Espionage

Beware The Honey Trap

As security practitioners, we are trained to be aware of our surroundings at all times while on the job. Well trained individuals should always be on guard for threats against our clients or our protected properties, but what happens when we, ourselves, become the target?

At the beginning of April it was discovered that the head of Disney’s regional security for Europe the Middle East and Africa fell victim to a “honey trap” scam. For those unfamiliar with a honey trap, it is essentially a scam in which a con artist will entice a subject with something that is desirable, gain their trust and either convince them to forfeit their valuables or obtain them by force or coercion.

Everyone has weaknesses, and, unfortunately, for Disney Security Chief Paul Kelly, that weakness appears to be women. Sources report that Mr. Kelly, while out at a bar, was approached by a female, slipped a drug and led back up to his room. After arriving at the room the drugs took effect and Mr. Kelly was rendered unconscious for several hours and later treated in hospital with potentially life threatening effects.

Read more here

As security practitioners, law enforcement officers or government employees, we may be entrusted with very sensitive information. It is crucial that we remain aware at all times; not just during our formal working hours. Be ever cognizant for something that may seem too good to be true.

As banal as it may seem, make an effort to truly understand yourself and know your weaknesses. The better we understand what might entice us, the more difficult it will be for someone to employ a honey trap against us.

There are general precautions and multiple considerations when preparing for such an eventuality:

  • Don’t follow that girl. As much of this piece is dedicated to the seduction honey trap, women who may seem especially interested in you or your profession should be treated with extreme caution.
  • Take Favors From No One. Someone who seems overly eager to help you could have an ulterior motive. By seemingly ‘hooking you up’ they may pressure you to reciprocate, often times using guilt or fear as a motivator.
  • Do your Due Diligence: Whenever possible, attempt to find information about someone who is trying to entice you. A conspicuous absence from the cybersphere, or reluctance to give information about themselves, might indicate a false identity or someone who does not wish to be identified.

These are but a few considerations. In the case of social settings such as Mr. Kelly found himself in, consider why an attractive woman might seem randomly interested in you. All of us men like to believe it’s because of our devastating good looks and overabundance of charisma, but step back from yourself and look around.

Observe the room with a critical eye and consider:

  • Are there many unattached men or women present?
  • Out of the apparently eligible men, why might this woman be interested in me?
  • Is her demeanor and dress appropriate for the setting?
  • Is there anyone present in the room that is taking an interest in our conversation/interaction?

Take special note of her behavior and demeanor during the exchange and consider:

  • Does she seem overly interested in your work or professional life?
  • Is she suggesting isolation? I.E. going up to her room, your room, or somewhere else private?
  • Does she seem nervous?
  • Is she attempting to make suggestive physical contact such as touching the knee, playing with your hair etc?
  • Be especially cognizant of someone manipulating your drinks. Do not leave a drink unattended and be aware of anyone attempting to slip some type of drug.

There are a myriad of different techniques women might employ to seduce someone and gain their trust. The ultimate goal is usually isolation. Once isolated, it will be that much easier to spring whatever trap they have planned.

Some honey traps are not a simple one night trick but may span considerable time. Foreign intelligence services have long employed the honey trap in order to develop extensive relationships and cultivate valuable intelligence. There have been multiple incidents of foreign operatives using honey traps. Much of the time, these types are cultivated slowly and the victim believes the motives of the other person are genuine. These types of traps are very difficult to counter. Read more about that here.

Honey traps are an effective means of manipulation and fraud. The fraudster need only determine one’s weakness and exploit it. As security, law enforcement or government employees we are especially vulnerable to this type of exploitation. It is incumbent upon all of us to know ourselves, our weaknesses and what someone may have to gain by seducing us. Falling prey will not only compromise us as an individual, but will negatively impact our clients, our organizations and our businesses.

Advertisements

Cyber Ghosts: Digital Espionage and the New Cold War

Two new revelations from the intelligence community this week have reiterated the gravity of cyber warfare and its effect on US national defense. The first occurred during President Obama’s visit to China. During that time, China was busy hosting the 10th China International Aviation and Aerospace Exhibition in ZhuHai China (中国国际航空航天博览会). The main attraction at the airshow was the new chinese J-31 fighter. Almost immediately, opinion began circulating regarding how the J-31, like its predecessor prototype the J-20, looked remarkably like the US F-35 Joint Strike Fighter and the F-22 Raptor. A quick look at the above photograph and anyone can see that the resemblance is undeniable.

While much of the conversation surrounding the J-31 in the media, social media and blogosphere is writing off the new jet as a cheap knockoff of the F-35, likely incapable of the same technological feats, the underlying issue here is not the jet itself, but its implications. It is no secret that the Chinese are suspected of many sophisticated cyber attacks against US infrastructure and defense. Examples abound for this type of intrusion and for the sake of length this article will not expand on them, rather the point here is to focus on the ramifications of cyber warfare.

Cyber warfare is “action by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks” (Rand). Cyber attacks are not limited to attacks on defense apparatuses such as government contractors. These attacks can be targeted toward any number of areas to include critical infrastructure such as power grids or financial centers. The risks of a cyber attack are unique in that they can happen very quickly and be nigh untraceable. Compared to traditional forms of war, cyber warfare is inexpensive, highly effective and offers a high degree of anonymity and plausible deniability.

Two of the main concerns of cyber warfare are disruption of critical infrastructure and cyber espionage. For example, a foreign government may lack the will or ability to launch a true campaign which would cost billions, result in true warfare, and the loss of life and regional stability. Perhaps this country doesn’t want a traditional war with a superpower like the United States due to economic concerns, but still wants to degrade their capabilities and injure their economy. Cyber attacks against infrastructure are an attractive and potent option. Hacking into financial centers or energy infrastructure might allow them to damage our economy, cause widespread blackouts, civil unrest, etc. The ability for cyber warriors to cover their tracks provides this hypothetical country with plausible deniability and a certain degree of shelter from potential repercussions. Still, the risks associated with being discovered are severe which leads to cyber espionage as another attractive option.

Cyber espionage is the use of computer networks to gain illicit access to confidential information, typically held by a government or other organization (Oxford). In essence, it is the stealing of secrets by way of digital intrusion. Going back to the beginning of this piece the J-31 is a foreboding example of cyber espionage. Headlines going back to 2011 claim that both Lockheed Martin, the main company behind the F-35 program, and BAE systems, a program subcontractor, were affected by cyber attacks. What information was taken isn’t widely available but defense experts acknowledge that it played a large role in the production of Chinese 5th generation jets. Furthermore, China’s production of 5th generation equipment likely means that it will not remain in China but will be exported to their allies which are less than amicable to the US.

A huge concern over these attacks and others like it is the possibility that cyber warfare can be used in real time on the battlefield. Some have speculated that with information gained about network security, hackers could conceivably disable or even hijack electronic devices such as those found on the Joint Strike Fighter. This scenario might elicit eye rolls from many but the possibility exists.

During research for a past study I came across the SkyJack. The SkyJack is basically a Parrot AR Drone outfitted with a special program that allows it to sniff out wireless signals from other drones and then take control. Granted, we’re talking about toys here but it is compelling nonetheless. In the hands of sophisticated hackers armed with sensitive information about a next-generation fighter’s network capabilities, it is conceivable that the controls could be seized. At minimum, with access to flight controls and guidance system, the platform could be disabled and rendered useless.

Cyber warfare is a potent weapon in the digital age but is still in its infancy. Everyday, hackers are becoming more sophisticated in their methods. Keeping up with the changes in methodology and technical prowess is a daunting task and one that the bloated bureaucratic system has been failing. Nevertheless, President Obama’s Feb. 2013 executive order stressed the importance of improving our cyber security framework and denying intrusion into our critical infrastructure. Whether or not it is too little too late will remain to be seen but cyber attacks will continue and escalate. It is incumbent on the intelligence community and private industry alike to develop methods to counter such attacks and ensure sensitive information is not surrendered to third parties.

Sources:

http://www.cfr.org/technology-and-foreign-policy/confronting-cyber-threat/p15577

http://www.rand.org/topics/cyber-warfare.html

http://csis.org/files/publication/140313_FireEye_WhitePaper_Final.pdf

http://online.wsj.com/articles/chinas-cyber-theft-jet-fighter-1415838777

http://mobile.reuters.com/article/idUSKBN0HC1TA20140918?irpc=932

http://www.theaustralian.com.au/news/world/security-experts-admit-china-stole-secret-fighter-jet-plans/story-fnb64oi6-1226296400154?nk=e0e4d2d94e1921e8a820447704b756a0

http://www.washingtonpost.com/local/chinese-hack-us-weather-systems-satellite-network/2014/11/12/bef1206a-68e9-11e4-b053-65cea7903f2e_story.html

http://mobile.reuters.com/article/idUSBRE91I06120130220?irpc=932

http://www.nytimes.com/2011/06/04/technology/04security.html?_r=0

http://www.gizmag.com/skyjack-hijacks-other-drones/30055/

http://mashable.com/2013/12/06/hacker-drone-hijack-skyjack/

http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity

http://bakerinstitute.org/media/files/Research/e00e5348/Pub-IT-HacksonGas-020514.pdf

http://21stcenturywire.com/2014/08/07/flight-control-boeings-uninterruptible-autopilot-system-drones-remote-hijacking/