The US Office of the National Counterintelligence Executive recently published a four-part reader as an accompaniment to the lectures they conduct:
Our reader’s three volumes cover counterintelligence’s past and present. Nevertheless they form a whole: the first volume provides material elucidating counter- intelligence’s antecedents from the American Revolution to World War II. Volume two focuses on World War II while volume three begins with the Atom Bomb spies and concludes with the latest espionage cases. History is more than background; it is the framework of the present.
We have taken material from official government documents, indictments from several espionage cases, and articles written by professors, scholars and counterintelligence officers. We have abridged some selections while trying not to change the sense of the original but we have not altered the original usage of the English language.
Each chapter in the three volumes has an introduction, which sketches out the main trends and characteristics of the period in question. There is a chronology with each chapter for volumes one and three, but volume two only has one chronology to cover the entire period. At the end of each chapter is a selected bibliography. We hope this will help you get a sense of the period as a whole. The reader is not all-inclusive and people may disagree with our selections, but at least we hope to have provided sufficient material to entice our colleagues to do further research.
Counterintelligence is a fascinating and challenging discipline. Our response to these challenges is determined, not by the requisites of the immediate situation but by our historical legacy. Thus we urge that the materials presented in the three volumes be read, not as background to the present, but as part of the present itself.
A fourth volume covers recent spying successes, failures, programs and reports.
Cryptome ZIP of PDFs
NCIX Site
Schneier on Security linked to an excellent paper on the economics of spam. Interestingly, the authors were able to infiltrate the Storm worm network and monitored its doings in the course of their study.
After 26 days, and almost 350 million e-mail messages, only 28 sales resulted — a conversion rate of well under 0.00001%. Of these, all but one were for male-enhancement products and the average purchase price was close to $100. Taken together, these conversions would have resulted in revenues of $2,731.88 — a bit over $100 a day for the measurement period or $140 per day for periods when the campaign was active. However, our study interposed on only a small fraction of the overall Storm network — we estimate roughly 1.5 percent based on the fraction of worker bots we proxy. Thus, the total daily revenue attributable to Storm’s pharmacy campaign is likely closer to $7000 (or $9500 during periods of campaign activity). By the same logic, we estimate that Storm self-propagation campaigns can produce between 3500 and 8500 new bots per day.Under the assumption that our measurements are representative over time (an admittedly dangerous assumption when dealing with such small samples), we can extrapolate that, were it sent continuously at the same rate, Storm-generated pharmaceutical spam would produce roughly 3.5 million dollars of revenue in a year. This number could be even higher if spam-advertised pharmacies experience repeat business. A bit less than “millions of dollars every day,” but certainly a healthy enterprise.
Of course, the authors point out that it’s dangerous to make these sorts of generalizations:
We would be the first to admit that these results represent a single data point and are not necessarily representative of spam as a whole. Different campaigns, using different tactics and marketing different products will undoubtedly produce different outcomes. Indeed, we caution strongly against researchers using the conversion rates we have measured for these Storm-based campaigns to justify assumptions in any other context. [link]
An analyst at Websense Security Labs did a study of the “wolfteeth bot catcher”, a tool coming out of China that allows a user to specify a particular range of IP addresses and then search for and exploit the MS08-067 bug in Windows, installing any malicious code they may choose. Careful though! It seems the authors of this program included a backdoor so that installing it also pulls you into their botnet. Here is the link for the disection, an interesting bit of thick texture even if the details are lost on you.
A rather entrancing article, published originally in the Guardian, meditates on the hidden images of America’s “last good war.” Following the surrender of Japan in WWII, the US issued a strict writ of censorship stating that “nothing shall be printed which might, directly or by inference, disturb public tranquility.” Consequently, the atomic bombings in Japan have become, as the novelist Mary McCarthy wrote in 1946, “a kind of hole in human history,” unaccompanied by much of a visual record. The article follows the discovery of an amazing cache of photographs, previously unseen to the public, taken by the US Military’s Physical Damage Division at the end of the war:
One rainy night eight years ago, in Watertown, Massachusetts, a man was taking his dog for a walk. On the curb, in front of a neighbor’s house, he spotted a pile of trash: old mattresses, cardboard boxes, a few broken lamps. Amidst the garbage he caught sight of a battered suitcase. He bent down, turned the case on its side and popped the clasps.
He was surprised to discover that the suitcase was full of black-and-white photographs. He was even more astonished by their subject matter: devastated buildings, twisted girders, broken bridges — snapshots from an annihilated city. He quickly closed the case and made his way back home.
At the kitchen table, he looked through the photographs again and confirmed what he had suspected. He was looking at something he had never seen before: the effects of the first use of the Atomic bomb. The man was looking at Hiroshima. [link]
Links for the week of 2 November 2008:
