Coping With Offline Snoops
A good friend prompted me recently to consider a new promising business -- selling and renting tents – SCIF tents, or “Sensitive Compartmented Information Facility” tents.
His suggestion is reminiscent of the 1967 Hollywood movie The Graduate, where the fresh graduate Benjamin, played by Dustin Hoffman, is given “one word” of advice by his father’s friend Mr. McGuire.
“Plastics,” said Mr. McGuire. “There's a great future in plastics. Think about it. Will you think about it?”
That was probably the best spot-on crystal ball prediction Hollywood has ever made. Plastics was a new technology then with an untapped but ultimately rosy future.
Fast forward to 2014 and the “tents” advice has relevance because of the latest revelations that the US National Security Agency has managed to penetrate into computers that are not even connected to the Internet.
According to a report in The New York Times last week, the sources for which include NSA documents, computer experts and American officials, the NSA has used this secret technology since at least 2008, which “relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers”.
I wrote in a recent column how US President Obama takes extreme measures to ward off any threats of secret video or audio surveillance by having security agents set up an anti-spy portable tent in his hotel suite when traveling abroad.
The NSA knows these Sensitive Compartmented Information Facility tents are the best way to counter snooping risks including this secret technology that they have, in case other countries have adopted the same capabilities.
But SCIFs are not just restricted to tents. In the intelligence world where protecting classified information is concerned, a room or a section of a building can be specifically designed as a secure facility with the construction of the walls, floors, ceiling and other interior details following strict standards set by the CIA. In essence, a SCIF facility is meant to hide everything and keep all things safe.
Private individuals and the commercial world are not only deprived of such means to protect their own secrets but are also highly vulnerable to online and now offline snooping by the NSA and others with similar intent.
In this cyber age, data and communications are secrets for an individual and survival for the business world. I wrote in my previous column that the “what’s that to do with me” and “I’m too small to be a target” attitude towards cyber security risks is naïve, fundamentally flawed and simply courting trouble. Take for example how hackers can use special software to piece metadata collected from social networking web sites to find and predict one’s daily movements and locations, which could mean potential kidnapping nightmares for parents and espionage risks for businesses.
I gave a presentation earlier this month to a group of entrepreneurs on how to protect their data and communications in the post-Snowden era. Top among the five measures I recommended is changing cyber lifestyles by having “naked” computers, i.e. not storing a single file in the computer hard disks, apart from the operating system and software program files.
All personal and business documents are to be stored in an external hard disk, which should be backed up regularly in a separate hard disk. There are multiple approaches to this practice but in essence, along with other precautions I have explained in my lecture, using a naked computer to go online and managing all files separately would mean wasted efforts for hackers, unless they managed to seize the computer physically to retrieve the data through imaging technology.
And this “naked” computers practice is still an effective measure even if the NSA and other parties managed to tap into these machines when they were offline. But it has limitations. It may work for individuals and entrepreneurs with small businesses. However, one obviously cannot strip a computer of all of its files in a big company or multinational corporation where all data are centralized via servers.
There are many other ways to protect files and data on computers. Apart from having naked computers, the way one goes online is also critical. This is especially important when one goes on an overseas or business trip, where public wi-fi at hotels, airports and train stations should always be avoided as they are hotbeds for prowling hackers waiting patiently for their prey. And wi-fi is only one of many challenges to getting a secure online connection.
Which brings me back to my friend’s idea of selling and renting SCIF tents to companies and hotels. How much are you willing to pay for real security?
(Vanson Soo runs an independent business intelligence and commercial investigations practice specialized in the Greater China region. Blog: http://vansonsoo.com)