The magazine of the Melbourne PC User Group Computer Espionage - for the bookshelf Major Keary |
Computer Espionage
The spying business has always been a source of fascination and the theme of many novels and films, a modern feature of which is attacks on computer systems. Whether real or fictional, that has created both a sense of curiosity and awareness. In an age when political leaders are able to abandon the rule of law by invoking an evanescent (and often spurious) suspicion of terrorism, citizens should be concerned about the use of eavesdropping and other invasive practices. George Orwell might well be saying, "I told you so".
If you want a good, real-world, read about "computer espionage", get a copy of Joel McNamara's Secrets of Computer Espionage. It has good technical detail, but readers don't have to be expert to follow the discussion. There are plenty of boxed items that describe - in plain language - particular cases and how technology was used.
For those with a professional interest in computer security, or who want to be informed, Secrets of Computer Espionage is an excellent, up-to-date introduction. It is also a useful reference to information available on the web.
The first chapter is an overview of computer-related spying and includes a discussion of risk assessment, which is an essential first step to protection. The second chapter, Spying and the Law discusses legal issues in the context of American law; local readers with an interest in the topic will at least get an idea of what to look for in respect of Australian legislation. The rest of the book deals with specific classes of attack, such as the classic 'Black Bag' operation, 802.11b wireless networks, network eavesdropping, and spying with 'Trojan Horses'. Each chapter sets out the problem, describes how (and with what tools) an attack might be mounted, and the appropriate protective measures. A number of espionage tools and systems are described; for example ECHELON and how it works.
Steganography is discussed briefly and in an interesting side note refers to the dubious claims that Osama bin Laden's people were using steganography; the author says a University of Michigan team of researchers "scanned more than two million images and found no evidence of hidden messages in any of the files".
This is the best general overview and technical explanation of how digital technology is used for spying, and how to protect digital systems from intrusion. Spying, in that context, is used to include everything from the invasion of personal privacy to stealing national secrets.
|
Joel McNamara: Secrets of Computer Espionage ISBN 0-7645-3710-5 Published by Wiley, 362 pp., RRP $57.95 incl. GST |
 |
Applied Cryptography
The second edition of Bruce Schneier's Applied Cryptography is still the most
comprehensive and comprehensible treatment of modern crypto. It doesn't shirk on
technical detail, but should not overwhelm informed lay readers who have an
interest in the subject.
Even though it was published in 1996 and new algorithms have since been devised,
this text is still regarded as an authoritative treatment of applied
cryptography. The bibliography is a resource in its own right.
Crypto has become an essential tool for commercial transactions and
communications, but crypto algorithms have a life. Once put into the public
domain it is a matter of time before someone discovers a method of 'breaking'
it. For that reason there is an ongoing quest for new, more complex algorithms -
but the principles remain constant.
Another vulnerability is the increasing capacity to mount brute force attacks.
All but one cryptosystem - one-time-pad - can be broken by testing every
possible key. However, the time required to test a long key can be enormous.
Increased computing power makes brute force attacks more feasible, and is
usually offset by using longer keys. However, that doesn't protect material
encrypted a few years ago. In most instances that doesn't matter, but
intelligence agencies keep intercepted material for ever, and routinely revisit
the old stuff. A real-world example of the problem is DES (Data Encryption
Standard), which not only has been 'cracked', but the means of doing so have
been published. What was considered to be securely locked away a few years ago
is now a potentially open book.
Two developments brought about a paradigm shift in crypto: a method of
exchanging keys over public communication systems, and an algorithm that enabled
a private/public key system. Bruce Schneier explains how these systems work and
their variants. He also explains the methods of attack on various cryptosystems.
There are more up-to-date books, but generally they are either written for an
academic or professional audience, adopt a gung-ho style that depreciates their
value, or are 'dumbed down'. For anyone who wants a sound introduction to
applied modern cryptosystems, Applied Cryptography is the text I recommend.
|
Bruce Schneier: Applied Cryptography ISBN 0-471-11709-9 Published by Wiley, 758 pp., RRP $99.95 incl. GST |
 |
Reprinted from the May 2004 issue of PC Update, the magazine of Melbourne PC User Group, Australia
 |