Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« The Problems with Unscientific Security | Main | The Doghouse: ADE 651 »
November 5, 2009
Mossad Hacked Syrian Official's Computer
It was unattended in a hotel room at the time:
Israel's Mossad espionage agency used Trojan Horse programs to gather intelligence about a nuclear facility in Syria the Israel Defense Forces destroyed in 2007, the German magazine Der Spiegel reported Monday.According to the magazine, Mossad agents in London planted the malware on the computer of a Syrian official who was staying in the British capital; he was at a hotel in the upscale neighborhood of Kensington at the time.
The program copied the details of Syria's illicit nuclear program and sent them directly to the Mossad agents' computers, the report said.
Remember the evil maid attack: if an attacker gets hold of your computer temporarily, he can bypass your encryption software.
Posted on November 5, 2009 at 12:48 PM • 22 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Arno • November 5, 2009 1:29 PM
Really no surprise here. Not even that "officials" cannot be trusted with computers.
BF Skinner • November 5, 2009 1:34 PM
Law 3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
The original formulation of Microsoft's 10 immutable laws of security don't seem to have changed much... http://technet.microsoft.com/en-us/magazine/...
But it's why I will always recommend egress blocking port 80.
Bruce Clement • November 5, 2009 1:37 PM
What on earth was a laptop containing that kind of detail doing unguarded outside the official's own country?
Henning Makholm • November 5, 2009 1:51 PM
Bruce: Perhaps that level of detail was not on the laptop at the time it was unguarded. But, perhaps after the laptop returned to returned to Syria and logged on to a trusted network, the trojan could start copying data the official viewed on it.
bob • November 5, 2009 2:16 PM
While it does not prevent hardware-based attacks, anyone who has something to protect should use a remote access tool booted from a PC, such as this one provided by the government: http://spi.dod.mil/lipose.htm
I use this whenever I login from hotel rooms or libraries or such. Not the fastest thing in the world, since it boots from a CD, but it would prevent evil maids who can't solder from getting your passwords...
Sure... • November 5, 2009 2:28 PM
Like such plans would be on a laptop in a foreign hotel, unattended. Sure, I'll believe that.
Sounds more like a 'leak' made up to justify the bombing.
bob • November 5, 2009 2:30 PM
Or at least a "leak" to divert suspicion from a highly placed humint asset. Wasnt it Syria that Israel infiltrated to like the #3 guy back in the 60s?
spaceman spiff • November 5, 2009 2:35 PM
Even if the system is protected well enough to thwart planting trojans or other spyware on the system, if you have access to the device then it is trivial to make a bit-image copy of the hard drive and decrypt it at your leisure.
nick • November 5, 2009 2:49 PM
I don't think you guys understand how incompetent third world governments are when it comes to IT. Remember the researcher who operated a TOR exit node and intercepted SSL coming from Arab governments? They just click "OK" when they get SSL errors; I'm sure they aren't careful with their digital data.
@Henning,
Of course you'd probably be right, and why else need a trojan if not to get data later on?
Or it could be manufactured to protect the real leak, but maybe even both could be true? Mossad is pretty good at this stuff. Or at least they were when I was in the community.
NobodySpecial • November 5, 2009 5:48 PM
@how incompetent third world governments are
True, good job the US, UK governments are so good at security. I found a USB key in a carpark the other day and was shocked to discover it didn't have confidential data on it.
Vincent • November 5, 2009 5:57 PM
Evil maids are a pita. They've been known to let people in for a $20 bribe to swipe your belongings as well. Clearly the solution here is to kill all of the maids.
pfogg • November 5, 2009 6:38 PM
From a distance, displayed with a suitable font, a glance at the title gives you "Moose Hacked Syrian Official's Computer". Which is an attention-grabber, I can tell you.
Will • November 6, 2009 1:08 AM
@nick:
"Remember the researcher who operated a TOR exit node and intercepted SSL coming from Arab governments? They just click "OK" when they get SSL errors"
This is as backwards as the original 'researcher'. What the researcher saw was hackers accessing hacked accounts across the world using TOR to hide their tracts.
The alternative - that people are using TOR to access things legitimately or that they know enough to use TOR but not enough to understand the messages or implications ... now that I find contradictory.
BF Skinner • November 6, 2009 6:16 AM
@how incompetent third world governments are
Yeah, right? Like the laptop left in the backseat of a car while two soliders stopped for a pint. The car which got broken into the laptop which got stolen ... only contained classified war plans during the first Gulf War.
The endless stories of classifed USB drives ending up in the souk in Afghanistan.
The 50,000 odd laptops that go missing in American airports every year (likely some are carrying classified information.
Any security manager can give you more stories of people mishandling classified information.
Glad to know this is all caused by the 3rd world.
I know you don't like to hear this but security is not a technological issue. Indeed instead it is technology that is a security issue.
jouser • November 6, 2009 9:07 AM
If you're traveling unless you plan to keep your machine with you at all times you have to take a loaner or spare laptop with you instead. You can't trust anyone (evil maid) or anything (hotel safe).
fullbirdmusic • November 8, 2009 12:17 AM
I have to agree that security is not always a technological issue. Personnel accessing sensitive information need to know how to protect it physically as well as with the technology in order to remain secure. I'm sorry, but carrying a laptop like that to a public place and letting it leave your sight is a violation in my book. It should be treated as if it's a loaded weapon.
That kind of thing needs to remain within arm's reach. Otherwise, how are you to tell if it's been tampered with?
Of course there's the burden of carrying it with you everywhere you go, but if you have the burden of responsibility for the contents of the machine, it should be no problem safeguarding its physical security; unless you don't care if it's compromised, of course.
Tor A Bora • November 9, 2009 2:45 AM
Re fullbirdmusic's message on keeping the laptop physically with you - my idea is that you start out by assuming it will be lost or stolen, and issue it to the user with it prepared as best you can to deal with the physical theft. If you feel you cannot secure the data for a period longer than it's usefulness then do not issue the laptop.
sooth sayer • November 10, 2009 8:24 AM
Somehow it's always Syrian officers and Israel. If I recall it was the same story in 1967.
I think there is more to this story -- plausible deniability by somoneone who is already on the take.
fullbirdmusic • November 11, 2009 2:58 AM
Re: Tor A Bora
Absolutely. We have to assume the worst and prepare for it from the start. Otherwise, we're giving it away if it does happen to be stolen.
tania • November 12, 2009 1:32 PM
would disable the usb drive in windows prevent these cool boot attacks. ? please advise
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments