Feeds

John McAfee the Belize spymaster uncovers 'ricin, terrorist plots'

Tycoon: I gave bigwigs laptops stuffed with surveillance malware

Beginner's guide to SSL certificates

Infosec daredevil John McAfee claims he became a spymaster in Belize after giving laptops infected with espionage malware to police and government officials.

McAfee, who moved to the central American low-tax haven some years ago, further claimed he supervised a ring of 23 women and six men as operatives, and tasked them with striking up relationships with targets and extracting secrets.

The eccentric millionaire hatched the scheme after a crack Belizean cop squad raided one of his properties, shot one his dogs and seized hundreds of thousands of dollars in kit. The Gang Suppression Unit was searching for a supposed meth lab and guns but found nothing. No charges were brought but the incident put the founder of antivirus biz McAfee Inc at loggerheads with the authorities.

In a quest to exact revenge after receiving no apology for the bungled bust, McAfee set himself up as a spymaster, as explained in a lengthy article on his official WhoIsMcafee.com blog:

I purchased 75 cheap laptop computers and, with trusted help, installed invisible keystroke logging software on all of them – the kind that calls home (to me) and disgorges the text files. It also, on command, turns on and off the microphone and camera – and sends these files on command.

I had the computers re-packaged as if new. I began giving these away as presents to select people – government employees, police officers, cabinet minister’s assistants, girlfriends of powerful men, boyfriends of powerful women.

I hired four trusted people full time to monitor the text files and provide myself with the subsequent passwords for everyone’s email, Facebook, private message boards and other passworded accounts. The keystroke monitoring continued after password collection, in order to document text input that would later be deleted. So nothing was missed…

I next collected my human resources for the complex social engineering I would have to do. I arranged with 23 women and six men to be my operatives. Eight of the women were so accomplished that they ended up living with me. It was amazingly more efficient and they were easily convinced to check up on each other. One was so accomplished that she became a double agent and nearly got me killed.

The tech tycoon claimed he infiltrated two national telcos using his operatives in order to tap the phone lines of his enemies. He further claimed various social engineering tricks were put into play.

In all, McAfee reckons he set up an extensive spook network with tentacles into every aspect of life in Belize. By his own account, the malware maverick was looking for evidence of corruption to turn the tables on those who trashed his property.

But what he apparently found were details of extramarital affairs and far more disturbing information. He alleged data uncovered showed that officials were helping Hezbollah-aligned terrorists to get Belizean passports and identification cards.

Mostly this supposed intelligence came from electronic taps on immigration department computers but McAfee claims he had some human intelligence as well:

I had located an individual working in immigration who was trustworthy and willing to talk. I discovered that an average of eleven Lebanese males were given new identities each month. One month there were sixteen.

McAfee claims he sent one of his female operatives to befriend one of these Lebanese militants, who supposedly turned out to be sexually violent and intent on using Belizean papers to gain entry to the United States:

Belize is clearly the central player in a larger network whose goal is to infiltrate the US with individuals having links to terrorist organizations. What is different today from the wholesale Belizean passport selling of ten years ago, is that the false citizenships that are created for these men are coupled with a network of handlers designed to move the individuals, and their cargo, into the US

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.