[SecurityRatty] tag: overseas

No Court Order Needed to Spy on Americans Overseas, Appeals Court Rules

Wed, 26 Nov 2008 16:58:00 +0000

The government does not need a judge's approval to wiretap Americans overseas, an appeals court ruled, rejecting the appeal of an American convicted of helping plan the 1998 East Africa embassy bombings. The ruling comes as rights groups challenge the government's warrantless wiretapping program and newly granted powers to set up electronic dragnets inside the United States.

They didn't go away you know....

Fri, 14 Nov 2008 03:02:00 +0000

Listening to a discussion on CNN the day after President elect Obama won the U.S. Presidential race, made me think about what the terrorists may be thinking.

It really is fairly easy for the average citizen to push these thoughts out of their mind, but we should always keep it somewhere in our minds - close enough to recall it when necessary.

Bill Clinton was "tested" early in his Presidency as was the U.K.'s new Prime Minister - Gordon Brown. In PM Brown's case it came 72 hours after the Election in Britain. How long may we wait to see something here..or overseas, but definitely aimed at inflciting U.S. casualties?

Bottom line - we should always remian alert and open to the idea that something could happen and we can not afford to drop our guard and think "they have gone". Terrorists have great amounts of patience. They conduct surveillance right under the noses of their intended victims. As the old saying goes; "we have to be successful every single time - they only have to be lucky once".

Overseas companies practice safer security than U.S firms -- or do they?

Wed, 29 Oct 2008 01:00:00 +0000

Two global surveys that compare how U.S. companies handle security issues with their counterparts overseas offer cautionary data for firms looking to outsource operations.

The Importance of Advance Planning in Executive Protection

Sun, 12 Oct 2008 16:10:00 +0000

I was delighted to see the Herald Standard quoting an executive/close protection agent regarding the importance of Advance work.

Sy Alli is an E.P./C.P. team leader for "Limited Brands Inc.," and was speaking at the California University of Pennsylvania's 2nd annual conference on Corporate and Homeland Security.

Mr. Alli was describing a previous trip to Indonesia where he was in charge of the advance to make sure everything was in place before the Principal arrived out with the other protective agents. Very accurately, he described the need to cover every minute detail from the routes of travel to the alternative routes and to include such important features as local hospitals should medical treatment be needed.

Another important point highlighted was the need for agents to have access to contacts in different countries who could assist with logistics, general and specialized support on the ground, current political situations, etc.

Far too often I am approached by security persons (and not even all are qualified/trained in executive or close protection)who find out that we may have overseas work and want to be included. On some occassions, those requesting to be included on the detail did not even have a current passport!

If you are serious about making a career out of this line of work, you owe it to yourself to do your homework. Over the years I have developed hundreds of contacts all over the world who will respond immediately and who can be trusted to support us in any number of situations and scenarios.

This took a lot of preparing and involved constant contact. It is not something that you throw together a day before your client is scheduled to arrive in a country. If you have people in different parts of the country, or world if you wish to work globally, who can assist when you are in need, you will be able to facilitate your client in a way that will not only gain his/her admiration, but will undoubtedly cement your position in that client's security detail.

In these unsure times, there is a lot to be said for knowing your job is safe for the foreseeable future.

Female Bodyguards Get the Job Done.

Sun, 28 Sep 2008 17:45:00 +0000

Those who think that Bodyguarding is a job best left to men - think again.

The Dublin City Herald recently ran a story about Lisa Baldwin, from Dublin, who is a female Personal Protection/Close Protection Specialist based in the U.K. Ms. Baldwin is in high demand by Middle Eastern clients who wish to have their women and children protected by female agents.

That is exactly why SEXTON EXECUTIVE SECURITY(www.sextonsecurity.com)designed a Middle East E.P./C.P. course that will be held in the U.A.E. from the 11th of October through the 18th. The President, John Sexton summed it up as follows; "We saw the need for agents from all over the world to be able to train in the Middle East and to experience the culture,tradition and religion first hand". "Middle Eastern clients are extremely important to our industry", he added "and it behooves all agents involved in providing safety for these families to become conversant with every aspect of their lives in order to be able to offer the best protection possible".

SEXTON will also have a group of female trainees attending their Executive Protection course in San Diego, California in December. Lisa Baldwin is described in the Herald as being "one of the world's few female bodyguards". Many women around the world now recognize that by undergoing professional training like Ms. Baldwin, they can be assigned to prestigious contracts and make a very lucrative living.

Ms. Baldwin's petite stature does not prevent her from succeeding in a mostly male-dominated industry. "You realise you're not in Iraq, you're in London", she advises. Very true. Smart protectors understand that the Art of Personal Protection is about using your mind and not your brawn. The differences between working in Iraq and London/New York/Dubai are like night and day.

Unfortunately, if the agent does not receive proper training, they may very well fail to realise the difference. There is one type of training needed for a Hostile environment such as Iraq or Afghanistan and a completely different one for the corporate/private sector. A security contractor coming fresh out of a hostile environment will often find it extremely difficult providing protection in a covert, "grey man" style.

Fortunately for them, Sexton Executive Security's focus is on private clients and their E.P./C.P. corporate training program can help those returning form overseas contracts to make the transition smooth and profitable.

In the corporate/private family world, you don't have heavy weaponry to rely upon but as Ms. Baldwin states; "Its all about the mind and prevention". Like the old saying goes; "an ounce of prevention is worth a pound of cure".

Have CrackBerry, Will Travel

Thu, 25 Sep 2008 04:45:34 +0000

Blogger: Dan Blum

It is no surprise for us to hear loose lips flapping in India about a capability to decrypt Blackberry and other carrier traffic.

After all, we’ve done basic threat analysis for years and it was only months ago that I was brought into a company-wide CISO meeting at a U.S. defense contractor to help them hash out their travel policy for mobile devices. Going into the meeting, I knew their policy restricted taking devices to a list of countries considered dangerous – but there was an exemption for BlackBerries.

Our research uncovered that BlackBerry is pretty secure in most respects. It has transport encryption along with optional password protection, remote kill, disk encryption, and S/MIME encryption. Viruses have not flourished on this functionally limited and closed platform. Few if any third party add on programs are required for additional protection. Nonetheless, I went into the meeting prepared to talk with the CISOs about the risks and security limitations of life on BlackBerry.

Was the BlackBerry exemption reasonable? At the time, BlackBerry transport encryption was not known to have been broken (to be fair, the article listed above still qualifies as rumor, not certainty of breakage). However, I pointed out that it is dangerous to assume well-equipped attackers like military or intelligence organizations can’t crack transport encryption. And even if they haven’t cracked the BlackBerry network and whole disk encryption features, sophisticated adversaries have other attack paths. Check out Neal Stephenson’s excellent book Cryptonomicon for a description of how a talented adversary might “see” your keystrokes and screen images through a motel room wall, for example.

If one of your employees – such as a key scientist, project manager, or executive – is targeted for surveillance and is carrying sensitive data through certain countries, one could argue that he or she had better undergo serious counter-intelligence training. Learn to spot and shake tails, sneak into dark alleys for that BlackBerry fix. Learn to paper the closet with layers of aluminum foil and send messages in the dark. Defend that BlackBerry with encryption, long passphrases, and kung fu. But unless James Bond is running your company, I doubt this is what your executives have in mind for the next business trip!

Assuming your organization’s lower level employees are like needles in a haystack and won’t be bothered could be an exercise in wishful thinking. It is always possible that nation states are monitoring some or all of the airwaves. Not so long ago the NSA had a massive a covert surveillance program in place. Years before the government was reportedly snarfing up terabytes of emails and crunching them through a program called Carnivore. And of course, selective monitoring of people on watch lists continues on a large scale. This is just the surveillance we know about in the U.S. We suspect there’s more behind the scenes and especially in countries such as China. Even if you train your non-specifically-targeted low level employees to write and speak in search-keyword-free code, the carnivore programs of the world are pretty good at sniffing out those interesting needles – such as descriptions of your business plans, manufacturing processes, and trade secrets.

Sound paranoid? I admit that I don’t know what the probabilities of being targeted or monitored are – just that it can happen. It’s the height of arrogance to believe that a nation state can’t get your information if they’ve targeted it and you’re within their borders. And it’s dangerous to rely on security by obscurity when medium or high consequence information must be protected.

What can be done? If key personnel can't dispense with the BlackBerry (or any other email device) during international travel to those countries where information may be most at risk, they (the users) should limit communications to what they’d feel comfortable uttering over a potentially-monitored telephone call. Controlling incoming communications – messages sent by others – is a harder problem. Until data loss prevention (DLP) products become more contextually sensitive about the travel issues, it may be best not to synchronize the BlackBerry with the overseas user’s home mailbox. Instead, have the user give out a temporary address for the BlackBerry and warn senders to be discreet.

Death Toll of Hotel Bombing in Pakistan Continues to Rise

Wed, 24 Sep 2008 23:39:00 +0000

It was no coincidence that the bombing in Islamabad which killed more than 40 and injured more than 250 was a popular place for foreigners to meet.

U.S. military personnel were attending the Marriott when the bomb exploded. The horrific injuries were not limited to foreigners however, as many Muslims were breaking their Ramadan fast and eating there at the time.

Of course, the terrorists have shown us in the past that they are not opposed to killing other Muslims as was the case in the World Trade Center bombings in 2001
The Islamabad Marriott was said to have been well fortified. If it wasn't afterall, let us hope that Hotel chains like the Marriott review the security of their overseas locations.

One thing is for sure, any overseas location that is considered a gathering place for foreigners, especially Americans in places like Pakistan, India, etc., will continue to be Prime Targets. Serious surveys need to be conducted and overall security needs to be enhanced. Vehicular access needs to be closely monitored and controlled in the more hostile regions. Marriott and all the others need to focus on counter surveillance measures to ensure the safety of their guests.

New Book: Schneier on Security

Mon, 15 Sep 2008 03:18:23 +0000

I have a new book coming out: Schneier on Security. It's a collection of my essays, all written from June 2002 to June 2008. They're all on my website, so regular readers won't have missed anything if they don't buy this book. But for those of you who want my essays in one easy-to-read place, or are planning to be shipwrecked on a desert island without Web access and would like to spend your time there pondering the sorts of questions I discuss in my essays, or want to give copies of my essays to friends and relatives as gifts, this book is for you. There are only 90 shopping days before Christmas.

The hardcover book retails for $30, but Amazon is already selling it for $20. If you want a signed copy, e-mail me. I'll send you a signed copy for $30, including U.S. shipping, and $40, including shipping overseas. Yes, Amazon is cheaper -- and you can always find me at a conference and ask me to sign the book.

Corporate Identity Theft

Sat, 16 Aug 2008 05:58:30 +0000

I remember a talk by the value investor Mason Hawkins (Longleaf Funds) where someone asked him about investing overseas. He answered that he does, but mainly in places where the British flag flew at some point, where there is a rule of law. Here is one example of what he is worried about and why investing in places where your assets have no legal protection does not give the investor a margin of safety.

Hermitage Fund was until recently the largest fund in Russia. From the Business Week story "Hijacking the Hermitage Fund"

Corruption, intimidation, robbery, violent assault, forgery, large-scale fraud. No, not the subject of the latest John Grisham novel, but sensational allegations, made public Apr. 4 by Hermitage Capital Management -- until recently the largest foreign portfolio investor in Russia. In a detailed and damning report, titled Criminal Justice -- Russian-Style, Hermitage alleges the fund's Russian subsidiaries have fallen victim to an elaborate con designed to defraud the fund of hundreds of millions of dollars.

The most sensational part of Hermitage's allegations is that the attempted larceny was carried out with the direct connivance of officials in the Russian police. Hermitage alleges the police seized documents and equipment that were instrumental to the attempted fraud, which involved bogus court cases based on forged documents, the aim of which was to sue Hermitage subsidiaries for hundreds of millions of dollars. "The most shocking thing is not that there are corporate raiders in Russia who attempt to steal your shares," says Jamison Firestone, managing partner of Firestone Duncan, Hermitage's law firm. "The shocking thing is that the police worked hand-in-hand with them, and actually performed the theft of the documents so that the corporate raiders could then do their work."

From the most recent Hermitage Fund letter, here is the current state:

So the two-pronged scam worked in one area and failed in another. The perpetrators weren’t able to steal the assets from us based on the fake court claims, but they were able to steal $230 million from the Russian government by filing amended tax returns on behalf of our stolen companies. What makes this story even more shocking is that we filed six 255-page criminal complaints with the Russian authorities in December last year, one month before the tax fraud took place, and they did nothing to stop it. Two complaints were sent to the Russian General Prosecutor, two to the Russian State Investigative Committee and two to the Internal Affairs Department of the Interior Ministry. There was enough information to prevent the fraud and indict a number of people behind it if the government had acted.
Instead of doing anything to save the Russian state from this highly sophisticated and organized looting, two of our complaints were thrown out immediately; two were returned to the same Interior Ministry official we were complaining about (essentially, he was being asked to “investigate himself”); and one was thrown out for “lack of any crime committed.” Only one complaint was taken seriously. It was taken up by the Russian State Investigative Committee in early February, but before it could get any traction, the case was lowered to the South region of the Moscow district of the State Investigative Committee (the lowest level of the Committee) and by June, another senior Interior Ministry official whom we had named in our complaint had joined the “investigation” team (again, to “investigate himself”). To this day there has been no serious response by the Russian authorities to this massive fraud against the Russian state.
As we described in our April letter, the problem of corporate “raiding” is now so endemic in Russia that President Medvedev speaks about it as one of the biggest problems faced by Russian businesses. In this case, raiders have taken this problem to a new and absurd extreme by “raiding” the Russian state itself and so far getting away with it. Together with HSBC, we will shortly be filing new criminal complaints with the Russian General Prosecutor and Russian State Investigative Committee as well as with many law enforcement authorities outside of Russia. It is hard to predict what will happen next in this unfolding and unbelievable saga, but as always we will keep you updated on any further developments as they arise.

Of course we see individual identity theft on a regular basis (actually as Ross Anderson points out its not really identity theft but poor controls on the bank's parts using SSNs as secrets and so on), but you dont see a major corporation stolen every day.

Don't put your foot in it, Mr. President

Fri, 15 Aug 2008 16:57:00 +0000

Watching the beginning of the Olympics, I was surprised to see the way President Bush was sitting.

The First Lady was on one side of him (thankfully) and a Chinese looking gentleman was on the other side. The President had his right foot resting on his left knee, thereby exposing his shoe sole. That is a huge "no no" in Asia and the Middle East.

As I said, thankfully the First Lady, Laura Bush was the recipient of the President's sole-waving but it made me wonder if he changed legs at a later stage and "flashed" the Chinese official. I figure it was a high ranking official or else he would hardly be sat next to the President of the United States.

What has this to do with security? It is one of the topics we teach to our budding bodyguards during our intensive Executive Protection course in the United States and abroad. You could have a very successful business meeting or trip, either overseas or at home, but ruin it by insulting (albeit unintentionally)a foreign guest. It is very important for those wroking around forein nationals to be aware of their customs and traditions.

This is not that difficult these days with all of the materials available. One of the best books I have found is; "Kiss, Bow or Shake Hands". This book and others like it, will advise the reader on the correct course of action to take when dealing with people from a host of different countries. Not that I expect the President to read the book, afterall, he must have Protocol officers to keep an eye on him. My question is, were they brought to China?

For the rest of us who are not lucky enough to have our own Protocol officers to keep us out of trouble, we'll just have to read the book.