News you may have missed #356
May 21, 2010 1 Comment
- US intel failures facilitated Christmas bomb plot: Senate report. The US Senate Select Committee on Intelligence has released a summary (.pdf) of their investigation into the so-called Christmas bomb plot of last December. The report concludes that the would-be bomber was effectively assisted by “systemic failures across the Intelligence Community”.
- More alleged Korean double spies dispute charges. Inspired by the case of the late Lee Soo-geun, who was shot by South Korea after being falsely charged with spying for North Korea, more alleged South Korean double spies are coming forward to reveal that, like Lee, their incriminating confessions were extracted through torture.
- Israeli IDF soldiers fall prey to Facebook spy. A number of Israeli soldiers fell victim to a Facebook spy scam, according to German newsmagazine Der Spiegel. The Israel Defense Forces members appear to have befriend a young woman on the social networking site, who may have been a Hezbollah operative. This is not the first time this has happened.
About intelNews
intelNews.org 
<>
(From google translate of that page. Sry, don’t read German.)
I am surprised I couldn’t find this in google news in english. This is a newsworthy story. I work in computer security and have not heard of this, though I have run across site admins who are guys that pose as women to gain confidence. (Simply a picture does it, the man’s imagination does the rest.)
Good phrase: Trust no one.
Facebook stories make top stories routinely.
I find among other computer professionals – we are called “bug finders”, “security researchers”, “vulnerability analysts” – that though these people are supersmart, methodical, skeptical… they remain naive simply from ignorance of physical security methods and how intel organizations are adapting their tried and true methodologies online.
It is routine in my spheres for hackers to pose as others and gain their confidence. “Social engineering”. Yet… As clever & paranoid as these guys are, they tend to remain ignorant of the potential the internet poses for physical security, intelligence organizations to apply their methodology they have used for years ‘on the street’ online.
They also tend to remain ignorant of many of the confidence games of con artists before them. (Scammer hackers, no.)
In fact, much of their success has been simply because of the medium, some creativity, some smarts. In inventing the term “social engineering” many have deluded themselves into believing this is a new concept.
In reality… they do not understand about the creation of legends, maintaining legends, methods of dispelling suspicion, and on and on.
They talk about MITM attacks… but don’t realize the real danger. Nothing online is necessarily real.
One thing to change one’s name, pretend they are from some foreign city, or even one’s sex… something else to create an elaborate legend, and stick to that, with supporting evidence, and being able to have a stack of tactics to waylay any possible suspicion at any time.
Or even in information gathering: profiling people’s likes and dislikes by indirect queries and research… then using this to gain footholds, rapport. Digging in.
If anyone is a potential target at all… they should never make that information publicly available.