Security Director Alert - Information Technology, Government, Healthcare, Financial, Insurance, and Media Sectors

via counterespionage-news.com

Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are aware of a widespread campaign from an Iran-based malicious cyber actor targeting several industries mainly associated with information technology, government, healthcare, financial, insurance, and media sectors across the United States.

The threat actor conducts mass scanning and uses tools, such as Nmap, to identify open ports. Once the open ports are identified, the threat actor exploits CVEs related to VPN infrastructure to gain initial access to a targeted network.

After gaining initial access to a targeted network, the threat actor obtains administrator-level credentials and installs web shells allowing further entrenchment. After establishing a foothold, the threat actor’s goals appear to be maintaining persistence and ex-filtrating data. This threat actor has been observed selling access to compromised network infrastructure in an online hacker forum. more

Security Director Alert - Well Produced Information Security Awareness Videos for Employees

Foreign intelligence entities, which may include foreign governments, corporations, and their proxies, are actively targeting information, assets, and technologies that are vital to both U.S. national security and our global competitiveness. 

Increasingly, U.S. companies are in the cross-hairs of these foreign intelligence entities, which are breaching private computer networks, pilfering American business secrets and innovation, and carrying out other illicit activities.

The National Counterintelligence and Security Center is dedicated to raising awareness among government employees and private industry about these foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard that which has been entrusted to their protection.

The following products will enable personnel to better understand these threats and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access. It will also serve to help them protect their personal, confidential information that may be used by others to gain their trust. more

Videos:
Social Media Deception Trailer
Social Media Deception
Social Media Deception Full Video
Social Engineering
Spear Phishing (30 second trailer)
Spear Phishing 2017
Spear Phishing Full Video
Travel Awareness
Human Targeting
Supply Chain Risk Management
Economic Espionage  (True story.)

NJ Spycam'er Gets Slammer

A Williamstown, New Jersey, man was sentenced to 180 months in prison for receiving images and videos of child sexual abuse and for producing child pornography using a hidden camera in his bathroom, Acting U.S. Attorney William E. Fitzpatrick announced. more

Security Director Alert - Russian Cyber Activity, GRIZZLY STEPPE

The Department of Homeland Security (DHS) has released a Joint Analysis Report (JAR) that details Russian malicious cyber activity, designated as GRIZZLY STEPPE. 

This activity by Russian civilian and military intelligence services (RIS) is part of an ongoing campaign of cyber-enabled operations directed at the U.S. Government and private sector entities.

DHS recommends that network administrators review the Security Publication for more information and implement the recommendations provided.

The Spy Who Couldn't Spell Straight

...and now we're going to hear a story that sounds just too bizarre to be true. 

More than a decade before Edward Snowden famously leaked thousands of classified records to the world, another U.S. government contractor tried a similar move the old-fashioned way. His name is Brian Regan. And in 1999 and 2000, he smuggled classified documents out of his office and buried them in the woods hoping to sell them to a foreign government. But he was foiled in part by his own terrible spelling.

This thrilling story is out this month in a new book called "The Spy Who Couldn't Spell: A Dyslexic Traitor, An Unbreakable Code And The FBI's Hunt For America's Stolen Secrets." Michel Martin talked with author Yudhijit Bhattacharjee about the strange story of Brian Regan.

MM: Why do you think most people have never heard of this story?

YB: The main reason is that Brian Regan was arrested just two weeks before 9/11. And so his story got completely overshadowed by the coverage of what was arguably the biggest story of the last 20 years... more

Amazon Mute on Echo Eavesdropping

We may never know if the feds have hijacked Amazon Echo.

Amazon has so far issued two transparency reports since it began declaring how many government data demands and wiretap orders it receives.

Both reports outlined how many subpoenas, search warrants, and court orders the company received to cloud service Amazon Web Services. While its cloud makes up a significant portion of the data that it gathers, the company also collects vast amounts of data from its retail businesses, mobile services, book purchases, and requests made to Echo.

But an Amazon spokesperson wouldn't comment on whether the company will expand its transparency report. more

Business Espionage: FBI's 6-Step Advice

Via REI press release: Corporate Espionage Continues to Grow


Companies should be on guard and take the following steps to protect business related information, as stated on the FBI´s website:

1. Recognize there is an insider and outsider threat to your company.

2. Identify and valuate trade secrets.

3. Implement a proactive plan for safeguarding trade secrets. (call here for assistance)

4. Secure physical and electronic versions of your trade secrets.

5. Confine intellectual knowledge on a “need-to-know” basis.

6. Provide training to employees about your company’s intellectual property plan and security.

Concerns for Energy Espionage Climb

The FBI is warning U.S. energy companies that the oil industry's downturn is increasing their vulnerability to theft of technological secrets.
 
Companies that long have faced the prospect of economic espionage must now be prepared for the possibility that workers who have been laid off could be targeted by foreign entities and competitors wanting to steal intellectual property. 

"FBI investigations indicate economic espionage and trade secret theft against U.S. oil and natural gas companies and institutes are on the rise," according to an unclassified briefing report prepared for the energy industry.

Agents shared the report recently with about 150 energy sector executives, managers and others who gathered behind closed doors at the FBI building... more

The 2017 Intelligence Authorization Act

As part of its continuing push for ever greater surveillance powers, the FBI is hoping that a new bill, known as the 2017 Intelligence Authorization Act, will be enacted into law, as the proposed legislation makes it possible for the agency to read emails without a warrant. It’s already been given Senate Intelligence Committee approval and will next be considered by the Senate as a whole....

Essentially, the bill would extend current FBI powers authorized by the Patriot Act, which allows the government to force telecoms companies to hand over phone records on individuals suspected of terrorism and other crimes. Known as a National Security Letter, recipients are not allowed to speak about the FBI investigation either, essentially gagging the companies and individuals involved.

...If enacted, sending such a letter would not require a court order, nor require any oversight from external organizations whatsoever.

That’s the aspect of the bill that lone-Senate Intelligence Committee dissenter, Ron Wyden, highlighted as part of his no vote.

“This bill takes a hatchet to important protections for Americans’ liberty,” he said (via CNet). “This bill would mean more government surveillance of Americans, less due process, and less independent oversight of U.S. intelligence agencies.” more

New Old News - Official Warning - Wall Wart Eavesdropping Device

(My clients received their warning on January 14, 2015. ~Kevin)

FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.

FURTHER READING

MEET KEYSWEEPER, THE $10 USB CHARGER THAT STEALS MS KEYBOARD STROKES

Always-on sniffer remotely uploads all input typed into Microsoft Wireless keyboards.

The FBI's Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks.

To lower the chances the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers that are nearly ubiquitous in homes and offices.

"If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information," FBI officials wrote in last month's advisory. "Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen." more

"Alexa, can you be used by outsiders for eavesdropping?"

via Matt Novak
"Back in March, I filed a Freedom of Information request with the FBI asking if the agency had ever wiretapped an Amazon Echo. This week I got a response: “We can neither confirm nor deny...”
We live in a world awash in microphones. They’re in our smartphones, they’re in our computers, and they’re in our TVs. We used to expect that they were only listening when we asked them to listen. But increasingly we’ve invited our internet-connected gadgets to be “always listening.” There’s no better example of this than the Amazon Echo.

In many ways the Echo is a law enforcement dream." (...or any hacker, snoop or spy.) more more

Slow News Day in Spiesville

Disorder Convinced This Guy His Cat Was a Spy
You may have heard of Capgras syndrome, an eerie delusion that convinces people their loved ones have been replaced with nefarious clones. This is like that, only eerier: Due to what appeared to be a version of that syndrome, a 71-year-old man became “obsessed” with the idea that his cat had recently been replaced with an impostor cat, sent by the FBI to spy on him. The man’s ordeal was recently reported by the Discover blog Neuroskeptic, drawing from the case study in the journal Neurocase.

The Patient: This man, who is not named, had a history of heavy drinking and head injuries from his ice-hockey days; he had also been diagnosed with bipolar disorder. About six years before the cat-related delusion began, he stopped taking his anti-psychotics and soon became “acutely paranoid." The case-report authors write that he would pass his wife "written notes stating that their house was being monitored, and often mistook persons in parking lots for Federal Bureau of Investigation agents.” more

------

Edward Snowden inspires spy video game

A new video game aiming to expose “suffocating privacy invasions” carried out by intelligence agencies has drawn some of its inspiration from controversial National Security Agency whistleblower Edward Snowden.

The game, called “Need to Know,” requires players to climb the ranks of the fictional “Department of Liberty,” a government agency seemingly based on the NSA, whose mass surveillance programs Mr. Snowden exposed through leaks in 2013, Newsweek reported.

Players must decide whether to spy on citizens to gain information or leak intel from the department to underground media groups.

The game was developed by Australia-based Monomyth Games. The company hopes to raise $29,000 through crowdfunding to complete the game.

“Electronic surveillance is a huge issue for everyone today, and will only grow more pressing,” the game’s Kickstarter page reads. “Need to Know lets you spy on citizens’ texts, emails, geodata, and much more. How you’ll use this information is where the real excitement (and moral conflict) begins.” more

FBI Investigates Drone Crash Outside NJ Refinery

Industrial espionage, terrorists, or innocent hobbyist? You decide.

The FBI and local police are investigating after a drone fell out of the sky and crashed into a truck in New Jersey on Wednesday morning.

As CBS2’s Christine Sloan reported, of particular concern to authorities is that the incident happened on a road just outside a Phillips 66 refinery in Linden.

The driver of the truck apparently got out and had words with the operator of the drone, who took off, investigators said.
John Victor Jacobson, head of New Jersey-based Drone Service Systems, said he cannot think of a good reason to fly one of these air crafts in such a sensitive area. more

This location is also very close to Newark Airport, to the South of its runway flight path. 

Video Game Trade Secret Theft - Next Adventure - Game of War: Anul Stage

A manager at a maker of a popular videogame was arrested last week as he tried to board a plane for Beijing after allegedly stealing trade secrets, according to a federal criminal complaint unsealed Tuesday.

Jing Zeng, 42 years old, of San Ramon, Calif., allegedly downloaded data on how users interact with Game of War: Fire Age, one of the top-grossing games in Apple Inc.’s App Store. Mr. Zeng was a director of global infrastructure for the game’s maker, Machine Zone Inc...

On his LinkedIn profile, Mr. Zeng says that he left Machine Zone last month.

His current position: “Ready for next adventure.” more

J. Wallace LaPrade, New York F.B.I. Chief in ’70s, Dies at 89

J. Wallace LaPrade, who oversaw the safe return of several celebrity kidnapping victims and was later fired as the Federal Bureau of Investigation’s New York chief, accused of not being forthcoming about the bureau’s role in illegally investigating radical groups in the 1970s, died on July 31 in Lexington, Va. He was 89. more 
(Thank you for giving me what I needed to get through college.)

New FBI Blockbuster Movie on Economic Espionage (2 Thumbs Up)

The Company Man: Protecting America's Secrets run-time is 36 minutes. Watch it when you have the time. I promise you, it is as suspenseful and entertaining as anything on TV or in the movies. Plus, it is a true story. Be sure to visit the 'movie FAQ' link after the movie ends.



Industries in the United States spend more on research and development than any other country in the world. The amount of effort and resources put into developing a unique product or process that can provide an edge in the business world is not unsubstantial. But what happens if someone comes in and steals that edge—a company’s trade secrets—for the benefit of a foreign country? The damages could severely undermine the victim company and include lost revenue, lost employment, damaged reputation, lost investment for research and development, interruption in production—it could even result in the company going out of business. more movie FAQ

The Contorted Case of John Large Under Antiquated Wiretapping Laws

PA - Concerned about the care his disabled daughter was receiving in a Bethlehem nursing home, John Large set out last June to register his complaint with an administrator.

Tired of the he-said-she-said nature of their previous conversations, Large went to the HCR Manor Care facility on Westgate Drive prepared to make a recording of the meeting.

Unbeknownst to Patricia Zurick, the director of nursing services, Large used a video recording device concealed in a pair of glasses to capture the sometimes heated hourlong discussion, court papers say.

No one would have been any the wiser except that Large mailed a DVD containing the footage to an FBI field office in Scranton, according to court documents.

The FBI saw the video as a potential violation of wiretap laws, Large's attorney said. Agents forwarded the DVD to Bethlehem police, who charged Large with intercepting communications and possession of a device for intercepting communications.

Large, 50, of Lansford, was held in Carbon County Jail until April, when Lehigh County Judge Robert L. Steinberg ordered the charges dismissed.

In his opinion, Steinberg wrote that because Zurick's office door was open — she testified that she left it open because she was scared of Large — she had no expectation of privacy, a crucial element for determining whether a secret recording is illegal. And because investigators never determined what kind of device Large had used to make the video, Steinberg wrote, the charge of possessing a device for intercepting communications could not be sustained.

He added that Pennsylvania's wiretap law is not keeping pace with the widespread adoption of technology such as tablet computers and Google Glass — essentially a smartphone contained in eyeglass frames. more

Cardinals Hack Astros - Baseball Spygate

More details are emerging about the federal investigation into whether Cardinals employees may have hacked into the Houston Astros database. 

The latest revelations come from an unnamed law enforcement official who is reportedly familiar with the FBI’s investigation into the Cardinals. That official told Yahoo Sports that the computer used to allegedly hack into the Astros network was located in a Jupiter, Florida house. Jupiter is of course where the Cardinals hold spring training.

The law enforcement official also told Yahoo Sports that a number of Cardinals employees used the house and that the data stolen during the alleged hacking provided insight regarding the Astros opinions on players and the teams trade talks. The New York Times initially broke the story about the alleged hacking investigation on Tuesday. more

Book: HOW TO CATCH A RUSSIAN SPY: The True Story of an American Civilian Turned Double Agent

How an American slacker caught a Russian spy at a New Jersey Hooters

Naveed Jamali, a smart, young New York techie, somehow spent three years going toe to toe with a Russian intelligence officer who thought he was developing an asset, even though all the while Jamali was quietly collaborating with U.S. federal agents.

The fast-paced, occasionally stressful, often hilarious and invariably self-involved story of how it all went down is the subject of “How to Catch a Russian Spy.” more

Private Investigators Are Being Nailed for Hacking

Private investigators may be the newest front for federal prosecutors in cracking down on the hacker-for-hire business.

In the coming weeks, a private investigator in New York is expected to plead guilty to charges of paying a so-called hacker-for-hire firm to steal email passwords and credentials, said three people briefed on the matter, who spoke on the condition of anonymity because no charges had been filed yet. The guilty plea would wrap up a nearly yearlong investigation by the Federal Bureau of Investigation and federal prosecutors in New York.

Separately, federal prosecutors in San Francisco on Wednesday announced the indictment of two private investigators and two computer hackers on charges that they illegally entered email and Skype accounts to gather information for matters they were working on for clients. Some of the illegally gathered information was intended to support a lawsuit, authorities said.

The identity of the private investigator in New York, who works for a small firm, could not be determined.
(more)