Tech pioneer John McAfee uses low-tech social engineering to spy on Belize heavyweights

Antivirus pioneer John McAfee spins tales of a Hezbollah plot to smuggle toxic powder into the U.S. that he uncovered when he spied on Belize officials in hopes of getting dirt on them in retaliation for their raiding his island home there, shooting his dog and stealing his stuff.

He rolls out his complex, disjointed narrative via his blog (he says he wrote partially while on the run from Belize police and military) and also through interviews he grants to sometimes gullible journalists -- and it's questionable how much of it is true and how much he just makes up.

BACKGROUND: Murder suspect/fugitive John McAfee defends himself via blog

MORE BACKGROUND: McAfee in a Guatemalan jail cell, still 'blogging'

Regardless, he purports to have spied on Belize police, politicians and power brokers as a way to get back at them for what he says they did to him.

For an operation designed by an antivirus pioneer, by his own description he employed only the most rudimentary of technical skills and relied heavily on socially manipulating his victims to gather intelligence, according to a top security consultant.

"It's standard stuff," says John Pironti, president of IP Architects, and leader of the security track at Interop. "Most of what he did was social engineering."

While there is only McAfee's word that he carried out anything, what he describes is a scheme in which he passed out 75 laptops tainted with key loggers and remote control capabilities to officials he wanted to spy on. The devices called home with lists of user names and passwords they harvested, and he turned on the cameras and microphones on some of the machines in hopes of learning more.

He supplemented that with what McAfee calls the pillow talk of his targets as told to the operatives he assigned to cozy up to them.

Yet for all the technical skills that he possessed as founder of the security company that still bears his name -- he left it in 1994 -- McAfee relied on personal deception and freeware to gather most of what he found out.

"These are common techniques that parents use on their own children," says Pironti. "He probably just downloaded freeware."

Indeed, in an interview with Alex Jones of, McAfee notes that the key loggers he used could be downloaded from CNET for free.

In addition to reporting pillow talk, the operatives borrowed computers their targets previously owned and cellphones to infect the computers with spyware and to copy text messages to the phones, McAfee claims.

"It's not something that hasn't been done before," Pironti says, and the social aspects of the deception have their roots in the most ancient intelligence gathering.

Much of the success of McAfee's purported operation relied on the gullibility of his victims, who should have known better, Pironti says. "Using laptops or desktops from someone they don't know so well? That's a training issue. Shame on them for that one."

By gaining lists of usernames and passwords for some accounts visited by targets, McAfee could likely exploit other sites given people's tendency to reuse passwords account to account and site to site, Pironti says. And that is very powerful. "Once you get that level of credentialing it's all over," he says.

The lesson? "Social engineering is still the most effective attack we have in the world. Without it, this would have been unsuccessful," Pironti says.

Still McAfee did a good job setting up his network. "He was a software, computer, security guy -- the right factors to help a social engineering team work better," he says. "He was organizing this in a fairly sophisticated way where he had the funds to do this."

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at and follow him on Twitter @Tim_Greene.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags McAfee Belize on the runmcafeesecurityJohn McAfeeMcAfee spying

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts