Sunday, January 31, 2010

Business Espionage - Government Bugs Taps & Hacks

UK - The security service MI5 has accused China of bugging and burgling UK business executives and setting up “honeytraps” in a bid to blackmail them into betraying sensitive commercial secrets...

The warning to British businessmen adds: “Hotel rooms in major Chinese cities, such as Beijing and Shanghai, which are frequented by foreigners, are likely to be bugged ... hotel rooms have been searched while the occupants are out of the room.”  

It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.” (more)

The Bigger Picture - Many countries engage in business espionage. Bug and wiretap attacks happen more in the business's country than in the spying country – that's where the strategic conversations are held. If your organization does not have a coherent counterespionage strategy yet, consult with a specialist before your pockets are picked, and your executives fall victim to blackmail. Good start... Regularly scheduled inspections of your offices for electronic surveillance devices an espionage vulnerabilities.

Friday, January 29, 2010

Detecting Unwanted Cell Phone Use

There are places when you just don't want cellular communications... financial trading floors, certain hospital areas, conference and Board rooms where sensitive meetings are held, to name a few. "What's the solution?"

Forget the obvious. Although radio-frequency jamming gadgets are easy to obtain, they are not legal here in the United States.
Here is what you can do...
• Establish a written "no wireless" policy for your organization.
• Set up a system for storing electronic communications gadgets before allowing entry into a secured area.
• Alternatively, ask people to turn off their communications devices.
• Monitor compliance. "How?"

Here are two detection methods...

General Alert - Install a low-cost cellular receiver (SureSafe, pictured above). It will trip an alarm, turn on a light, or make a voice announcement whenever it detects a cellular transmission within its 1-20 meter range. (more)

Specific Alert - This pricier system, called AirPatrol, can pinpoint on a computer map (to ≈2 meters) where the offending device is located. It can also be used to locate rogue Wi-Fi devices. Very cool! (more)

Thursday, January 28, 2010

Press Tapper Convicted

Italy - Giuliano Mignini, the chief prosecutor in the Meredith Kercher trial, has been convicted of abuse of office and bugging the phones of journalists. 

Mr Mignini, who succeeded in having the American student Amanda Knox jailed for 26 years for murdering her British flatmate in Perugia in 2007, was convicted in relation to a separate case regarding a notorious serial killer known as the Monster of Florence.

He was sentenced by a Florence court to a year and four months in prison, but will remain free pending the two stages of appeal available to him under Italian law and will be allowed to continue working. (more)

ZigBee Eavesdropping


Software error in ZigBee radio modules facilitates eavesdropping.

As reported by developer Travis Goodspeed on his blog, a weakness in the way Z-Stack, Texas Instruments' open source wireless communication protocol stack used in its ZigBee radio modules, generates pseudo-random numbers makes it easier for an attacker to eavesdrop on encrypted communications. This is not the first occasion on which Goodspeed has hit the headlines for his cryptographic analyses of ZigBee modules.

The weakness allows attackers to eavesdrop on wireless communications for devices such as automation systems and sensors and potentially even to access these devices. The vulnerability is of particularly concern in view of the widespread use of smart electricity meters in the USA. Some electricity providers use ZigBee to transfer data from electricity meters to base stations. (more)

Wiretapping at the DMV

A published report says North Carolina's former Division of Motor Vehicles commissioner had telephone equipment installed that would let them eavesdrop on calls to any phone line at the agency's headquarters. The News & Observer of Raleigh reported Friday that the technician who installed the equipment testified about the system before a federal grand jury. George Tatum, who resigned as DMV commissioner in 2007, did not respond to phone messages and an e-mail seeking comment Friday. (more)

UPDATE
Federal authorities are investigating whether the former commissioner of the state Division of Motor Vehicles illegally wiretapped the phone calls of agency employees.

George Tatum, who resigned in 2007 amid a corruption scandal, had a special telephone in his office that allowed him to listen in on the calls of his subordinates without their knowledge, according to current DMV officials. Greg Lockamy, who retired unexpectedly last year after serving as the agency's internal affairs director, also had a phone set up for secret eavesdropping.

State law forbids intercepting phone calls without a warrant unless at least one person in the conversation is aware the monitoring is taking place.

Tatum, now the director of emergency management at Fayetteville State University, did not respond to repeated requests for comment this week...

Brent Parrish, a telephone technician at DMV, was subpoenaed to appear before the federal grand jury hearing evidence in a wide-ranging investigation of former Gov. Mike Easley. Parrish said Tuesday he testified Sept. 16 about the special features on Tatum's phone...

Parrish, the technician, said the DMV phone system allows managers supervising the agency's call center to monitor conversations with the public. Those calling the DMV with questions about license renewal and other issues hear a recorded disclaimer informing them their calls might be monitored for quality assurance.

Parrish said Tatum and Lockamy also had the function installed on their phones, allowing them to listen in on any phone line at DMV headquarters, including those of other high-ranking administrators.

The technician said the function allowed Tatum to program his phone so that a "busy light" would indicate when particular lines were in use. The commissioner could then pick up his phone and press a button to listen to the call, with his handset automatically muted. Those on the line would have no indication their call was monitored. (more)

Tuesday, January 26, 2010

Espionage Flash: Wiretappers Caught in the Act

LA - Alleging a plot to wiretap Democratic Sen. Mary Landrieu's office in the Hale Boggs Federal Building in downtown New Orleans, the FBI arrested four people Monday, including James O'Keefe, a conservative filmmaker whose undercover videos at ACORN field offices severely damaged the advocacy group's credibility.

Also arrested were Joseph Basel, Stan Dai and Robert Flanagan, all 24. Flanagan is the son of William Flanagan, who is the acting U.S. Attorney for the Western District of Louisiana, the office confirmed. All four were charged with entering federal property under false pretenses with the intent of committing a felony.

According to the FBI affidavit, Flanagan and Basel entered the federal building at 500 Poydras Street about 11 a.m. Monday, dressed as telephone company employees, wearing jeans,  fluorescent green vests, tool belts, and hard hats. When they arrived at Landrieu's 10th floor office, O'Keefe was already in the office and had told a staffer he was waiting for someone to arrive.

When Flanagan and Basel entered the office, they told the staffer they were there to fix phone problems. ...the staffer gave Basel access to the main phone at the reception desk. The staffer told investigators that Basel manipulated the handset. He also tried to call the main office phone using his cell phone, and said the main line wasn't working. Flanagan did the same.

They then told the staffer they needed to perform repair work on the main phone system and asked where the telephone closet was located. The staffer showed the men to the main General Services Administration office on the 10th floor, and both went in. There, a GSA employee asked for the men's credentials, after which they stated they left them in their vehicle.

The U.S. Marshal's Service apprehended all four men shortly thereafter. (more) (FBI Press Release) 

Spybusters Tip # 623 - Do not allow service people on your premises until you can verify who in your organization called them, and why. Photocopy their credentials. Conduct your proactive inspections for bugs and wiretaps, quarterly.

SpyCam Story #555 - Along Came Jones (Update)

MI - A former Brighton City Councilman charged with spying on female employees has entered a plea in the case. 54 year old Richard Gienapp, the owner of Mexican Jones restaurant in Brighton, pleaded guilty Friday to one count of surveillance of an un-clothed person. In exchange, prosecutors dropped two separate counts of installing and possessing an eavesdropping device.

The prosecution also agreed to not issue any other charges involving computer images of child sexually abusive material.

State Police say Gienapp placed a camera in an office at the restaurant where he spied on a female employee as she undressed. He faces up to two years in prison when he is sentenced on March 4th.

Gienapp has been in and out of court all month in separate cases. Last week, he pleaded guilty to failing to conspicuously post notice of his alcohol license being suspended at his restaurant. He was also recently convicted of filing a false police report. He was sentenced to 10 days of community service and 12 months of probation but soon filed a motion for a new trial, which was rejected by 53rd District Court Judge Theresa Brennan. (more) (original)

Man Bites Dog Story

China Accuses U.S. of Cyberwarfare
In the wake of a recent speech by U.S. Secretary of State Hillary Clinton condemning countries that censor the internet and engage in hacking, China has lobbed a return volley and accused the United States of hypocrisy and initiating cyberwarfare against Iran. (more)

Thursday is International Data Privacy Day

On January 28, 2010... Search Engine Startpage.com Introduces Free Anonymous Web Browsing

Startpage, the self-proclaimed "world's most private search engine", and its E.U. brand, Ixquick will release a new proxy service that allows users to surf the web with complete privacy. The proxy lets users browse websites safely and anonymously, without passing on any private, personally identifiable information to the websites they view.

The Startpage proxy is a free service that works in conjunction with the Startpage search engine, available at www.startpage.com. When users perform a search, they will find a clickable "proxy" option below each search result. When this option is selected, Startpage acts as an intermediary to retrieve the page and display it in a privacy-protected Startpage window.

The proxy offers complete anonymity, since the user never makes direct contact with the third-party website. The user's IP address is invisible to the viewed website. In addition, the website cannot see or place cookies on the user's browser. (video)

Sunday, January 24, 2010

How Not to Handle a Bug Find

LA - West Feliciana Parish Sheriff J. Austin Daniel said Friday he asked State Police detectives to investigate a report of a listening device being planted in a Police Jury office.


Daniel said determining who planted the device may be difficult because a Police Jury employee took it apart and removed a battery.

The sheriff also said the device was found around Thanksgiving but was not reported to him until after Christmas. (more)

How to handle a bug find... (here)

So, a trusted employee is starting a new company.

Business espionage often begins closer to home than you think.

Over three decades, I have heard this too many times... "I think my employee is stealing business and is planning on competing with me. What should I do?"

This is pretty much a textbook case...
• Employee starts a side business using the employer’s resources, methods, client lists, and often client products.
• Employee plans to leave when business is self-sustaining.
• Employee quietly recruits other employees.
• Employee leaves, or is discovered and is fired.
• Over time, other employees desert to go work for the ringleader, taking even more intellectual property.
• Covert lines of communications remain open between the two businesses: employee chit-chat, room bugs, telephone wiretaps, computer spyware, unauthorized access to email/voicemail, etc.
• The employer takes appropriate investigative/legal steps... or slowly bleeds to death.

Recommendations:
• Act quickly and firmly.
• Secure personnel records and back them up off-site. Especially important: Non-compete agreements, termination agreements, signed copies of company rules, etc.)
• Take any collected evidence to an outside attorney to determine a course of action for investigation, employee termination and possible prosecution.• Document evidence of business diversion. (Talk to customers openly, or indirectly. Consider setting up a sting.)
• Monitor and back-up their business e-mails, if legal in your state.
• Conduct a survey for electronic surveillance devices and other counterespionage vulnerabilities. (Hire the best specialist you can find. You may only get once chance to do this part correctly.)
• As soon as possible, conduct a forensic examination all their company-owned computer devices. (Computers, PDAs, Cell phones, etc..) Hire the best specialist you can find. You may only get once chance to do this part correctly.
• Upon termination of the first rogue employee, conduct interviews with remaining employees (with your attorney). Let them know the full ramifications of intellectual property theft.
• Notify customers of personnel changes.
• Quickly, introduce replacement personnel.
• Notify recently departed customers of the situation, and warn them (nicely) of potential ramifications (if any) from dealing with renegade employees.
• Develop a marketing device to keep remaining customers loyal.
• Monitor competition for future compliance.

Your situation may require additional, or alternate, steps. Partner with a counterespionage specialist for direct advice. ~Kevin

Saturday, January 23, 2010

Passwords stink... Face It

A Japanese company that specialises in face recognition technology has claimed the need for security passwords and identity swipe cards may soon become a thing of the past. Omron is working on software that scans faces to help recognise customers and employees. (more)

Friday, January 22, 2010

If we are not in your Boardroom...

...keep quiet, and put in a few of these.

The best move you can make for any Boardroom which isn't regularly swept for bugs... "Get down, and Boogie."

Improv Electronics has re-invented the old "Magic Slate."

Their version, called Boogie Board, is a pressure-sensitive tablet. It uses a watch battery for power, and only when the erase button is pushed. The secret is a Reflex LCD which doesn't need any power to keep the written secrets on the screen. The watch battery will last for 50,000 erases; cost $29.97. (more)  
(Pssst... The Apple iPad will cost a whole lot more and provide less security.)

Limited Time Offer...
Use Murray Associates to clear your Boardroom on a quarterly basis this year and we'll supply a Boogie to Board members - FREE. We are always fun, and get the job done.

--------

Did You Know?
• In the early 1920s, R.A. Watkins, the owner of a small printing plant in Illinois, was approached by a man who wanted to sell him the rights to a homemade device made of waxed cardboard and tissue, on which messages could be printed and then easily erased by lifting up the tissue. Watkins wanted to sleep on it, and told the man to return the next day. In the middle of the night, Watkins's phone rang and it was the man calling from jail. The man said that if Watkins would bail him out, he could have the device. Watkins agreed and went on to acquire a U.S. patent and rights, as well as the international rights for the device, which he called MAGIC SLATE. (via DrToy.com)

• (April, 1987) American journalists meeting with Soviet dissidents in Russia have occasionally used Magic Slates as a way of communicating. And last week, even the U.S. government bought the idea. In fact, Rep. Dan Mica (D-Fla.) and Rep. Olympia J. Snowe (R-Maine) received special instructions from the State Department to take the 99-cent toys with them on their recent inspection tour of the U.S. Embassy in Moscow. "An aide ran out to the local Toys 'R Us store and picked up a dozen," said John Gersuk, Mica's press secretary.

Now, not only has the child's toy put an unexpected kink in the multibillion dollar world of espionage, but it also has the $12-billion toy industry taking notice. (more)

"The best defense is a good... no, wait, uhhhh..."

Despite the objections of senior intelligence leaders, the White House National Security Council has instructed U.S. spy agencies to make intelligence gathering for China less of a priority. The move lowers China from "Priority 1" status to "Priority 2."

Intelligence leaders are concerned that the shift will hinder initiatives to acquire secrets about the Chinese government's military and its cyberattacks.

Anonymous administration officials say the policy is part of the White House's overarching effort to cultivate a friendlier, more constructive relationship with Beijing. But critics within the government charge that strategic intelligence on China will be downgraded over time, undoing what officials say are crucially necessary efforts to accrue more knowledge about China's political, economic, military, and intelligence operations. (more)

Thursday, January 21, 2010

GSM Bugs, or Cell Phones Gone Wild

If you are not already familiar with GSM Bugs, I could go over it again, or you could listen to this dangerous-sounding woman...
(These bugs are flooding the market; less than $60. on eBay.)



By the way...
New for 2010 at Murray Associates, is our in-house designed GSM Bug locator.

Our instrument instantly detects and plots the location of GSM Bugs on a computer map. Without this technology, mostly-dormant GSM Bugs range from difficult to impossible to find.

Murray Associates new investigative technique (Digital Surveillance Location Analysis™) is now part of our advanced TSCM inspection audits. Bonus... our new instrumentation also locates rogue Wi-Fi stations on our client's networks.

Not a client, yet?
Become one.
You won't find this level of security elsewhere.
Start here.

SpyCam Story #567 - HomerCam


IL - An Elgin man who admitted placing a spy camera in the women's bathroom at his workplace was sentenced Wednesday to two years of nonreporting probation, and no jail time, by a judge who indicated his lack of criminal record spared him a worse punishment. 

(He) had faced a maximum three years in prison after pleading guilty in December to a felony charge of unauthorized video recording stemming from the July 31 discovery of the pen-size camera in a washroom at Ridgefield Industries, near Crystal Lake.

Authorities said (he) recorded one female co-worker, but mostly what was recorded was himself looking into the lens while trying to figure out how to operate the camera ("Doh!"). The camera was discovered by another co-worker and turned over to police. (more)

Wednesday, January 20, 2010

IBM = I Be "M"

Its purchase of an intelligence firm signals boom time in the spy business.
International Business Machines's move Wednesday to purchase National Interest Security Company (NISC) shows that the technology sector believes it can find growth servicing the government with high-end intelligence services. (more)

The "Why Us?" Question

"My company is regulated, with little to no R & D, no manufacturing, and only a very limited exposure in the competitive wholesale markets. In your professional opinion, what is our exposure or risk in regards to industrial//corporate espionage?"

Your question about espionage exposure is one I hear quite often; "Why us?"

Just as every person has uniqueness — their personality, list of friends, list of enemies, list of things someone might want to steal, etc. — corporations are unique as well. While I don't know much about the characteristics of your particular company, I can hazard a few rough guesses about possible corporate espionage risk areas...

• Media interest – Reporters digging for information to make headlines. A public safety issue, for example, might prompt a full expose on the company's policies, maintenance procedures, employee health epidemiology data, etc..

• Activist Group Interest – Media reports always have the potential to spark activist groups. Catalysts include: safety issues, regulatory issues, price increase hearings, etc.

• Stockholder Interest – When a price increase hearing is not favorable (possibly due in part to activist lobbying) predicted earnings may fall below expected levels, thus sparking stockholder unrest and desire for change. To support their case, collection of internal information becomes a priority for them.

• Construction Interest – Construction contracts usually incorporate a bidding process. The higher the stakes, the more desire for inside information. If espionage is successful, the company pays more than necessary and runs the risk of purchasing inferior products and services. Due diligence on this point alone is especially important if your construction impacts the public, in any way.

• Mergers & Acquisitions
– Inside information means big $$$ to many outsiders.

• Intellectual Property Protection – Any unique advantage that makes your business profitable is a target for outsiders. They can make money by stealing it, or even just neutralizing it.

• Lawsuit Strategy – Inside information from the Legal Department means big $$$ to the opposition.

• Labor / Management Issues – Contract negotiations create periods of very high-risk. Also consider this... Your Personnel Department is involved with a multitude of high-value situations (every day) where meetings, conversations and other 'real-time' decision-making conversations and data hold immense value to outsiders.

I am sure I can come up with a few more examples, but this should get you started.

Recommendation – Identify key physical areas impacted by the above. Provide these areas with quarterly or biannual (or a mixture) counterespionage audits. In addition to providing specific sensitive work environments with heightened privacy protection, you will have shown due diligence; necessary for obtaining 'business secret' status for your side in court.

A Counterespionage Strategy is an important element in every corporate security program. Thank you for asking.
~Kevin

Tuesday, January 19, 2010

The Latest Surveillance Video Winners

The winners are in for the top three surveillance videos of the quarter... (videos)

Business Espionage - Starwood vs. Hilton

Starwood Hotels & Resorts Worldwide Inc. Thursday raised new allegations about the role of top Hilton Worldwide executives in an escalating corporate-espionage case.

Starwood sued Hilton and two former Hilton executives last April, alleging that they stole more than 100,000 documents containing "competitively sensitive information" and used it to pursue a rival to Starwood's successful "W" hotel chain.

On Thursday, it filed an amended complaint in U.S. District Court, White Plains, N.Y., claiming that Hilton's misconduct reached the highest levels of the McLean, Va., chain's management, including its chief executive officer, Christopher Nassetta, and its head of global development, Steven Goldman. The complaint says that the alleged theft was known to and condoned by at least five of the ten members of Hilton's executive committee. A Hilton spokeswoman declined all comment. (more)

Monday, January 18, 2010

Burglar Leaves Present... that keeps on giving.

Australia ...police are investigating a computer crime they is the first of its type in the state. A man broke into a recruitment company's premises recently and stole cash and equipment. (nothing new so far) Police say security vision revealed he was in the office for several hours and installed software on a computer. They say the software could have allowed him remote access to sensitive information. (more)
Moral: Treat all security alarm calls (even if "false" and "nothing taken") as espionage events. ~Kevin

Close Your Windows... and they still see in.

A widespread but highly targeted cyber-attack shows that all versions of Windows can be compromised by a determined hacker - right now.

The consensus is that the attack came from Chinese-sponsored agents, using every trick they could to hack specific, profiled targets. These weren't your usual criminals aiming the daily blind scattergun at a huge swathe of Windows users, hoping to find those without anti-virus software, or running unpatched and outdated versions of Windows.

No, they pointed their laser sights at selected Western technology company staff, who were more likely running fully-patched versions of Windows and Internet Explorer. And, it's fair to suggest, with their corporate PCs fully equipped with modern anti-virus software.

And yet still they got in...

The hackers used a combination of social engineering - for example, spoofing an email to appear to come from a trusted colleague - along with zero-day vulnerabilities in all versions of Microsoft's swiss-cheese browsing device, otherwise known as Internet Explorer.

‘Zero-day vulnerability' is of course a euphemism for ‘a barn-sized security hole in the software to which the maker is entirely oblivious'. The software maker's screw-up is discovered by a would-be intruder, who uses it to walk in and effectively own the computer.

The suggestion is that this particular attack was industrial espionage, with the aim of stealing corporate technology secrets - all without the target ever aware that their PC was leaking its juicy contents to a distant spy.
(more)


Social Networking - Another Tenticle of Corporate Espionage

Social networks have become a goldmine of information for companies skilled in the art of connecting the dots - a little-noticed development that is beginning to concern companies.

Main Points...
• (Some companies) have an all too clear understanding of the impact social media data has - and are mining it for competitive purposes.

...unlike corporate espionage and hack attacks, it is legal, according to Bob Fox, head of a competitive intelligence program for Canadian entrepreneurs." he says (via the Globe and Mail).

• ...advises firms to monitor competitors' comments in the media, on industry blogs, at conferences and, yes, on social networks like Twitter and Facebook... These sites are potential gold mines for competitors that want to better understand client and partner relationships.

• A key question in most investigations is relationships - who knows who, who is transacting business with whom, she said. Connecting these dots becomes much easier when people link to their friends for all the world to see. Twitter especially can be valuable in this way.

People aren't using nearly as much discretion as they should - they will mention a project they are working on on Twitter. If a competitor is watching, it could pick up valuable nuggets of information.

New hires can also be telling - information that is readily found on LinkedIn.

Corporate 'spying' has never been easier - companies and organizations have little or no control over the information their employees share on social networks, and individuals generally make no distinction between public or confidential corporate data that they disseminate.
(more)


Safety Tips for Parents / Children with Internet-Enabled Portable Communications Devices

...via Australia / globally useful...
Police are warning parents and teenagers to consider the possible dangers associated with the use of mobile internet technology. The warning extends to so-called social locator applications. These are programs which issue alerts to the user via mobile phone when someone with the same activated application and similar interests enters their proximity.  

You don’t know with whom you are really communicating,” Detective Superintendent Kerlatec said, “It may not be who you really think it is. There’s also the possibility that someone, using the same applications, is electronically intercepting or eavesdropping on conversations between you and your friends,” he added.

Tips for parents:
• Be aware of how much time your child spends on the internet.
• Spend time talking to your child about the dangers associated with online conversations.
• Spend time exploring the internet with your children and let them teach you about their favourite websites.
• Keep the computer in a room the whole family can access; not in your child's bedroom.
• Consider installing filtering and/or computer blocking software provided by your Internet Service Provider. The Netalert web page provides information on a number of commercially-available products at www.netalert.net.au
• Ensure you are able to access your child's emails and randomly check the contents.
• Check your phone bill for unusual outgoing calls or consider using a "caller ID" device to identify incoming calls.
• Consult your telephone company for options designed to ensure privacy and security.
• Inquire with your child's school, public library and places they frequent to ascertain what internet safety measures they have in place.
• Information relating to internet safety is available on the NSW Police website at: http://www.police.nsw.gov.au/community_issues/children/child_exploitation

Tips for children:
• Do not send a picture of yourself to anyone you don't know and never place a full profile and picture anywhere on the internet.
• Never give out your personal information including name, home address, phone number or school, over the internet.
• Never arrange a face-to-face meeting with a stranger you have chatted with on the internet.
• Tell your parents or another adult of any contact that makes you feel uncomfortable.
(more)

Saturday, January 16, 2010

"Psssst... Wanabuy a primo bug, cheap?"

Broadway theaters, sports franchises and other public entertainment forums must change the radio frequency they use for their wireless microphones under an order issued Friday by the Federal Communications Commission.

Under the order, the groups have until June 12 to find other radio frequencies, something the theaters said could cost thousands of dollars per institution but that they can do.

The F.C.C.’s ruling relates to a broader shift in the way the nation allocates precious spectrum used to transmit signals for mobile phones, TVs and other devices. The commission said the transition was necessary to make spectrum in the 700-megahertz band available for use by next-generation wireless services for consumers and public safety agencies. (more)

FutureWatch
• NOW is the time for all good corporations and A/V companies to upgrade to encrypted wireless microphones for Boardrooms and hotel conference centers.
• Look for a spike in very inexpensive wireless microphones on Ebay. Some of them will find a second life as very high quality bugs.

Friday, January 15, 2010

Business Espionage - Google (more)

Google attack - part of widespread spying effort

U.S. firms face ongoing espionage from China... Google's decision Tuesday to risk walking away from the world's largest Internet market may have come as a shock, but security experts see it as the most public admission of a top IT problem for U.S. companies: ongoing corporate espionage originating from China. (more)

Espionage has many tentacles. Computer Hacking is only one of them. Hack attacks are the new thing and currently has press attention. A few years ago, Competitive Intelligence snatched the headlines. These diversions distract attention from basic every-day spy techniques: electronic surveillance (bugs & taps); physical intrusions, moles, social engineering, etc..

Google, like most large corporations,  should have a holistic counterespionage strategy in place... one which they don't discuss publicly. The counterespionage element of these corporate security programs takes into account all spying techniques.

If your organization does not have a counterespionage strategy, call me. If you think you don't need one, just remember who wrote "The Art of War."

Thursday, January 14, 2010

Another reason to keep my number handy!

Vic Pichette, who is a licensed private detective from Rhode Island for over 21-years, has started teaching individual Private Eye Classes.

"Covert video is now so state of the art, that almost no one can tell a camera from a clock. In this fun and exciting class, I teach people what is out there, why they need them, and how to use them."(more) (his number) (my number)
Thanks, Vic! 
I think this is what my friend John calls a 'self-licking ice cream cone'.

Wednesday, January 13, 2010

The data loss fines are coming. The data loss...

UK - The Information Commissioner's Office will be able to issue fines of up to £500,000 for serious data security breaches.
The new rule is expected to come into force in the UK on 6 April 2010. It has been approved by Jack Straw MP, Secretary of State for Justice. The size of the fine will be determined after an investigation to assess the gravity of the breach. Other factors will include the size and finances of the organisation at fault. (more)

Tuesday, January 12, 2010

Business Espionage - Google


Google Inc. said it is "reviewing the feasibility of our business operations in China" and may back out of China entirely, as it disclosed it had been hit with major cyberattacks it believes to have originated from the country.

Google disclosed its thinking in a blog post Tuesday. In the post, Google said it detected a "highly sophisticated and targeted attack on our corporate infrastructure originating from China" in mid-December and that the attack resulted in "the theft of intellectual property from Google." (more)

"MAV" The Scariest SiFi Movie You'll See this Year


FutureWatch - Air Force Bugbots - Micro Air Vehicle (MAVs). (Trailer)

The term micro air vehicle (MAV) or micro aerial vehicle refers to a type of unmanned air vehicle (UAV) that is remotely controlled. Today's MAVs are significantly smaller than those previously developed, with target dimensions reaching a maximum of approximately 15 centimetres (six inches). Development of insect-size aircraft is reportedly expected in the near future. Potential military use is one of the driving factors of development, although MAVs are also being used commercially and in scientific, police and mapping applications. Another promising area is remote observation of hazardous environments that are inaccessible to ground vehicles. Because these aircraft are often in the same size range as radio-controlled models, they are increasingly within the reach of amateurs, who are making their own MAVs for aerial robotics contests and aerial photography.

Finally, a movie that beats Runaway (released in 1984, of course) for bugbot creepiness. ~Kevin

"You sound like you're in a tin can."


You can insure absolute privacy and secrecy with “SCHER’S IMPROVED TELEPHONE MUFFLER”

You need not leave our desk or go to a private booth to talk freely, and confidentially over the phone. This invention gives the equivalence of a telephone booth.

It is instantly attached and detached on the telephone transmitter. No complicated parts. Occupies 3-1/2 inches of space on the mouth piece of “phone” and is at your elbow when in need. It is unquestionably the most useful telephone accessory of today. Made of Aluminum, lasts a lifetime. Used by U. S. Dept. of Agriculture, First N’tl Bank, Guarantee Trust Co.. and thousands of others over the world. If dealers can’t supply you, we will forward one prepaid on receipt of $3.50.

AGENTS wanted in U. S. and foreign countries. Write for territory.
The Amalgamated Sales Corp., Mfrs., 1478 Broadway, Dept. C.S., New York City
Source: Popular Electricity And Modern Mechanics
Issue: Sep, 1914

Sunday, January 10, 2010

SpyCam Story #566 - Bear in the Den (SFW)

No, no, the title did not say "Bare."

“On Friday the 8th January Doug Hajicek (with the help of Pix Controller and www.bear.org) installed an Infra Red camera system into Lily’s den near Ely, Minnesota. It is believed that Lily (a 2 year old black bear) is pregnant and there is an above average chance that she will give birth in mid January.”
The dark area in this screen shot is her fur. The live feed (with sound and 60Hz hum) can be seen here.

Saturday, January 9, 2010

Poll - Eavesdropping Law

Question: Which theory of eavesdropping law is better?

60% - One Party Consent... If you are part of a conversation, you can record it.

38% - Two Party Consent... Everyone in the conversation must agree to recording it.

1% - Other... (No reason or comment given.)

For more information on U.S. eavesdropping law... more  more

Friday, January 8, 2010

Leaky Laptops to get Eavesdropping Vaccine

Korea - Beware of what you talk about in front of your computer, as recordings of sensitive business deals could go straight to the ears of rivals or even the government.

The Korea Communications Commission and the Korea Internet and Security Agency said Friday it will draw up security recommendations after local Internet experts found that notebook computers with internal microphones are vulnerable to electronic eavesdropping.

Notebook makers will have to install an external on/off switch, while online security firms develop a defense system against software used to mask recording files. (more)

...and you thought this only happened at dealerships.

NC - Federal authorities are investigating whether the former commissioner of the state Division of Motor Vehicles illegally wiretapped the phone calls of agency employees. 

George Tatum, who resigned in 2007 amid a corruption scandal, had a special telephone in his office that allowed him to listen in on the calls of his subordinates without their knowledge, according to current DMV officials. Greg Lockamy, who retired unexpectedly last year after serving as the agency's internal affairs director, also had a phone set up for secret eavesdropping.

State law forbids intercepting phone calls without a warrant unless at least one person in the conversation knows the monitoring is taking place. (more)

Spy Magic for Kids

Spy secrets...
...magically revealed!
In the real-life world of espionage, spies often call upon the art of magic and illusion to distract the enemy, make evidence disappear, and escape unnoticed. Secret Agent Magician, ‘James Wand,’ demonstrates the art of misdirection, sleight of hand, and other illusions used by skilled spies. This one of a kind performance custom developed especially for the International Spy Museum is guaranteed to fascinate children and adults alike.
Saturday, 30 January; 10:30–11:30 am or 12:30–1:30 pm (more)

Thursday, January 7, 2010

Quote of the Week - On Bug Sweeps

"...if a client thinks they are being 'bugged' at home or work you would be remiss if all you did was 'sweep' the office for listening devices." Ed Stroz, quoted in "Private Investigations in the Information Age" (more)
 

Ed is correct. There are many ways information leaks out and secrets are stolen. A good counterespionage specialist take this into consideration. However, the inspection for electronic surveillance devices comes first. 

Why are sweeps done first?

• Bugging is the easiest intelligence collection technique to discover.
• To eliminate (or prove) bugging before accusing people.

And, why are the most effective sweeps conducted pro-actively?

• Intelligence collection is a leisurely process. Conversations and information are collected – in many ways – long before they are used against you. Until this collected intelligence is used, no harm is done. No losses suffered. Pro-active sweeps detect snooping early – thus, drastically reducing the potential for loss.
• Smart clients don't wait until they "think they are being bugged."
• Losses are always more costly than bug sweeps.

Georgia on my mind...

GA - Former Police Chief Investigated... Troubles continue to mount for former Clayton Police Chief Jeff Turner, who was placed on unpaid administrative leave Tuesday night while officials investigate whether he improperly used surveillance equipment. (more)

GA - A Gwinnett County man faces six felony charges after police say he planted a hidden camera and videotaped his adult stepdaughter in her bedroom. Gwinnett County police arrested 61-year-old Christopher Belcore on Dec. 31. (more)

USB Crypt Stick - Design flaw, or...


...design back door discovered? 
You decide. 
NIST-certified USB Flash drives with hardware encryption cracked

Kingston, SanDisk and Verbatim all sell quite similar USB Flash drives with AES 256-bit hardware encryption that supposedly meet the highest security standards. This is emphasised by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST), which validates the USB drives for use with sensitive government data. 

Security firm SySS, however, has found that despite this it is relatively easy to access the unencrypted data, even without the required password.

The USB drives in question encrypt the stored data via the practically uncrackable AES 256-bit hardware encryption system. Therefore, the main point of attack for accessing the plain text data stored on the drive is the password entry mechanism. When analysing the relevant Windows program, the SySS security experts found a rather blatant flaw that has quite obviously slipped through testers' nets. During a successful authorisation procedure the program will, irrespective of the password, always send the same character string to the drive after performing various crypto operations – and this is the case for all USB Flash drives of this type.

Cracking the drives is therefore quite simple. (more) (UPDATE)

Wednesday, January 6, 2010

"Don't tape and tell." - Burke's Law

MD - William Burke, a Pocomoke City resident who went on trial today on charges that he illegally recorded a heated conversation with his town's mayor, made a plea agreement and was sentenced to probation before judgment.

Burke entered an Alford plea this afternoon to a misdemeanor wiretapping charge, conceding that prosecutors had enough evidence to obtain a conviction without admitting guilt. He had originally been charged with a felony wiretapping crime.

A Circuit Court judge pronounced Burke guilty of a misdemeanor and sentenced him to probation, but did not hand down any jail time. (more) (Amos Burke) (hum-a-long)

The Year's Most-Hacked Software

At the beginning of this decade, Microsoft represented a cybercriminal's dream target: universally-used software, brimming with bugs ready to be exploited to hijack users' PCs. But as the software giant has slowly cleaned up its security flaws, hackers are looking toward another vendor whose products are nearly as ubiquitous and whose bounty of vulnerabilities are just being discovered: Adobe. (more)

Most Popular Software is Security Software

The number-one most downloaded software of all time on CNET’s Downloads.com website is from AVG Technologies — more than 1.5 million downloads every week and an astonishing 247 million downloads cumulatively since AVG was first offered at the site. (more) (free version)

Note: This is just for the Windows download section of the Web site.

While the Windows crowd is wringing their hands, the most popular software in the Mac section is fun stuff!

LimeWire lets users share and search for all types of computer files, including movies, pictures, games, and text documents. Other features include the ability to preview files while downloading, advanced techniques for locating rare files, and an extremely intuitive user interface. (Mac Section)

SpyCam Story #565 - FCC Crackdown

FCC Cracks Down on Illegal Wireless SpyCams. Nooo, not all spycams, just some wireless ones broadcasting on unapproved frequencies...
Federal Communications Commission DA 09-2623 January 6, 2010 SCS Enterprises Inc. d/b/a Spy Camera Specialists, Inc. Re: File No. EB-08-SE-142 Dear Mr. Lee: This is an official CITATION, issued to SCS Enterprises, Inc., d/b/a Spy Camera Specialists, Inc. (“Spy Camera”), pursuant to Section 503(b)(5) of the Communications Act of 1934, as amended (“Act”), for marketing unauthorized radio frequency devices in the United States in violation of Section 302(b) of the Act, and Sections 2.803 and 15.205(a) of the Commission’s Rules (“Rules”). As explained below, future violations of the Commission’s rules in this regard may subject your company to monetary forfeitures.

In March 2008, the Spectrum Enforcement Division of the Enforcement Bureau (“Division”) received a complaint alleging that Spy Camera was marketing unauthorized wireless video transmitters that operate in the 1.08, 1.12, 1.16 and 1.2 GHz bands. We initiated an investigation and on May 13, 2008, we sent a Letter of Inquiry (“LOI”) to Spy Camera.

In your June 9, 2008 response to our LOI, you admit marketing wireless video transmitters beginning in early 2006 on your web site, www.spycameras.com, to end users and resellers. You admit that these wireless video transmitters all operate on 1.2 GHz, which is a restricted frequency band under 15.205(a) of the Rules. You also state that you were surprised to learn that these devices could not be marketed in the United States, and upon receipt of our LOI, immediately returned all the 1.2 GHz transmitters in stock to your supplier and ceased. (more) One down, dozens to go.
Clients... Yes we regularly check these frequencies (and other off-beat frequencies) for wireless spycams when we conduct your inspections. ~Kevin

Karsten Nohl showed how easy it is to eavesdrop on GSM-based cell phones

This week brought some bad news for mobile phone users. German security expert Karsten Nohl showed how easy it is to eavesdrop on GSM-based (Global System for Mobile Communications) cell phones, including those used by AT&T and T-Mobile customers in the U.S.
Q: What does this mean for users of GSM phones? What is the real-world threat?
Nohl: Cell phone calls can be intercepted--not just since this week, but more cheaply every month. Sensitive information, say, from politicians, can be overheard from, say, foreign embassies. Others willing to cross the line into illegality and listen in on a call could be industry spies or even private snoops. (more)

Saturday, January 2, 2010

Where do pets go? GPS surveillance knows.


To track his wandering cat, Mark Spezio rigged up a cat collar with a lightweight GPS logger. Here's what he discovered about KooKoo's secret habits... (video)