| |
| |
| Acknowledgments | |
| |
| |
| Introduction | |
| |
| |
| |
| Spies | |
| |
| |
| Getting to Know Spies | |
| |
| |
| What Spies Are After and Who They Are | |
| |
| |
| Business Spies--Economic Espionage | |
| |
| |
| Bosses--Employee Monitoring | |
| |
| |
| Cops--Law Enforcement Investigations | |
| |
| |
| Private Eyes and Consultants--Private Investigations | |
| |
| |
| Spooks--Government-Sponsored Intelligence Gathering | |
| |
| |
| Criminals--Ill-Gotten Gains | |
| |
| |
| Whistleblowers--For the Public Good | |
| |
| |
| Friends and Family--with Friends like These | |
| |
| |
| Determining Your Level of Paranoia | |
| |
| |
| Risk Analysis 101 | |
| |
| |
| Five-Step Risk Analysis | |
| |
| |
| Summary | |
| |
| |
| |
| Spying and the Law | |
| |
| |
| Laws that Relate to Spying | |
| |
| |
| Omnibus Crime Control and Safe Streets Act of 1968 (Title III--Wiretap Act) | |
| |
| |
| Foreign Intelligence Surveillance Act of 1978 | |
| |
| |
| Electronic Communications Privacy Act of 1986 | |
| |
| |
| Computer Fraud and Abuse Act of 1986 | |
| |
| |
| Economic Espionage Act of 1996 | |
| |
| |
| State Laws | |
| |
| |
| Implications of the USA Patriot Act of 2001 | |
| |
| |
| Wiretap and Stored Communications Access Acts | |
| |
| |
| Foreign Intelligence Surveillance Act | |
| |
| |
| Computer Fraud and Abuse Act | |
| |
| |
| Other Provisions | |
| |
| |
| State Laws | |
| |
| |
| The Realities of Enforcement | |
| |
| |
| Civil versus Criminal Court | |
| |
| |
| Bosses and Employees--Legal Spying | |
| |
| |
| Legal Issues with Family Members | |
| |
| |
| Summary | |
| |
| |
| |
| Black Bag Jobs | |
| |
| |
| A Look Inside the Black Bag | |
| |
| |
| Physical and Network Black Bag Jobs | |
| |
| |
| Planned and Opportunistic Black Bag Jobs | |
| |
| |
| Spy Tactics | |
| |
| |
| Spy Games | |
| |
| |
| Inside a Government Black Bag Job | |
| |
| |
| Exploiting the Vulnerabilities | |
| |
| |
| Researching and Planning the Operation | |
| |
| |
| Gaining Entry | |
| |
| |
| Documenting the Scene | |
| |
| |
| Countermeasures | |
| |
| |
| Physical Security | |
| |
| |
| Security Policies | |
| |
| |
| Summary | |
| |
| |
| |
| Breaching the System | |
| |
| |
| Spy Tactics | |
| |
| |
| Exploiting the Vulnerabilities | |
| |
| |
| System-Breaching Tools | |
| |
| |
| Countermeasures | |
| |
| |
| Security Settings | |
| |
| |
| Effective Passwords | |
| |
| |
| Encryption | |
| |
| |
| Summary | |
| |
| |
| |
| Searching for Evidence | |
| |
| |
| Legal Spying | |
| |
| |
| How Computer Cops Work | |
| |
| |
| Seizure | |
| |
| |
| Forensic Duplication | |
| |
| |
| Examination | |
| |
| |
| Spy Tactics | |
| |
| |
| Exploiting the Vulnerabilities | |
| |
| |
| Evidence-Gathering Tools | |
| |
| |
| Countermeasures | |
| |
| |
| Encryption | |
| |
| |
| Steganography | |
| |
| |
| File Wipers | |
| |
| |
| Evidence-Eliminating Software | |
| |
| |
| Summary | |
| |
| |
| |
| Unprotecting Data | |
| |
| |
| Spy Tactics | |
| |
| |
| Exploiting Vulnerabilities | |
| |
| |
| Cracking Tools | |
| |
| |
| Countermeasures | |
| |
| |
| Strong Encryption | |
| |
| |
| Password Policies | |
| |
| |
| Password Lists | |
| |
| |
| Password Alternatives | |
| |
| |
| Summary | |
| |
| |
| |
| Copying Data | |
| |
| |
| Spy Tactics | |
| |
| |
| Use Available Resources | |
| |
| |
| Use Compression Tools | |
| |
| |
| Consider Other Data | |
| |
| |
| Understand What's Involved in Copying Data | |
| |
| |
| Storage Media to Target | |
| |
| |
| Floppy Disks | |
| |
| |
| CD-R/CD-RWs | |
| |
| |
| DVDs | |
| |
| |
| ZIP Disks | |
| |
| |
| Memory Storage Devices | |
| |
| |
| Hard Drives | |
| |
| |
| Tape Backup Systems | |
| |
| |
| Alternate Methods of Copying Data | |
| |
| |
| Transferring Data Over a Network | |
| |
| |
| Digital Cameras | |
| |
| |
| Summary | |
| |
| |
| |
| Snooping with Keyloggers | |
| |
| |
| An Introduction to Keyloggers | |
| |
| |
| Spy Tactics | |
| |
| |
| Exploiting the Vulnerabilities | |
| |
| |
| Keylogger Tools | |
| |
| |
| Countermeasures | |
| |
| |
| Viewing Installed Programs | |
| |
| |
| Examining Startup Programs | |
| |
| |
| Examining Running Processes | |
| |
| |
| Monitoring File Writes | |
| |
| |
| Removing Visual Basic Runtimes | |
| |
| |
| Searching for Strings | |
| |
| |
| Using Personal Firewalls | |
| |
| |
| Using File Integrity and Registry Checkers | |
| |
| |
| Using Keylogger-Detection Software | |
| |
| |
| Using Sniffers | |
| |
| |
| Detecting Hardware Keyloggers | |
| |
| |
| Exploiting Keylogger Passwords | |
| |
| |
| Using Linux | |
| |
| |
| Watching for Unusual Crashes | |
| |
| |
| Removing Keyloggers | |
| |
| |
| Summary | |
| |
| |
| |
| Spying with Trojan Horses | |
| |
| |
| Spy Tactics | |
| |
| |
| Exploiting the Vulnerabilities | |
| |
| |
| Trojan Horse Tools | |
| |
| |
| Countermeasures | |
| |
| |
| Network Defenses | |
| |
| |
| Using Registry Monitors and File-Integrity Checkers | |
| |
| |
| Using Antivirus Software | |
| |
| |
| Using Trojan Detection Software | |
| |
| |
| Removing Trojan Horses | |
| |
| |
| Using Non-Microsoft Software | |
| |
| |
| Summary | |
| |
| |
| |
| Network Eavesdropping | |
| |
| |
| Introduction to Network Spying | |
| |
| |
| Types of Network Attacks | |
| |
| |
| Network Attack Origin Points | |
| |
| |
| Information Compromised During Network Attacks | |
| |
| |
| Broadband Risks | |
| |
| |
| Spy Tactics | |
| |
| |
| Exploiting the Vulnerabilities | |
| |
| |
| Network-Information and -Eavesdropping Tools | |
| |
| |
| Countermeasures | |
| |
| |
| Applying Operating System and Application Updates | |
| |
| |
| Using Intrusion Detection Systems | |
| |
| |
| Using Firewalls | |
| |
| |
| Running a Virtual Private Network | |
| |
| |
| Monitoring Network Connections | |
| |
| |
| Using Sniffers | |
| |
| |
| Using Port and Vulnerability Scanners | |
| |
| |
| Encrypting Your E-Mail | |
| |
| |
| Encrypting Your Instant Messages | |
| |
| |
| Using Secure Protocols | |
| |
| |
| Don't Trust "Strange" Computers and Networks | |
| |
| |
| Hardening Windows File Sharing | |
| |
| |
| Using Secure Web E-Mail | |
| |
| |
| Using Anonymous Remailers | |
| |
| |
| Using Web Proxies | |
| |
| |
| Summary | |
| |
| |
| |
| 802.11b Wireless Network Eavesdropping | |
| |
| |
| An Introduction to Wireless Networks | |
| |
| |
| History of the Wireless Network | |
| |
| |
| Spy Tactics | |
| |
| |
| Exploiting the Vulnerabilities | |
| |
| |
| Wireless-Network-Eavesdropping Tools | |
| |
| |
| Countermeasures | |
| |
| |
| Audit Your Own Network | |
| |
| |
| Position Antennas Correctly | |
| |
| |
| Detect Wireless Discovery Tools | |
| |
| |
| Fool Discovery Tools | |
| |
| |
| Enable WEP | |
| |
| |
| Change WEP Keys Regularly | |
| |
| |
| Authenticate MAC Addresses | |
| |
| |
| Rename the SSID | |
| |
| |
| Disable Broadcast SSID | |
| |
| |
| Change the Default AP Password | |
| |
| |
| Use Static IP Addresses versus DHCP | |
| |
| |
| Locate APs Outside Firewalls | |
| |
| |
| Use VPNs | |
| |
| |
| Don't Rely on Distance as Security | |
| |
| |
| Turn Off the AP | |
| |
| |
| Summary | |
| |
| |
| |
| Spying on Electronic Devices | |
| |
| |
| Office Devices | |
| |
| |
| Fax Machines | |
| |
| |
| Shredders | |
| |
| |
| Communication Devices | |
| |
| |
| Telephones | |
| |
| |
| Cellular Phones | |
| |
| |
| Answering Machines and Voice-Mail | |
| |
| |
| Pagers | |
| |
| |
| Consumer Electronics | |
| |
| |
| PDAs | |
| |
| |
| Digital Cameras | |
| |
| |
| GPS Units | |
| |
| |
| Video Game Consoles | |
| |
| |
| MP3 Players | |
| |
| |
| Television Digital Recorders | |
| |
| |
| Summary | |
| |
| |
| |
| Advanced Computer Espionage | |
| |
| |
| TEMPEST--Electromagnetic Eavesdropping | |
| |
| |
| Emanation Monitoring: Fact or Fiction? | |
| |
| |
| EMSEC Countermeasures | |
| |
| |
| Optical TEMPEST--LEDs and Reflected Light | |
| |
| |
| HIJACK and NONSTOP | |
| |
| |
| ECHELON--Global Surveillance | |
| |
| |
| How ECHELON Works | |
| |
| |
| ECHELON Controversy and Countermeasures | |
| |
| |
| Carnivore/DCS-1000 | |
| |
| |
| An Overview of Carnivore | |
| |
| |
| Carnivore Controversy and Countermeasures | |
| |
| |
| Magic Lantern | |
| |
| |
| Modified Applications and Operating System Components | |
| |
| |
| Intelligence-Gathering Viruses and Worms | |
| |
| |
| Viruses and Worms | |
| |
| |
| Countermeasures | |
| |
| |
| Surveillance Cameras | |
| |
| |
| Webcams | |
| |
| |
| Commercial Surveillance Cameras | |
| |
| |
| Summary | |
| |
| |
| |
| What's on the Web Site | |
| |
| |
| Index | |