Skip Links

Tech pioneer John McAfee uses low-tech social engineering to spy on Belize heavyweights

By his own account his approach was technically unsophisticated

By , Network World
January 08, 2013 05:04 PM ET

Network World - Antivirus pioneer John McAfee spins tales of a Hezbollah plot to smuggle toxic powder into the U.S. that he uncovered when he spied on Belize officials in hopes of getting dirt on them in retaliation for their raiding his island home there, shooting his dog and stealing his stuff.

He rolls out his complex, disjointed narrative via his blog (he says he wrote partially while on the run from Belize police and military) and also through interviews he grants to sometimes gullible journalists -- and it's questionable how much of it is true and how much he just makes up.

BACKGROUND: Murder suspect/fugitive John McAfee defends himself via blog

MORE BACKGROUND: McAfee in a Guatemalan jail cell, still 'blogging'

Regardless, he purports to have spied on Belize police, politicians and power brokers as a way to get back at them for what he says they did to him.

For an operation designed by an antivirus pioneer, by his own description he employed only the most rudimentary of technical skills and relied heavily on socially manipulating his victims to gather intelligence, according to a top security consultant.

"It's standard stuff," says John Pironti, president of IP Architects, and leader of the security track at Interop. "Most of what he did was social engineering."

While there is only McAfee's word that he carried out anything, what he describes is a scheme in which he passed out 75 laptops tainted with key loggers and remote control capabilities to officials he wanted to spy on. The devices called home with lists of user names and passwords they harvested, and he turned on the cameras and microphones on some of the machines in hopes of learning more.

He supplemented that with what McAfee calls the pillow talk of his targets as told to the operatives he assigned to cozy up to them.

Yet for all the technical skills that he possessed as founder of the security company that still bears his name -- he left it in 1994 -- McAfee relied on personal deception and freeware to gather most of what he found out.

"These are common techniques that parents use on their own children," says Pironti. "He probably just downloaded freeware."

Indeed, in an interview with Alex Jones of InfoWars.com, McAfee notes that the key loggers he used could be downloaded from CNET for free.

In addition to reporting pillow talk, the operatives borrowed computers their targets previously owned and cellphones to infect the computers with spyware and to copy text messages to the phones, McAfee claims.

"It's not something that hasn't been done before," Pironti says, and the social aspects of the deception have their roots in the most ancient intelligence gathering.

Much of the success of McAfee's purported operation relied on the gullibility of his victims, who should have known better, Pironti says. "Using laptops or desktops from someone they don't know so well? That's a training issue. Shame on them for that one."

By gaining lists of usernames and passwords for some accounts visited by targets, McAfee could likely exploit other sites given people's tendency to reuse passwords account to account and site to site, Pironti says. And that is very powerful. "Once you get that level of credentialing it's all over," he says.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News