Saturday, August 28, 2010

The Eight Most Secretive Companies...

...are also some of the most successful. 
Follow their lead. 
Engage a good counterespionage specialist.

The need for secrecy in business has led to a shadow industry known as industrial espionage. The practices of “spying” used to be physical. A spy would have to be near the product to describe or photograph it. Electronic surveillance replaced this in the second half of the 20th century and “bugs,” wire taps, and digital theft of documents became more popular. Today, espionage is incredibly sophisticated... 

This is a list of eight of the most secretive companies in America, firms which rely heavily on keeping secrets. A breach of their most confidential products or services could damage their current business value and, over time, even destroy a company.
• Apple, Inc.
• Xe Services LLC (formerly Blackwater)
• Renaissance Technologies LLC
• Google, Inc.
• Boeing, Co.
• Monsanto, Co.
• The Coca-Cola Company

HSH Nordbank Chief Nonnenmacher Says He Never Approved or Tolerated Spy

Germany - HSH Nordbank AG Chief Executive Officer Dirk Jens Nonnenmacher said he never approved or tolerated spying at the bank and that the lender will “do everything” to examine allegations that spying took place...

German magazine Der Spiegel reported on Aug. 21 that officials at the bank asked a security company to investigate former HSH Nordbank Chief Operating Officer Frank Roth, who was fired last year. The magazine relied on a document citing an unidentified former security adviser.

Nonnenmacher said the security adviser has since made a statement revoking the allegations... (more)

SpyCam Story #581 - Hill Out

MI - Former Egelston Township Treasurer Brian Lee Hill is free on bond after spending three years in prison on a batch of now-reduced child-pornography convictions...

The longtime elected official spent three years behind bars, almost to the day. He was sentenced Aug. 24, 2007, to 10 concurrent terms of 4 3/4 years to 20 years, as well as shorter concurrent terms -- already served -- for electronic eavesdropping. The eavesdropping convictions were for spying on showering foreign exchange students with a videocamera hidden in his bathroom. (more)

SpyCam Story #580 - The Curtains Caper (UPDATE)

Malaysia - Selangor Mentri Besar Tan Sri Khalid Ibrahim played detective today when he revealed the origins of a spy camera found in his office on August 10.

He said internal investigations by his office have located the factory that made the camera and the store where it had been bought. Khalid also dismissed allegations that it was a “political plot” to not lodge a police report.

The mentri besar had discovered a Fuji-brand camera on a ledge behind the curtains in his office on August 10. He had said checks had also been carried out in the state executive councillors’ offices to detect if there were more hidden cameras. (more)

Thursday, August 26, 2010

The Spying on the Neighbor Fiasco

Don't watch this at work. 
Save it for later. 
Have a nice weekend. (video)

Yet another challenge to the 2-party consent eavesdropping laws

Using an iPhone to secretly record a conversation is not a violation of the Wiretap Act if done for legitimate purposes, a federal appeals court has ruled.

“The defendant must have the intent to use the illicit recording to commit a tort of crime beyond the act of recording itself,” (.pdf) the 2nd U.S. Circuit Court of Appeals ruled.

Friday’s decision by the 2nd U.S. Circuit Court of Appeals, which involves a civil lawsuit over a secret audio recording produced from the 99-cent Recorder app, mirrors decisions in at least three other federal appeals courts.

The lawsuit concerns a family dispute over the making of a dying mother’s will. Days before the Connecticut woman died, her son secretly recorded a kitchen conversation between the son, mother, stepfather and others over how to handle her estate after her death. (more)

Wednesday, August 25, 2010

SpyCam Story #580 - It's curtains for the staff.

East Malaysia - Selangor Menteri Besar Tan Sri Abdul Khalid Ibrahim has denied a suggestion that he would reshuffle his office staff following the discovery of a hidden video camera in the office.

He said the State Government would first find out why the staff in his office had not detected the device. "If we find out it involved the staff in the Menteri Besar's office, then action will be taken against them.

Abdul Khalid stumbled upon a hidden video camera in a gap between the thick curtains in his office on Tuesday. (more)

Did you know... most eavesdropping devices are found by accident?
Imagine the results if people looked occasionally.
Don't want to do it yourself? 
Call the folks who bring you Kevin's Security Scrapbook.
It's what they do best.

Life, art and duffel bags...

Body of Missing British Spy
Found Stuffed in Bag 

in His Apartment
The body of an employee of Britain's spy agency MI6 has been found in a bag in a central London apartment where he may have been murdered two weeks ago, British media reports.

The body of Gareth Williams, 31, was found Monday stuffed in a large sports bag in his bath only a few hundred yards from MI6 headquarters, the Daily Mail reports.

MI6 gathers secret information about Britain's overseas enemies, making the spy a possible target of terrorists, the Mail says.

BBC's security correspondent says it is not clear what the victim did for MI-6, but that it is reported that he was on loan from the Government Communications Headquarters, the electronic eavesdropping agency, implying he was a technical expert. (more)


Tuesday, August 24, 2010

ACLU challenges Illinois eavesdropping act

Over the past few years, there have been several cases of people being arrested for recording police. The issue is the audio part of the recording. In some states, the law requires the consent of all parties to the conversation. The ACLU has taken notice... and exception to what they see as a double standard and a violation of the First Amendment to the Constitution.

It's not unusual or illegal for police officers to flip on a camera as they get out of their squad car to talk to a driver they've pulled over.

But in Illinois, a civilian trying to make an audio recording of police in action is breaking the law.

"It's an unfair and destructive double standard," said Adam Schwartz, a lawyer with the American Civil Liberties Union of Illinois.

In its lawsuit, the ACLU pointed to six Illinois residents who have faced felony charges after being accused of violating the state's eavesdropping law for recording police making arrests in public venues.

On Wednesday, the ACLU filed a federal lawsuit in Chicago challenging the Illinois Eavesdropping Act, which makes it criminal to record not only private but also public conversations made without consent of all parties. (more)


That Anthony Graber broke the law in early March is indisputable. He raced his Honda motorcycle down Interstate 95 in Maryland at 80 mph, popping a wheelie, roaring past cars and swerving across traffic lanes... Anthony Graber was arrested for posting a video of his traffic stop on YouTube. (video and report)

YouTube still features Graber’s encounter along with numerous other witness videos. "The message is clearly, ‘Don’t criticize the police,’" said David Rocah, an attorney for the American Civil Liberties Union of Maryland who is part of Graber’s defense team. "With these charges, anyone who would even think to record the police is now justifiably in fear that they will also be criminally charged." Carlos Miller, a Miami journalist who runs the blog "Photography Is Not a Crime," said he has documented about 10 arrests since he started keeping track in 2007. (more)

"Bugging teacher... sweet-ish, fer sure."

Sweden - Two Stockholm schoolgirls have been taken to court for trying to bug their teachers during a grading conference. They were found out after one of them revealed all on Facebook.

The pair, who are in their early teens, came up with the idea after finding a key to the staff common room. They bought basic bugging equipment in a gadget shop, waited until the end of the school day, and planted the device in the staff room.

The girls, who attend a middle school in the capital, planned to listen in on a meeting the following day at which teachers would decide their grades. They were hoping to glean information that would enable them to get their grades improved.

The plan might have gone off without a hitch if one of the girls in her enthusiasm had not revealed all on Facebook, according to Metro. The girls were prosecuted for trespass and arbitrary conduct and fined 2,000 kronor ($270) each by Stockholm District Court. (more)

Monday, August 23, 2010

Business Espionage - Walt Disney Co.

The boyfriend of a former Walt Disney Co. administrative assistant admitted to engaging in a scheme to sell early access to the company's earnings report in U.S. district court in Manhattan Monday.

Yonni Sebbag, 30 years old, and his girlfriend Bonnie Hoxie, the former assistant to Disney's head of communications, allegedly contacted more than a dozen hedge funds and investment companies anonymously in March, offering to provide an early look at Disney's earnings.
"I disclosed material and nonpublic information about the Walt Disney Co. to outside investors," Mr. Sebbag said. (more)

Sunday, August 22, 2010

Business Espionage - The Counterfeiters

A shopkeeper in Italy placed an order with a Chinese sneaker factory in Putian for 3,000 pairs of white Nike Tiempo indoor soccer shoes. It was early February, and the shopkeeper wanted the Tiempos pronto. Neither he nor Lin, the factory manager, were authorized to make Nikes. They would have no blueprints or instructions to follow. But Lin didn’t mind. He was used to working from scratch. A week later, Lin, who asked that I only use his first name, received a pair of authentic Tiempos, took them apart, studied their stitching and molding, drew up his own design and oversaw the production of 3,000 Nike clones. A month later, he shipped the shoes to Italy. “He’ll order more when there’s none left,” Lin told me recently, with confidence...

Counterfeiters played a low-budget game of industrial espionage, bribing employees at the licensed factories to lift samples or copy blueprints. Shoes were even chucked over a factory wall, according to a worker at one of Nike’s Putian factories. It wasn’t unusual for counterfeit models to show up in stores before the real ones did. (more)

Mandela's house 'was bugged'

It has been revealed that former president Nelson Mandela's Houghton house was bugged ahead the African National Congress's 2007 national conference. ...the listening device bug was discovered in the old Statesman's house by the police's VIP protection unit during a sweeping exercise. (more)

Oo-ee, oo-ee baby. Won't ya let me take you on a spy cruise?

Old man Panetta is runnin' my shoes
No use t'sittin' and a'singin' the blues
So be my snitch, you got nothin' to lose
Won't ya let me take you on a spy cruise? 

Hope aboard the S.S. Surreal below and sing-a-long.

Michael Hayden, the former CIA Director, has always asserted that “the war on terrorism is inherently an intelligence war.” This November, the “SPY CRUISE” will be sailing. On the cruise everything you wanted to know about intelligence but could not ask will be discussed, that is except classified information. NewsReal Blog interviewed four of the speakers to get their take on what will be discussed. (more)
SpyCruise® is a private group aboard a cruise ship where members attend exclusive lectures and talks on espionage, spies, intelligence, counterterrorism and more. Speakers are intelligence experts, leaders, officers, operatives, analysts, authors and historians, many of whom served in the US Intelligence Community. Each cruise we choose a different ship, a different destination and a different agenda.

SpyCruise® is a unique opportunity for anyone interested in the topic of intelligence to meet and learn from real experts in the intelligence field as well as others who share the same interest in this topic and history, world affairs, intelligence, military, books, etc. Lectures are normally once a day and the rest of the time is yours to enjoy the cruise ship and its excursions at different destinations. (more)

NEXT SPYCRUISE: November 13-20, 2010 in the Caribbean

Extra credit: Intellectual property transfer, or not? 
You decide.
Sea Cruise & Rockin' Pneumonia 
Sweet Little Sixteen & Surfin' USA

Saturday, August 21, 2010

Business Espionage - Bratz v. Barbie

The maker of Bratz dolls accused Mattel Inc. of spying on its rivals and stealing trade secrets for at least 15 years, as the ongoing legal battle between the two toymakers turns nastier.

Bratz maker MGA Entertainment Inc. alleges employees for Mattel, maker of the rival Barbie doll, used fake name badges to gain entry to private showrooms of MGA, Hasbro Inc., and other toy manufacturers, according to a federal filing late Monday.

In the court papers, MGA also alleges Mattel secretly photographed new toy product designs at toy fairs held in different countries.

The allegations are part of the dirty doll laundry that will be aired in the retrial of the Bratz doll copyright infringement case, set for Jan. 11 in Santa Ana, Calif. (more)

M-I-Cee (see you real soon) K-E-Y (why...)

Walt Disney’s Internet subsidiary, along with several partners, are being sued for allegedly spying on minors. (Complaint) (coffee cup) Have a nice read.

"Tap'em Dano!"

Don't have a voice recorder handy?
Clumsy with tech gear?
No problem. to the rescue.

from the website...
Record Your Business Calls
Don't miss a single important detail! Now you can pull up that call from three months ago within seconds. Is a team member going to miss an important conference call? Record it for them!

Record Your Friends
Can't remember when or where the party is going to be? You could listen to the call again if you had a recording of it.

Record Your Enemies
Do you feel threatened? Is someone harassing you? Record the call for the proof you need. (more)

Nice touch...

Is recording my phone calls legal?

Yes! There are currently twelve states in the USA that require both parties involved to know that the conversation is being recorded. If the person you are calling is in one of those states we will prompt you to notify them that the call is being recorded. For international calls we will always prompt you to notify the person you are calling.

Why do I mention it?
So you will know what you are up against!

And you though every country already wiretapped.

St Kitts and Nevis’ Attorney General and Minister of Justice and Legal Affairs, Patrice Nisbett, has expressed confidence that the proposed Interception of Communication Bill that will allow wiretapping, contains built-in safeguards to prevent abuse and protect political freedoms. (more)

Monday, August 16, 2010

What's in Your Boardroom?

"Wouldn't it be nice if all boardrooms were equipped like this. So that when the teleconference microphone was ON, a sign lights." ...via my esteemed colleague from the North.

Wash Your Hands Before Leaking

A study by Department of Computer and Information Science at the University of Pennsylvania has found that it can be possible to uncover passwords by analyzing the smudges left on touchscreen phones. Touch screens are touched, so oily residues, or smudges, remain on the screen as a side effect. Latent smudges may be usable to infer recently and frequently touched areas of the screen - a form of information leakage.

The researchers said that they believe smudge attacks are a threat for three reasons. First, smudges are surprisingly persistent in time. Second, it is surprisingly difficult to incidentally obscure or delete smudges through wiping or pocketing the device. Third and finally, collecting and analyzing oily residue smudges can be done with readily-available equipment such as a camera and a computer.

The analysis requires a photograph of the screen to be uploaded to a computer. However, the presumption that lighting conditions would affect the quality of the photo, and hence the ability to extract passwords was shown to be false. In one experiment, the pattern was partially identifiable in 92% and fully in 68% of the tested lighting and camera setups. Even in our worst performing experiment, under less than ideal pattern entry conditions, the pattern can be partially extracted in 37% of the setups and fully in 14% of them.

By enhancing the photo of the screen in the computer, the smudge patterns could be seen. Critically, the requirement of the password structure as used in Android phones resulted in distinctive patterns, which lead to the ability to work out which "buttons" were pressed. (more) (presentation paper)

Saturday, August 14, 2010

Spy Phone Numbers

"When the joint is jumpin' and spies are thumpin' it ain't the time to share your number pumpkin." (c. 1942. Some jerk who thought they sounded like Bogart.)

• Need to protect your real cell or home phone number?
• Not sure about that new guy who asked you out?
• Worried your informant will be caught with your number?
• Need a safe number your spies can call in on?
You need TossableDigits! Expendable phone numbers that contact your private line and evaporate when your caller needs to be hung out to dry.

• Need to connect two adversaries through the web? 
• Need to connect your spies to each other over the phone without revealing their phone numbers to each other?
You need Click to Call! The anonymous phone connection.

• Did "M" not sound quite right during your morning briefing?
• Not sure your tipsters are calling from where they say they are?
• Need proof the real Home Office is requesting the microdot?
• Is the Lady Spy Caller ID spoofing the White and Black spies?
You need Phone Number Verification! Make them prove they are calling from the number they say they are calling from.

As Fats used to say, 
"One never know, do one?"

Friday, August 13, 2010

The Eavesdropping Palm Pre Cell Phone

A British internet security company has demonstrated how to turn the Palm Pre into a secret bugging device, ideal for corporate espionage, and issued a warning that many other popular smartphones are also vulnerable to hackers.

In-house hackers at Basingstoke-based MWR InfoSecurity have created a bug hidden in an electronic business card, or vcard, which enabled them to use the Pre to record conversations and send the audio file back to them, whenever it is connected to a WiFi or 3G network – all without the user being aware anything at all is happening.

The company's 26-year-old principal security researcher – who gives his name only as Nils, and who was hired by MWR last year after having been a freelance hacker since his teens – demonstrated the security flaw in the Pre to journalists and IT specialists this week, saying the phone was "easy" to break into. (more)

Wednesday, August 11, 2010

The Farewell Dossier

Movie Synopsis...
Engaging, emotional and riveting, FAREWELL is an intricate and highly intelligent thriller pulled from the pages of history about an ordinary man thrust into the biggest theft of soviet information of the Cold War. A piece of history largely unknown until now, which Ronald Reagan called "one of the most important espionage cases of the 20th century." Directed by Christian Carion. (Trailer)

The movie does reflect the reality of the “Farewell” material: that it revealed to Western intelligence the extent to which Soviet economic development in the 1960s and ’70s was almost entirely the result of industrial espionage... The obsession in the early 1980s with the problem of “technology transfer” arose as a direct result of the Farewell dossier, and in a 1983 National Security Decision Directive, preventing technology loss became a key element of American foreign policy. (more)

Vcard Pops Privacy on Palm Pre. Android Cookies Eaten.

Major vulnerabilities in the Palm Pre and Android smartphones have been detected that could allow data to be stolen.

Research by MWR Labs has revealed a major flaw in the Palm Pre that would allow conversations to be intercepted, while a flaw in the Android operating system from 2.0 onwards exists in the browser and allows login credentials and cookies to be harvested.

A spokesperson demonstrated that sending a Vcard to the Palm Pre allows an attacker to compromise the phone and intercept all audio close to the phone. They said that this is a completely focussed attack that targets a specific user. Alex Fidgen, director at MWR Labs told SC Magazine that this represents industrial espionage and if this was done over a carrier network it would be breaking the law. (more)

Tire Pressure Sensor Surveillance - A Re-Tread

Researchers from Rutgers University and University of South Carolina have found that wireless communications between new cars and their tires can be intercepted or even forged...

The researchers will present their findings at the Usenix Security Symposium, being held this week in Washington D.C.

 The tire pressure monitoring systems (TPMS) consist of battery-powered radio frequency identification (RFID) tags on each tire, which can respond with the air pressure readings of the tire when wirelessly queried by an electronic control unit (ECU).

The researchers had found that each sensor has a unique 32-bit ID and that communication between the tag and the control unit was unencrypted, meaning it could be intercepted by third parties from as far away as forty meters. (more)

Readers of Kevin's Security Scrapbook were advised of this back in 2008. See Track My Treads - TPMS Privacy Blowout.

Sexting, Speeding Teens Beware the Ra-Parents

Parents Are Listening Services Inc., (has) developed a program to better allow parents to monitor the contents coming into their children's cellphones. (Launching in September.)

It's one of many companies developing software designed to alert parents when children and teenagers exchange lewd text messages, communicate with predatory adults or taunt each other via social-networking websites. Another feature aims to curb texting and driving by disabling the messaging feature in a moving vehicle...

WebSafety Inc., based in Irving, Texas, offers a similar monitoring program that's been available for five months. The company's software draws from a unique library of 6,000 phrases deemed inappropriate, including slang and online abbreviations.

The program can monitor text messages, emails, instant messages and updates to social-networking sites such as Facebook. By using the phone's Global Positioning System, or GPS, features, parents can also set up no-text zones, such as on school grounds, to prevent students from using their phones to cheat on tests or taunt classmates.

Both Kid Phone Advocate and WebSafety's application send alerts as emails or text messages to the parent's computer and phones. The programs typically run in the background, so children don't know the alerts are being sent out.

GoGoStat, from Schakra Inc. of Redmond, Wash., was created by a team of former Microsoft Corp. employees. Like the other mobile parental apps, GoGoStat monitors the messages children send and receive to each other on Facebook, as well as photos that are exchanged. The program, however, doesn't have to be installed on the computer or cellphone; the app runs within Facebook. (more)

Monday, August 9, 2010

Industrial espionage in the 500's shapes the world.

Industrial espionage can alter the wealth of a nation and thus its capacity to compete commercially and wage war. A great example of this took place around 550 CE, when Justinian I, leader of the Byzantine empire wanted to undo China’s historic domination of the silk trade and, at the same time, end the Persian control of this valuable commodity as the middlemen.

Justinian I was undeterred in wresting this information from China, which they protected under penalty of death. So he sent two Nestorian monks into China with the specific intent of conducting industrial espionage. While in China they observed how silk was produced and what the key ingredients were used in silk production. The monks took two hollowed out walking sticks with them (“concealment devices” in intelligence talk) and hid silk worms and mulberry bush seeds inside them — both essential for silk production.

The monks were stopped and searched repeatedly on their journey home. Nevertheless, they were successful in their quest: they single-handedly transferred the technology for silk production to the West and within a short period of time, the silk trade had been completely upended. Byzantium, and thus the Roman Empire, became the world leader in silk production, which is probably why my ties are made in Milan and not in Beijing.

This act of espionage changed trade throughout the world. (more)

Do not make the mistake of thinking industrial espionage is of little consequence. Call me, or the counterespionage specialist who sponsors Kevin's Security Scrapbook.

History also presents second version of this great espionage story. It is called "The Legend of the Silk Princess." You can listen to it here.

Industrial espionage in the 1700 & 1800's shapes the world.

Sarah Rose is the author of For All the Tea in China, which tells the true story of how tea and industrial espionage fueled the great expansion of the British Empire and the East India Company in the 1800s. The book focuses on one central character, Robert Fortune, who was a scientist sent by the British government to literally steal the secret of tea production from China, plant the Chinese tea in Darjeeling, and thus make the British Empire less reliant on trade with the Chinese and more self-sufficient by harvesting its own tea in colonial India. (more)

Britain and Europe were the leading industrial nations in 18th-century Europe. This text examines the rivalry which existed between the two nations and the methods used by France to obtain the skilled manpower and technology which had given Britain the edge, particularly in the new coal-based technologies. Despite the British Act of 1719 which outlawed industrial espionage and technology transfer, France continued to bring key industrial workers from Britain and to acquire British machinery and production methods. Drawing on archival material, John Harris investigates the nature and application of British laws and the attitudes of some major British industrialists to these issues. He also discusses the extent to which French espionage had any real success.

Lieven Bauwens (June 14, 1769, Ghent – March 17, 1822, Paris) was a Belgian entrepreneur industrial spy and who was sent to Great Britain at a young age and brought a spinning mule and skilled workers to the European continent. (more)

Smuggling or abduction were not the style of the pious Thomas Whitty of Axminster, although he was not averse to a spot of industrial espionage. Enthused by an entrepreneur's desire to produce faster, wider and cheaper, he visited London in 1755 and took lodgings at the Golden Lion in Fulham. There, he made the acquaintance of a weaver from the factory of Parisot and inveigled a tour of the premises. The knowledge he gleaned enabled him to start making similar carpet in Devon. Increasing competition wiped out Parisot. (more)

Francis Cabot Lowell saw an opportunity in cotton. On the advice of his doctor, in 1810 he took a trip to England to recuperate from his stress. Over the next two years, Lowell visited textile mills in booming Lancashire County and in Scotland, where he saw machines for weaving cloth that were technologically superior to those in America. The British knew this too; they'd made it illegal to let proprietary loom technology out of the country. Undeterred, Lowell memorized the design of the textile machines, and when he returned to New England in 1812, he began work on recreating them in Waltham, Mass. (more) Thanks to a combination of immigrant British technicians, patent infringements, industrial espionage, and local innovations, American power looms were on a par with the English machines by the end of the 1810s. (more)

Derby Industrial Museum, also known as The Silk Mill brothers, beside the, is a museum of industry and history in Derby, England. Between 1717 and 1721 George Sorocold built Britain’s first mill for the LombeRiver Derwent. This mill was built to house machines for "doubling" or twisting silk into thread. John Lombe copied the design for the machines used for spinning large quantities of silk, during a period spent in Italy, working within the Italian Silk Industry. This was possibly the first example of industrial espionage. (more)

Samuel Slater left England after serving as an apprentice at a “state-of-the-art” cotton mill. In the United States, Slater found eager buyers for the technology he had regarding the most modern techniques in use in England for wool and cotton production. With the information Slater brought, America became the world’s leading manufacturer of cotton which shifted wool and cotton production from Europe to the Americas, thus kick starting America’s Industrial Revolution. This single act of industrial espionage elevated this new country to international economic eminence in less than 50 years. (more)

According to presumptions the Chinese manufactured porcelain, which was filmy, yet outstandingly hard, as early as in the 7th century. Porcelain reached Europe only by the end of the 13th century and rapidly spread in the centuries to come without anyone knowing the secret of its production. It decorated the tables of sovereigns and noblemen, since they were the only ones who could afford it. The Chinese tried to mystify the secret even more by legends and myths. Since they enjoyed a monopoly in manufacturing porcelain, the price of china was very high for a very long time. The mystery of porcelain manufacturing was uncovered in Europe only in the 18th century. The secret reached Paris with the assistance of a Catholic priest, d'Entrecolles, who had served as a Jesuit missionary in China. The priest paid a visit to the centre of the royal porcelain manufacture (Kin Te-chen) where he carefully observed everything, then passed on his information to Europe in the form of letters. He gave minute accounts of his visit to the "secret city". He described the location of the city, the life of the potter families living there, and the security measures introduced, in detail. He carefully observed the process of porcelain production. In spite of the distrust of the Chinese authorities and the stringent security measures the priest managed to send a sample of china clay, (also called porcelain clay, or kaolin) one of the main basic raw materials of porcelain to Europe. (more)

Do not make the mistake of thinking industrial espionage is of little consequence. Call me, or the counterespionage specialist who sponsors Kevin's Security Scrapbook.

"We all prisoners, chickee-baby. We all locked in."

...the position of the Chinese leaders was that China can do no wrong. If Chinese espionage agents abroad were caught in the act, Beijing’s retort would claim false accusations to denigrate China. They would leave it to public memory to fade and forget about it. (more)

The public's memory does fade. Remember silk, gunpowder, porcelain, cloisonne enamel, the compass, Xuan paper, movable type, ink and tea? All became products of the world with the help of a little industrial espionage. All taken from China. What went around, is now going around. You know, "For the loser now will be later to win..." Espionage is just another of life's mandalas.

If you think you know who your competition is (or isn't), you'll be surprised. The winners keep proactively protective. The smug get their pockets picked.

Friday, August 6, 2010

GPS = Global Phone Snitch

via The Wall Street Journal...
Phone companies know where their customers' cellphones are, often within a radius of less than 100 feet. That tracking technology has rescued lost drivers, helped authorities find kidnap victims and let parents keep tabs on their kids.

But the technology isn't always used the way the phone company intends.

Technology is enhancing the reach of stalkers, allowing them to take advantage of location-based social networking applications. WSJ's Andy Jordan reports.

The allegations are a stark reminder of a largely hidden cost from the proliferation of sophisticated tracking technology in everyday life—a loss of privacy.

Global-positioning systems, called GPS, and other technologies used by phone companies have unexpectedly made it easier for abusers to track their victims. A U.S. Justice Department report last year estimated that more than 25,000 adults in the U.S. are victims of GPS stalking annually, including by cellphone.  

A spokesman for AT&T Inc. says it notifies all phone users when tracking functions are activated. (They send a text message upon initial activation. Useless if the stalker has the phone at that moment.) But users don't have the right to refuse to be tracked by the account holder. Turning off the phone stops the tracking. 

Courtesy Executrac Mobile GPS Tracker

Earlier this year, researchers with iSec Partners, a cyber-security firm, described in a report how anyone could track a phone within a tight radius. All that is required is the target person's cellphone number, a computer and some knowledge of how cellular networks work, said the report, which aimed to spotlight a security vulnerability. unintended consequence of federal regulations that require cellphone makers to install GPS chips or other location technology in nearly all phones. The Federal Communications Commission required U.S. cellular providers to make at least 95% of the phones in their networks traceable by satellite or other technologies by the end of 2005. The agency's intention was to make it easier for people in emergencies to get help. GPS chips send signals to satellites that enable police and rescue workers to locate a person.

Craig Thompson, Retina-X's operations director, says the software (cell phone spyware) is meant to allow parents to track their kids and companies to keep tabs on phones their employees use. He says the company has sold 60,000 copies of MobileSpy. The company sometimes gets calls from people who complain they are being improperly tracked, he says, but it hasn't been able to verify any of the complaints. (Think they tried very hard?)

GPS-tracking systems provided by cellular carriers such as AT&T and Verizon Communications Inc. are activated remotely, by the carriers. (more)

Thursday, August 5, 2010


Several versions of Apple's iPhone, iPad, and iPod Touch have potentially serious security problems, a German government agency said in an official warning Wednesday.

Apple's iOS operating system has "two critical weak points for which no patch exists," the Federal Office for Information Security said.

Opening a manipulated website or a PDF file could allow criminals to spy on passwords, planners, photos, text messages, e-mails and even listen in to phone conversations, the agency said in a statement. "This allows potential attackers access to the complete system, including administrator rights," it added, urging users not to open PDF files on their mobile devices and only use trustworthy websites until Apple Inc. publishes a software update.

"It has to be expected that hackers will soon use the weak spots for attacks," it said, noting that the devices' popularity could lead to attacks within the corporate world — possibly facilitating industrial espionage. (more)

Wednesday, August 4, 2010

BlackBerry Squeezing Season

Indonesia considers joining a growing list of countries, including India, Saudi Arabia and the UAE in banning BlackBerry devices; Research in Motion is receiving increasing pressure to allow government access to data generated by the hand-held devices. (more)

Treat it Like a Social Disease - Don't Trust

Social engineering hackers -- people who trick employees into doing and saying things that they shouldn't -- took their best shot at the Fortune 500 during a contest at Defcon Friday and showed how easy it is to get people to talk, if only you tell the right lie. 

Contestants got IT staffers at major corporations, including Microsoft, Cisco Systems, Apple and Shell, to give up all sorts of information that could be used in a computer attack... The first two contestants made it look easy.

Wayne, a security consultant from Australia who wouldn't give his last name, was first up Friday morning. His mission: Get data from a major U.S. company.

Sitting behind a sound-proof booth before an audience, he connected with an IT call center and got an employee named Ledoi talking. Pretending to be a KPMG consultant doing an audit under deadline pressure, Wayne got Ledoi to spill details, big time... (more)

Security DIrector's Tip: This topic should be part of every employee's security briefing. (instant education)

Tuesday, August 3, 2010

The $1,500.00 Cell Phone Call Interceptor Demo'ed

Researcher Chris Paget pulled off a stunt at the Defcon security conference Saturday that required as much legal maneuvering as technical wizardry: eavesdropping on the cell phone calls of AT&T subscribers in front of thousands of admiring hackers.

With about $1,500 worth of hardware and open source software, Paget turned two on-stage antennas into a setup capable of spoofing the base stations that connect the GSM cell phone signals used by AT&T and T-Mobile. Paget set his hardware to impersonate an AT&T signal, and dozens of phones in the room connected to his fake base station. "As far as your cell phones are concerned, I'm now indistinguishable from AT&T," he told the crowd.

Paget invited anyone with an AT&T phone to make a call, and using his GSM hijacking trick, routed their calls through a voice-over-Internet system that connected their calls even while recording the audio to a USB stick--which he promptly destroyed with a pair of scissors to make sure he hadn't violated any privacy laws. The hack, after all, was intended to show the fundamental insecurity of GSM cell signals--not spy on callers. (more)

P.S. This works on G2 protocol systems, not G3.

The GSM Association responded in a statement that lists the limitations to Paget's method: the eavesdropper would have difficulties identifying or targeting any specific user, the interception only works within a certain range, in some cases, the call's encryption could prevent eavesdropping, and GSM phones are designed to alert users when encryption is removed by a base station. (Paget said in his talk that no device he's tested--including iPhone and Android phones--has had this option enabled.)

In summary, the GSM Association spokeswoman writes, "The overall advice for GSM calls and fixed line calls is the same. Neither has ever offered a guarantee of secure communications.  The great majority of users will make calls with no reason to fear that anyone might be listening.  However users with especially high security requirements should consider adding extra, end to end security features over the top of both their fixed line calls and their mobile calls."

Free CIA / Google App Tells Future

Google and the CIA are both investing in a company that monitors the web in real time.

The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents — both present and still-to-come. In a white paper, the company says its temporal analytics engine "goes beyond search" by "looking at the 'invisible links' between documents that talk about the same, or related, entities and events."

The idea is to figure out for each incident who was involved, where it happened and when it might go down. Recorded Future then plots that chatter, showing online "momentum" for any given event.

"The cool thing is, you can actually predict the curve, in many cases," says company CEO Christopher Ahlberg, a former Swedish Army Ranger with a PhD in computer science. (more

Want to see the future? Recorded Future will let you sign up for a free account ...but they already knew you would.

"Berry discriminating."

The BlackBerry -- renown for the security of its messaging -- doesn't offer 100 percent protection from eavesdropping. At least not in the United States.

U.S. law enforcement officials said they can tap into emails and other conversations made using the device, made by Research in Motion, as long as they have proper court orders.

RIM's willingness to grant authorities access to the messages of its clients is a hot-button issue. The United Arab Emirates claims it does not have the same kind of surveillance rights to BlackBerry messages as officials in the United States. It has threatened to clamp down on some services unless they get more access.

The exact details of the dispute remain unclear, but security experts say that many governments around the world enjoy the ability to monitor BlackBerry conversations as they do communications involving most types of mobile devices. (more)

Monday, August 2, 2010

...and the mouse was turned over to the ASPCA

MS — Two Mississippi men are facing charges after allegedly wrapping blocks of wood in duct tape and bubble wrap, attaching Toshiba labels to them and trying to pass them off as laptops. No one actually bought the fakes, but authorities in Hinds County have charged the men with trademark infringement and selling goods with counterfeit labels. (more)

Bugging, spy scandal rocks Safa leadership

South Africa - World Cup kingpin Danny Jordaan and three other soccer bosses have been having their movements tracked over the last few months without their knowledge.

Jordaan, who is the Local Organising Committee’s CEO; former SA Football Association (Safa) president Molefi Oliphant; vice-president Mandla Mazibuko; and CEO Leslie Sedibe discovered this month that monitoring devices had been secretly fitted to their cars...

Sedibe has commissioned an investigation to be conducted by an independent security expert...

Oliphant revealed to City Press that his phone had been bugged while he was still the Safa president. (more)

Sunday, August 1, 2010

Night of the living CrackBerry's

The United Arab Emirates said Sunday it will suspend some BlackBerry smartphone services from Oct. 11 amid an ongoing dispute with Canada's Research In Motion Ltd., the maker of the device, over the monitoring of data.

"With no solution available and in the public interest, in order to affect resolution of this issue, as of October 11, 2010, BlackBerry Messenger, BlackBerry Email and BlackBerry Web-browsing services will be suspended until an acceptable solution can be developed and applied," said Telecommunications Regulatory Authority Chief Mohamed Al Ghanim, according the emirates news agency, or WAM.

The U.A.E. government last week said Research in Motion's BlackBerry was a potential threat to national security, while an Indian government official said Indian security agencies have raised unspecified concerns about BlackBerry services.

Messages sent to and from a BlackBerry are processed at RIM's network operating center in Canada. They are encrypted on the device before being sent and remain encrypted until they reach their destination. 

A person familiar with the matter said a key problem is that the messenger service on BlackBerry is untraceable. (more)