Posts

Petty Crime Or Solid Tradecraft?

800px-Panneau_Paris_Gare_du_NordThieves Bolt with Defense Secrets on British and French Military Drone

Executives at France’s Dassault Aviation, a military, regional, and business jet manufacturer, were apparently duped into leaving a briefcase with sensitive, “Defence – Confidential,” papers unattended at Gare du Nord station in Paris, France.

According to reports from the Telegraph, an “unnamed man briefly left his case unattended after his female colleague was ‘hassled’ by a stranger.”[i] Upon his return, the executive realized that his briefcase had been plucked while he had been distracted by the dustup.

People are generally on guard in places of mass transportation like train stations and airports, and commuters especially, are on high alert due to their knowledge of the potential of such crimes. So, was this a run-of-the-mill theft?

According to a source quoted in the Economic Times, it was a premeditated and well-executed lift. The paper reports, “His attention had been purposefully diverted. It was not a random theft.”[ii]

What was in this coveted briefcase? The Telegraph asserts that the contents of the briefcase included top-secret information on a “joint Franco-British drone,”[iii] though local police and an official spokesperson for Dassault downplay the incident, maintaining that the executives were merely targets of opportunity, victims of “petty theft.”[iv]

Inevitably the question becomes, why were executives from a major military contractor so careless and cavalier with sensitive documents? Did the executives adhere to company-directed security protocols? Lastly, why were the executives traveling on mass transportation with hardcopies of the sensitive documents in the first place? If this was not a breach of security protocol, this at the least, was a gaping breach in common sense.

As Chas Maloney, director at Ricoh UK, a document and IT solutions provider, observes in Info Security Magazine“the threats posed by paper-based documentation have been exposed, in this case [via] top secret military files on the UK’s multimillion pound deal to develop drones with France.”[v] Maloney further observed, “This is the latest in a series of high profile incidents of document security breaches that could have been prevented via digitized documentation.”[vi]

Even so, hardcopy documents are not exclusive to going missing. In January of 2011, a Major in the US Army admitted to losing a USB drive with classified information on it in South Korea.[vii] This incident came on the heels of the Pentagon’s outright ban on USB drives for use on classified networks back in December of 2010.[viii]

More details about this incident are sure to be forthcoming. Whether this was a simple crime of opportunity, a well-executed act of espionage, or something more, the issue of safeguarding secrets remains a consequential issue. There are inherent weaknesses in securing both paper-documented and electronic secrets, yet some organizations and businesses are better at it than others. It comes down to not only developing a working, best-practice protocol, but also in implementing that protocol and ensuring that employees practice it with vigor. However, this may never be enough, as those who wish to acquire sensitive information have evolving tradecraft, requiring, in turn, ever-evolving security practices.

Our two cents is to remember – Threat based security is not a spectator sport!

*Disclaimer: The opinions expressed by the Lint Center Bloggers and those providing comments are theirs alone, and do not reflect the opinions of the Lint Center for National Security Studies, Inc. or any employee thereof. The Lint Center for National Security Studies, Inc. is not responsible for the accuracy of any of the information supplied by the Lint Center Bloggers.


About the Authors:

Tim Coleman received his BA from Georgetown, MBA from Barry University, and Master of Public and International Affairs, Security and Intelligence Studies from the University of Pittsburgh, and serves as the Center’s Director of Communications.

Brittany Minder received her BA in International Relations from Stanford University and she serves as the Lint Center’s Public & External Affairs Associate.


References:

1. Allen, Peter “British drone secrets stolen from Paris train station”, The Telegraph, February 23, 2012, Retrieved on February 23, 2012, http://www.telegraph.co.uk/news/worldnews/9099410/British-drone-secrets-stolen-from-Paris-train-station.html

2. Biddle, Sam “Thieves Snatch Briefcase Full of Secret Drone Documents in France”, Gizmodo, February 23, 2012, Retrieved on February 23, 2012 http://www.gizmodo.co.uk/2012/02/thieves-snatch-briefcase-full-of-secret-drone-documents-in-france/

3. Staff, “Secret file on UK-France drone deal stolen: Report”, The Economic Times, February 23, 2012, Retrieved on February 23, 2012, http://economictimes.indiatimes.com/news/politics/nation/secret-file-on-uk-france-drone-deal-stolen-report/articleshow/12004256.cms

4. Staff, “Top-secret Anglo-French drone plans stolen”, Info Security Magazine, February 23, 2012, Retrieved on February 23, 2012, http://www.infosecurity-magazine.com/view/24096/topsecret-anglofrench-drone-plans-stolen/

5. Staff, “USB Device Containing Military Secrets Goes Missing,” InfoSec Island, January 5, 2011, Retrieved on February 23, 2012, http://www.infosecisland.com/blogview/10724-USB-Device-Containing-Military-Secrets-Missing.html

6. Levine, Barry “Pentagon Bans Removable Drives on Classified Network”, Newsfactor.com, December 11, 2010, Retrieved on February 23, 2012, http://www.newsfactor.com/story.xhtml?story_id=76453&full_skip=1

7. Photo Credit: Wikicommons, http://commons.wikimedia.org/wiki/File:Panneau_Paris_Gare_du_Nord.jpg


End Notes:

[i]Allen, Peter “British drone secrets stolen from Paris train station”, The Telegraph, February 23, 2012, Retrieved on February 23, 2012, http://www.telegraph.co.uk/news/worldnews/9099410/British-drone-secrets-stolen-from-Paris-train-station.html

[ii]Staff, “Secret file on UK-France drone deal stolen: Report”, The Economic Times, February 23, 2012, Retrieved on February 23, 2012, http://economictimes.indiatimes.com/news/politics/nation/secret-file-on-uk-france-drone-deal-stolen-report/articleshow/12004256.cms

[iii]Allen, Peter “British drone secrets stolen from Paris train station”, The Telegraph, February 23, 2012, Retrieved on February 23, 2012, http://www.telegraph.co.uk/news/worldnews/9099410/British-drone-secrets-stolen-from-Paris-train-station.html

[iv]Staff, “Secret file on UK-France drone deal stolen: Report”, The Economic Times, February 23, 2012, Retrieved on February 23, 2012, http://economictimes.indiatimes.com/news/politics/nation/secret-file-on-uk-france-drone-deal-stolen-report/articleshow/12004256.cms

[v]Staff, “Top-secret Anglo-French drone plans stolen”, Info Security Magazine, February 23, 2012, Retrieved on February 23, 2012, http://www.infosecurity-magazine.com/view/24096/topsecret-anglofrench-drone-plans-stolen/

[vi]ibid

[vii]Staff, “USB Device Containing Military Secrets Goes Missing,” InfoSec Island, January 5, 2011, Retrieved on February 23, 2012, http://www.infosecisland.com/blogview/10724-USB-Device-Containing-Military-Secrets-Missing.html

[viii]Levine, Barry “Pentagon Bans Removable Drives on Classified Network”, Newsfactor.com, December 11, 2010, Retrieved on February 23, 2012, http://www.newsfactor.com/story.xhtml?story_id=76453&full_skip=1

Cyber Crime or Cyber Espionage – Washington, D.C. Tops the List!

800px-WashMonument_WhiteHouseDC ranks number one on Symantec’s Norton Internet Security and Sperling’s BestPlaces Annual list of American cities with the highest cybercrime rate.

Most cities welcome being listed in the top spot of annual surveys like Forbes Magazine’, “Most Livable Cities,” but Symantec’s and Sperling’s list of cities with the highest cybercrime rate surely can’t be coveted.

After coming in as the third riskiest city in 2010, Washington, DC has been newly crowned as the Cybeycrime 2012 riskiest city in America in this year’s report.[i] A press release summarizing the report observes, D.C. “placed exceptionally high in almost all the categories measuring potential risk, and had the second-highest reported usage of smartphones.”[ii] Additionally, “the nation’s capital also ranked high among cybercrime data factors, including attempted malware infections and attempted Web attacks.”

All hope is not lost for those smartphone and tablet users living in the DC-area, though! Norton suggests one can mitigate and reduce the likelihood of becoming a victim of cybercrime by being cautious “when using Wi-Fi hotspots,” ensuring to “use complex and unique passwords,” and by staying up to date on vulnerabilities by being “educated.”

The survey raises several interesting questions, due to the constraints of open-source reporting, and therefore prevents a greater exploration and in-depth analysis. Specifically, given that numerous political interests and the most senior policy representatives within the U.S. government operate and work within the DC-area, how much of this “cybercrime” should be considered “cyberespionage?” To what degree and to what extent are the incidents cited in this report, directly or indirectly, related to the acquisition of political intelligence? Do such incidents indicate an increase in a particular arena of interest such as Research and Development efforts by U.S. defense contractors? Of course, actionable, legal, and policy challenges for the defense of critical areas of interest to the US government are difficult to implement, as “there is no silver bullet in cybersecurity.” [iii]

To see where your city ranks up, check out the full listing.

*Disclaimer: The opinions expressed by the Lint Center Bloggers and those providing comments are theirs alone, and do not reflect the opinions of the Lint Center for National Security Studies, Inc. or any employee thereof. The Lint Center for National Security Studies, Inc. is not responsible for the accuracy of any of the information supplied by the Lint Center Bloggers.


About the Authors:

Tim Coleman received his BA from Georgetown, MBA from Barry University, and Master of Public and International Affairs, Security and Intelligence Studies from the University of Pittsburgh, and serves as the Center’s Director of Communications.

Brittany Minder received her BA in International Relations from Stanford University and she serves as the Lint Center’s Public & External Affairs Associate.


Works Cited:

1. McCaney, Kevin, “The Riskiest Cities for Cyber Crime: Where Does Yours Rank?” Government Computer News, February 17, 2012, Retrieved on February 21, 2012, http://gcn.com/Articles/2012/02/17/Riskiest-US-cities-for-cyber-crime.aspx?Page=2

2. Sperling’s BestPlaces, “10 Riskiest Cities for Cybercrime: The Norton Top 10 Riskiest Online Cities Report Reveals Who’s Most Vulnerable to Cybercrime,” March 22, 2010, Retrieved on February 21, 2012, http://www.bestplaces.net/docs/studies/riskiest_online_cities.aspx

3. Official Symantec Press Release, “Top 10 ‘Riskiest’ Online Cities of 2012 Presented by Norton,” February 15, 2012, Retrieved on February 21, 2012, http://www.symantec.com/about/news/release/article.jsp?prid=20120215_01

4. Nakashima, Ellen, “Cyber defense is mixed, study finds,” January 12, 2012, Retrieved on February 22, 2012, http://www.washingtonpost.com/world/national-security/cyber-defense-effort-is-mixed-study-finds/2012/01/11/gIQAAu0YtP_story.html

5. Photo Credit, Wikicommons, http://commons.wikimedia.org/wiki/File:WashMonument_WhiteHouse.jpg


End Notes:

[i] Sperling’s BestPlaces, “10 Riskiest Cities for Cybercrime: The Norton Top 10 Riskiest Online Cities Report Reveals Who’s Most Vulnerable to Cybercrime,” March 22, 2010, Retrieved on February 21, 2012, http://www.bestplaces.net/docs/studies/riskiest_online_cities.aspx

[ii] Official Symantec Press Release, “Top 10 ‘Riskiest’ Online Cities of 2012 Presented by Norton,” February 15, 2012, Retrieved on February 21, 2012, http://www.symantec.com/about/news/release/article.jsp?prid=20120215_01

[iii] Nakashima, Ellen, “Cyber defense is mixed, study finds,” January 12, 2012, Retrieved on February 22, 2012, http://www.washingtonpost.com/world/national-security/cyber-defense-effort-is-mixed-study-finds/2012/01/11/gIQAAu0YtP_story.html