Tuesday, March 31, 2009

Black Ops

Black Ops: "A Black Operation or Black Op is a covert operation typically involving activities that are highly secret."

I know it's something we're not supposed to talk about and we should all be under cover (is this fight-club?!), but it's so much fun and there are so many areas to tap into to just keep it hush-hush!

Depending on the employee's seniority and job title, orders can come from multiple people/departments:
  1. Company Owners

  2. Audit Department

  3. General Managers

  4. Department Manager

My company has been unfortunate to have had multiple naughty employees and managers in which high management had to resort back to us, Black Ops, to uncover/retrieve a piece of evidence and in other cases erase records of an error one of the higher ups made so it wouldn't expose sensitive information.

At one time, highest management asked to stalk someone's corporate email and sniff news of certain criteria, along with gathering information from that employee's machine that may indicate incriminating behavior.
At that time, only 3 people knew about the operation: The top manager and the 2 Black Ops involved, and it remained that way until that employee was fired (even though we stopped looking for info a bit before that).

The fun of having such a job is that it doesn't rely on technical skills only, but on social engineering ones as well. You'd have to create an undeniable and convincing diversion at the right time for the right people to be able to achieve total stealth.

My company doesn't have VoIP deployed, yet, so we're still not required to snoop on phone calls as well (which would be quite annoying to us), but I guess it's inevitable. I hope someone comes up with a decent sound-processing software that can look for certain words in voice files before we're asked to fish for voice packets!

You can't tell whether it's an actual problem, or if it's us putting on our black hats and chuckling at your private chats with many guys pretending to be girls. Why not? Simply because our diversion is either a common problem, or we create such issues once in a while just in case we needed a diversion one day. By the time you, a naughty employee, sense a snooping act, it would be too late.

A tiny network outage, a printer driver reinstallation, sudden Operating System freezes, stealth installation of a piece of software or a background job, a quick computer restart, ...etc.

Rogue Black Ops are a bigger problem to companies than dirty & naughty employees themselves. This kind either sniffs data for fun, blackmailing or a dirty/naughty employee had bribed them to erase records of evidence (of which they keep a copy to blackmail the dumb employee later).

The only way to fight rogue Black Ops is by enforcing tight auditing on all IT infrastructure: VPN Access times, over-time claims, assigning an entry-level administrator to handle the VPN server (to make sure he doesn't have the experience to cover evidence nor having formed a relation with existing staff).
Ironically, the above may also interfere with investigating a rogue audit employee!


The company owns the data
We pwn you
Weep, threat, cry and fret
We pity the fool


Got stories to share? Kindly post as Anonymous ;)

Monday, March 9, 2009

Traffic Monitoring and Prediction

Idea 1: Zero-based Configuration - Carrier Based


Any mobile phone would have to register to a cell tower that is in range. So any carrier would be able to see the people (mobiles) in range and provide an estimate of congestion in certain areas at certain times. The result is an approximation of the person's location because towers cover a radius. (more on this below)

The beauty of this is that there no additions or modifications to be done to carrier's systems. They already have this info and it's just a matter of saving the data periodically and then the data is plotted over a map of Kuwait.

Further fine-tuning on the location of people can be done through the usage of triangulation methods. A cell tower sees a mobile even if it's not registered with it, thus if you have multiple towers one can approximate the user's location based on the distance from each tower.

Idea 2: Image-processing Method


Most if not all traffic lights have a live-feed camera on top of them. Capturing an image just before the traffic light becomes green would give the most number of cars waiting. Using image-processing methods, a program could identify the number of cars.

If images are processed properly, the result is more accurate than the one in Idea 1, and it would indicate which streets are congested at what times.

Prediction


Once you have data for a whole year, or two, you can tell during a certain month or during special occasions which streets are mostly congested, how people react and which are the best alternative routes to take.

The data can be plugged into simulation software and government can simulate training sessions for traffic police, special forces, army, ambulances, building new streets and highways, ...etc.

Public Availability


The point of these systems isn't only for the government to know where congestions are. They already know this. If these were available to the public, then people could avoid congestions and effectively reduce its cumulative effect.

I have addressed traffic monitoring in a previous post using a different method, which provides Internet access as well as providing congestion info.

People can login to basic website and show a map with congested areas (possibly suggest an alternative route) using their mobile phones, or other means.

Thursday, March 5, 2009

HotZift: A Sprinkle of Free Frustration

Microzift (Microsoft - soft + garbage) just can't have enough frustrated people using its products. I think Bill Gate's cash is generated by selling anti-depressants and assigning its hell-desk (help desk) drones to Suicide Hot Lines!!!

I was subscribed to some groups without my consent. I emailed Google about this last week and got no response while still being spammed at my old Hotmail account. So I read Google's help pages again and saw that if you email the +unsubscribe@googlegroups.com you get unsubscribed automatically!

So click on one of the spam emails to see the address of the sender and then copy the email: groupname@googlegroups.com, then I paste it in the To field.

When I tried to click after the group's name to add '+unsubscribe' I couldn't!!! The email I already entered got highlighted and is no longer modifiable!

WHY???? GIVE ME ONE GOOD LOGICAL FREAKIN REASON!!!!



(Before you comment on why I keep using the dreadful hotzift: I keep this 10 year old account because most of my old buddies can only be reached through MSN and they don't login much and even if I email them my new email they're unlikely to open the email. So shut up.)

Wednesday, March 4, 2009

QualityNet DNS Servers

We've had an semi-full outage of Internet in the company. After some investigation it turned out to be that QualityNet is having problems with their DNS servers along with some routing issues.

They have advised us to change the DNS servers to new ones.

Old DNS Servers:
195.226.224.72
195.226.224.74

New DNS Servers:
195.226.228.72
195.226.228.74

These changes are permanent.