James Bond redux: profile update for the modern spy

Nothing new in this - some of our clients see several hundred thousand attempts each month to access information - some are just casual but some are really concerted attacks backed by state sponsored actors.


If you think of information like grains of rice, then you can either do a smash and grab on the warehouse which everyone notices, or steal it away a few grains at a time - which is where social media comes in - if you are observant enough, then you start to make connections between people, places and activities  - it's not likely that you would get the good stuff first off - but you will get the access you need eventually by targeting individual A to get a snippet and then lever that with Individual B to get more - who knows, you may even be there when someone leaves a bag on a train containing plans of a sensitive facility - resulting in millions of pounds of redesign work


It never ceases to amaze me just how much personal and commercial information that people put on social media platforms, without a second thought  - examples like the now infamous wife of the head of MI5 posting holiday plans are pretty normal - I even see hard of thinking employees of sensitive companies listing who they are, what they do, and where they work - making them prime targets for further scrutiny and contact.


It works at every level - in a previous life, I used to take one of the pretty girls from the office to a client site, give her a laptop bag and a hand bag and two cups of coffee - then hang a lookylikey badge around the neck and send her off  - you would be amazed at just how many people would open doors for her as she had her hands full and appeared to be fumbling for a legit pass.


Ditto for canteens lunchtime and local pubs early evening - it's amazing what gets discussed with no thought of being overheard


Ditto for trains - I overheard a couple of people on a train north of Warrington discussing a security upgrade project at Sellafield - aspects of which I knew to be at least restricted information. With a name written on the flyleaf of a notebook and an unremoved flight tag on another's laptop bag it took me about 10 minutes to get a photo, a name and a reasonably good profile of the individuals from social media.


Ditto for laptops - if you have the right seat, you get to see a lot of information without even looking for it. If you had a particular individual in mind, it's not difficult to get more and more information


Grains of rice 


OMS

Nothing new in this - some of our clients see several hundred thousand attempts each month to access information - some are just casual but some are really concerted attacks backed by state sponsored actors.


If you think of information like grains of rice, then you can either do a smash and grab on the warehouse which everyone notices, or steal it away a few grains at a time - which is where social media comes in - if you are observant enough, then you start to make connections between people, places and activities  - it's not likely that you would get the good stuff first off - but you will get the access you need eventually by targeting individual A to get a snippet and then lever that with Individual B to get more - who knows, you may even be there when someone leaves a bag on a train containing plans of a sensitive facility - resulting in millions of pounds of redesign work


It never ceases to amaze me just how much personal and commercial information that people put on social media platforms, without a second thought  - examples like the now infamous wife of the head of MI5 posting holiday plans are pretty normal - I even see hard of thinking employees of sensitive companies listing who they are, what they do, and where they work - making them prime targets for further scrutiny and contact.


It works at every level - in a previous life, I used to take one of the pretty girls from the office to a client site, give her a laptop bag and a hand bag and two cups of coffee - then hang a lookylikey badge around the neck and send her off  - you would be amazed at just how many people would open doors for her as she had her hands full and appeared to be fumbling for a legit pass.


Ditto for canteens lunchtime and local pubs early evening - it's amazing what gets discussed with no thought of being overheard


Ditto for trains - I overheard a couple of people on a train north of Warrington discussing a security upgrade project at Sellafield - aspects of which I knew to be at least restricted information. With a name written on the flyleaf of a notebook and an unremoved flight tag on another's laptop bag it took me about 10 minutes to get a photo, a name and a reasonably good profile of the individuals from social media.


Ditto for laptops - if you have the right seat, you get to see a lot of information without even looking for it. If you had a particular individual in mind, it's not difficult to get more and more information


Grains of rice 


OMS