Risk and Threat Management – Presented by Greg George

Who May Be Tapping Your Cell Phone..?

Posted in Awareness by gtiadvisors on June 1, 2009

This is a common place awareness threat I preach (crying in the wilderness sometimes) among corporate executives and warn is also consistently used by foreign government and corporate spies – I first saw this program air about a year ago, and yes, it is very true.

I worked with this early technology while still operating within the intelligence community – evolving from UHF transmissions, hard lines and switching stations then, to intercepting satellite and land based wireless:

Please watch this, it is scary and can threaten your personal life, family and your business should you become a target.

The first recommendation I make to anyone about to discuss sensitive information, remove the battery from your cell phone at every meeting, or leave the damn phone in the car – The protections you think you have doesn’t matter, anything, ANYTHING wireless, can be hacked and monitored, and quite easily.

______________________________________________________

An excerpt form our Due Diligence Guide:

Security at Trade Shows and Conferences

Trade shows and conferences are a haven for corporate espionage.  Nefarious methods for gaining competitive and other targeted intelligence are not just scenes created in Hollywood or played out by characters in books.  Whether attending or exhibiting at a conference, in most cases you are connected to the hosting facilities own wireless network, or using an air card, and therefore, vulnerable.

Consider the potential for spies who can download your hard drive and read you email at will…  Assume ALL wireless can be hacked, and without much effort.  August 2008; 40 million (40 Million…!!) credit card numbers numbers and personal customer data copied by a traveling ring of eleven crooks cracking multiple retail establishments using wireless networks, and hacked in to each one – in minutes.

At a recent trade conference in San Francisco, GTI provided security oversight and close executive protection for the corporate officers of two client companies and several of their board members attending.  Much is undertaken in this type of mission, including identifying security breaches that may affect our client’s business, and their personal safety, all managed from a command and control center established on site.

At this conference, the vendor exhibit area occupied 120,000 square feet and accommodated 827 vendor booths and other activity areas.  An engineer on our team pulled out a PDA and other hand-held electronic gadget tools that, among other functions, are capable of intercepting and monitoring a full spectrum of wireless communications (sniffers, other devices).  These common electronic tools, most of which can be purchased off the shelf by anyone, identified 324 laptop IP addresses on-site, split about evenly between buyers and suppliers.  Several were very large buyers and suppliers along with a few defense contractors, and yes, our clients were among them.

Using unsecured (or encrypted) wireless connections, we could have accessed and downloaded any information we wanted from these laptops.  Our command center was also equipped with with Cray and SGI Supercomputers, along with the engineers to operate them; swiftly accelerating penetration testing, and, finding weaknesses in encryption’s and other protocols as may be required (ethical hacking; most decision makers don’t  know what they don’t know – until we tell them) – if we can set this equipment up discretely in an undisclosed secure location, so can the bad guys.

We were also able to monitor select wireless phone discussions, and use a persons cell phone to “listen in” on a face to face conversations [even in the noisy bar].  Real Scary Part: we could also listen when the targets phone was turned off: Solution – remove the battery.

  • Rule #1: Assume all wireless communications can be hacked/monitored without much effort.

  • Rule #2: Fast learn Rule #1

  • Rule #3: Assume everyone wants to know everything they can about you and what you’re doing, especially in this cut-throat, competitive environment.  A personal note: among industries, highest interest we’ve seen as targets for these activities include pharma, automotive and aerospace sectors.
  • Rule #4: have a travel laptop with no critical information stored on the hard drive, and an office to home and back only laptop – and plug in the Ethernet hard line.

We can share many horror stories ranging from competitors attempting to steal a client’s customer data, to outright corporate espionage to gain information on new product debuts and stealing technology and other proprietary information that may still be under development.  Engineers are a specific and complex breed of professionals; however they love to talk about their work.  It doesn’t take much social engineering or pre-planned baiting from those seeking the information to get the ball rolling – but that’s another story and dedicated awareness briefing.

Regarding laptop and cell phone use away from the office, establish a policy that your employees remove all cell phone batteries: 1) in any general common area of a conference or trade show; 2) in sensitive areas while at the office; and 3) in the board room.  Use hard lines whenever possible, and have your hard lines checked as well, this is an easy process.

Greg George is Managing Partner of GTI Advisors; Threat Management Practice Group, a firm dedicated to protecting decision makers from the “dark side” since 1962.  Greg works with clients to develop practices and strategies to best protect their organization including threat analysis, multi-disciplined due diligence review, and training.  For more information, please visit www.gti-advisors.com or contact Greg: greg@gti-advisors.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: