back to article Look out, sysadmins - HOT FOREIGN SPIES are targeting you

MI5 has warned that foreign spy agencies are targeting IT workers within big organisations as a means of gaining privileged access to sensitive data. The security service's warning about spy-infiltration tactics is a bid to encourage corporations to bolster their defences against such attacks, the FT (via the Daily Mail) …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Well if it involves...

    ..an attractive 6ft+ seductress and a huge wad of cash...sign me up.

    Yes I'm that shallow.

    1. Nick Ryan Silver badge

      Re: Well if it involves...

      Yes I'm that shallow.

      I'm not. How tall is Anna Chapman? :)

    2. Ken Hagan Gold badge

      Re: Well if it involves...

      "Yes I'm that shallow."

      And for the GCHQ strategy of "stiff upper lip" to succeed, we need *every* IT admin to be "not that shallow". Hmm ... I think I see a teensy-weensy flaw in this plan.

      Meanwhile, other parts of the Establishment are trying to increase the numbers of women in IT.

      1. Anonymous Coward
        Anonymous Coward

        Re: Well if it involves...

        Are they all Chinese/Russian/American spies too? Gosh darn it. But then it's a bit sexist to assume woman in IT wouldn't just as likely be swayed by a handsome well financed young man. Or homosexuals, or anyone else for that matter. Modern world - a very connected place but often a very lonely one too.

        On the other hand in the modern world where every government agency is harvesting information from every interconnecting pipe they can get their black boxes into I think the need for foreign governments to infiltrate is lower then people like to make out.

        Misdirection perchance?

        Maybe companies should pay their staff better and treat them better and be loyal to them and stop having the annual pdr a useless box ticking enterprise where you can put down anything you like as nobody but your line manager will ever read it and they already know the score. Ah well.

    3. Stoneshop Silver badge

      Re: Well if it involves...

      I totally wouldn't mind that barista at the train station who was interested in what kind of job I had, to try and extract some more info from me.

      An acceptable alternative would be a svelte SE Asian. Either to be accompanied by a worthwhile amount of moolah, of course.

    4. Vociferous

      Re: Well if it involves...

      > an attractive 6ft+ seductress

      If I remember correctly, LulzSec used that approach on at least one occasion.

  2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    Foreign spy agencies eh?

    "The security service's warning about spy-infiltration tactics is a bid to encourage corporations to bolster their defences against such attacks.

    MI5 and their colleagues in GCHQ can play their part in developing good solid strategy in defending against this kind of attack by not allying themselves with the foreign spy agency responsible. Just an idea I thought I'd throw out there

    1. Anonymous Coward
      Anonymous Coward

      Re: Foreign spy agencies eh?

      "MI5 and their colleagues in GCHQ can play their part in developing good solid strategy in defending against this kind of attack "

      Hopefully they are, but a few months back GCHQ & MI5 sent some people round to our offices, and interviewed me along with a group of (supposedly) random colleagues, asking what we thought suspicious activity would look like, as part of an information gathering and awareness raising session. The "right" answers were all the obvious old school stuff - the employee who has changed their habits, the employee who wants to work alone in the office at weekends, the bloke in accounts payable who insists on letting in strange visitors without signing them in etc etc.

      Admittedly the "random" group had few IT people, and mostly people from high value functional target teams, but there was nothing about data security, about protecting information, recognising phishing and spear scams, nothing about how users can minimise their chances of admitting APTs, nothing about proper use of access rights, encryption, or how to monitor suspicious activity on network shares, or audit file access activity.

      All in all a very poor show, and I could have done better myself.

  4. Don Jefe

    Next Frontier?

    If false/stolen/copied credentials are the 'next frontier', what have all those Admins been bitching about for the last two decades? Are they involved in some sort of anti Post-It long game?

    On that note, what has the Quote Droid who said 'next frontier' been doing with his work time? I'm going to guess it doesn't involve any ongoing reviews of security related news. Nor has he studied any part of history, watched Dr. Who or any of the hundreds of films where false credentials allow some plucky hero, or plucky anti-hero, to gain passage through otherwise impenetrable defenses. Saying things like that isn't a confidence builder you know.

    1. dan1980

      Re: Next Frontier?

      Well, I am against sticky notes for all manner of reasons, not least of all their sub-par adhesion.

      The problem is trying to convince people that usernames aren't bound to specific PCs* and so they should just log in with their own password rather than that of whomever normally sits at the PC.

      That's always been the weakest link and there are very few IT solutions. Sure you can have 2-factor auth but that assumes that a user wont record their passkey with the card/usb-key. At some point, It's up to management to actually ENFORCE the relevant policies!

      * - At least in most systems we manage, though some PCs are obviously restricted.

      1. Anonymous Coward
        Anonymous Coward

        Re: Next Frontier?

        When that guy at 3M developed the not-so-sticky sticky stuff he had no idea what hell he was creating.

        I've found one method that works for even the most stubborn password haters.

        Get them to print out a page that they might normally have on their desk or work area, pick a long phrase, sentence, number or combination from that and use that as the password. Passwords left in plain sight still but a whole lot harder to grab as a casual passing set of eyes. Sure you could photograph and OCR every bit of visible text in the area then try to guess the bits used and in what order but really you probably are going to try something easier, stick a typpo or two in theyre and it gets better.

        AC for obvious reasons.

  5. Chazmon

    determined?

    I love the fact that hackers are becoming more determined. It implies that until recently they were just dabbling a bit on the side.

    "Oh the phishing attack on HMRC didn't work? Ah well back to the allotment."

  6. Pete 2 Silver badge

    They'd never get me

    I would just like to say that I will never be bribed by the offer of hot sex, fine wines, good meals and holidays in the Carribean (even if they were on a large yacht). And I challenge any interested spy agencies to try to prove otherwise.

    1. Nick Ryan Silver badge
      IT Angle

      Re: They'd never get me

      I've been offered bribes of sex and cash in the past. Unfortunately it was a long time in the past and when I was working on the gates to a concert, nothing IT related.

    2. Mephistro Silver badge
      Thumb Up

      Re: They'd never get me

      "I will never be bribed by the offer of hot sex, fine wines, good meals and holidays in the Carribean "

      Hmmm... How about "a ton of cash, an amusing clock and a sack of French porn. "?

      1. Pete 2 Silver badge

        Re: They'd never get me

        > Hmmm... How about "a ton of cash, an amusing clock and a sack of French porn. "?

        Ach! you spies. You know every man's weakness. But before I betray my country and my employer, tell me more about the clock.

        1. Ken Hagan Gold badge

          Re: They'd never get me

          I assumed the amusing clock was a typo.

  7. NoneSuch

    Of course, GCHQ, MI5 and 6 would never use those same tactics to get onto systems they want access to now would they?

    1. Yet Another Commentard

      @NoneSuch

      Captain Darling: So you see, Blackadder, Field Marshall Haig is most anxious to eliminate all these German spies.

      General Melchett: Filthy hun weasels, fighting their dirty underhand war!

      Captain Darling: And fortunately, one of our spies...

      General Melchett: Splendid fellows, brave heroes risking life and limb for Blighty!

    2. phuzz Silver badge
      Trollface

      Nah, that would show too much independence. They'd only do it if the yanks told them to.

    3. IglooDude

      Why bother when they can just scare legislators and MPs into passing regulations requiring legal access?

  8. Truth4u

    the IT guy you've known for years is a spy

    Normal people and abnormal people who want to look normal begin a Monday morning by asking how your weekend was, but now there is a new class of people, normal people who ask about your weekend to put it in a spy database. statistics show that any given IT worker is 40% likely to be a spy.

    If you are not paranoid you should be. Everyone should be at least 40% paranoid.

  9. Buzzword

    They're already here

    Since our IT department consists 80% of foreign nationals, I think we're already wide open.

    This seems to be the norm, at least in London and the southeast.

    1. Destroy All Monsters Silver badge

      Re: They're already here

      Wide open, eh?

      Say no more, say no more!!

  10. JimmyPage Silver badge
    Headmaster

    2 Blackadder quotes in 13 posts !

    *and* from different series !

    This must be a record.

    Somewhere.

  11. Anonymous Coward
    Anonymous Coward

    "The concept of Anna Chapman types flirting with the likes of Moss from the IT Crowd in order to gain access to sensitive information sounds absurd"

    Not at all. My housemate (think Moss with much less hair) had a fit leggy blonde who was buttering him up (with homemade carrot cake, no less) at his last site, and was very suspicious. I would have thought something was up too, since the attention of attractive women isn't something I normally attract.

    1. Dan 55 Silver badge
      Coat

      Maybe she liked him because he was emotionally artistic?

  12. 45RPM Silver badge

    Hmm. Love of country versus getting my end away?

    Well, make love not war they say - I'll vote for making the beast with two backs.

  13. Destroy All Monsters Silver badge
    Holmes

    Nice ladies on your boxes?

    I wonder if that french software house from last week "outrage of the week" section was up to something?

  14. Anonymous Coward
    Anonymous Coward

    Yeah this is real all right

    Now us ugly, socially inept repulsive individuals will have added value in the market place, oh yeah bring it on, kerching.

    "Can you imagine how much it would cost to get someone to befriend him? not going to happen" I bet the crooks are saying, might start attaching my photo to the CV again.

    make sure i post this anonymous... oh the phones ringing..

  15. vang0gh
    Facepalm

    She said she loved me!

    You know, I thought it was odd that Gretchen's turn-ons included SA passwords and SSH keys.

  16. Anonymous Coward
    Anonymous Coward

    Fun facts for foreign spies.

    * I have admin access to a growing number of servers in my area.

    * I quite liked that Russian spy girl in season 7 of Burn Notice.

    * I live in Australia.

    * I enjoy long walks along the beach.

    Wait... Instead of listing all that here, is there some sort of official spy dating service that matches us nerds to our preferred spy-ladies?

  17. MartinBZM

    Spys'R'us catalog

    Send me one containing lots of long stemmed fully blossomed auburn topped specimens.

    ...

    Please?

  18. Anonymous Coward
    Coat

    I'm with Pete 2.

    There's nothing you could offer me that would entice me to provide my customers' data. But if you offer me enough, I'd be tempted to get you into a bidding war with the authorities.

    Nope, there's not enough money in that pocket.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019