Traveling Light in a Time of Digital Thievery

Home About Rules Books Guide FAQ Ask

About: What are Red Teams? We're sort of like the special forces units of the security industry—highly skilled teams hired to break into the clients' own networks and premises. We find the security flaws so they can be patched before someone with more malicious plans gets in.
The goal of Red Team operations is to continuously challenge the plans, defensive measures and concepts of the organization. These exercises result in a better understanding of possible adversaries and help to improve counter measures against them and future threats.

About FAQ

When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.

He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”

What might have once sounded like the behavior of a paranoid is now standard operating procedure for officials at American government agencies, research groups and companies that do business in China and Russia — like Google, the State Department and the Internet security giant McAfee. Digital espionage in these countries, security experts say, is a real and growing threat — whether in pursuit of confidential government information or corporate trade secrets.

While this is a great way to cover the basics, there is still a lot more that can be done for high ranking C-level executives and governments officials.
Encrypting the connection to the internet, not typing passwords (although a good keyboard logger would also get the text from the clipboard), connection only via trusted access points, disabling bluetooth and WiFi when not needed, wiping everything clean after returning home, using burners and keeping everything at arms reach ALL the time it’s definitely a good way to avoid mid-level digital spies from going through your stuff, however the minute you are connected to a network you are vulnerable to more sophisticated attacks.

Interesting article.

(Via Daring Fireball)

Thanks Alvaro at Analog Senses for pointing it out.

brucelayman liked this
rocksocks liked this
smplsmplsmpl liked this
epicdoubletap liked this
doublejack liked this
redteams posted this

page 1 of 1