Wednesday, February 29, 2012

Big Brother Is Watching

The Electronic Privacy Information Center recently released a document obtained through a Freedom of Information Act (FOIA) request that details US Department of Homeland Security (DHS) monitoring of social networks/media on the Internet (download the PDF file here). The document has a lengthy list of Items of Interest keywords that DHS searches for in Twitter tweets, Facebook pages, and forum and blog posts. Automated programs troll the Net vacuuming up information and if a keyword (or certain sequence of keywords) occurs, the source is flagged, and a human analyst reviews the content.

Government monitoring of the Net is nothing new (obligatory ECHELON reference). I remember back in the pre-Internet 1980s, conspiracy-minded programmers would often include a signature line in their email messages and USENET posts that contained words such as CIA, KGB, Cuba, Bomb, and Mossad. Dubbed NSA bait, the thought was the words would set off alarm bells somewhere and an analyst would be forced to view the message contents; which had nothing to do with national security. Salting messages with suspicious keywords was probably more about making a personal, anti-establishment statement than actually hindering monitoring operations.

There are at least three, non-government IP addresses (two in the Washington DC area and one in Paris) that frequently visit the NGO Security Blog at random hours of the day. These aren't search engine bots and I've long thought this blog has been on someone's monitor list. If the DHS keyword list is any indication, it's pretty clear why. Considering the variety of state and non-state actors, locations, and topics that have been discussed in this blog over the years (Al Qaeda, UN, drug cartels, Afghanistan, Somalia, flu, and tsunami, to name a few), whistles and bells must have been going off in one or more monitoring centers.

So here's a shout-out to any government or contractor analyst who may reading this post. Nothing to see here, move along...

Labels: ,

Sunday, February 26, 2012

Stratfor emails

It appears the WikiLeaks folks have access to more than five million emails that were compromised following last December's hack of Stratfor. And they're starting to release them. A formal press release and the first batch of emails are here. It remains to be seen if there will be any potential impacts to NGOs, but stay tuned.

3/6/2012 update - Released emails are now searchable at this site.


Friday, February 24, 2012

Plugging Google Data Leaks

Recently, I was doing some online research on security conditions in Dadaab, Kenya. I was more than a little surprised to see not-meant-for-public-distribution security reports pop up in Google (the organization they belonged to shall remain nameless). My guess was someone must have inadvertently placed the files on an open part of the organization’s Web server and Google found them. Ouch!

One of the reports had a link that directed readers to additional information. Out of curiosity I clicked it. I shook my head in disbelief as an IBM Lotus Notes page for the organization’s Nairobi office appeared. There was staff information, internal documents, and even a social calendar listing events, locations, dates, and times. None of this data was password protected. All of it was readily available to anyone with a Web browser and Internet connection who stumbled on the page by accident or perhaps had a less than innocent motive.

You don't need to be a rocket scientist to understand the potential security implications here. Especially considering Al-Shabaab’s recent threats of escalating its terror campaign in Kenya. (Non-state actors are growing increasingly sophisticated when it comes to using the Internet for identifying vulnerabilities of potential targets, by the way.)

Unfortunately, data leaks like this are a fairly common problem across the Internet. Sometimes it’s not a big deal. But in the case of international humanitarian organizations, IT boo-boos like the one above could put staff members at serious, increased levels of risk.

Most humanitarian security practitioners don’t have the background to perform thorough information security audits. And that's OK. But I want to share with you a simple and quick way of finding common sources of Web site data leaks. It doesn’t require any real technical skills. You can even try it right after reading this post and see if your organization might have virtual vulnerabilities that could produce real-world risk.

First some background is required (I promise to keep the geeky stuff to a minimum). Search engines like Google have automated programs that locate and index Web pages. These programs are known as crawlers or bots (short for robots). They’re constantly connecting to publicly accessible Web sites all over the world and reporting back what they find.

In addition to Web pages, these bots also index other files they encounter, such as Word, Excel, PowerPoint, and Adobe Acrobat documents. This is how data leaks often occur. A server is misconfigured or a sensitive document is accidentally put in a directory that allows it to be publicly viewed. A bot crawling the Web finds the file and reports its contents and link location back to the search engine company. After the file is indexed, it may then show up in someone’s search results.

Because of the sheer volume of indexed Web sites, you may think locating documents with leaky data is like finding a needle in a haystack. But guess again. Thanks to a set of advanced search parameters you can use with Google (and other search engines), it’s easy to narrow your hunt.

Here’s how. Instead of searching for Web sites that contain a certain word, use the site: option. It allows you to confine a search to a specified domain (such as or Next, use the filetype: parameter. It searches for a specific file type (.pdf or .doc are two possibilities).

Here’s an example. If you type the following in Google, it will show all of the Adobe Acrobat files on the Electronic Frontier Foundation's ( Web site: filetype:pdf

You can further refine your search by adding a keyword. For example here's how to list all of the PDF files on EFF's Web site that contain the word police. filetype:pdf police

See where I’m going with all of this? You can quickly troll through a site looking for documents that contain data an organization might not have wanted to share (common file types to look for include: doc, docx, odt, pdf, ppt, pptx, txt, xls, and xlsx).

Hackers do this all the time, hunting for passwords, user accounts, social security numbers, credit card numbers, and other types of data that can easily be exploited. Investigative journalists do the same thing, but look for newsworthy tidbits on government Web sites. (Keep in mind not all documents you discover this way will be leaky. Lots of files are knowingly made public.)

None of this is really breaking news. Most information security professionals have been aware of Google Hacking for a long time. There’s a lot written about it on the Web and a couple of books have been published. And in most countries it’s even legal.

Give it a try on your organization’s Web site. Have your focal points search their country office Web sites. Did you find any leaky documents that could put staff at risk? If you did, let your IT staff know about it so they can start plugging the holes. You never know when someone might be interested in your organization for the wrong reasons.

Labels: ,

Wednesday, February 15, 2012

LRA History in Comics

Freelance reporter David Axe and illustrator Tim Hamilton have launched an ambitious project of documenting the history of the Lord's Resistance Army (LRA) in graphic novel style. The first installment is out, and it looks pretty good. I really like this marriage of art and writing when used as an explainer.


IRC Security Position Opening

International Rescue Committee has an opening for a Regional Safety and Security Advisor to cover West Africa, Great Lakes, Central African Republic and Haiti. For more information check here.


Monday, February 06, 2012

Nokero Lights

I've recently been hearing good things about solar products from a company called Nokero. The firm's impetus was to design an alternative to kerosene lanterns for developing countries (Nokero is short for no kerosene). Besides environmental concerns, Kerosene fumes and smoke aren't healthy; especially for children. While FreePlay and a few other businesses have long been providing wind-up, kinetic lighting devices, Nokero took a different approach and primarily went solar. Their N100 and N200 lights are LED powered and feature a replaceable, rechargeable AA battery (sustainable). They even look like conventional incandescent light bulbs (familiar). A durable, water-resistant design coupled with an affordable price makes these lights worth considering for office back-ups or primary lighting in austere environments.


Thursday, February 02, 2012

EISF Gender and Security Research

The European Interagency Security Forum (EISF) just released a set of online questionnaires as part of a study on the role of gender in NGO security issues. This is a worthy project and if you work for a humanitarian organization, the researchers would like to hear from you (the survey period runs until 10 February 2012).

There are three questionnaires, but you only need to fill out one based on the type of work you do and where. Click on a link below to go directly to the applicable survey form. All information entered will be held in strict confidence.

HQ staff and EISF members
(~20 minutes to complete)

Field personnel working in country offices in a non-security role (~15 minutes)
Available in English and French

Security and management staff in country offices (~20 minutes)

The researchers are also interested in organizations that are willing to share existing policy documents, identify staff members with expertise, and help set up discussion groups.

For additional information about this project, contact EISF at:


Wednesday, February 01, 2012

Safety and Security and Wordle

If you do much browsing on the Web, you most certainly have encountered a word cloud. Word clouds have nothing to do with cloud computing, but instead are a visual representation of text. Unique words on a Web site or from some other source are listed, arranged artistically and shown in different type sizes. The size depends on word frequency, with words used more often appearing larger compared to those that are used less. For example if Afghanistan was mentioned 12 times, and Pakistan twice, Afghanistan would be displayed significantly bigger.

If you're still a little unclear on all of this, a picture is worth a thousand words, so check out:; a cool utility for creating word clouds from your own text or a specified Web site. Even if you're hip to word clouds, head over to Wordle anyway. When you get there, give some thought to how you could use a word cloud in an NGO safety and security context. If nothing leaps to mind, here are a few ideas.

Identifying perceived threats and vulnerabilities - Before meeting with headquarters and field management staff for the first time, I always like to get a sense of what people feel are primary threats and vulnerabilities. Responses typically vary by job responsibilities and experience. Displaying a word cloud with the top five perceived threats and vulnerabilities (previously emailed) is a great and visually engaging way to start a conversation.

Reviewing security reports - In reviewing security reports from field offices I'll sometimes create a word cloud of the document to see if there's anything I may have overlooked. On more than one occasion, seeing something in a word cloud has prompted me to ask questions about an issue that wasn't apparent.

Analyzing emails - You can also use a collection of emails as your word cloud source, looking for things you may have missed. I remember a lengthy exchange of email messages once, about employee theft in a field office. Everyone was focused on the emotionally charged event, which involved a longtime and trusted staff member. I created a word cloud for the discussion thread which led me to an unreported and unrelated sexual harassment incident. The theft case had everyone's attention, and an oblique reference in an email had gone unnoticed.

I don't claim word clouds are magic (keep in mind that word frequency doesn't always correlate with significance). But I do find that Wordle and similar visualization tools give me a different way of looking at text data that can be surprisingly useful.