Network Security Monitoring Processes

Killing with Keyboards Websites, Blogs and Other Sources

of Program Information and Identity Theft

Meet Chris Husband, father of two, weekend little league coach He is a talented and dedicated engineer for Bright Company

In the year 2010 Chris will kill 238 U.S. Soldiers

because of a decision he made tonight

On rare occasions At night Chris will log on to engineering community web sites and blogs, just to stay current with the industry

EaglesFan54

Chris works for a defense contractor and has listened to all of the security briefings. He knows to be careful about what he tells anyone.

Chris never uses his name and rarely posts anything at all. When he does, he only uses his on-line name.

09/13/2004EaglesFan54 I know for a fact that WIRENUT207 is dead wrong, but I cant say how I know. You really need to go back and get some updated information, but thats all I can say about it.

05/11/2005EaglesFan54 Kyle Boldgers new book Beyond Advanced Electronics is by far the best industry book I have read in 10 years. Everyone should check it out.

02/18/2006EaglesFan54 I dont agree at all that the HLT5807 chip is out of favor. Even the military uses it on their major new programs.

Meet Alice She is 16, and for the last two years her government has been teaching her English Alice has done well, so eight months ago they started to teach her to use a computer and to search the Internet

Just like every day, Alice is using Google today. Searching for words and phrases from a list her government gave her.

Alices favorite English word is Google

Alice knows if she works hard for five years and creates lots of files for her government, they will move her family to a nicer apartment and maybe even send her to more school.

Today, Alice found Chris

02/18/2006EaglesFan54 I dont agree at all that the HLT5807 chip is out of favor. Even the military uses it on their major new programs.

USA-15-4138

The day started great for Chris The team he leads hit a major program milestone, and each was given an unexpected performance bonus. For Chris it was one step closer to his retirement fishing cabin.

Yet another half day spent in a quarterly security update briefing. Chris promised his team he would talk to senior management about not wasting their time on these anymore.

And then the day went bad

It did give the team an excuse to get some good coffee for a change

After the briefing his team walked across the parking lot to the new American Tea that was just built. It catered to the large Bright Co. team that worked at their site.

While in line Chris complained to one of his team, Do they really think a person with a Secret clearance needs to be reminded about this stuff? And no one goes dumpster-diving any more! These security guys have no clue what theyre talking about.

Chris was still angry about the briefing

The store offered free Wi-Fi (wireless Internet access), six free small quiet rooms to make phone calls,

and a 15% discount to Bright Company employees (just show your employee badge at the time of purchase).

It was a great place to unwind

Alices progress was slow and steady Her group leader often repeats that the searchers need to be very patient. It may take weeks to find something important, but each petal helps you identify the flower it came from.

Each piece of the puzzle provides a new search opportunity

EaglesFan54

09/13/2004 EaglesFan54 I know for a fact that WIRENUT207 is dead wrong, but I cant say I how I know. You really need to go back and get some updated information, but thats all I can say about it.

05/11/2005 EaglesFan54 Kyle Boldgers new book Beyond Advanced Electronics is by far the best industry book I have read in 10 years. Everyone should check it out.

02/18/2006 EaglesFan54 I dont agree at all that the HLT5807 chip is out of favor. Even the military uses it on their major new programs.

I cant say how I know

Book suggestion: Beyond Advanced Electronics

military and major new programs

Eagles Beyond Advanced Electronics

Alice followed the information from one website to another

What seemed like unimportant information from one site was the start of the Google search leading to other sites.

Chris Raddick Philadelphia, PA

I cant say how I know

Book suggestion: Beyond Advanced Electronics

Customer ReviewsGreat Industry Read, May 7, 2005

Reviewer: Chris Raddick The #1 Eagles Fan (Philadelphia, PA) – See all my reviews

Even items which are now deleted from web sites can still be searchable within the Google cache (history)

Chris Raddick Philadelphia Eagles

The search results produced even more new sources to follow

Email: Chris Raddick [email protected], Phone: (215) 555-1784; Email: Beth Raddick [email protected], Phone: (215) 555-3159 www.payouthleagefootball.net/division1/parentlisting.html

Web Youth League Families Philadelphia Little Eagles

Chris whole team from Bright celebrated Bright Night with players from the Eagles. The company sponsored night. www.cableco.com/alltheraddicks.com/brightnight.htm

The Raddick Family Bright Night with the Eagles

MySpace Profile – Kyle Raddick, 16 years old, Male, Philadelphia, PA www.myspace.com/kyleraddick

Chris Raddick

Beth Raddick

Kyle Raddick

Chris Raddick (215) 555-1784 (cell phone?) [email protected] (employer?)

Kyle Raddick, 16 (son?) MySpace (blog) website

Beth Raddick (wife?) (215) 555-3159 (home phone?)

[email protected] alltheraddicks.com (website?)

Chris with Kelli BrightChris with Kelli Bright

Chris Raddick Philadelphia Eagles

Each new site produces more information Web

Chris whole team from Bright celebrated Bright Night with players from the Eagles. The company sponsored night. www.cableco.com/alltheraddicks.com/brightnight.htm

The Raddick Family Bright Night with the Eagles

Family and club web sites can be used to find new information or confirm data

The Bright StarsThe Bright Stars

Bright Company sponsored

Bright Company sponsored

Bright Night with the Eagles

Bright Night with the Eagles

Beth making new friends!

Beth making new friends!

Reverse Phone Number Search (215) 555-1784

The information was all there, on sites Chris had never visited or posted

information to Results 1 listing matching (215) 555-1784

Christopher Raddick 1359 Lost Way Philadelphia, PA (215) 555-1784

Search Again Modify Search Printer Friendly Results 1 listing matching (215) 555-3159

Elizabeth Raddick 1359 Lost Way Philadelphia, PA (215) 555-3159

Search Again Modify Search Printer Friendly

And eventually Alice was done searching

Chris Raddick

Beth

Kyle

www

www

www www

www

www

www

www

www Bright

Co.

It was a great day for Alice Her leader rewarded Alice for completing her 200th file. She was allowed to recommend a family member to join her at school. Soon Alice would have the honor of teaching her thirteen year old sister all she had learned about computers and Google.

The information about Chris was now available for use as needed

USA-15-4138

Christopher (Chris) Allen Raddick, Born 1954 Married, two children (see family attachment) 1359 Lost Way, Philadelphia, PA; Ph. cell 215.555-1784 Employed: Defense Contractor, The Bright Co. Engineer, Sports Teams: Eagles football; Childrens Sports Coach; Drinks Alcohol; Sails; Water-skis; Home Mortgage, $234,177; First Federal Bank; Vehicles: 2004 Chevrolet Camaro, 1999 Volvo Wagon

In early 2008 Alices government became aware that a vulnerability exists in technology which may have been integrated into certain U.S. defense projects. To benefit from the information, they needed to know for sure.

Later that same year, Chris attended an for defense and related industries.

Although held at the unclassified level, conference attendance was very restricted. Every attendee required a government sponsor.

The hotel conference center had guards outside the meeting rooms, and conference badges had to be worn when attending sessions.

Chris sat in the hotel bar He was tired after four days of conference At the other end of the bar Chris noticed a guy wearing an Eagles hat. He had seen him several times around the hotel in the last several days. In the restaurant, lobby and elevators. Chris walked over. Eagles! In this town? Chris said. I know, Im getting grief from everyone, the man replied. Not from me. Im actually a diehard Chris said. Youre kidding me! The man introduced himself as Tom. Well thats definitely worth a beer, Tom said smiling. Greatly appreciated, Chris said. You at the conference? Tom nodded. First week out of my lab in two years. Chris grinned. DOD project? Chris asked, drinking his beer. Sorry, cant say, Tom replied. You know, that always sounds bad no matter how you say it. Nothing personal. Chris smiled No problem. Really, I totally understand.

Tom insisted on buying dinner They talked sports and generally about work, careful not to say too much.

Tom bought a second pitcher of beer, reminding Chris that Toms company was more than happy to pay his expense account since he traveled so rarely.

I was actually hoping to hear if anyone else was thinking of using Claridens new Digital Signal Processors, Tom mentioned casually. I hate being the first program to use a new chipset. Dont worry then, Chris said, Army is using them. Tom grinned. You must be working on that new Army program. Cant say, Chris said smiling, but you definitely dont need to worry that your program will be the first military program to use it.

Dinner was now over Tom was very pleased that it has gone so smoothly. He had the confirmation he needed, and would even be able to contact Chris again if need be.

He had told Chris that he had to leave the conference the next morning to catch an early flight. No risk of having to explain why he was not registered to attend the conference.

Tom never even had to threaten Chris with the picture in his pocket, designed to show Chris how close Toms supporters had come to using Chris family as motivation.

2009 was a very good year!

Kyle Raddick, Chris and Beths oldest son had joined the Army. They were very proud of him. Chris took extra pride in knowing what he contributed to the success of the Armys new system.

For Chris and his family…

For Alices government… Alices government used the information they had developed from Chris about the system vulnerability to trade with another government, who was very interested in using it against the United States.

In the year 2010

Chris will lie in bed and watch the news tonight, and worry about the life of his son.

What will you do the next time all of those security warnings seem like they apply

only to someone else.

Another 238 U.S. Soldiers were killed.

Five Discussion

Topics

The information and scenarios in the were all true. The characters and the vulnerability were

the only fiction

I am no one they care about That may be true for now, but you never know when one on-line posting will bring YOU to their attention.

Chris was just another name in a file until they needed some inside information about his program. It never occurred to him that an intelligence agency would target him for a piece of information, but they did.

Some things to think about Chris had no idea that just confirming that the Clariden DSP chip was in use would be enough to hurt or kill. But that one small piece of information was the last piece in the puzzle that the enemy was putting together.

While Chris thought he was careful, it is difficult to know exactly what an adversary is looking for, and if what you have may be of benefit.

1

I dont have ANY adversaries! Feel like all of this war and terrorist or adversary talk is about someone else?

Take a quick look at some other groups that use these exact same on-line information gathering techniques.

Some things to think about Former girlfriends, boyfriends, divorced spouses. Angry neighbors, people you only knew casually. Disgruntled co-workers, employees, temporary workers.

Identity thieves. (Try a Google search on your name.) Pedophiles seeking information to convince your children that they should be trusted

Anyone else who might want a little information about you, even just to know you better than you want them to.

2

Im smarter than the enemy Its a common feeling. People interviewed often say they know they are smarter than some guy who is now just sitting in a cave hiding from us.

Chris knew he was smarter than any adversary when he used careful expressions like, I cant say how I know.

Some things to think about In addition to small radical groups, our adversaries are some of the largest nations in the world, who are willing to spend BILLIONS of dollars to gain an economic advantage. Information theft is a good investment for them, even if they just trade it for something they want.

Some of the worlds best intelligence agencies are training young people as experts to go and gather information for them. You are up against the experts!

3

I dont post on the Internet Not posting may help you somewhat, but it is just one example of how you can come to the attention of someone with bad intentions.

Another source is unencrypted email messages which are either misrouted, intercepted, or gathered by adversaries on discarded or poorly protected backup tapes. Stealing backup tapes is a common occurrence.

Some things to think about Remember that Chris did not know about all of the information sources that had information about him. He only thought about the sites he dealt with. Most of the others you dont have control over, but you do have control to encrypt email and post as little account information as you can on web sites.

4

What about the Coffee Shop? The coffee shop was a reminder that while there are good business reasons to target defense contractors, etc., as customers, those methods are also good ways to gather sensitive information. Most front businesses will not be called Terrorist Coffee so you need to pay attention to the less obvious.

Some things to think about Free Internet also provides a way to capture network traffic, including personal email passwords that are often similar to work passwords. Every puzzle piece helps them. Free Quiet Rooms encourage sensitive conversations in rooms that may have listening devices. By showing a badge, bad guys know any time a facility changes its badge, and when new security like smart chips are rolled out. If they have infiltrated a facility, they know to update their fake badges by the next day.

5

Dont feel hopeless

Increasing your awareness that you really are a potential target, remembering that being clever in a conversation or email is very likely to fail, limiting what you can on the Internet, and encrypting all email

and drive storage you are able to Really can make the difference!

This briefing was developed by Raytheon in conjunction with

The Boeing company Future Combat Systems Office of the CIO, for Policy and Standards.

In addition

We would like to acknowledge the

National Security Agencys IOSS www.IOSS.gov

For their leadership and training which inspired the idea for this series