back to article Head of Israeli cyber spy unit exposed ... by his own privacy mistake

Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic error. The spy is named Yossi Sariel allegedly heads Israel's Unit 8200 – a team of crack infosec experts comparable to the USA’s National Security Agency or …

  1. Pascal Monett Silver badge
    Facepalm

    "9% of them do so within three days"

    I take that as a clear indication that there is a non-negligible portion of users who clearly need a permit to demonstrate that they understand what they're working with, because right now, they don't.

    Given that computers and the Internet are becoming central parts of our working and personal lives, what with government portals being the way forward, it seems that a Computing License should be just as mandatory as the driver's license is.

    Somehow, I doubt we'll ever get there.

    1. Ball boy Silver badge

      Re: "9% of them do so within three days"

      I'm not convinced. Given the number of drivers I see that sail through red lights, undertake on the inside (for leftpondian readers, both illegal in the UK) and park in insanely stupid places (probably ditto), I don't believe passing a driving test and being given a license makes someone safe to use a vehicle - applying the same process before being allowed to use a computer would, I fear, instil a false sense of security. Have an upvote for the idea, though!

      On a technical note, would a user have to resit a test each time the OS undergoes a major version change? I can almost hear gubberment tills ringing... ;)

      1. xyz Silver badge

        Re: "9% of them do so within three days"

        Do I smell the whiff of a MLOC* member?

        *Middle Lane Owners' Club.

      2. Pascal Monett Silver badge

        Re: "9% of them do so within three days"

        I understand your point however, there is a caveat : when the police arrest them, or they get a ticket, they KNOW they've done wrong.

      3. John Brown (no body) Silver badge

        Re: "9% of them do so within three days"

        "sail through red lights, undertake on the inside (for leftpondian readers, both illegal in the UK)"

        re the latter, undertaking, it's not strictly illegal, just strongly advised against in most circumstances and potentially "careless" or "dangerous", both of which are illegal.

        See The RACs take on the matter.

        As for MLOC members, definitely illegal and classed as careless driving, but it's up to the copper witnessing it to decide if the MLOC member has stayed out too long :-)

    2. Anonymous Coward
      Anonymous Coward

      Re: "9% of them do so within three days"

      The users are only a tiny part of the problem. Microsoft simply doesn't care about security at this point and most for-profit security companies are happy to blame the user because it's great for their bottom line to do so.

      They do the absolute minimum needed to check boxes and use flim-flam to convince IT security professionals to aggressively monitor things with overpriced EDR/SIEM/HIDS/HIPS software in lieu of proper per-process logical security controls which have already been an overwhelming success on systems like Android and iOS. There is no good reason why Windows has to allow all software access to pretty much everything within the user profile by default and even less of a reason for it not to use Cryptographic Services to attach an additional token to every running process to partition off access to saved credentials. Microsoft has a cloud-based Intelligent Security Graph service which the system can consult to see if an application is known and trusted enough to execute (Smart App Control uses this, for example) and ships with large application compatibility databases to identify exceptions to common rules when it comes to ASLR, DEP, CET and many other security features. There's no reason this couldn't be extended to detect whether an app truly needs "full trust" (to borrow Microsoft parlance) access to user data, and if there's no definitive confirmation that it does, to aggressively sandbox it by default instead. Microsoft has collected more than enough data to allow legacy software to be grandfathered in, while forcing new and unknown software to submit to additional restrictions.

      Microsoft Windows is also the only mainstream desktop OS which allows software to write into the memory of other applications running as the same user account without a simple way to prevent it (unless you're Hollywood and meet the criteria for a Protected Process). This means an attacker is always only one unauthorised code execution attempt away from writing into a trusted process to bypass almost every security control a system administrator depends upon to protect corporate data (such as only allowing specific processes to have Internet access) even if the user isn't tricked into running malware. macOS prevents this behaviour using a hardened runtime (which almost all apps use by default) and Linux controls this with ptrace() checks restricted by LSMs like Yama to only parent/child process relationships. Even software like KeePassXC which thinks it has secured this side of things on Windows really hasn't because doing so requires a separate process with enough rights (basically admin rights) to alter the process owner of the unprivileged process to something other than the user which executed it (to prevent malware running as the same user from undoing the protection).

      1. Stephendeg

        Re: "9% of them do so within three days"

        > “Microsoft Windows is also the only mainstream desktop OS which allows software to write into the memory of other applications running as the same user account without a simple way to prevent it”

        Please tell me you’re kidding?

        Search has failed me - do you have a citation ?

        1. Spazturtle Silver badge

          Re: "9% of them do so within three days"

          Cheat Engine, x64dbg, and HxD are examples of programs that can read and write from other programs memory.

          There is no UAC prompt when running any of these programs. Windows has always allowed programs of the same user to access other programs memory.

          Additionally if a program has been installed with kernel level permissions like most anti-cheat software is then there is nothing at all that is off limits. For example you could write a 'game' that uses DirectStorage to read files that the user running the 'game' doesn't have permissions to read as the graphics driver runs with kernel privileges.

          1. druck Silver badge

            Re: "9% of them do so within three days"

            It's not just cheating at games. I worked for a company making screen readers about 15 years ago, and the only way it could gather the information it needed to be able to describe and navigate another application's windows with sufficient detail was to install a DLL in it's process and read from it's memory. Terrible for security, but a god send for visually impaired users, and the reason why screen readers are not nearly as good on other platforms.

    3. parrot

      Re: "9% of them do so within three days"

      This is interesting. Because, in my opinion, growing car dependency has led to an acceptance of people driving who are not ideally suited to the task. Some people I know don’t like driving at all. If other transport was convenient and reliable we could have fewer drivers and better driving standards. But with things as they are this would be unacceptably discriminatory.

      I wonder how/if this applies to your analogy.

  2. This post has been deleted by its author

  3. Will Godfrey Silver badge
    Unhappy

    A badge of pride?

    I've come across a disturbing number of people who actually boast that they have no technical knowledge.

    1. H in The Hague

      Re: A badge of pride?

      "I've come across a disturbing number of people who actually boast that they have no technical knowledge."

      Hang out with a lot of politicians, do you?

      1. Doctor Syntax Silver badge

        Re: A badge of pride?

        You may have a point but Dunning-Kruger syndrome isn't unique to politicians, it's just that they have higher proficles to advertise the fact.

    2. hedgie Bronze badge

      Re: A badge of pride?

      What bothers me isn't that people are aware of not knowing, but don't make any effort. Those who admit ineptitude but are willing to learn are at least tolerable. I work with a lot of ex-cons, and those who have been in prison 20+ years are extremely far behind the curve, but at least generally want to get good enough to be self-sufficient. Compare that with those family members and friends that pretty much all of us have, who don't have the excuse of being locked up away from all of that and still call us with an "emergency" when that thing we've already shown them a dozen times has to be done again.

      I'll take an admission of struggling with tech, or not being great at it if someone is teachable and making an effort over those with learnt helplessness and/or incompetence bordering on malice any day.

  4. PB90210 Bronze badge

    When the company signed up the whole staff to LinkedIn Learning I delighted in reporting all emails from LinkedIn as spam

    (well they were spam... I had no interest in any of their learning)

    1. BartyFartsLast

      They are spam, every day I was on LinkedIn I "was on a roll" despite having zero connections, no info in my profile etc.

      It's corporate wankery and an exceptionally useful source of insider info for pen testers, hackers and assorted sets.

  5. Steve Hersey

    "The takeaway here is obvious: Keep training people not to click those phishing links!"

    Obvious, but also obviously NOT ENOUGH. You can reduce the incidence of your staff being phished, but you *cannot* totally eliminate it. Therefore, you cannot responsibly base your cybersecurity strategy on that assumption.

    For those few of us readers who may not already understand that point, defense in depth and robust intrusion detection and response are essential.

    Also essential, if perhaps a tad less obvious, is NOT shaming the phished victims into hiding the fact. That just helps the bad guys. Establish an infosec culture of *immediately* contacting Security, and of Security responding immediately in a supportive manner. No blaming, no shaming. THAT way you get the fastest possible notification that you've been attacked, and you stand the best chance of minimizing the damage.

    Sure, you may get some false positives this way, but that is far outweighed by the benefit of quick and effective detection.

    OK, so you MAY need to shame some C suite idiots into being more careful and more forthcoming, but that's a tool to be used sparingly and with great care.

    1. Anonymous Coward
      Anonymous Coward

      Re: "The takeaway here is obvious: Keep training people not to click those phishing links!"

      I worked at a company where an employee proudly explained to others that you can determine a phishing email by checking that the email headers originate from a specific company, which was the cyber security company that conducted the phishing training exercises for our company.

  6. Anonymous Coward
    Anonymous Coward

    Really? Where is the secret?

    Amazon offers the book ‘Human-Machine Team‘ with the description:

    Brigadier General Y.S, an expert analyst, technology director, commander of an elite intelligence unit, and winner of the prestigious Israel Defense Prize for his artificial intelligence based anti-terrorism project, wrote his book, The Human-Machine Team.

    Now a quick look at Wikipedia for the recipients of the 2018 prize:

    https://he.wikipedia.org/wiki/קטגוריה:זוכי_פרס_ביטחון_ישראל

    The only recipient listed with these initials is: יוסי שריאל

    That leaves me puzzled. How on earth was that meant to be a secret?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like