Everything under the hood: espionage and business

[Детективное агентство. Украина. Харьков. Львов.]

In place of Superman in the security services came a hacker. Spy equipment can now be purchased at any electronic supermarket, and the technical interests of special services have long moved to the field of the Internet, mobile communications and other electronic communications. The current secrets are algorithms and programs, not bugs and buttons with an integrated camera. The notorious psychic Uri Geller, they say, was able to erase information from a computer diskette by the power of thought. In order for this to happen in practice, hooligan hooligans who do not have esoteric abilities will have to write a virus program at least. But they are hooligans, which act impersonally, at random: the most popular viruses are almost all launched and spread by users themselves. That is, they do not so much use the technical flaws of computer systems as they exploit the credulity and poor understanding of what is happening on the part of the “laying between the chair and the keyboard”. Modern cryptography has long been providing the most powerful tools for protecting information, far from only the relevant government services - now everyone can close their information from prying eyes so that no supercomputers can get access to it. It would seem that the special services should give up, but it wasn’t there: after all, no one is breaking into secure data channels directly. Access passwords are stolen from computers with the help of spyware, obtained by intruding agents, intimidation or blackmail of insiders, and tricked by phishing. Today’s spies are very different from James Bond - I think that the vast majority of employees, for example, the US National Security Agency (NSA), never held a gun in their hands and had no idea how to slip an eavesdropper on an adversary. Everything under the hood The fact that the technical component in espionage affairs at least dramatically changed its vector is evidenced by the release in May of this year of a unique book called “Spy Craft: The Secret History of CIA Intelligence Technologies from Communism to Al- Qaeda ". One of the authors of this work, Robert Wallace, worked for the CIA for 32 years, and for the past five years (until 2002) he headed the department of technical services, and he knows the subject by hearsay. From the" Spy Craft "you will learn about the existence of many of things that so far seemed like only fiction The authors of the thriller authors: it turned out there were cigarettes that shoot balls, and inflatable planes in case of escape, and remotely controlled insect robots.One of the most interesting directions disclosed in the book was the creation of things in the CIA laboratories such as durable lithium batteries, digital cameras and voice recorders, it turns out, they became available to spies a dozen years before the general public found out about these new products.The CIA resisted the publication for a long time, but the new head of the department, General Michael Hayden, who was known for reform, helped Oromo and is well aware that almost all of the secrets contained therein are long gone. Spy equipment can now be purchased at any electronic supermarket, and the technical interests of special services have long moved to the field of the Internet, mobile communications and other electronic communications. The current secrets are algorithms and programs, not bugs and buttons with an integrated camera. At a hacker conference organized in May by the International Association of Specialists in Radio Electronics and Electrical Engineering, IEEE, a report was published that reveals possible mechanisms for the activities of special services in the field of total espionage. The work of scientists from the University of Illinois showed how it is possible to build a processor with simple and undetectable “improvements” that allow a “knowledgeable person” to access any computer, no matter how secure it is. By sending a specially formed data packet over the Network to such a computer, an attacker thereby activates a program “wired” into the processor. As a result, a chain of complex processes is launched, which ultimately allows you to access the system using a special password, which is unknown to anyone except the attacker. Moreover, after such a password has been created and activated, all the changes made are deleted, and the system returns to its old state, so it becomes impossible to detect the fact that some hacking tools were used. The described method of hacking is optionally carried out via the Network: for example, you can use a USB flash drive or a CD. Similarly, you can run a Trojan to steal passwords, or one that gains access to the contents of computer memory, and generally carry out many types of spyware attacks. It is almost impossible to defend against such a “back door”: as shown in the work, the modification will affect only a few thousand of tens of millions of transistors of the processor, and it is impossible to detect the presence of a “refinement” either by tests or even direct study of the crystal under a microscope. So everything rests only on our trust in manufacturers - do you think that Intel (for example), which currently produces eight out of every ten processors for personal computers, is able to follow the lead of special services and agree to introduce such things? I’m afraid that our descendants of a century and a half will get an exact answer to this question. Espionage and privacy In 1998, the draft “operative-search measures system” SORM-2, amendments to the main SORM concerning “documentary telecommunication networks” was put forward in Russia; cellular and internet providers. Despite the massive negative reaction from the public (more precisely, the part of the public that is, as they say, “in the subject”, ordinary citizens, it seems, didn’t notice anything), on July 25, 2000 an order of the Ministry of Communications was issued No. 130, which legitimized SORM-2 . In September 2000, the Supreme Court of the Russian Federation examined this order for compliance with Russian law (the lawsuit was filed by a journalist from St. Petersburg Pavel Netupsky) and ruled that, firstly, the special services will have to provide telecom operators with all the information about the “client”, -second, he once again reminded that law enforcement agencies are only entitled to violate the secrecy of negotiations with the approval of the court. However, on January 16 of this year, an order was signed by the Ministry of Information and Communication No. 6 "On approval of the requirements for telecommunication networks for conducting operational-search activities", which freed the authorities not only from the need to provide information about the client to the provider, but even to inform about the fact of "wiretapping". True, if you think that the Russian special services are original in this regard, then you are mistaken. The American CALEA ("Law on Assistance to Law Enforcement Agencies in the Field of Communications"), adopted back in 1994 and later significantly expanded, gives the security services no less authority than the Russian SORM. CALEA allows you to continue listening to a conversation involving several people after the subject has hung up; collect data about the participants in the conversation, even if they are not objects of observation; identify the phone numbers dialed after the call, as well as locate the owner of the cordless telephone. If we take into account the fact that a number of European countries have similar laws (somewhere softer, somewhere tougher), then we conclude that the concept of privacy in the modern world no longer exists. Espionage and business One of the main trends in the modern world is that the process of involving special services in the circle of business interests is gaining momentum. Not only thousands of former intelligence officers work in the corporate field around the world, thus merging private and state intelligence, these intelligence agencies themselves begin to actively influence the economy. About 95% of information in the field of economics is collected from open sources. But the remaining 5% often represents key information that can change the situation on a global scale, and here the special services find themselves in their place. No, public services - at least in developed countries - do not sell information and do not order companies, they simply proceed from the fact that in a globalized world "national interests" are mostly synonymous with economic interests. Apparently, for the first time this trend was clearly manifested when, in 1990, the 200 millionth telecommunications deal between Indonesia and the Japanese NEC was upset after the US National Security Agency intercepted the negotiations of the participants. In 1994, Americans through the sensational Echelon system (the existence of which to this day, by the way, is denied to this day) disrupted negotiations between Brazil and the French company Thomson, as a result, the 1.3-billion contract went to the American corporation Raytheon. And only recently it became known that back in the 80s, Canada, by listening to a number of US embassies, intercepted a 2.5-billion contract for the supply of grain to China. The CIA claims that 70% of the basic data for the production of microcircuits was collected by Japanese intelligence, which became one of the prerequisites for the formation of Japan as a leading power in the field of microelectronics. They say that Russia, which is increasingly reorienting its foreign intelligence to the economy, is not lagging behind, and it would be strange if it would be different, given the fact that the state itself, represented by representatives of government agencies, is the largest market agent in our country. According to Western experts, our three main departments (SVR, GRU and FSB) have already created a spy network with about 100 thousand employees. But for some reason, the results are not as impressive as in Japan. Apparently, it’s not just information that matters, right? Subtext Such a phenomenon as phishing (from English “fishing”), residents of our country can still not be very afraid: electronic banking in our country itself is not so developed that it would make sense for criminals to catch something seriously. But in countries with a developed infrastructure of electronic financial communications in recent years, it has become a kind of natural disaster, so serious that Microsoft even bothered to include protection against this scourge in Vista. But in phishing almost no technical methods are used at all, except that the site of a real bank or online store is replaced with a false one, but very similar to the real one. As you understand, this does not require special knowledge and skills, and the rest is done by the users themselves, naively clicking on the link and entering their confidential data. And although it has already become a commonplace that no real financial office will send e-mail requests to confirm your password or enter your bank card details (in general, call the bank and check - is that difficult?), The fact that the phishing epidemic only growing, says the profitability of this event.

 

[Матушкин Андрей Николаевич]

Thank!