Wednesday, July 30, 2008

"Nailing bronze in the Tap-athlon...

...Sweden." Swedes may cherish openness and transparency, but not enough to accept a new law giving the government the right to snoop on all e-mails and phone calls crossing the country's borders. Outrage over the statute has led to 2 million protests — filed by e-mail... Swedish telecommunications group TeliaSonera AB and U.S.-based Google Inc. have called the law passed June 18 the most far-reaching eavesdropping plan in Europe, comparable to snooping powers authorized in the United States. The law narrowly passed Parliament in a 142-138 vote two weeks ago, despite protests that included demonstrators handing out copies of George Orwell's novel "1984" about a fictional futuristic police state. It gives Sweden's National Defense Radio Establishment, or FRA, the right to scan all international phone calls, e-mails and faxes without a court order as of January. (more)

 

"Nailing silver in the Tap-athlon...

...USA."

The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.

The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected...

DCS-3000 client, also known as Red Hook, handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information...

DCS-6000, known as Digital Storm, captures and collects the content of phone calls and text messages for full wiretap orders.

A third, classified system, called DCS-5000, is used for wiretaps targeting spies or terrorists. (more)

"Nailing gold in the Tap-athlon...

...China."

"The Chinese Government has put in place a system to spy on and gather information about every guest at hotels where Olympic visitors are staying," Senator Sam Brownback said.

The conservative Republican from Kansas, citing hotel documents he received, added that journalists, athletes' families and others attending the Olympics next month "will be subjected to invasive intelligence-gathering" by China's Public Security Bureau.

He said the agency will be monitoring internet communications at the hotels.

The US senator made a similar charge a few months ago but said that since then, hotels have come forward with detailed information on the monitoring systems that have been required by Beijing.

Senator Brownback refused to identify the hotels, but said "several international hotel chains have confirmed the existence of this order".

Spokesmen at the Chinese Embassy in Washington were not available for comment. (more)

Monday, July 28, 2008

Builders uncover 'bugging device'

Northern Ireland, UK - A suspected bugging device has been found at a house in Coalisland.

It is believed that Sean O'Farrell, an IRA member shot by the SAS in 1992, may have had some connection with the house.

Builders working at the house on Monday found a 60cm box-like object with batteries in a roof space. It is believed the device had been there since the early 1990s. (more)

Wi-Fi Wall to Block Outsiders

Meru Networks announced RF Barrier, the next salvo in the industry's on-going battle against piggybackers and hackers who access networks from parking lots or other areas within range of a corporate WLAN’s signal. Unlike counter-measures that use encryption to scramble sensitive data, RF Barrier fights fire with fire by transmitting over Wi-Fi signals that would otherwise propagate farther than intended.

"Wireless security has largely been about applying wired techniques [like encryption and IPS]," said Joe Epstein, Meru's senior director of technology. "But most really damaging attacks have taken advantage of wireless signal bleed into areas like parking lots. Those [passive eavesdropping attacks] are the worst because they cannot be detected electronically. This is where RF Barrier comes in, to stop signals from reaching perimeter attackers." (more)

How RF Barrier Works
from their press release...
"RF Barrier (patent pending) is installed by mounting a Meru Networks wireless access point along the inside perimeter of a building, and an advanced external antenna outside the perimeter. RF Barrier technology inspects the traffic in real time to determine which part belongs to the WLAN (and is therefore designated as sensitive) and uses the external antenna to block outbound traffic at the RF layer. Would-be attackers are limited in their ability to see useful packet information about the internal network.

Because RF Barrier uses directional antennas and selective enforcement technology, it has no impact on signals within the building or from other networks. Internal clients connect normally, with enterprise access points serving them at full speed. RF Barrier can be turned on and off as needed, giving enterprises the flexibility to allow access at certain times of day while restricting it at others." In short, it drowns out the real signal."
The fine print... "Available beginning in September 2008 for networks using any Meru 802.11a/b/g access points."

Eavesdropping on Skype, "...not a problem..."

There’s growing speculation coming out of Europe that there’s a backdoor in Skype that allows remote eavesdropping of telephone conversations.

A report in the reputable Heise Online says the issue was discussed at a meeting with ISPs last month where high-ranking officials at the Austrian interior ministry claims “it is not a problem for them to listen in on Skype conversations.”

The report said a number of others at the meeting confirmed that claim. (more)
The public believes Skype phone calls are encrypted; eavesdropping is not possible. This may yet be true. But, what if there is a back door? Why would a government official admit it? The bigger story here may be this is a serious intelligence leak, or an intelligence red herring. Stay tuned.
In the meantime, a little history...
Oct 15, 2003 - (See FutureWatch heading)
June 9, 2008 - Expect negative 'feedback' from FBI

Saturday, July 26, 2008

Grade "A" Hack Attack with VoIP Crack

GA - A college student was behind bars Friday night, accused of stealing his professor's identity to change his grades. Police called 19-year-old Christopher Fowler a computer hacker.

Investigators said the student also, "Hacked into their Voice/Internet Protocol system where it uses internet to make phone calls and intercepted phone conversations."

Fowler could get five years for an unlawful eavesdropping charge. (more) (video)

Friday, July 25, 2008

Crypt Your Stick - USB Vaults to Go

Remember?
Nato Secrets USB Stick Lost
Airport Laptop Searches - No Probable Cause Needed
Lax USB stick security causing havoc
More than 100 USB memory sticks lost admits Ministry of Defence

Don't want to be next?
Get a cryptstick.
There is
no excuse not to.
Many models to choose from...
Ironkey
Kingston DataTraveler Secure
Kingston DataTraveler Secure - Privacy Edition
Kingston DataTraveler Vault
Kingston DataTraveler Vault - Privacy Edition
Kingston DataTraveler BlackBox (government version)
SanDisk Cruzer® Titanium Plus
SanDisk Cruzer® Professional
SanDisk Cruzer® Enterprise FIPS Edition
SanDisk CMC (Central Management and Control) for IT Departments

Spy vs. Spy Display at State Department

Spy technology is now on display now in the lobby of the State Department Annex at 1400 Wilson Blvd. in Rosslyn, Va.

“Listening In: Electronic Eavesdropping in the Cold War Era” is an exhibit that pulls together spy technology circa 1955 through 1985. Produced by the Countermeasures Directorate’s Office of Security Technology in the Bureau of Diplomatic Security, the show displays a large array of Cold War era surveillance technology, including wired microphones and radio transmitters.

The U.S. Embassy in Moscow seems like it was one big recording booth in the 1960s. One photo shows Ambassador Henry Cabot
Lodge Jr. in 1960 holding a listening device that had been discovered inside a large wooden carving of the Great Seal of the United States, a gift from the Soviet Union in 1945. Hidden magnetic microphones were especially popular in U.S. embassies in Eastern Europe. These were small microphones attached to long wooden tubes that could be deeply recessed into embassy walls.

Even Cold War era typewriters had countersurveillance mechanisms built into them. Included in the exhibit is an IBM Selectric typewriter. It coupled a motor to a mechanical assembly, so
pressing different keys caused the motor to draw different amounts of current that were specific for each key. Close measurements of the current could reveal what was being typed on the machine. To prevent these measurements, State Selectric typewriters were equipped with “inertia” motors connected to a large flywheel. The spinning flywheel absorbed the stress of the mechanical assembly and masked the keys being typed. (more)
For more on the exhibit, click here.

SpyCam Story #453 - Spy'er Education

Tucked away in a 1,200-page bill now in Congress is a small paragraph that could lead distance-education institutions to require spy cameras in their students' homes.

It sounds Orwellian, but the paragraph — part of legislation renewing the Higher Education Act — is all but assured of becoming law by the fall. No one in Congress objects to it.

The paragraph is actually about clamping down on cheating. It says that an institution that offers an online program must prove that an enrolled student is the same person who does the work. (more)

Thursday, July 24, 2008

SpyCam Sunglasses

from the seller's web site...
"Sunglasses DVR Camera is the newest and most advanced spy camera with built in Video Recorder in the world. Unlike other device of this type, This sunglasses records everything you see and hear, without connecting to MP4 or other Recording source.

Cool hands free video recording any time any where. These quality Polarized lens sunglasses have a built-in 1.3 mega pixel self recording color camera
and real time (30 fps) digital video recorder. Internal 2GB memory and li-polymer rechargeable battery records for 5 hours continuously.

Up to 2GB Micro SD card (not Included) offers even more recoding time and easy storage of Audio and video. Stereo recording insures great sound quality to go along with the action. Ideal for outdoor activities such as bike riding, sporting events, snow skiing, tennis, and other events and SURE for SPY and INVESTIGATION." (more)
Why do I mention it?
So you know what you are up against!

VoIP Eavesdropping - How Difficult Is It?

by Stephan Varty, Vulnerability Analyst, in Nortel's Voice Security Blog...
Many people assume a certain level of confidentiality is assured when they use their phone. Concerns have been raised about the increased risk of someone eavesdropping on a VoIP call compared to a traditional PSTN call. Although the concern applies similarly to other VoIP protocols such as UNIStim, H.323, or SCCP as well, what follows is an opinion on the susceptibility of a SIP call to remote eavesdropping...

...due to common vulnerabilities such as missing or outdated patches, misconfiguration, and undetected software defects, it is likely that in many cases a determined sophisticated attacker would be capable of eavesdropping on unencrypted SIP calls. (more)

Lessons:
• Employ encryption.
• Install all software patches and updates.
• Double check your configurations.

Extra Credit:
Eavesdropping an IP Telephony Call

Tapped Out Friends Tap Friendship

IL - Two friends of former police officer Drew Peterson told a newspaper he made incriminating statements during secretly taped conversations following the disappearance of his fourth wife — claims that Peterson denies... Peterson said the couple had asked him for money and became angry when he would not lend it to them. (more)

Email Sinks Two Anchors - Keystroke Logger Helped

Philadelphia, PA - A longtime television newscaster was charged Monday with illegally accessing the e-mail of his glamorous former co-anchor, who suspected details of her social life were being leaked to gossip columnists.

Federal prosecutors say fired KYW-TV anchor Larry Mendte accessed Alycia Lane's and leaked her personal information to a Philadelphia Daily News reporter. Lane's personal life had routinely become tabloid fodder and eventually led to her own dismissal from the station.

"The mere accessing and reading of privileged information is criminal," acting U.S. Attorney Laurie Magid said. "This case, however, went well beyond just reading someone's e-mail." (more)

How Alycia Lane's passwords were tapped...
According to sources close to the case, former CBS anchor Larry
Mendte used a hardware keylogger system to obtain Alycia Lane's e-mail passwords. Keylogger systems secretly capture every keystroke made on a targeted computer.

Keyloggers come in two forms: software, which is installed on a computer, and hardware, which is a battery-sized recording device that is secretly attached to the cord between the keyboard and a computer. The precise type and brand of keylogger used in the Mendte case could not be determined, but sources said it was the hardware version. (more)

My all-time favorite newscasters. ~ KDM
(John Hart, Jon Stewart, Paul Harvey, Jim Hartz, Walter Cronkite, Susan Stamberg, Charles Osgood, Charles Kuralt, Lloyd Dobbins, Linda Ellerbee, Tom Snyder and you know who.)
















Rogue Lid Shuts Grid

Rogue laptops aren't the only rogues out there...
A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network,
altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.

Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.

Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.

Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said. He was taken into custody Sunday.
(more)

So, how do you protect yourself against insider hijacking?
One way to start...
• Don't give the keys to the kingdom to only one person.
• "Checks and Balance"
"Checks and Balance" "Checks..."
• Establish an admin / root password emergency reset plan.
• Bell your cat(5). Get notified when it hits the fan: Tripwire
• Keep my number handy. Rogues are know for their bug and wiretap tricks, too.

Wednesday, July 23, 2008

We think the Hamburglar is behind this one...

For the three weeks between July 25 and Aug. 14, 2008, kids can collect official Spy Gear gadgets with the purchase of a Happy Meal or Mighty Kids Meal at participating McDonald's restaurants.

Kids can embark on imaginative spy missions using six new Spy Gear toys offered exclusively at McDonald's: Secret Wrist Beam, Spy Guard Motion Alarm, Spy Disc Defender, Invisible Message Pen, Rear View Spy Scope and Mobile Message Bot.

The Spy Gear Happy Meal is timed with Wild Planet's 10th anniversary of making spy toys, and precedes the release of the company's first Spy Gear board games, Spy Trackdown and Spy Wire. (more)

"In becoming accustomed to such toys and the pleasures they bring, the seeds of an amoral and suspicious adulthood are unwittingly being cultivated." (more)

Whatta fun couple! "It's party time!" (fabadabaZap)

Lisa Cohen, 28, garnered media attention when she released tapes in March of her former fiance, Lee County Sheriff's Cpl. Michael DeTar, using a Taser on party guests.

Cohen pleaded guilty to three misdemeanor charges lessened from two felony charges against DeTar — eavesdropping and disrupting computer services for an authorized user. She pleaded guilty to stalking, making a false report and criminal mischief above $200.

Today...
...the Cape Coral woman who allegedly brought a gun into the Lee County Justice Center in March, pleaded no contest today to a misdemeanor charge of possession of a firearm in a restricted area. (more)
Extra Credit...
Tired of Tupperware?
Taser Parties - A Shocking Success (more)

SpyCam Story #452 - "What goes around...eh, Rod"

Alex Rodriguez's wife wants to know if he hired private detectives or had wiretaps installed to spy on her. Cynthia Rodriguez's lawyers demanded any surveillance information as part of a records request in the Miami divorce case.

The document asks for any tape recordings, photographs, reports from investigators or results from possible wiretaps. (more)

According to British tabloid The Daily Star, an unidentified man has come forward claiming that he secretly filmed Yankee star Alex Rodriguez and Madonna having sex, by use of a hidden camera installed in one of Madonna’s Kabbalah practicing friends’ home, who is also friends with him. (more)

Tuesday, July 22, 2008

Wikileaks Strikes - Canadian Wiretapping

from Wikileaks...
"In a dramatic turn of events, it has been revealed that a wiretap was issued on several protesters of the Mohawk tribe in Canada who were protesting poverty. The news story was leaked yesterday on Wikileaks in part because of a media ban on the subject.


According to the discussion page prosecutors were trying to ban the entire story from the media, but ultimately failed to do so...

In short, the law enforcement in charge of keeping the situation calm ordered a wiretap on the protesters without a court order. It's unlikely that the public will treat this aspect lightly because it puts into serious question just how far law enforcement is willing to go. In a country where privacy is of greater concern then in other countries, one might expect some form of outrage at some point in the near future." (more)
Wikileaks.org and "malignant activism" (Security Scrapbook, 2/17/03) are old alert topics for my security director clients. Today's leak is a good example of these warnings. Organizational attacks like these can be mitigated if an information security program - which includes counterespionage elements - is in place. ~ Kevin

Dark Knight Wiretapping Thoughts from The Web

"Did anybody else notice the strong anti-wiretapping note that Morgan Freeman’s character hits in Dark Knight?" (more)

"Normally, I’m not prone to political analysis of blockbuster movies, but “The Dark Knight” seems to beg for it with its consistent references to current events, most spectacularly in the wiretapping sequence." (more)

"Like Bush, Batman has his own warantless wiretapping program, but Nolan is kind enough to assure us that, once his goal is accomplished, the superhero will blow it up. Is he suggesting that we can count on the Dark President to do the same?" (more)

"Batman is truly trying to do the right thing for the citizens of Gotham even if he steps into gray (or black) areas. Did the wiretapping save dozens of lives? Yes. Did he use it for any other purpose? No. Was it destroyed after it was used to capture the most dangerous criminal in Gotham? Yes." (more)

...and from The New York Times...
Lucius Fox — Batman’s aide de camp and weapon-supplier — makes a brief civil liberties speech, and says he will only go along with the spying project once. ... Societies get the heroes they deserve. Seven years after Sept. 11, the United States is caught up in a misbegotten war in Iraq, is granting immunity to telecommunications companies that helped the Bush administration illegally spy on the public, and is unwilling to unequivocally renounce torture as a tactic. (more)

"Keep your berries in your pants 'ol chap."

UK - Concerns have been raised about the security of British secrets after a top political aide lost his BlackBerry device to a suspected Chinese spy, sources say.

The Sunday Times newspaper says one of Prime Minister Gordon Brown's most senior aides was the victim of a "honeytrap" scheme in which the man was lured to a hotel room by a woman he met in a disco in Shanghai, China, only to find the next morning that his BlackBerry device had been stolen. (more)

7 Mediterranean Islands of Carefree Wiretapping

Malta - Although the new telephone and Internet eavesdropping system commissioned by the Malta Communications Authority on behalf of the Malta Security Service began operating in October 2006, it has been up and running in the absence of a set of technical obligations that undertakings related to the system need to adhere to.

The lack of technical obligations, a situation that had persisted for at least close to a year and a half, leaves a concerning void in the regulation and operation of the State’s practice of tapping the Maltese public’s phone calls and monitoring their Internet communications. (more)

Money Card Bugs

A UK crime survey shows credit and debit card fraud has reached a record high of £535 million...new trend was the use of bugging devices which are fitted near shop tills to record the information stored on the magnetic microchip. (more)

Kids Science Camp - Learning to Become a Detective

WA - A group of 75-kids, from kindergarten to fifth grade...learned how to become a detective. They built a spy kit, including a homemade listening device.

"It was pretty fun. We made spy ears, pens. We made everything a detective has and stuff," said Brian McMurray, camper. (more)
Note to Washington State University - Tri-Cities teachers...
(oopsie)
It is illegal for private detectives, teachers and students to possess electronic eavesdropping devices. Besides, this is not what most detectives do, and parents may should object on moral grounds. The rest of the curriculum looks very worthwhile, however. No wonder all the classes are sold out!

Sunday, July 20, 2008

"Bad artists copy. Good artists steal." ~ P.P.

Brazil - Police have arrested a suspect in the heist of two Pablo Picasso prints from a museum in Sao Paulo and recovered one of the works, police and a museum official said Saturday.

Inspector Cesar Carlos Dias said information obtained through wiretaps of gang members involved in unrelated robberies led police to Ueslei Barros, the suspect in the July robbery. (more)
Want your own Picasso?
Make it yourself.
Click here.

"How Can I Stop My Ex From Bugging My Phone & PC?"

My ex is a Private Investigator, and I believe he is bugging my phone–and possibly my PC. What can I do to stop this and/or prosecute? I have Vonage and my phone goes through a cable connection, as does my pc.
Thank you,
Patricia
(answers)

Quote of the Week

"No matter which side of the wiretapping issue you stand on it is clear that the only way to conquer terrorism is to address the hopelessness and hatred at the root of it."
From a statement is issued by Remo, Inc.,
Remo D. Belli, CEO and Founder (more)

"And now for something completely different..."

UK - More than 100 USB memory sticks, some containing secret information, have been lost or stolen from the Ministry of Defence since 2004, it has emerged.

The department also admitted that more than 650 laptops had been stolen over the past four years - nearly double the figure previously claimed.

The Mod said it has no idea on when, where and how the memory sticks were lost.

The official total is now 658 laptops stolen, with another 89 lost. Just 32 have been recovered. (more)
Solution 1
Solution 2

Cell Phone Warning from India

Any smart phone - including Blackberry, Windows Mobile, iPhone and Symbian phones - can be hacked by a nerd with a little bit of code and some cunning.

And they don't stop at data and identity theft alone. Nor are they content with unleashing viruses on the operating system of your mobile. (Even Bluetooth makes your phone a potential target here.)

New Age mischief makers have learnt how to bug your phone and remote-control it. They can steal your bank information, send out a mischievous SMS to your girlfriend (who might just dump you!), copy your top-secret files or simply spy on every call/SMS you make from your phone. In fact, they can even 'modify' your SMSes before these are sent out to your contacts - and you wouldn't even know it.


That's not all. Hackers can also use your phone to spy on you by switching it on. They can activate the camera and eavesdrop on your discussions during a business meeting, or while you are secretly negotiating a lucrative job offer with a rival company. What's more, they can even do an audio/video recording by sending an SMS command...

So what should a user do? A few simple steps could go a long way. Adopt a multi-layered security approach. Protect mobile devices with antivirus, firewall, anti-SMS spam, and data encryption technologies and install regular security updates to protect phones from viruses and other malware. And yes, don't click blindly on any SMS, for someone may just be spying on you on the sly. (more)

Employee Instant Messaging Ban

Nearly three-quarters of U.K. businesses have banned the use of instant messaging (IM) citing security concerns, reports IM supplier ProcessOne.

The research noted that 88% of IT directors were concerned about the security risks created by employees using Windows Live Messenger, Yahoo Messenger and other IM services, with 56% citing the loss of sensitive business information as a primary concern. (more)
This ban - also being seen in US companies - is easy to enforce on corporate-owned networks. But, what about IM via personal cellular and laptop devices? Enforcement may seem impossible if the employee can snag a WiFi signal from a nearby coffee shop, hotel or unsecured appearance point.

If controlling unauthorized employee communications is an issue you are trying to solve, call me for the solution.

Saturday, July 19, 2008

Security Director Alert - Track Missing Laptops

...for FREE!
A security friend at [a very large] Corporation contacted me this week about laptop losses. His company experienced "a dramatic increase in the past year" - primarily when employees traveled on business.

He was studying the problem. Was this just street crime, or was his company being targeted for industrial espionage reasons?

I pointed him to pertinent Security Scrapbook articles. The trend is clear, but what about a simple solution?

Here it is (assuming you have already done encryption and employee awareness training)...

Researchers at the University of Washington and the University of California, San Diego, have launched a new laptop tracking service, called Adeona that is free and private.

Here's how it works: A user downloads the free client software onto a laptop. That software then starts anonymously sending encrypted notes about the computer's whereabouts to servers on the Internet. If the laptop ever goes missing, the user downloads another program, enters a username and password, and then picks up this information from the servers, specifically a free storage service that has been around for several years, called OpenDHT.

The Mac version of Adeona even uses a freeware program called isightcapture to take a snapshot of whomever is using the computer. (more)

Security Oddballs - Airplane Trap Door and More

Some security inventions are truly useful and will undoubtedly save lives, whereas others are so bizarre that one wonders how in the world they got patented. This list is about the latter...
Behold the Top 10 Strangest Anti-Terrorism Patents! (more)

The New Jersey Ninja
Officials in Barnegat briefly locked down five schools in the township Wednesday because... a librarian said a man dressed as a ninja, carrying a large sword, was running through the woods... the man (a camp counselor) wearing a karate gi, was carrying a plastic sword and was attending a party at a local middle school. (more)

"Don't have a karate gi?
How about a nice tie?"

The Walking Timebomb Tie
"This is our first in a series of 'Concealed Weapons' neckties. They are each double printed - a more subtle graphic is on the front only giving a slight clue to a more "loaded" graphic hidden on the back. The second image is concealed on the reverse until the wearer pulls it out for show and tell - or keeps it a secret to his/her self." (more)

George Carlin on Airport Security (Not safe for work.)

Unbreakable Fighting Umbrella Splits Watermelons, Defends Presidents
The entourage of the Philippine president, Gloria Macapagal-Arroyo, has an unusual secret weapon. Her security team defends the head of the government with umbrellas. Not ordinary umbrellas, but unbreakable fighting umbrellas. Watch the video to see the combat-brolly in action, and marvel as Thomas Kurz ("the world's foremost expert on flexibility training") viciously splits a watermelon in two. (more) (more)

FutureWatch - Coming to a cubicle near you.

Spy News (with Devil Ring Security Alert)

You Could Be An International Spy ...and not know it!
J. Reece Roth, an electrical engineering professor at the University of Tennessee, passed along a research paper to Sirous Nourgostar, a graduate student from Iran working under his supervision. It contained details on refined plasma actuator technology, which uses ionized gas to improve aircraft control. Roth was doing research on flight performance for a U.S. Air Force contractor and had relied on the assistance of Nourgostar and of Xin Dai, a Chinese national also studying under him... bad idea.

Roth, who pleaded not guilty, got entangled in a little-known area of export law that is alarming big business and scientific researchers. It covers transfers of controlled technological information to foreigners on U.S. soil. The transfers are considered exports because they are "deemed" to be going to the country where the recipient is a citizen. (more)


Want to Be A Spy ...and know it!
Britain's secret spy agency, home to the very white and very male 007, is hunting for women and minorities to tackle global terrorism. More than 20,000 people have applied since MI6 began its open recruiting campaign about a year ago... (more)


Spying Has Its Down Side ...know it!
A former Hewlett-Packard Co. vice president faces up to 10 years in federal prison after pleading guilty to stealing trade secrets from his former employer, IBM. (more)

A federal judge sentenced a former Pentagon analyst to 57 months in prison for his role in providing China with classified defense information. (more)

A French journalist was charged with revealing manufacturing secrets after a car magazine published photos of a Renault model three years before it was to be rolled out in dealer showrooms... Renault filed suit for industrial espionage in July last year after photographs of its latest-generation Megane, a small family model and one of Europe's most popular cars, ran in Auto Plus. (more)

Still Wanna Be A Spy? ...no!
"Ok, you're free to go."
...yes!
Then you will probably want a "Ring of the devil" in your kit.
"There has been quite some speculation about this video (YouTube) of a magnetic ring that is used to open some models of Uhlmann & Zacher lock. Now, it is confirmed by the company itself the trick works." (more)

Monday, July 14, 2008

Industrial Espionage - Russia vs. United Kingdom

The British Foreign Office confirmed on Friday that Russia has accused the British Embassy's top trade official in Moscow of espionage.

On Thursday, Russia's Interfax news agency reported that the head of the British Embassy's trade and investment sector, Christopher Bowers, was believed to be a senior British intelligence officer.


The British Foreign Office has confirmed that the accused diplomat was the acting head of the embassy's trade and investment section. (more)

Industrial Espionage - Saab AB

A Swedish court has remanded a 48-year-old man suspected of industrial espionage against Swedish space and defense company Saab AB.

Swedish news agency TT says the suspect is being detained on suspicion of industrial espionage, unauthorized trade with secret information, and attempted extortion. (more)

Saturday, July 12, 2008

The Ultimate in Secure Business Meetings

Historic caves
thwart all eavesdroppers!





About 1000 feet into the white-walled chalk caves is a 40-foot diameter meeting room. Notables who have held their secret meetings here included Benjamin Franklin, Sir Francis Dashwood and their celebrity friends from the 1700's.

They required privacy for their 'Hellfire Club' meetings (rumored to be orgies). These days, corporate privacy needs are based on risk more than risqué.

Located just outside of London, the caves are available for corporate functions and parties.
Capacity...
Receptions: 120 people
Buffet: 100 people
Dinner: 50 people

Whiterock Defence, an international provider of information security services located near The Hellfire Caves, can help you secure this facility for a most memorable meeting. Contact Crispin Sturrock at +44 (0) 1494 538 222, or via email contact@whiterockdefence.com for complete details.

This past week, I visited The Caves for the second time.
You won't be disappointed. ~ Kevin

Friday, July 11, 2008

Did You Know... Court Approves Airport Laptop Searches - No Probable Cause Needed

All of the contents on a laptop can now be searched without wrongdoing or suspicion from U.S. Customs agents according to a recent federal appeals court ruling (PDF).
Expect the same level of privacy when visiting other countries as well.

(more)

Now, what are you going to do about it?
Here are some ideas and products to help you...
• Have a travel laptop. No data on the hard drive.
• Keep only necessary data on a secure USB stick.
• If you must keep sensitive data on your drive, encrypt it...
-- TrueCrypt 6.0 - The latest version of the free drive-encryption tool can shield sensitive data from prying eyes at home and abroad. Bonus - There is no way to prove that a hidden encrypted volume even exists on your drive unless you volunteer that information. TrueCrypt 6.0a is available now for Windows, Mac OS X, and Linux systems, including Windows Vista. (review)

A World Guide to Legal Interception

Need to know if "they" can legally...
bug, tap, or sap your text messages and email?
Check out this new guide to interception laws worldwide.
30+ countries covered.

THE READY GUIDE TO INTERCEPT LEGISLATION 2

Executive Alert - Your Trip to China

from Forbes Magazine...
When traveling to China for the Olympics this summer, leave any expectation of privacy at the border. Instead, prepare for possible eavesdropping and surveillance--from listening devices in hotel rooms to bugged laptops and personal digital assistants to informers posing as friendly strangers.


Those who laugh at the seeming paranoia would be wise to remember that the U.S. recently accused Chinese authorities of allegedly copying data from the laptop of a visiting trade official last year and attempting to hack into the Commerce Department. The Chinese denied the allegations.

The U.S. Department of State advises tourists not to expect privacy in public or private locations, particularly in hotels, but a spokesman declined to comment further.

Wang Baodong, a spokesman for the Chinese embassy in Washington, D.C., was almost as tight-lipped. He declined to address specific allegations of spying on foreigners at the Olympics.

"No special security measures will be arranged beyond universally adopted international practice at public venues, hotels and offices in China," he says. "Privacy in China will be guaranteed according to the law."

But security experts say that Chinese law has few protections for individual privacy...

Bruce McIndoe, president of the security consulting company iJet, routinely warns his corporate clients about threats to their electronic security.

"What business people need to be aware of," he says, "is that the Chinese are very clear about who is coming into the country. You could be a senior level executive or a scientist and they will target you for surveillance."
(more)
How To Safeguard Your Privacy In Beijing - the short list.

Wednesday, July 2, 2008

Did You Know #172 - Credit Card Standards

If you have anything to do with credit cards,
you need to know this...


"Credit card companies want you to charge it
and they know that concerns about identity theft might possibly slow down your card use — so it is in their best interests to make sure that a solid security standard is in place to protect you. The standard has turned into a requirement for everyone who takes a credit card and that turns out to be literally millions of grocers, retailers, online retail outlets, government agencies, convenience stores, utilities — almost everyone. So the PCI-DSS standard may be the most widely applied information (data) security standard in the world.

With such a widespread and critical standard, there is confusion about how to meet the standard because just doing a self-assessment isn’t enoughyou are also required to do penetration tests on your systems that handle and transmit this electronic customer information and ATTEST that you use the standard in your information systems.

This includes having strong firewalls that protect cardholder data and making sure to remove the generic vendor-supplied passwords; using good storage devices for sensitive customer information and encrypting data that flows over your network. In addition, the card manager has to use anti-virus software, and also build secure systems. Once proper controls are in place, these controls need to be monitored and tested..."
Which leads us to the author of this piece.
Get to know her.

Caroline R. Hamilton is the Founder of RiskWatch, Inc. She offers twelve specialized risk assessment software programs which are used by thousands of her clients all over the world and in virtually every type of security assessment, gap analysis, and compliance assessment.

Murray Associates can assist you with the technical end of
Wireless LAN compliance for PCI-DSS and...
• Sarbanes-Oxley Act – U.S. Public Companies
• HIPAA – Health Insurance Portability and Accountability Act
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act
• PCI-DSS – Payment Card Industry Data Security Standard
• FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense Global Information Grid
• ISO 27001 – Information Security Management
• Basel II Accord – Banking
• EU - CRD (Cad 3) – EU - Capital Requirements Directive - Banking