BLOG

Two former spooks met for a gourmet lunch on the side of an extinct volcano. Sounds interesting… and it was. I was with Patrick Wardle, Director of R&D for synack.com. His company has taken an effective new approach to discovering network vulnerabilities for their clients. We talked a bit about how the landscape of computer security has been changing. 2016 is shaping up to become the year of Ransomware. With a more Macs being used

Tomorrow is Memorial Day in the US. Just a few weeks ago Liberation Day, Bevrijdingsdag, was remembered in the Netherlands. They recognize the sacrifice of foreign soldiers who defeated the German occupiers in World War II. Near Maastricht, 8,301 American soldiers are buried. They fell in “Operation Market Garden” in the battles to liberate Holland in the fall winter of 1944. Every one of the men buried in the cemetery, as well as those in

Stalkers, controlling spouses, creepy bosses and predators like tracking. The good things in our electronic environment can create problems for us… and opportunities for stalkers. Computer logins and email headers can disclose clues about location. Photos carry metadata that can include GPS coordinates. Watch out for cellphones! Phones can reveal location continuously to a stalker. There are lots of vulnerabilities here. Some suggestions are: — Check to see if a family plan may reveal your location to

It’s fashionable on web sites to describe successes. Sometimes other case outcomes are more memorable, however.  Here are some of our experiences in a Redmond cyber intrusion, a Tacoma murder and a few other cases. Last year we were retained in a pro bono case by a Redmond nonprofit organization. Their web site had been attacked. Our analysis discovered a targeted attack that it came through the dark web. Attackers were masking their location with the onion router,

Typically professionals work in an environment that has thoughtful IT professionals safeguarding the network. In many cases the network health is audited to standards for medical, financial or government security. At home much of network security is left to the homeowner without much help from the team at work. Our work with computer forensics and network defense gives us opportunities see first hand what goes wrong. Surprisingly some preventative measures are quite simple and painless.

Whenever a client calls with a complex investigation we quickly run through a checklist of volatile evidence that they should preserve, including cellphones. These are obvious digital items that make sense to archive before they disappear: Alarm system logs, Access control activity, Video from the area of concern, Network logs, especially DHCP, firewall, proxy and host logs. Cellphones belong on this list too. Often the contents of phones give strong clues about activity of concern.

The terrible attacks in Paris last night remind us that evil is part of the world that we live in. Events of this sort always bring to mind the concern about stopping the next attack by terrorists. Fortunately, mounting a large attack of this sort requires more planning, discipline and resources than most grassroots jihadists can accomplish. The steps to an attack are also much more complex than on-the-job training on a battlefield. These steps

For much of the last 20 years we have used an incredible software-defined radio to search for eavesdropping devices.  It was made by the famous Watkins-Johnson company.  Aside from great performance this radio had the mystique of being used by spooks.  It was a standard tool in the aircraft flying just offshore in interesting parts of the world.  The list price was $25K; we got a used one for $9K.  Now a new instrument from Tektronix

For years the differences between US and other countries laws have been resolved by agreements which respect both sides concerns. With regard to data transmission, e.g., personnel records within an international company, Safe Harbour rules are often defined. They allow companies from other countries to operate by following a set of rules.  This is like standards which help facilitate commerce and reduce the role of bureaucrats. Today’s ArsTechnica article reports a “dramatic judgement by the

Kidnapping always makes interesting news.  Having just returned from an international business trip, the article “What Companies Should Do if an Employee Is Kidnapped” in yesterday’s Wall Street Journal caught my attention. The author, Nicholas Elliott, provides a checklist for countries where kidnappings are common: Don’t call the local cops, they are probably crooked Get a local employee to negotiate, that will reduce the price Keep the victim’s family informed. I would add a first