copying data. Remember to look under the keyboard for passwords and pay attention to Post-its. Those little pieces of paper are gold mines. Also, and maybe more importantly, copy data from cell phones and PDAs, if they are available. This can be done with cables to your own PDA or laptop. There are portable dedicated units for this purpose as well. The safe if they have one are usually in the bedroom. Use a metal detector to find it. Place the metal detector wand on its lowest setting, so only a significant metal object will trigger it. Sometimes a safe can contain something you can use as blackmail. There are devices which mount to a safe s dial which automatically attempt countless combinations; some are stand-alone, while others are connected via laptop. You can also try the basic combinations for that make and model. Some safe technicians use the default combination or may try to use some thing you can remember like a child s birthday. If all else fails try 36-24-36, it s very popular with certain bachelors. Placing bugs around the house is usually useless. Most people have a tendency to put the television set or stereo on when they are home. The only exception may be over the head of the bed and wait for pillow talk. You may as well concentrate on telephones lines. They may use a cell phone in the house but once again you may not be able to hear the conversation. Even when using a laser mike which focuses a beam against a window and picks up vibrations in a room may not work, especially if they have plush carpeting or heavy drapes. You can record a conversation on video you can always lip-read if audio is not available. If you have the time and they have a garage, see if it opens automatically. Go over to the garage door and make a copy of the remote for yourself. This works even with the rolling code models. This is just a general outline of what you can do. Make sure to check the soles of your shoes before and after a break in. I suggest wearing a popular brand in case the police make a cast of your footprints. You can also place a pair of hospital booties over your shoes to cover your tracks. It is not a bad idea to wear a jogging suit as opposed to being dressed as a ninja. If you have to run, you would not seem too suspicious. It is wise to take as few chances as possible. If you have more time, the best way to infiltrate an organization is to join it. If not directly then as one of it s support people such as food services or building maintenance. Cleaning crews usually work after hours under little scrutiny. These companies have such a high turnover that they are always hiring and do no background checks. If you do show up for an interview or to do some sort of sales pitch come mentally prepared. Hang around the places where the target organization s employees are and pretend to be a headhunter. Hand someone your demo CD. Of course that CD should have more on it than they expect. Anti-virus protection can be completely by-passed using this method. I will even guess that you have done this countless times without a second thought. If the job interview is for a technology-based position, they will tip their hand by asking you what do you know about such and such. A good skill to pick up will be the ability to read documents facing away from you on a desk. While you are at it develop an excellent memory for detail, especially numbers. Taking a few acting classes could help here, too. What I like about situations like this is that these are the ideal times to place bugs. If you think it may be discovered, then just dispose of something in their wastebasket. Blow your nose while placing a micro-transmitter in it. I doubt any one will inspect the contents of a used tissue. They will end up getting rid of it for you. There is a chance that said item could be discovered by personnel who do paper shredding services. Most companies do not use this service. This could also be a good idea to do some dumpster diving later and see what they throw out. You can carry a micro digital camera and record everything you see. Just pretend to be listening to an iPod or something. Whatever you do, pretend that you belong. If someone tries to stop you, start grooving to some imaginary tunes and head for the elevator. Always have an excuse ready. You can also use something known as video ham radio. This transmits video images via radio signals; more commonly used by rescue crews. This is different from the more conventional covert video systems used out there. Video systems tend to use a lot of battery power so bring spares. Ideally it would be nice to place cameras in the copy machine but usually a copy machine technician best accomplishes this. Some operators have gone as far as replace whole machines. The FAX machine is the best for tapping. No one seems to ever suspect that is tapped but will scrutinize everything else. You may think that that is an oversized DSL filter on it but maybe it is not. If there is a damaged door with a lock still attached try to remove it. A good locksmith can build master keys by analyzing the pin tumblers. With some practice you can do this as well. Cut a key for both before and after removing spacers from pins if they have them. This is what is called a master keying system. What you would want to make is the grandmaster key. This will allow you total access. If you do start opening doors, be aware that there may be door contacts. These are magnetic switches used in burglar alarm and access control systems. You can use basic electronic tools to locate the magnet and use your own magnet to fool the door. There are different devices out there which can record and analyze security/ prox/access control cards Weigand output. The Weigand output is when a card reader emits a radio wave, which energizes the card. The card then sends out a unique identifier. This is what you want to catch. With another device you can replicate this identifier, mostly using a PDA. Laptops are better but conspicuous compared to a PDA. Smart cards and the magnetic strips from more conventional credit card types can be duplicated on the spot. Just be aware that with most modern access control software the face will show up on the computer screen that accompanies the card being used so enter with a group. If there is a numeric keypad you can use ultraviolet light to check for smudges and you can guess from there. If you have access to a thermal imagery device, you can see the heat signatures. These are so cheap now that they are popping up in the most unlikely places. Hunters are using them for the slight advantage it gives them. Usually the stronger trace is the most recent. That will be the last one pressed. From there you can guess accordingly. Many systems have a three strikes and you are out policy, so proceed with caution. Otherwise, if you are in a mantrap the doors will stay locked and you are trapped and security will be alerted. Biometrics is growing in popularity but as you probably guessed by now, can be defeated. It is rare for somebody to wipe their prints off. A lot of these devices are fingerprint based so get copies of fingerprints. One way is to get them from the biometric reader itself. Some crime scene photographers have special software or film that accentuates photos of fingerprints. Some scanners that check for retinas and such can occasionally be tricked by trying out a bunch of well-made fake eyeballs and a flashlight. You can remotely access the security and camera system either by the Internet or through a phone line (pre-paid cell phone included). You can give yourself privileges on a blank access card and erase video files of your activities. Sometimes the video files may be also network storage based. Once again you should access anything with any trace of your existence. You can also defeat the cameras individually. Strong light devices can blur an image or anything that emits strong electrical signals can cause static or snow. If the camera is too far you can use a HERF (hi-energy radio frequency) gun. This can send a focused burst which can either be disruptive or destructive. Think of using your cell phone next to a clock radio for an analogy. These are not as hard to acquire as you might think. If you are this close you should monitor the security guards radio frequency. You can use a radio that can communicate with theirs try not to talk to them for any reason. Many sites are now recording radio transmissions for insurance reasons. Voice print recognition has come a long way. Be aware of their call signs and any related lingo. If you have a crazy notion of knocking out a guard just be aware that their radios have a tilt feature so if a guard goes down there is an alert. If you are thinking about doing a late night sneak and peek consider the perimeter defenses. The use of fiber optics in fencing is common and almost invisible to the intruder. Break a branch onto it so that part of the fencing system is deactivated or simply overlooked. In and around can also be seismic intrusion detection, which basically is sensitive to footsteps. This can be tricked with a device called a thumper. It is basically a box that stamps its foot at whatever pace. Certain cameras may be programmed to react to the disturbance. If you are looking for infrared sources use a passive night vision scope/goggle. You are looking for IR emissions; you are trying not to create your own which an active model could do. There are little badges you can wear that can alert you if you are under IR observation. Do not wear divers watches since the tritium will light you up like a ghost to any nocturnal observer with night vision goggles. If the facility is using thermal imagery, than you will need to really do your homework; chances are they are serious about protecting whatever it is they are tasked with. One way to defeat that is by wearing different types of neoprene suits. Everything must be covered not a very comfortable way to spend an evening. Otherwise you will have to wait for a storm to hit before you make a move. Now you may not approve of the disclosure of such information. The truth is such knowledge is freely available to anyone. Just buy a video game to get the latest inventions and their use. Remember this: the most successful operations are the kind that go undetected. Maybe a little bit of paranoia is a good thing. The author of this article is a freelance security consultant contracted by competitive intelligence firms, such as BHE Security, and private investigators. There seems to be a decided lack of knowledge on the techniques and technology of Industrial Espionage .