Tuesday, July 31, 2012

London Olympic 2012 Security and the Mysterious Woman leading the Indian Contingent

Hosting an event like the Olympics’ requires a large number of security personnel to operate x-ray machines, search vehicles and stand guard at venues. For the London 2012 Olympics over 10,000 personnel required to be recruited and trained to prevent theft, activism and unruly activity. Mobilizing an enormous workforce via temporary recruits or volunteers is an expensive affair for short events, which usually results in poor or hurried training of personnel, and inadequate background checks. It is not possible to recruit well in advance due to the large numbers and need to contain staff costs. It may be said that the temporary workforce is used more for mitigation of risks rather than removal of it, with the prime responsibilities for security resting on the more qualified forces such as police and military and their use of a defense in depth security cordon to protect athletes and people in venues.

When I read about the mysterious woman who walked alongside flag bearer Sushil Kumar in red track top, blue pants and sneaker smiling, waving and soaking in the moment as the Indian contingent walked the track it indicated a brazen gate crash into what should have been considered the inner sanctum of the security perimeter.  

In this case, it turned out to be a protocol breach. An over eager Indian student volunteer taking up the opportunity to walk with the team. But it also indicated a large failure of the security apparatus, volunteer training and supervision of volunteers. The same security vulnerability could have been exploited by terrorists for malicious ends.

Sunday, July 8, 2012

Use of infected Thumb Drives (USB Drives) is a major security weakness

Thumb drives are extremely popular due to their portability, convenience and low cost.  Computer users, at home or at work cannot do without a thumb drive for sharing digital data such as files or music.  Drives have become so cheap that product vendors freely distribute them at product conferences as giveaways or as repositories of digital product literature.  Any digital product with a USB port and storage capacity can be converted into a digital drive.  A common example would be the ubiquitous smart phone.  Thumb drives have also become fashion accessories with drives disguised as pendants and pens making them harder to detect.

Most companies prohibit or regulate the use of USB ports and the devices that can be connected to them. The US Government has forbidden the use of such devices in Government and Defense departments post Wikileaks.  USB’s are used in targeted attacks to compromise systems which are physically isolated from the Internet or external networks. Stuxnet, a cyber weapon which destroyed Iranian centrifuges spread through a compromised USB drive.  In a more recent case, the Indian Eastern Naval Command was infected by malware which allegedly spread through a compromised USB. According to news reports “The malware is then thought to have created a secret folder on the drives where it stored documents, and as soon as the drive was plugged into a computer connected to the web, it sent the files to specific IP addresses”.

Users of USB drives face the risk of mass malware designed for cyber crime involving spam or financial fraud or the more targeted variety for espionage or cyber destruction. Malware normally propagates by copying itself onto clean drives inserted into infected computers. There is a probability of mass infection if the drive is infected at production or when digital data (such as product brochures) are mass copied onto several thousand drives.

 In both these cases, the common elements are a lack of security awareness or the pressure of a deadline causing individuals to override the fundamental security principle of not using third party USB drives, and an over reliance on antimalware products to detect malware. Antimalware products have limited success in instances where the malware is custom designed for select targets.

 In the case of the Iranian Stuxnet infection or the Indian Naval Leaks, the key introspection point was the method in which the compromised drive entered the premises. These installations are highly secure and forbid the use of outside drives (non registered drives), therefore the use of an unauthorized drive or the compromise of an internal drive needs detailed investigation into the human element and motive behind it. It is an indicator that the technical methods to prevent motivated individual using such drives was not as restrictive as it needed to be.