Russian spy ring needed some serious IT help
A 27-word password is left on a piece of paper
Network World - The Russian ring charged this week with spying on the United States faced some of the common security problems that plague many companies -- misconfigured wireless networks, users writing passwords on slips of paper and laptop help desk issues that take months to resolve.
In addition, the alleged conspirators used a range of technologies to pass data among themselves and back to their handlers in Moscow including PC-to-PC open wireless networking and digital steganography to hide messages and retrieve them from images on Web sites.
They also employed more traditional methods including invisible ink, Morse Code and ciphers, according to assertions made by federal agents in court papers seeking arrest warrants for the suspected spies.
One of the most glaring errors made by one of the spy defendants was leaving an imposing 27-character password written on a piece of paper that law enforcement officers found while searching a suspect's home. They used the password to crack open a treasure trove of more than 100 text files containing covert messages used to further the investigation.
"[T]he paper said "alt," "control" and set forth a string of 27 characters," the court documents say. "Using these 27 characters as a password, technicians have been able successfully to access a software program ("Steganography Program") stored on those copies of the Password-Protected Disks that were recovered…"
This sticky-note problem is common, says John Pironti, president of IP Architects, a security consulting firm. "Humans don't really do well remembering passwords beyond six characters, so they write them down someplace," he says. The real mistake was thinking that the home was secure enough to leave the password lying around.
Pironti says the use of steganography is also common, taking data and subtly inserting it into images so the changes aren't very noticeable to the naked eye. One notable aspect was that the steganography program used by the Russians is not commercially available, he says.
Without the program and without knowing what images might contain messages, it would have been nearly impossible to find the messages, Pironti says.
But a computer hard drive copied during one of the searches revealed a store of Web sites that agents visited and from which they downloaded images. Running the steganography program on some of those images revealed text files.
A Boston search yielded a hard drive that contained what investigators believe are drafts of messages to be embedded in images. The messages had been deleted, but investigators were able to recover them.
Some of the communications federal agents gathered indicate the spies weren't comfortable with the technology. One message shows a suspected spy trying to figure out how to embed a message in an image, and an audio recording inside one suspects home picked up a voice saying, "Can we attach two files containing messages or not? Let's say four pictures…"
The spy ring had numerous technical problems, including file transfers that hung and wouldn't go through and difficulty replacing laptops when necessary. In one case, an agent was so frustrated by laptop issues that she unwittingly turned it over to an undercover FBI agent.
In another case, replacing a laptop took more than two months. A suspect bought an Asus Eee PC 1005HA-P netbook, flew with it to Rome, picked up a passport in another name, flew on to Moscow and returned with it -- a process that took from January this year to March. Presumably Moscow headquarters configured the device.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!