If you think your organization sometimes gets bogged down by seemingly avoidable and senseless IT problems, the Russian spy suspects arrested June 27 show that it can happen to even the most sophisticated and wary users.

Some of the particularly damaging information security mistakes made by the alleged spy ring--as documented in the complaints (.pdf) filed by the FBI--will sound familiar to almost any enterprise IT shop: A password written down on paper left lying around for others to see; frustration with connectivity problems that escalated into poor judgment calls; and confidential wireless networks that aren't confidential enough.

When searching the New Jersey home of one of the suspects, U.S. law enforcement agents discovered a 27-character password written on a piece of paper (.pdf). They were able to use the password to open a software program stored on password-protected disks. These disks allegedly contained a steganography program that allowed the suspects to communicate clandestinely with their boss in Moscow.

The alleged spies also made use of wireless communications via their laptops to pass information, but they had all kinds of connectivity problems, ending up with frozen computers and failed transmissions. One of the suspected spies, known as Anna Chapman, was so dogged by connectivity problems (.pdf) that she unwittingly handed her laptop over to a U.S. undercover agent rather than take it back to Moscow with her on the next trip. When meeting with the undercover agent, who was posing as a Russian government official, she reported that "Everything is cool, apart from the connection." How often has the typical help desk heard that?

Another big mistake was using a wireless network--in this case, a private, ad hoc, local area network, as described by the FBI--that didn't evade the prying eyes of outsiders. FBI agents were able to use detection tools that are commercially available to sniff out the wireless connection between suspects in public places like coffee houses, bookstores and restaurants with cohorts in parking lots and passing vans. 

The technology trip-ups revealed in the FBI's complaint may seem more befitting the Keystone Kops than James Bond, but they might suggest a larger message about the state of IT.  If users who are specially trained in paying close attention to detail and covering their tracks can have such a hard time, perhaps regular users can be cut a little more slack. - Caron