1 / 28

How To Recruit Spies on the Internet

How To Recruit Spies on the Internet. Ira Winkler, CISSP ira@isag.com +1-410-544-3435. I’m Sick of Wikileaks, But…. Wikileaks is an example of how an insider can become an Internet-based spy Reportedly Manning worked with Assange about passing the materials over

chava
Download Presentation

How To Recruit Spies on the Internet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How To Recruit Spies on the Internet Ira Winkler, CISSP ira@isag.com +1-410-544-3435

  2. I’m Sick of Wikileaks, But… • Wikileaks is an example of how an insider can become an Internet-based spy • Reportedly Manning worked with Assange about passing the materials over • Manning had all the characteristics of a “spy” • It is easily understandable • It is an example of a spy recruiting themselves

  3. The First Time It Hit Me • Performing espionage simulation of large high tech company • Open source research found employee posting to singles website • Woman described her ideal man checklist • Security manager wanted me to be her ideal man and see what I could get out of her

  4. What is a Spy? • There are very distinct terms for different tasks within Human Intelligence • Operative – Puppet master, not James Bond • Special Agent – The term for a law enforcement officer, who tracks down spies • Agent – A person who has access to information, and is manipulated by the operative to giving it up • Black Bag Operation – An operative personally tries to compromise information • Generally very rare

  5. Operatives • Try to always keep their hands clean • Primary job is finding, recruiting and maintaining “agents” • Requires a lot of work • Trained to look for people with psychological weaknesses, who are vulnerable to manipulation • Uses a variety of techniques for information exchange once recruited

  6. Russian Illegals • These were the summer spies if you remember • Talk was how they were useless to Russia • However, • Went to top business schools • Partied with Wall Street executives • Mingled in top political and social circles • Put themselves out there as against US policies • Perfect positioning to find potential Agents • We really don’t know their successes in that regard

  7. What Do Operatives Look For? • MICE • Money • Ideology • Coercion • Ego • Frequently a combination of 2 or more • Once sucked in, they solidify the lock

  8. Stan Methodology • Look for regular bar goers • Ask for cigarette • If they talk and have access to information, follow up for next meeting • Ask for basic information • Over reward, and ask for more • Over reward, and ask for more • Get something sensitive, and lock them in with more money

  9. They Might Not Know • A good operative can sometimes get a person to give information and who doesn’t know they are an operative • Operative develops a plausible story, and the person just wants to be helpful • Usually involves a fake identity • Got Stan National Security Council information • Ideal scenario for the Internet

  10. Russian Hacker • Investigating large corporate hacking • Used line analyzer to track hacker • Watched him pop around the Internet and go in chat rooms pretending to be a 5’6”, blonde haired, green eyed, 15 year old girl • Got hackers to tell where they hacked, and asked them to prove it by providing logins, etc. • Yes, they were that dumb

  11. Changing Language Patterns • Stealing becomes borrowing, sharing, or copying • You aren’t a spy, you’re fighting for freedom • They didn’t treat you right and you’re showing them that they have to change their ways • NLP for example

  12. Agents • Manning for example • Generally have significant psychological flaws • Sometimes have gross naïveté, especially frequently when the Internet is concerned • Wanting to believe what they are told on the Internet

  13. More Than “Social Engineering” • The term has become overused and meaningless • Human elicitation is a better term • Unfortunately, the term Social Engineering has taking out the concept of “engineering” • There is a science applied by intelligence operatives • It is a repeatable process

  14. Social Networking is a Treasure Trove • Tells every aspect of your life • Tells your interests, family, employer • People discuss every aspect of their lives • People discuss problems with their employers • People leave tracks that show their vulnerabilities • People don’t realize what’s out there

  15. Spy On Yourself Project • Friend had class he taught research themselves on the Internet for a class intelligence project • Could tell when people started project, because they would show up early to class and ask how they could get the stuff off the Internet • Didn’t even include Facebook • Have you ever researched what the Internet says about you?

  16. Consider • Can you tell if someone needs money from social networks? • Can you tell someone’s ideology and preferences? • Do people post things that are inevitably embarrassing? • Can you tell if someone has ego related issues?

  17. Other People Can Post It • How many people have had “friends” post meeting attendance by you? • What about organizations publishing your involvement? • How much about you is public record? • How many of you had a picture of you turn up on the Internet? • How many of you wish something was posted about you wouldn’t have?

  18. Targeting a Person • The adversary might target an organization and then find a person who is vulnerable • An adversary might target the person specifically • Depends upon the nature of the adversary’s intent

  19. Sophisticated Adversaries • Target high value individuals • Mostly target organizations, then find vulnerable individuals • Anyone can be a target because of their relationships • Frequently, it is for obtaining computer access • Sometimes, it is for recruitment of the individual

  20. China Example • Refer to my previous talk • Search for individuals who are interested in attending a conference to send them malware and establish a foothold in the organization • Send a person a file, that appears to be from a trusted party, that is relevant to job • Requires multiple layers of research

  21. Targeting Vulnerable Individuals • Israeli soldier who posted raid in advance • Finding disgruntled people inside target • Finding groups where people share information • Cross reference it with other sources on the Internet • Establish fake friendships with fake profiles

  22. Robin Sage Issue • Someone set up a fake profile to see how many people would respond to it • Had hundreds of friends in the Intelligence and Defense communities • Started getting friend requests from hostile areas

  23. Fake Profiles and Groups are Easy to Start • Mike Murray tried to fake himself until I mentioned it would be a great attack • Regular celebrity and corporate fakes • There have not been publicly announced espionage profiles, but intelligence operatives would be foolish not to

  24. It Only Takes One • Per Stan, all an adversary needs is one person in your organization and they can get everything • Consider how much data Manning was able to compromise

  25. How I Would Do It • Search an organization • Identify as many people as possible through Google and other sources • Profile their likes, interests, friends, troubles, issues, family, etc • Create fake profiles, join relevant groups • Search for vulnerable people • Solicit as many as possible until you find a vulnerable person

  26. The Key • The people never know who they are really dealing with • Over time, I would manipulate them to give me information, whether they know they are being manipulated or not • Again, it only takes one, and there are thousands of targets • Intelligence agencies and criminals have lots of time to find that “one”

  27. For Your Reading Pleasure

  28. For More Information Ira Winkler, CISSP ira@isag.com +1-410-544-3435 http://www.facebook.com/ira.winkler @irawinkler

More Related