Well....I received an absolutely unexpected and pleasure of an email from one of the excellent speakers over at the The Centre for Counterintelligence and Security Studies about my blog posts! I'm not sure they were reading or simply scanning for references to their website, but hey...I'm not picky! They have an absolute ton of information and their speakers have more years of counterintelligence and espionage work than you might think. Yes, they even have former KGB agents.
That's interesting, because today I'm actually going to talk about some of the "old school" techniques that insiders use to exfil your data. If this were a counterintelligence or espionage blog....we'd call those techniques "tradecraft"...but it's not....so we won't. Some are technical, but most are pretty ordinary....but I bet you aren't protecting against it.
SMTP, Oh How We Love You!
Sure....who doesn't like to go away to lunch and come back and see you got some new mail. It's fun! (Don't lie.....you sorta like it when you get some mail...you're addicted to it like everyone else). However, are you're users forwarding email to places they shouldn't? Did that "Internal Only" email make it's way to CNN? Have YOU ever hit the "Send" button before you realized it was going to the wrong person? How do you get it back?! You can forget about that worthless feature called "Recall This Message". The first thing I do when I see someone is trying to recall a message, is to READ IT!! "What did he NOT want me to see??!" You certainly can't shutdown TCP 25....that will ruin your little email day real fast. "Didn't Kai say something during his webcast series about some Microsoft technology that prevents mails from being forwarded?" Sure did. It's called Windows Rights Management Services and you should be using it to restrict what people with email and documents that you send them. You can assign persistent document protection for both internal and external documents. Nice.
Of course, you've probably already blocked access to the popular web-based mail services my like Windows Live Hotmail, Yahoo! Mail, or the dreaded and feared Gmail. What about access through your own SMTP servers? Can't I just audit what is being sent and who is sending it through our SMTP server? Sure....but what if they're not using YOUR email server? Have you ever heard of a free program called Free SMTP? Just a little freeware app that loads onto the desktop and allows them to turn their own PC into an SMTP email server......and totally bypasses your auditing. If you got TCP 25 open (and you know you do) there really isn't a great way to stop them.
If I use Gmail, I can even add the SMTP server for that service and it'll never hit your mail server either. They even tell me how to add their SMTP server into my existing Microsoft Outlook account. Sweet!
Tried and True
The more technical things get, the harder they are to figure out. As IT Pros, we enjoy the challenge that technology presents.....mostly. I'm sure you've had the attitude of "No way is this GPO going to get the best of me...I'm staying up 'til I figure out the problem!" Here's the deal....sometimes why we're focused on the most technical issues and being worried about that 17-year old hacker overseas, in his black concert t-shirt, slowly working his way through our 12 Cisco PIX firewalls and successfully exploiting our network...the truth is much different. Most often people are using simple tools to circumvent the security in your business. Here's a couple that will make you slap your head and "Yep! Totally forgot about that one!"
- The Fax Machine - Why in the world would I try to get through all the great Data Leakage Prevention and Content Filtering technologies you got set up? Much easier to simply go find where it is you keep your office fax machine. I can almost guarantee that it's in a unoccupied cube somewhere, completely unguarded. Who faxes anymore? Insiders trying to steal your data, that's who! The machine just sits there by itself.....gently humming away...exfiling every secret you have through a cheap phone line.
- The Copier - One of the classic spy tools! So versatile! Need to get rid of a watermark? The copier can do it! (No...I'm not going to tell you how.) Today many of the copiers actually come with the ability to send directly to an email account. If I had a question as to how to bypass the security of my network, the sign on this one clearly helps me "This Device is Scan-To-Email Capable". Nice.
See this Museum and Read This Book!
I had the opportunity recently to visit the International Spy Museum in Washington D.C. I'm sort of a history buff anyway and I've been in a lot of museums in my day, but this was certainly in the Top 5. It's extremely interactive, providing you an identity as you walk in, having you remember details about your cover story and be prepared to answer questions along the way. It's a great time! (Sadly, my wife still has her's memorized. I forgot mine by the time I hit the first exhibit.) The exhibits are amazing!! I've actually never seen a real life "bug" before and now I have. Wonder about all those cool spy gadgets? They got'em on display! There is also plenty of history and explanation. It really is a family-oriented museum, so I encourage you to stop by if you're ever in the area. They even host a program called KidSpy: Operation NightSpy. I'm sure it's a total blast! (For the adults they have a Spy Adventure run by former CIA operatives.)
The gift shop/bookstore has about every espionage related book you could ever hope for. I picked up a couple that I've been using in my....ahem...."research". The first is called The Spy's Guide: Office Espionage. Very light and easy read, but chocked full of useful stuff. Scary, useful stuff. The other is a book by author Steeple Aston entitled Corporate Spy: Industrial Espionage and Counterintelligence in the Multinational Enterprise. (I don't see it on the website, but you can probably call and order it). Very good a current info, including the debacle over the theft of the Coca-Cola secret formula to Pepsi in May 2006. Great stuff!