Commercial Business Information Bulletin on Feb 30 2002; for security reasons being published AS A WORK DRAFT for NON-COMMERCIAL USE at INDY on FEB 26 2002; © Copyright 2002, From Apupoika - Business Intelligence Finland, All rights reserved. May be recopied, distributed for non-profit purposes only; May not be posted on an Internet web site without express written authorization. Contact  Ake.Tyvi@edu.stadia.fi for permission.

Title.....: Finnish counterintelligence able to brake into computers and monitor traffic

Abstract..: Possible electronic surveillance threat Finnish companies are facing now and in the future.



30 Feb 2002 [26 Feb 2002 AS A WORK DRAFT]


FINNISH COUNTERINTELLIGENCE ABLE TO BRAKE INTO COMPUTERS AND MONITOR TRAFFIC

BI-FIN The mass media and police have handled business security issue one-sided. Despite all glamorous police stories presented in the public media, were criminals have being caught by the police, have mass media only presented the other side of the story. Rest of story would have explained surveillance violations having taken place, known to exist or expected to take place against company and private citizen.


NEW POLICE ACT ALLOWING POLICE TO DETERMINE WHEN TO START ELECTRONIC SURVEILLANCE

Police Act entered into force last year[5] expanded Finnish Police authority also into business security area were police have become a potential threat to those running business on Finnish territory [8].

Police is now able to make the decision when they need to practise surveillance against 'the expected cause (i.e. person) of threat causing a threat for life or health[9]' [5]. A sentence, that could be understood as 'causing or expected to cause a threat for life or health against a government authority'[8]- in which case it would lead to deliberate Police Act abuse.
When any such surveillance has taken place and being validated at the following day, then the surveillance may last for weeks or months [3]. During this time police is allowed to commit their sc. surveillance and violate citizen privacy; during the time of surveillance your personal telephone-calls and data-traffic are being tapped without you even knowing [3].

Possible target companies for such monitoring could be found from chemical industry or some engineering companies. By using this ‘imagined threat’ police is able to monitor company CEO or the company’s main analysts working for Research & Development (R&D).

Electronic surveillance abuse would be examined by the same police organisation committing the abuse[8] in a situation were layers have not even determined any real punishment for electronic surveillance / monitoring abuse case[8].


WHAT MAKES YOU THINK THEY WOULD NOT DO IT TO YOU - AND SPECIALLY TO YOUR COMPANY[2]

I would be very surprised even without Police Act abuse cases, if Finnish counterintelligence (i.e. Security Police, Police and Army) would not be 'snooping' computers at least on Finnish territory[1-5 and 7]. Especially after when STT published an article in which police have explained the level of their expertise in committing real time network monitoring and catching computer hackers in real time [1]. Those who doubt any such act ever taken place, I may only ask "How some secret business issues have leaked in public?"[8].

Theoretically speaking it is also possible to hi-jack your www-session, besides police listening network traffic [7]. This gives you a valid reason to protect your business against previously told threats.


HOW TO PREVENT GOVERNMENT 'SNOOPING' YOUR COMPANY BUSINESS SECRETS ?

At some laboratories and government bureau you are not allowed to connect your computer to a public network. Such bureau usually have a separate network for business and surfing.

You are not allowed to use company computer to anything else except to company matter. This means no personal software installed or ‘other’ data allowed in the computer! -Not even a single CD-ROM or disk swapped into the drive.

All vital information kept in the computer should be crypt for security reasons [10].

In case Your computer is connected to an open network for some reason, then any incoming or outgoing information should be crypt. There is always a possibility of someone listening the network traffic.

In case Your company is making R&D, then I am very strongly suggesting You to consult a security expert - and I mean security expert not 'a computer expert'.

Usually these steps are adequate running normal business and preventing government access company computers.



(Ake Tyvi, Apupoika - Business Intelligence Finland)



_________________________


[1]
Text......I: "...while police was tracing them in real time during the time of data burglary [i.e. hacking] having taken place"
Orig. .text: "...poliisin jäljitettyä heidät reaaliajassa eli tietomurron tapahtuessa."
Source....I: STT (www.stt.fi), Feb 26 2002; Uutislehti 100, Feb 26 2002.

[2]
Text.....II: "...in the series of data burglary [i.e. hacking] crime under investigations run at the police e c o n o m i c o f f e n c e unit..."
Orig. .text: "...poliisin talousrikosyksikön tutkinnassa olevan tietomurtosarjan..."
Source...II: STT (www.stt.fi), Feb 25 2002; Metro, Feb 25 2002 p. 1 (STT); Uutislehti 100, Feb 25 2002, p.2 (STT).

[3]
Text....III: "Telephone tapping is (/has become) even more important and common way to solve out crimes.", "...often the telephone line can be silent for weeks or months, until ‘the important telephone call comes’..."
Orig. .text: "Puhelinten kuuntelu on viranomaisille yhä tärkeämpi ja yleisempi keino ratkaista rikoksia.", "...usein linja voi olla hiljaisena viikkoja tai kuukausia, kunnes se tärkeä puhelu sitten tulee.."
Source..III: STT (www.stt.fi), May 18 2001; Uutislehti 100, May 18 2001 (STT).

[4]
Text.....IV: "...police were committing electronic surveillance/monitoring..."
Orig. .text: "...poliisi televalvoi..."
Source...IV: STT (www.stt.fi), May 18 2001; Metro, May 18 2001 (STT)

[5]
Text......V: "Police may now expand electronic surveillance/monitoring and technical surveillance...", "[From this point onwards] in the future, police has a privilege to use electronic surveillance/monitoring...", "...are essential in preventing the cause of threat for life or health...", "The judgement for the electronic surveillance/monitoring in urgent case can be granted by police being Officer."
Orig. .text: "Poliisi voi nyt laajentaa televalvontaa ja teknistä tarkkailua...", "Poliisimiehellä on jatkossa oikeus käyttää televalvontaa...", "...välttämättömiä henkeä tai terveyttä uhkaavan vaaran torjumiseksi." "Kiireellisessä tapauksessa päätöksen voi tehdä päällystöön kuuluva poliisi."
Source....V: STT (www.stt.fi), May 18 2001; Metro, May 18 2001 (STT)

[6]
Text.....VI: -
Orig. .text: -
Source...VI: www.moreover.com; 16 day long analyse related to police abuse based on news articles with case evidence and/or judgement.

[7]
Text....VII: -
Orig. .text: -
Source..VII: University Computer Centre Day at Jyväskylä 1994; Internet Security lectures

[8]
Text...VIII: -
Orig. .text: -
Source.VIII: Apupoika - Business Intelligence Finland; case-studies.

[9]
Text.....IX: For evidential value a similar OPEN tapping case taken place at USA presented here; Martin Luther King Jr's illegal tapping case.
Orig. .text: -
Source...IX: Bruce Schneier; Applied Cryptography, John Wiley & Sons, Inc.; ISBN 0-471-11709-9; USA (1996), preface p. XX

[10]
Text......X: -
Orig. .text: -
Source....X: Bruce Schneier; Applied Cryptography, John Wiley & Sons, Inc.; ISBN 0-471-11709-9; USA (1996)


- - -
Besides, these are the same people who have taken my property away. -I would not trust to these people under any circumstance.