ProSecurityNews

In this episode we look at 10 items in the news including why the Dod has temporarily banned the use of USB thumb drives, how mobile phones can be the ’smoking gun’, how Ford trucks can go on-line, about how the Kwikset Smartkey is pickproof, bump proof, and has record sales, a high tech ATM debit card skimmer, home made drug smuggling submarines, some sneaky covert cameras, and a shredder that eats engine blocks for breakfast.

Show Links

Tougher DoD security standards coming for removable storage devices

Pentagon Hit by Unprecedented Cyber Attack FOXNews.com

IronKey: Anti-Malware Initiative

Cyber Attack Spurs Thumb Drive Ban » Blog Archive » DoD Buzz

Defense Tech: November 2008 Archives

Best Buy Digital Photo Frames Shipped With Virus – Security Fix

Assa Abloy To Close 15 Units, Cut 1,800 Jobs

Stanley acquires Florida Sonitrol franchise – Security Systems News

Stanley Convergent Security Solutions News

Mobile Handsets Becoming A ‘Smoking Gun’ – DarkReading

Paraben Corporation – Computer Forensic Software

Paraben Forensics

Ford trucks getting LogMeIn remote PC access

LogMeIn – Solutions for Small Business

Kwikset.com – SmartKey

Kwikset Smartkey Patent

Video: Sneaky New ATM Skimmer Found in Pennsylvania

Feds Harpoon Alleged ‘Narco Submarine’ Crews

Ultimate SAS Spy Pen

Cigarette Lighter Camera

Watch It Shred

Pro Security News – PSN008 Script

DoD bans thumb drives.

Our lead story today is sound advice for anyone who has a computer, be it personal, company, or government.   This past November the Defense department issued a temporary ban on the use of thumb drives and other removable storage devices on its networks because of concerns that some of the devices were infected with viruses.

The apparent reason for this action was the recent cyber attack suffered by the Pentagon which was reported by Fox News on November 20. The attack came in the form of a global virus or worm that began spreading rapidly throughout a number of military networks. Cyber investigators had not pinpointed the entry point for the worm/virus, but sources point to removable storage devices as the most likely point of infection.

Locksmiths, security practitioners, law enforcement and government agents should all be aware that storage devices that connect to any computer via the USB port can infect a computer with a virus, worm, malware or trojan very quickly. Plug an iPod ,USB drive, or a Smartphone into a PC running Windows and the device can literally take over the machine and search for confidential documents, credit card numbers and passwords stored in Internet Explorer,  and then copy them back to the internal storage on the device. Alternatively, the device can simply plant spyware, or even compromise the operating system

This is accomplished by exploiting the AutoRun capabilities of Windows which allows a connected device to run a program or install a driver when it is connected to the computer. We have all seen this behavior when we connect a USB device, usually in the form of the pop up window that asks if you want to run a program or browse the device files.

Anti-virus company Trend Micro shows that over 70 million computers were infected with AutoRun malware in 2008. Once this malware gets onto a network, it can steal passwords and documents, infect other computers on the network, and allow criminals to install other malicious software and crimeware onto the computer. In fact, it was widely reported in the mainstream media news, that this years holiday season resulted in a record number of computer virus infections spread by gifts of digital picture frames and other USB connected devices. These devices connect to your PC via USB so you can upload all your photographs. The Insignia brand photo frame sold by Best Buy is just one example.

When you connect an unknown USB device to your computer the device can automatically download software drivers to your PC to make the device work properly. In fact, it can install a complete software package. I experienced such a software installation myself quite recently when I purchased a small pocket size Kodak HD video camera.   Many of these USB devices are made in China and it is a documented fact that they are overtly attacking our computer infrastructure, so what better way than to have a collaborator working inside a device factory who is willing to plant the malicious software into the devices being manufactured.

Anyway, the net result of this is that the DoD is about to release a list of approved removable storage products that meet minimum security standards. If you can’t wait for the list, head on over to www.ironkey.com and check out what they have to offer. Ironkey worked closely with the Department of Homeland Security to develop high security removable storage devices. They offer  a range of devices with malware detection, data encryption, and at the highest level, you can even remotely disable or destroy the device contents. Users who require less than Dod level protection can google “secure usb drive” for a long list of vendors.

In addition to the threat of an injected virus or malware, there is the threat of lost data due to a careless employee. I am reminded of a rental car I was in recently during a business trip. During cleaning, the rental car company evidently missed the lost thumb drive left behind by the previous renter. I took a peek into the contents of the device with my laptop which dual boots to Linux. Linux is an OS that is immune to the viruses and malware that attack Windows PC’s, so I had no problem examining the contents of the USB drive. Using the information on the drive I was able to call the rental car company and inform them that Mr Jones (not his real name) had left his USB drive loaded with personal information in the vehicle. The drive and the owner were happily reunited.

So the lessons for us to take away are;

1. At a minimum, choose a device that has a built in password to encrypt your data in case you lose it or misplace it.
2. NEVER connect a USB device to your computer unless you trust the source.
3. Always keep your virus definitions up to date.
4. I/T managers should consider an outright ban on such devices in the workplace. Besides the threat of virus injection into your network, there is also the threat of data theft. The Policy Editor can be used to turn off the USB AutoRun feature so it cannot be restored by the user.
5. Finally, don’t limit restrictions to USB drives. This threat originally surfaced in 2006 and was dubbed the attack of the iPods. The perpetrator would ask if he could charge his ipod by connecting to your laptop, and it would set about harvesting data from the hard drive.

ASSA Abloy cutting jobs

The economic downturn is global in nature and has recently affected Assa Abloy, the worlds largest lock manufacturer as measured by sales volume.  Assa, who’s corporate offices are located in Sweden, recently announced a 141 million dollar restructuring program that calls for the closure of 15 production units and the layoff of 1,800 employees. The report did not indicate which facilities or product lines would be affected.

Stanley acquires a Sonitrol Franchise.

Stanley Convergent Security Solutions, is part of the Stanley Group originally well known for their line of tools.  Stanley now owns a number of security product companies including Precision Hardware, Sargent & Greenleaf, & Best Lock. In the summer of 2008 they also acquired Sonitrol Corp., an burglar alarm company that uses audio listening capability as part of their detection technology.  Sonitrol has a long history in the security industry. In 1969 I worked for one of the original franchises called Security Associates located in the Washington DC area. Back in those days we could actually listen in to crimes in progress over a direct wire connection from the protected premise to the monitoring station. It was common the hear glass breaking, and holes being chopped through roofs and walls.

Sonitrol has over 90 independent franchise dealers around the country, and most recently Stanley acquired  one of them, namely Sonitrol of Palm Beach Florida. That franchise has been in operation since 1974. The news report gave every indication that Stanley would seek to  acquire more Sonitrol franchises as the opportunities present themselves.

What is interesting here is that Stanley has recognized that it is not just enough to manufacture the security products, you need to be able to sell, install & service them, and owning your own service is the best way to ensure quality.

Mobile Phones can be a smoking gun.

The Dark Reading website has an original article about handheld devices, which can store data and access corporate networks. These devices can contain volatile data that can be the smoking gun to forensics investigators.

Investigators need to know that the evidence on these hand held phones and devices can be easily lost or tainted. The article quotes Amber Schroader, president of the Paraben corporation, who says the trick to preserving the data is to maintain power on the device and to block any incoming signals to the device. This can be accomplished by wrapping it in foil or placing it inside a metal container.

In our first episode we talked about Paraben and their device called a CSI stick. It is a device that can be used by investigators to extract data from cell phone. They now offer investigators a field kit that includes everything needed to perform a comprehensive digital forensic analysis of over 1,900 cell phones, PDAs, and GPS devices anywhere, anytime.

Quickly shielding the seized device is critical because some devices may be equipped with software that allows the memory to be destroyed by a simple text message. mSafe is one such program that we mentioned on show #4. I use this program on my own Smart phone because it contains so much important data. If my phone were ever lost or stolen, I can send it a simple text message that will destroy the memory contents.

Security practitioners should recognize the threat that smartphones present to an organization. Many have mega pixel cameras, gigabytes worth of memory storage, internet and email access, and even VNP access into your network.  They can be used to remove vital data either in the form of files from the network, or photographs of documents or product prototypes.

Ford Trucks getting Computer Access

Locksmiths and security technicians who need computer access, but who don’t want to carry a laptop on their truck, now have a new option available from Ford.

New F-150 trucks (and a few other models) can be equipped with the optional Ford Works Solutions suite, a collection of options that includes Internet access, a dashboard monitor, and a wireless keyboard and pointing device. This package will now include the remote PC access product called Log Me In. ( LogMeIn ).

LogMeIn, a Boston based company, has been providing secure remote computer access solutions since 2003. The provide software that allows browser based access to your work computer from home, or in this case, from your F150 truck.

Ford is really on a roll here lately. You may recall our story in show #1 about the available RFID tagging for your tools so they wont get left behind on the job, and the cable lock system to secure your gear.

Kwikset says Smartkey very successful.

Kwikset has stated that its SmartKey technology has been one of the most successful product innovation launches in company history. They made this announcement at the  International Builders’ Show (IBS) in Las Vegas.  SmartKey resulted in a  20 percent growth in U.S. retail sales of the Kwikset Signature Series line of products in 2008.

The unique feature of the SmartKey technology is that it provides consumers with the ability to re-key locks quickly and easily, without removing the lock from the door, or calling a locksmith. The cylinder is also highly resistant to picking, impressioning, and the design cannot be bumped.

We all know how key bumping has been made famous lately by the mainstream media and youtube, who at last count had about 2,000 ‘how to’ videos on lock or key bumping. The Memphis TV channel 5 video on lock bumping has received 7,759,310 views on you tube. Kwikset is arguably the most popular residential lockset sold in the USA.

The upgrade of their products to ANSI grade one, and the addition of the picking and bumping protection, in a $30 deadbolt, has already proven to be a big hit in the marketplace.

Watch this program for a detailed review of this product in the near future.

ATM skimmer used to steal 300k in Pennsylvania.

An alert bank customer in Pennsylvania thought the speaker mounted over his bank’s ATM looked suspicious, so he called the cops. It turned out to be a skimming device blamed for $300,000 in losses.

Skimming is a method used for stealing your identity during an ATM transaction, or anytime your card is out of your possession. There are many documented incidents of retailers and waiters who have used skimmers to steal your credit card information. The then use this information to re-encode blank mag stripe cards. They use depleted gift cards or used hotel keycards as the raw material. These cards can then be used in any machine that accepts cards.

In this particular case, the skimming device placed on the ATM machine was virtually undetectable. It looked like a normal part of the ATM. And just when law enforcement agencies have gotten a handle on the technology being used by ATM skimmers, along comes a break through technology that is leaving even veteran investigators astounded.

The method used included two devices. A type of skimmer placed over the card slot on the ATM accompanied by what appeared to be a speaker mounted on the ATM above the keypad. When the card was inserted, a device placed over the slot scanned the magnetic stripe and the account information was sent wirelessly  to a modified cell phone hidden behind the fake speaker placed on the ATM above the keypad. A small camera concealed in the fake speaker recorded the pin number entered and stored it on a flash memory card.

Lockmasters Security Institute offers high tech training.

As you can tell from the previous stories, new technologies and new threats are coming on very strong in our industry.  Mechanical designs are evolving rapidly to meet current threats, and electronic technologies seem to change every day. and the bad guys keep getting more creative too. To stay successful you have to stay current.

Staying current is how Lockmasters Security Institute can help.  It is still early in 2009 and not too late to  schedule some training at LSI.  We offer dozens of courses including Access Control Systems, Professional Industrial Locksmithing, GSA Container Inspection and Comprehensive Security Specialist Training just to name a few. Many of our courses are college accredited and all of them are taught by instructors who have had actual hands on experience. Our instructors come from senior positions of responsibility with Fortune 500 companies, the DoD, the FBI, and the Secret Service,  just to name a few.

Give LSI a call or visit the website and check the list of course offerings. While you are there, check out the new video of the LSI campus, and the worlds largest lock museum, hosted by Clay Miller.

Home made submarines for drug smuggling – wired.com

Federal prosecutors in Florida are invoking the newly passed Drug Trafficking Vessel Interdiction Act of 2008 for the first time allowing them to prosecute smugglers sailing so-called “narco submarines” on the high seas.

Measuring up to 80 feet long, a narco sub is a class of boat called a “semi-submersible,” a vessel that travels at the ocean’s surface, with most of its mass hidden underwater. According to the U.S. Southern Command, the boats have emerged as a favorite ship of commerce for international drug smugglers, in large part because they’re barely visible from the surface, making them hard to find on radar or by sight. What’s more, a crew can easily sink the boat if confronted at sea.

Narco subs were first detected in 1993, but have recently swelled in number as technological advances in design and materials have made them safer to travel. They can carry tons of cocaine or any other cargo in an underwater hull. Today, they’re typically made from fiberglass, wood or steel and manufactured in the jungles of Columbia and other cocaine-producing nations near the United States. They travel about 6 knots on diesel engines and have a range of about 2,000 miles.

Some U.S. officials consider semi-submersibles a serious threat to U.S. national security and are concerned that they could carry weapons of mass destruction.

Covert cameras.

These next two items are both tools and potential threats for security practitioners and our friends in the intelligence community.

A website called boys stuff in the UK, is offering a pen that contains a small camera and voice recorder.   This device offers full color video and sound recording. Its 2gb of internal memory allows for 15 hours of recording. a little web surfing reveals a number of other websites that offer similar products.

This pen can obviously be worn in your shirt pocket to record everything in front of you, or just left carelessly somewhere on a desk to record everything around it.

The Spy Pen unscrews to reveal a concealed USB connector for connection  to a computer for video file transfer. It also functions as a conventional USB stick.

Not to be outdone, the folks at Ajoka.com have a cigarette lighter camera and audio recorder with built in USB adaptor for charging the Lithium-ion battery. The camera can record up to 6 hours to a 8gb micro SD card. And yes, it also works as a lighter.

It seems that miniature cameras can be stuffed into just about anything these days only limited by your imagination.

Just for fun

I’m sure many of you have seen the “will it blend” videos either on late night TV or on You Tube. The owner of Blendtec, a company that makes blenders gets publicity by blending all sorts of things like cell phones, glow sticks, marbles, and golf balls. The company’s sales grew 700 percent after the series of videos went viral on the internet, and the entire concept has been studied by business & marketing students. If you haven’t seen them you should.

Anyway, another company has copied the “will it blend” idea but on a much bigger scale, and it is of some interest to those of us in the security community that sometimes need to destroy things like discarded computers and hard drives. The folks at Watch it Shred destroy everything from bowling balls, to 50 gallon oil drums, monster truck tires, pianos, engine blocks, entire cars, and of course computer hard drives by the handful. Check it out, it is fun to watch.

Closing

And so ends this 8th episode of Pro Security News. We covered a lot of topics in this show. The links to all the original stories and research articles are included in the show notes.

If you have any questions about any of the topics discussed today, or if you have a technical question you need an answer for,  send me an email at info at prosecurity news dot com. I will answer both via email, and on the show so others can learn.

If you wish to praise or condemn the show, please drop us a note at info at pro security news dot com.  We can’t improve if we don’t know what’s bugging you. If you enjoy the show please consider giving us a rating on iTunes and Zune.

This is Jon Payne at LSI, saying “Thanks for listening, and we’ll be back next week.”