The Latin phrase “Quis custodiet ipsos custodes?” is often translated to “Who watches the watchmen?” and is used to challenge calls for blanket surveillance by governments. The idea behind it is that we need some level of accountability to those that we give the powers of arrest and surveillance to. This morning the Sunday Times broke the news that the offices of the complaints watchdog for An Garda Siochana, the Garda Siochana Ombudsman Commission, were under high tech surveillance. A security company was employed by the GSOC to conduct a regular security check of the offices of the GSOC whereupon it was discovered that;
- In one of the conference rooms a phone had been bugged to enable eavesdropping of conversations in the room and also conversations using that phone.
- The WiFi network within the GSOC was also compromised allowing the attackers to monitor and intercept any sensitive data sent over that network. The Irish Independent says the attackers were able to monitor any emails sent over that wireless network.
- A second WiFi network was also discovered which allowed the attackers access material sent and accessed by staff in the GSOC.
- A device used to store material by the GSOC was also compromised.
This news raises grave concerns over who could be behind such an attack and more importantly what their motives were. In particular, as the Irish Independent reports the technology used is “commercially available or sold to non-government agencies”. Of course this does not necessarily mean the same technology is not available to “non-government agencies” through other means. According to the same article, the Minister for Justice and Defence Mr. Alan Shatter, has demanded a full report on the issue.
Regardless of who is behind the attack, or how it was conducted, we should all take lessons from these reports. In particular with regards to the security of wireless networks. Wireless networks provide great convenience for staff who use portable devices and need to access company resources. However, if not secured properly they can lead to major compromises. For example, the TJX hack in 2008 which resulted in over 47 million credit cards being compromised was the result of poor wireless security.
We do not have the details of the breach at the GSOC so we do not know how sophisticated the security of the wireless network was. However, if you are using a wireless network it may be an opportune time to review the security surrounding it. We always recommend to clients to;
- Use the strongest security available. This means do not use WEP as it is the weakest of all the wireless security protocols.
- Do not trust your wireless network. You should look to terminate its connection outside of your local area network and connect it via a Firewall.
- Allow connection to your LAN via the Firewall using a VPN (Virtual Private Network). In effect treat your wireless users the same way you would treat users accessing your LAN remotely over the Internet.
- Limit access to the Wireless network based on known TCP/IP, or better yet MAC, addresses.
- Implement some form of two factor authentication. This could be using client side digital certificates installed on the users’ devices, or other two factor solutions such as tokens etc.
- Regularly review the logs on your wireless device and network Firewall to see if there is any suspicious or unusual traffic.
It is also interesting to note that a second wireless device was found on the GSOC network which allowed the attackers have remote access to the GSOC systems. How confident are you that there are no authorised WiFI routers on your network allowing access to your systems? You should regularly review your network ports to determine what devices are active on your network and which of those are not authorised devices. This can be a physical review or using network scanning tools to inventory what systems are on your network. You could also use a tool like Kismet to identify what wireless networidentify in range of your physical locations and ensure they are all legitimate.
Hopefully a lot more details about this issue will emerge over the coming days, not just technical details from which we can learn lessons from, but more importantly who is behind this attack and why? Remember the GSOC is an independent body to “provide and promote an efficient, fair and independent oversight of policing in Ireland.” If the GSOC’s independence and ability to conduct this vital role is being undermined by others then there are serious implications for our democracy.