18. December 2009 by Revelator.

This is just unfreakingbelievable!

Hackers steal SKorean-US military secrets By KWANG-TAE KIM, Associated Press Writer Kwang-tae Kim, Associated Press Writer Fri Dec 18, 7:19 am ET

The USB device contained a summary of plans for military operations by South Korean and U.S. troops in case of war on the Korean peninsula. Won said the stolen document was not a full text of the operational plans, but an 11-page file used to brief military officials. He said it did not contain critical information.

Pardon? Did I read that wrong? Let me check…”He said it did not contain critical information.” Nope - I read it right. Still can’t believe it. I mean, are you kidding me? An 11 page Executive Summary of our South Korean defense plans (OPLAN 5027) contains no sensitive information? Am I dead? Did I go to OPSEC hell and not get greeted by the demon of OPSEC? I’ve met this demon before - his name is Ignorance - so I’m pretty sure I would know him if he was greeting me at the gates of OPSEC hell. Perhaps this is a dream? Damn it people - just saying something isn’t so does not make it not so. Sure that’s a horrible sentence but let me show one that is far worse: “He said it did not contain critical information.” See? Much worse.

And don’t give me that nonsense that denying it had critical information is our way of not confirming to the North Koreans that it did indeed contain sensitive information. You know who says stuff like that? People who don’t understand the adversary. To be so blind as to think that North Korea doesn’t have a damn good idea of what is essentially contained in OPLAN 5027 is the height of ignorance. Especially since you can find older versions of OPLAN 5027 in all it’s classified glory on the internet.

I’ll grant that the 11 page summary may have been unclassified but there is no way I’m going to grant it didn’t contain critical information. Unless the only definition you have of critical information is anything that’s classified - and we know that’s just not true. Too bad not everybody understands that these days.

Thanks to my good friend Kirk for letting me know about this.

Keep the Faith!
Revelator

Tell It Like It Is - Aaron Neville

Posted in Risk, Critical Information, BS, Vulnerabilities, Threat, Media, WWW, Computer Intrusions | Print | No Comments »

8. October 2009 by Revelator.

So I’m searching “OPSEC” on YouTube yesterday, as I am wont to do from time to time, and I ran across a new video titled “Atomic OPSEC Part 1.” I noticed that it was from the Department of Energy’s Nevada Site Office and I took this as a good sign. I liked what they did with their “OPSEC Hunters” video so I thought I would check it out.

Well, I gotta tell you this new video is even…

Ok, I can’t do this anymore. Let the BS end right here…

We made the video. That’s right; I wrote it and acted in it - my fellow DOG of OPSEC directed it and the new guy plays the scientist. We think it’s pretty good and think y’all might like it also so go to YouTube and search “Atomic OPSEC” and watch parts 1 and 2. Total time is around 13 minutes. We hope you like it.

Keep the Faith!
Revelator

Posted in BS, Awareness, WWW, Media, Movies | Print | 1 Comment »

9. October 2008 by Revelator.

Exerpt from an article I recently read: “Organizations are shifting their focus to the threat posed by insiders and turning their attention to training and data protection, according to a recently released survey. The 2008 Global Information Security Workforce Study, conducted by analyst firm Frost and Sullivan for certification organization (ISC)2, surveyed 7,548 information security professionals worldwide. 51% of respondents said internal employees pose the biggest threat to their organizations. The finding represents an ongoing trend in the past two to three years, as the numbers of remote workers and portable storage devices have jumped in the enterprise, said Frost & Sullivan’s network security industry manager. ‘That increases the chance of something happening, whether it’s malicious employees or just someone with good intentions but walks out of the building with data so they can work at home,’ he said. The findings are supported by Information Security’s Priorities 2008 survey, in which 70% of participants said they are worried about detecting and thwarting internal attacks.”

‘Bout time people start understanding what us OPSEC Professionals have known for quite a long time - unless you are in battle (and sometimes even then), the internal threat is the biggest threat to your organization. I wrote a blog entry on 30 May titled “Welcome to the Jungle” that spoke to this very thing.

From my perspective this isn’t an on-going trend from the past 2 or 3 years - it’s an on-going trend period. And it will never stop. Certainly advancing technology has made it easier for the malicious insider to cause harm but it has also made it easier for our biggest threat - the unitentional insider - to screw up and cause harm. Either through ignorance, lazyness, or simple lack of caring the unintentional insider is the single most devastating threat to your organization. You can attempt to counter this with an aggressive awareness program and constant employee vigilence within the organization but the threat will remain. Understanding is half the battle - now act on this understanding.

Keep the Faith!
Revelator

Insider - Tom Petty and The Heartbreakers

Sample “Insider” lyrics…
It’s a circle of deception
It’s a hall of strangers
It’s a cage without a key
You can feel the danger
And I’m the one who oughta know
I’m the one you couldn’t trust
Yeah I’m the lonely silent one
I’m the one left in the dust

Posted in Media, Program Management, General OPSEC | Print | No Comments »

9. October 2008 by Revelator.

Here are the titles of some articles I’ve come across lately. I haven’t included the full content of the articles but I think that, just based on the titles, you’ll see why I’m a bit concerned…

“Internet Flaw Could Let Hackers Take Over The Web” - I think that if this is true they might not want to detail how this could actually happen - which they did. Yeah, the article spoke very specifically about exactly what the flaw was and how to exploit it. Cool, huh?

“Airports Vulnerable to Attack” - While I suspect we all agree that yes, there are still some vulnerabilities that reality and budget constrains won’t allow us to directly address but this article explained how our airports were vulnerable and how bad guys could exploit these vulnerabilites.

“Billions More Needed to Secure U.S. Embassies” - Well then, please tell me what we need to spend this money on exactly and further I would like to know how not having these things can immediately put these embassies at risk. And while you’re at it go ahead and tell me which embassies are the most vulnerable so I don’t waste my time trying to blow up the wrong one. Anybody want to guess if the article actually did this?

“Research Reveals Patterns of Terrorist Preparation” - While, as a citizen, I am very happy that our law enforcement agencies have found patterns that may tip them off to terrorist activities, I am not real happy that we told the terrorists this. Seems to me that Terry Terrorist might begin to change his/her tactics and prepare for their activities in a whole new way thereby negating the intelligence advantage we had until this article came out.

Folks, I’m no arbiter of what is right or wrong to put into print and I have no educational background to argure the public’s “right to know” but as an OPSEC Professional it just seems to me that we are making waaaaaaaaaaaaaaaaaaaaaaaaaaaaay too much sensitive information available. For those of you out there actively practicing OPSEC, this is just one of the reasons you need to do Open Source searches on your own organization. It’s always good to know what the bad guy already knows about you - then you can focus your protection efforts on what is not known and you can also be proactive about dealing with what is known about your organization, mission or specific activities.

Keep the Faith!
Revelator

Bring The Noise - Public Enemy

Posted in WWW, Media | Print | No Comments »

26. August 2008 by Revelator.

An exerpt from SCIENTIFIC AMERICAN magazine, May 1908 (that’s right 1908 - 100 years ago…)

“Soon after the first reports were received regarding the flights being made by the Wright brothers in testing their aeroplane, a considerable number of newspaper correspondents visited the scene of the trials among the high and pointed sand dunes of the North Carolina coast south of Norfolk, Virginia. The brothers refused to make any flights, however, when the reporters were near at hand, and so the gentlemen of the press were obliged to keep in hiding nearly a mile away from the scene of operations, and to merely watch the machine from afar through spyglasses when it was flying.”

The term OPSEC may have been coined by the original Purple Dragon crew but many examples of OPSEC in action resound throughout history - this is but one more.

Keep the Faith!
Revelator

Enter Sandman - Metallica

Posted in History, Media, General OPSEC | Print | No Comments »

13. May 2008 by Revelator.

     As some of you know I am blessed to have the honor and pleasure of travelling around this great country of ours giving speeches about OPSEC and Security Awareness.  At each and every stop on my tour I get asked about Ray Semko, AKA “The Diceman” or simply “Dice”.  I must admit it’s starting to get annoying when after each speech some well meaning audience member comes up and says something like; “Great speech!  You educated and entertained me and we don’t get that around here to often.  The last time was when that guy Diceman was in town.  He’s great - do you know him?” 

    Yeah, I know him.  I mean, we’re not swapping love notes in gym class but we’ve had a beer or two together over the years.  Hell, he was the guy who convinced me to spend $300 on a custom robe and do my ”Revelator” speeches as they were intended - full out.  I first saw Ray speak at a National OPSEC Conference almost 10 years ago and he not only inspired me in my new chosen field but he also showed me that with enough knowledge and passion one single person could have an impact on many.  I set some significant goals that day and later that night he encouraged me to persue these goals with all my heart.  Each of those goals has been met and I thank the Lord for putting Ray in my life on that day and night. 

     And now we come to this - as I was searching the web in support of some far-flung OSPA initiative I ran across a web page dedicated to my friend Ray http://cicentre.com/dice/feedback.html.  Scanning the tabs on the left of the page I ran across one titled “D*I*C*E Store.  We’ll I just had to click on it didn’t I?  And as I scanned the list of D*I*C*E articles available for purchace I ran across these:                                                                                                                  D*I*C*E Boxer Shorts - a bargain at $19.99.  I was told that I could “enjoy the roomy comfort of our sexy boxers as underwear or sleepwear.  They’re 100% cotton, open fly…for thinking outside the boxers.  Boxers, because you don’t want to be brief.” 

     Now I have mad respect for Ray Semko and happen to think he is a true American Patriot but dude - no way can I buy these.  I see myself one day in a crowded bar where earlier I, and then Ray, wowed and inspired the audience with high-fever speeches and I’m yelling, “Hey Ray!  I’m wearing your underwear!”  Can you hear the deafening silence as every head in the bar turns to look at me with a mixture of distain and humor?  I can.  And for this reason you can all rest assured that that sentence will never cross my lips.

    And for those of you who keep asking me when Ray is coming to your town/base for a presentation check out the link above and ask him yourself.  Better yet - invite him out.  And one last thing - I’ve got a favor to ask; the next time you see a D*I*C*E speech go up to Ray afterwards and ask him if he knows when I’m coming to town again.

Keep the Faith!

Revelator

Posted in Awareness, Conferences, Media | Print | No Comments »

30. November 2007 by Revelator.

Posted in Media | Print | No Comments »