19 June, 2006

Winkler, Ira Winkler

Over the weekend I caught a bit of Book TV. One segment featured author Ira Winkler discussing his book Spies Among Us. I believe he is a former NSA employee and so he gave a brief intro of how he got his job there and got into the whole business of spying. He related how the super-user accounts (accounts with administrative privileges) either had no passwords or had passwords which were extremely easy to guess. And this at the super-secret information secure NSA. Next he went on to say that James Bond and Sydney Bristow are horrible spies because they always get caught. There's always one thing they overlook which lands them in hot water.

Winkler then proceeded to tell some really interesting stories from his book about infiltrating companies to test just how secure they and the information on their computers really are. It's amazing how easy it was for him and his crew to get into the headquarters of huge companies, gain access to computers, and even get passwords from users by posing as information security folks. They'd just waltz in, give a good story, and the security folks were more than happy to issue badges. There was very little, if any, technogeek stuff involved in his tale. He went out of his way to debunk the image of the hacker as a mega-computer genius who just knows everything and gets into computer systems. It was some basic technical knowledge, a lot of social engineering, and a lot of common sense in knowing what to do when the situation presented itself. Being an IT guy, I was particularly amused by the story about infiltrating one particular company. A project manager proved to be a bit of a jerk as he didn't like security. "Security hampers innovation" was the guy's refrain. With some persistence, Winkler was able to glean some valuable information from the guy which led to him being able to gain access to company secrets. Winkler commented that this manager's name was the only one that worked it's way into that day's report.

You can download chapter 6 of the book at this page. The chapter describes how Winkler and his cohorts wormed their way into a Fortune 500 company's headquarters that's out on the East Coast in a mid-sized city. There is plenty of narrative about getting security badges, figuring out passwords, and such. But I thought this part was really neat:

We decided to explore the facilities to get a feel for the environment. The basement was your typical Dilbert-style cubicle setting. Several large rooms opened into each other, with the exception of the Computer Operations Center, which was a large complex walled off from the rest of the basement.There were a few strategically located doors with cipher locks that provided access to the computer rooms. Cipher locks are keypads that require the user to enter a code to unlock a door.The main computer room was about 75 feet by 200 feet, with long rows of computer racks loaded with equipment. Outside the main computer room were several telecommunications rooms where all the communications lines came in.There was also a control room at the far side of the computer room.That room had a large window looking into the computer room, as well as a door.

As we walked around the cubicle area, Stan commented on the fact that many desks had Chinese-American dictionaries on them.

“Have you seen the computer departments of U.S. colleges lately?” was my sarcastic reply.

“I’ll look into that,”was Stan’s matter-of-fact reply.

As we walked around,we found many unattended desks with the computers logged in, a great deal of valuable information lying around, and the typical messy desks that you would expect to see in computer environments.There were several people scattered around, so we really couldn’t look too carefully at any one desk.

When we got to a door to a computer room,we found it propped open, with cables coming out of the door. It turned out that major construction was going on, and the construction workers were using power from the computer rooms for their tools.We walked in the door and started wandering around. Nobody was working in the computer room.All the network administrators were in the control room.We had unchallenged access to everything.

......

Stan’s experience as a GRU spymaster became a major factor.With the exception of his final stationing in the United States, the rest of his GRU career was focused on China. He was even stationed in Beijing for four years.

Even knowing this, I was still confused by a call I got from Stan a day later.“Ira, there are black duck eggs on the menu, ”was his cryptic
comment.

“Stan, what the hell are we paying you for?” was my reply.

“Oh,my naive American friend,” he said with I smile I could feel over the telephone,“black duck eggs are a Chinese delicacy. I can hardly find black duck eggs in San Francisco, let alone this little piece of s--- town in the middle of nowhere. And they’re cheaper than they are on the streets of Beijing.”

He went on to describe that because he saw all those Chinese-American dictionaries on the desks of the employees, he spent some time trying to find Chinese social clubs and other places where Chinese people may congregate. Stan knows the modus operandi of Chinese intelligence agents, which is to find people of Chinese descent and sift through them to see who would likely be susceptible to recruitment. Generally, these are people who have more allegiance to China than their employer or who can be coerced because of family in China. Setting up a gathering place, such as a Chinese restaurant that has hard-to-find Chinese delicacies, is a way to attract as many potential agents as possible. It is also a great place to exchange information and money.

Stan told me that he found several Chinese restaurants reasonably close to the company facilities. All but one had friendly staffs that welcomed him.At the other, he walked in and saw a menu on the reception table that had only Chinese writing. He picked it up and saw that there were Chinese delicacies not normally found in other Chinese restaurants in this country. When one of the workers realized that Stan could read Mandarin, he became distressed rather than gladly welcoming toward the potential new customer who could appreciate the rare menu items.

Stan’s being followed was a fact.Whether or not this Chinese restaurant was actually one of the more than 3,000 Chinese front companies was a matter for the FBI. Stan was told that the FBI was busy doing counterterrorism work; the investigation of the restaurant was a low priority.


I enjoyed how Winkler demystified espionage and how he showed that it had very little in common with the image presented to us by Hollywood. He explained how the NSA gathers intelligence and that the hard part was not gathering the data but interpreting them. The folks at the top decide what needs to be spied on or what intelligence needs to be gathered. The orders filter down and satellites are repositioned and the radio spectrum scanned. Then this massive amount of data comes back and people have to interpret it. The example he gave was of finding transmissions on a certain frequency. This led to that particular frequency being monitored. He described how a couple guys would be sent out in the middle of the sea in a dinghy and a receiver and that they'd sit there recording. Again, more data sent back to be interpreted.

I thought it was incredibly neat to hear how espionage is really carried out. The sad part is that so many people have the attitude of that project manager above. No one believes that anyone would try to steal their data - it's someone else's data they want. And 3,000 Chinese front companies? Yikes! One of his points jives with my experience: the weak link isn't the technology, it's people. People who give out their passwords, people who don't think security is an issue. I'd love to have been there when that project manager got called onto the carpet and told that his actions compromised the corporation's most-valued secrets. This book is definitely on my list of books to read.

No comments:

Post a Comment