Wednesday, June 10, 2015

Cyber espionage compaign targeting the Iran nuclear talks... Is this really a surprise?? Really?

My email has been lighting up all afternoon. Duqu in Kaspersky's networks, and espionage targeting
SOURCE: www.freerepublic.com
the hotels where negotiators of the nuclear talks were staying
? Kaspersky I understand, but hotels where diplomats were staying?

I'm appalled!

If this comes as a surprise to anyone that hotels are targeted because of the diplomats staying there... or if you're a diplomat and you're soooo smart, and believed for one second that your hotel wasn't bugged and computer networks targeted, and you operated without good, fresh cyber condoms  (like, hypothetically, from your own blackberry over your own personal email server), well, resign and then throw away your computers and cell phones. You're not smart enough to own them.

I can't remember a year (during my tenure with the government) when I didn't have to endure a force protection or opsec brief --or,  you remember, one of those annual re-certification training sessions that we slogged through (and made fun of the really bad videos) just to be allowed to log into our government computers. Why?

BECAUSE YOUR COMPUTERS, AND PHONES, AND MOBILES, AND WHATEVER ELSE YOU COMMUNICATE ON SHOULD BE ASSUMED BUGGED!

So let's review for a moment...
  1. In March, toward the end of that phase of the talks, we reported that Iranian hackers were stockpiling tools. We speculated at the time that the stockpiles were being built up in case cyber became the force equalizer during or after the talks. My point? Do you think for one second that the Iranians weren't spying?
  2. Nigerian news reported last year that a deal was in midst where Iran would supply nuclear power technology to them (Nigeria). Nigeria gets nuclear power plant tech from Iran. Iran gets paid to build them and train the Nigerian operators. Russia had the maintenance contracts.  My point is, does Russia have a stake in the talks? Absolutely. Are there other interests? Absolutely. Do any of those other interests have cyber espionage capabilities? (It's a rhetorical question.. you don't have to answer.)
  3. Would Israel spy on someone to protect their interests? Would anyone? I just can't believe it.
I have one more... we also reported (early April) that hotels around key maritime ports in the world were compromised; likely to monitor comings and goings of ship's masters and crews.  There is precedent to suggest that hotels are easy targets for intelligence collection.  I'd also argue that any hotel in any major city in the world where diplomats frequent will have been, or is currently, targeted for espionage --cyber and other.

So what to do about it... when you travel overseas, or to politically sensitive areas, or if you've got information that you don't want to lose...
  • Use strong encryption. Always. Even if it's not allowed in that country. There are easy ways around that. TOR combined with web based Hushmail are two of my favorites... and their free! VPN works as well if you're afraid of TOR.
  • Connect to hotel or public wireless? Never.
  • Is it safe to use the hotel business office or conference supplied IT? Never.
  • Take a throw-away laptop, cell phone, tablet, or whatever your work style demands. Connect to offsite services where your working documents are encrypted with a non-cloud provider encryption key. 
  • When you return home, have the throw-away device examined for trojans, keyloggers, etc..  Expect to find them. 
  • And never, ever, believe for one second that all of your communications aren't monitored and recorded. Because they are.  How many reporters have been killed because they used unencrypted email in hot zones?  The price of bad cyber opsec can be really high.
I feel better now.
-Jeff