Tech pioneer John McAfee uses low-tech social engineering to spy on Belize heavyweights
- 08 January, 2013 23:00
Antivirus pioneer John McAfee spins tales of a Hezbollah plot to smuggle toxic powder into the U.S. that he uncovered when he spied on Belize officials in hopes of getting dirt on them in retaliation for their raiding his island home there, shooting his dog and stealing his stuff.
He rolls out his complex, disjointed narrative via his blog (he says he wrote partially while on the run from Belize police and military) and also through interviews he grants to sometimes gullible journalists -- and it's questionable how much of it is true and how much he just makes up.
MORE BACKGROUND: McAfee in a Guatemalan jail cell, still 'blogging'
Regardless, he purports to have spied on Belize police, politicians and power brokers as a way to get back at them for what he says they did to him.
For an operation designed by an antivirus pioneer, by his own description he employed only the most rudimentary of technical skills and relied heavily on socially manipulating his victims to gather intelligence, according to a top security consultant.
"It's standard stuff," says John Pironti, president of IP Architects, and leader of the security track at Interop. "Most of what he did was social engineering."
While there is only McAfee's word that he carried out anything, what he describes is a scheme in which he passed out 75 laptops tainted with key loggers and remote control capabilities to officials he wanted to spy on. The devices called home with lists of user names and passwords they harvested, and he turned on the cameras and microphones on some of the machines in hopes of learning more.
He supplemented that with what McAfee calls the pillow talk of his targets as told to the operatives he assigned to cozy up to them.
Yet for all the technical skills that he possessed as founder of the security company that still bears his name -- he left it in 1994 -- McAfee relied on personal deception and freeware to gather most of what he found out.
"These are common techniques that parents use on their own children," says Pironti. "He probably just downloaded freeware."
Indeed, in an interview with Alex Jones of InfoWars.com, McAfee notes that the key loggers he used could be downloaded from CNET for free.
In addition to reporting pillow talk, the operatives borrowed computers their targets previously owned and cellphones to infect the computers with spyware and to copy text messages to the phones, McAfee claims.
"It's not something that hasn't been done before," Pironti says, and the social aspects of the deception have their roots in the most ancient intelligence gathering.
Much of the success of McAfee's purported operation relied on the gullibility of his victims, who should have known better, Pironti says. "Using laptops or desktops from someone they don't know so well? That's a training issue. Shame on them for that one."
By gaining lists of usernames and passwords for some accounts visited by targets, McAfee could likely exploit other sites given people's tendency to reuse passwords account to account and site to site, Pironti says. And that is very powerful. "Once you get that level of credentialing it's all over," he says.
The lesson? "Social engineering is still the most effective attack we have in the world. Without it, this would have been unsuccessful," Pironti says.
Still McAfee did a good job setting up his network. "He was a software, computer, security guy -- the right factors to help a social engineering team work better," he says. "He was organizing this in a fairly sophisticated way where he had the funds to do this."
Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at email@example.com and follow him on Twitter @Tim_Greene.
Read more about wide area network in Network World's Wide Area Network section.
Australian startup snapshot: Kicktone
Samsung investigating labor conditions at supplier factory in China
Will this robot make America safer?
Yieldbroker signs up to ASX data centre
Yieldbroker signs up to ASX data centre