| |
| |
Acknowledgments | |
| |
| |
Introduction | |
| |
| |
| |
Spies | |
| |
| |
Getting to Know Spies | |
| |
| |
What Spies Are After and Who They Are | |
| |
| |
Business Spies--Economic Espionage | |
| |
| |
Bosses--Employee Monitoring | |
| |
| |
Cops--Law Enforcement Investigations | |
| |
| |
Private Eyes and Consultants--Private Investigations | |
| |
| |
Spooks--Government-Sponsored Intelligence Gathering | |
| |
| |
Criminals--Ill-Gotten Gains | |
| |
| |
Whistleblowers--For the Public Good | |
| |
| |
Friends and Family--with Friends like These | |
| |
| |
Determining Your Level of Paranoia | |
| |
| |
Risk Analysis 101 | |
| |
| |
Five-Step Risk Analysis | |
| |
| |
Summary | |
| |
| |
| |
Spying and the Law | |
| |
| |
Laws that Relate to Spying | |
| |
| |
Omnibus Crime Control and Safe Streets Act of 1968 (Title III--Wiretap Act) | |
| |
| |
Foreign Intelligence Surveillance Act of 1978 | |
| |
| |
Electronic Communications Privacy Act of 1986 | |
| |
| |
Computer Fraud and Abuse Act of 1986 | |
| |
| |
Economic Espionage Act of 1996 | |
| |
| |
State Laws | |
| |
| |
Implications of the USA Patriot Act of 2001 | |
| |
| |
Wiretap and Stored Communications Access Acts | |
| |
| |
Foreign Intelligence Surveillance Act | |
| |
| |
Computer Fraud and Abuse Act | |
| |
| |
Other Provisions | |
| |
| |
State Laws | |
| |
| |
The Realities of Enforcement | |
| |
| |
Civil versus Criminal Court | |
| |
| |
Bosses and Employees--Legal Spying | |
| |
| |
Legal Issues with Family Members | |
| |
| |
Summary | |
| |
| |
| |
Black Bag Jobs | |
| |
| |
A Look Inside the Black Bag | |
| |
| |
Physical and Network Black Bag Jobs | |
| |
| |
Planned and Opportunistic Black Bag Jobs | |
| |
| |
Spy Tactics | |
| |
| |
Spy Games | |
| |
| |
Inside a Government Black Bag Job | |
| |
| |
Exploiting the Vulnerabilities | |
| |
| |
Researching and Planning the Operation | |
| |
| |
Gaining Entry | |
| |
| |
Documenting the Scene | |
| |
| |
Countermeasures | |
| |
| |
Physical Security | |
| |
| |
Security Policies | |
| |
| |
Summary | |
| |
| |
| |
Breaching the System | |
| |
| |
Spy Tactics | |
| |
| |
Exploiting the Vulnerabilities | |
| |
| |
System-Breaching Tools | |
| |
| |
Countermeasures | |
| |
| |
Security Settings | |
| |
| |
Effective Passwords | |
| |
| |
Encryption | |
| |
| |
Summary | |
| |
| |
| |
Searching for Evidence | |
| |
| |
Legal Spying | |
| |
| |
How Computer Cops Work | |
| |
| |
Seizure | |
| |
| |
Forensic Duplication | |
| |
| |
Examination | |
| |
| |
Spy Tactics | |
| |
| |
Exploiting the Vulnerabilities | |
| |
| |
Evidence-Gathering Tools | |
| |
| |
Countermeasures | |
| |
| |
Encryption | |
| |
| |
Steganography | |
| |
| |
File Wipers | |
| |
| |
Evidence-Eliminating Software | |
| |
| |
Summary | |
| |
| |
| |
Unprotecting Data | |
| |
| |
Spy Tactics | |
| |
| |
Exploiting Vulnerabilities | |
| |
| |
Cracking Tools | |
| |
| |
Countermeasures | |
| |
| |
Strong Encryption | |
| |
| |
Password Policies | |
| |
| |
Password Lists | |
| |
| |
Password Alternatives | |
| |
| |
Summary | |
| |
| |
| |
Copying Data | |
| |
| |
Spy Tactics | |
| |
| |
Use Available Resources | |
| |
| |
Use Compression Tools | |
| |
| |
Consider Other Data | |
| |
| |
Understand What's Involved in Copying Data | |
| |
| |
Storage Media to Target | |
| |
| |
Floppy Disks | |
| |
| |
CD-R/CD-RWs | |
| |
| |
DVDs | |
| |
| |
ZIP Disks | |
| |
| |
Memory Storage Devices | |
| |
| |
Hard Drives | |
| |
| |
Tape Backup Systems | |
| |
| |
Alternate Methods of Copying Data | |
| |
| |
Transferring Data Over a Network | |
| |
| |
Digital Cameras | |
| |
| |
Summary | |
| |
| |
| |
Snooping with Keyloggers | |
| |
| |
An Introduction to Keyloggers | |
| |
| |
Spy Tactics | |
| |
| |
Exploiting the Vulnerabilities | |
| |
| |
Keylogger Tools | |
| |
| |
Countermeasures | |
| |
| |
Viewing Installed Programs | |
| |
| |
Examining Startup Programs | |
| |
| |
Examining Running Processes | |
| |
| |
Monitoring File Writes | |
| |
| |
Removing Visual Basic Runtimes | |
| |
| |
Searching for Strings | |
| |
| |
Using Personal Firewalls | |
| |
| |
Using File Integrity and Registry Checkers | |
| |
| |
Using Keylogger-Detection Software | |
| |
| |
Using Sniffers | |
| |
| |
Detecting Hardware Keyloggers | |
| |
| |
Exploiting Keylogger Passwords | |
| |
| |
Using Linux | |
| |
| |
Watching for Unusual Crashes | |
| |
| |
Removing Keyloggers | |
| |
| |
Summary | |
| |
| |
| |
Spying with Trojan Horses | |
| |
| |
Spy Tactics | |
| |
| |
Exploiting the Vulnerabilities | |
| |
| |
Trojan Horse Tools | |
| |
| |
Countermeasures | |
| |
| |
Network Defenses | |
| |
| |
Using Registry Monitors and File-Integrity Checkers | |
| |
| |
Using Antivirus Software | |
| |
| |
Using Trojan Detection Software | |
| |
| |
Removing Trojan Horses | |
| |
| |
Using Non-Microsoft Software | |
| |
| |
Summary | |
| |
| |
| |
Network Eavesdropping | |
| |
| |
Introduction to Network Spying | |
| |
| |
Types of Network Attacks | |
| |
| |
Network Attack Origin Points | |
| |
| |
Information Compromised During Network Attacks | |
| |
| |
Broadband Risks | |
| |
| |
Spy Tactics | |
| |
| |
Exploiting the Vulnerabilities | |
| |
| |
Network-Information and -Eavesdropping Tools | |
| |
| |
Countermeasures | |
| |
| |
Applying Operating System and Application Updates | |
| |
| |
Using Intrusion Detection Systems | |
| |
| |
Using Firewalls | |
| |
| |
Running a Virtual Private Network | |
| |
| |
Monitoring Network Connections | |
| |
| |
Using Sniffers | |
| |
| |
Using Port and Vulnerability Scanners | |
| |
| |
Encrypting Your E-Mail | |
| |
| |
Encrypting Your Instant Messages | |
| |
| |
Using Secure Protocols | |
| |
| |
Don't Trust "Strange" Computers and Networks | |
| |
| |
Hardening Windows File Sharing | |
| |
| |
Using Secure Web E-Mail | |
| |
| |
Using Anonymous Remailers | |
| |
| |
Using Web Proxies | |
| |
| |
Summary | |
| |
| |
| |
802.11b Wireless Network Eavesdropping | |
| |
| |
An Introduction to Wireless Networks | |
| |
| |
History of the Wireless Network | |
| |
| |
Spy Tactics | |
| |
| |
Exploiting the Vulnerabilities | |
| |
| |
Wireless-Network-Eavesdropping Tools | |
| |
| |
Countermeasures | |
| |
| |
Audit Your Own Network | |
| |
| |
Position Antennas Correctly | |
| |
| |
Detect Wireless Discovery Tools | |
| |
| |
Fool Discovery Tools | |
| |
| |
Enable WEP | |
| |
| |
Change WEP Keys Regularly | |
| |
| |
Authenticate MAC Addresses | |
| |
| |
Rename the SSID | |
| |
| |
Disable Broadcast SSID | |
| |
| |
Change the Default AP Password | |
| |
| |
Use Static IP Addresses versus DHCP | |
| |
| |
Locate APs Outside Firewalls | |
| |
| |
Use VPNs | |
| |
| |
Don't Rely on Distance as Security | |
| |
| |
Turn Off the AP | |
| |
| |
Summary | |
| |
| |
| |
Spying on Electronic Devices | |
| |
| |
Office Devices | |
| |
| |
Fax Machines | |
| |
| |
Shredders | |
| |
| |
Communication Devices | |
| |
| |
Telephones | |
| |
| |
Cellular Phones | |
| |
| |
Answering Machines and Voice-Mail | |
| |
| |
Pagers | |
| |
| |
Consumer Electronics | |
| |
| |
PDAs | |
| |
| |
Digital Cameras | |
| |
| |
GPS Units | |
| |
| |
Video Game Consoles | |
| |
| |
MP3 Players | |
| |
| |
Television Digital Recorders | |
| |
| |
Summary | |
| |
| |
| |
Advanced Computer Espionage | |
| |
| |
TEMPEST--Electromagnetic Eavesdropping | |
| |
| |
Emanation Monitoring: Fact or Fiction? | |
| |
| |
EMSEC Countermeasures | |
| |
| |
Optical TEMPEST--LEDs and Reflected Light | |
| |
| |
HIJACK and NONSTOP | |
| |
| |
ECHELON--Global Surveillance | |
| |
| |
How ECHELON Works | |
| |
| |
ECHELON Controversy and Countermeasures | |
| |
| |
Carnivore/DCS-1000 | |
| |
| |
An Overview of Carnivore | |
| |
| |
Carnivore Controversy and Countermeasures | |
| |
| |
Magic Lantern | |
| |
| |
Modified Applications and Operating System Components | |
| |
| |
Intelligence-Gathering Viruses and Worms | |
| |
| |
Viruses and Worms | |
| |
| |
Countermeasures | |
| |
| |
Surveillance Cameras | |
| |
| |
Webcams | |
| |
| |
Commercial Surveillance Cameras | |
| |
| |
Summary | |
| |
| |
| |
What's on the Web Site | |
| |
| |
Index | |