Welcome to the SecAware blog

I spy with my beady eye ...

31 Mar 2010

Inside GCHQ

Fascinating BBC report on GCHQ, the UK Government Communications HQ - "GCHQ: Cracking the Code".

There's a nod to Bletchley Park's work cracking Enigma in WWII.

Clifford Cocks talks about inventing PKI "overnight".

GCHQ employees talk enthusiastically about the buzz their work gives them and the 'culture of security' which extends to home life, avoiding any specifics of course.

The reporter and guides describe the 10,000 square metres of computer halls in the centre of the donut, and their dependence on cooling water ...

They mention monitoring Web 2.0, VOIP and other Internet comms globally, and the need to adapt quickly to agile targets exploiting new security technologies and constantly watching for new exploits.

The ethics of snooping/spying and the inevitable privacy compromises that entails get a good mention: the very fact that the program was produced at all is surely a positive sign of GCHQ management and indeed the British government's intent to be more open.

GCHQ people are now 'embedded' with military units deployed around the world, sharing intelligence (no doubt in both directions).

Bonus marks for picking out all the other the physical security controls mentioned throughout the programme, and the social engineering potential of a program like this, no matter how carefully produced and edited.

23 Mar 2010

Novel money mule scam

Here's a scam I've not seen before, received by email:

Hello, My name is Raphael Scott I would be in your country for a seven days business meeting with 10 people. Do you have any vehicle or vehicles we could use during the period of our stay. The vehicle(s) would needed during on the following dates: ARRIVAL DATE: 23TH APRIL 2010 DEPARTURE DATE: 30TH APRIL 2010 Remember our movement basically from airport to hotel and venue conference, about 20 miles within the vicinity. Your duty is only to arrange vehicles and drivers that will contain 10 people for seven days. We would be happy if you could provide us with any of the following 2 mini buses , 2 sedans, 8 to 16 cheater bus or a Limousine. Let know a quote or estimate for the seven days. We would need the car with a driver. I would send a deposit via credit card details as soon as this booking is confirmed. I hope you do accept credit cards? Kindly email me if you have availability on those dates, also tell me the area you operate in your country. Kindly confirm this booking with the vehicle details and total cost for the 7 days. Best Regards Raphael Scott 28 Montague Street London WC2B 5BP +447011196388

I presume the intention is to get victims to launder credit card payments, as money mules, in much the same way as those lame requests along the lines of "I want to buy your products. Do you take credit cards? Please send me your prices ...".

I feel a bit sorry for those who fall for this kind of nonsense, but on the other hand some of them are just greedy and must surely know this is not legit.

Steer well clear.

20 Mar 2010


Malware, an old favorite, is the security awareness topic for this month's NoticeBored module. One of the issues noted in the awareness materials is that of user PCs picking up infections simply by visiting infectious websites ... like for example a 'bargain shopping' site in Australia that had evidently been exploited by hackers. According to the news report, certain browsers warned users when they visited the site and hopefully, if the users were aware enough to take note of the warnings and not override the technical controls, that would have significantly reduced the risk of being infected. On top of that, the malware was probably recognized by normal antivirus software, further reducing the risk. However, unaware users without these controls may well have drawn the short straw, and to make matters worse they may still be blissfully ignorant of the infection.