Monday, September 30, 2013

Business Espionage: Eavesdropping Devices Found at Nortel Complex

Canada - Workers preparing the former Nortel complex as the new home for the Department of National Defence have discovered electronic eavesdropping devices, prompting new fears about the security of the facility.

It’s not clear whether the devices were recently planted or left over from an industrial espionage operation when Nortel occupied the complex...

Recently released DND documents indicate that concerns about the security surrounding the former Nortel campus at 3500 Carling Ave. were raised last year...
 

Last year it was also revealed that Nortel had been the target of industrial espionage for almost a decade... (more)

Note: Nortel Networks Corporation was once a major data networking and multinational telecommunications company. The company filed for protection from creditors on January 14, 2009 and later shut its doors.

Saturday, September 28, 2013

Commercial Espionage Fears Prompts... a conference?!?!

Jamacia - Commercial espionage affecting Jamaican businesses are to be addressed at a two-day conference on Cyber Security and Digital Forensics, to be staged at the University of the West Indies from September 30 to October 1.

Mr. Robinson said he became aware of the level of corporate espionage occurring in Jamaica recently, and the conference will address this concern in a fulsome way.

“We’re not talking about a man hacking into a website and defacing it. We’re talking about criminals doing this for financial gain, or to prove a point. They can hack into a critical national infrastructure and disrupt the country in a significant way; for example your Air Traffic Control system, and you know the damage that can be done,” the State Minister said.

“There are just so many ways someone with a computer can create havoc and we need to be on top of that as a country,” he emphasized. (more)

The "Let's Talk About This" love boat sailed a long time ago. It's time for action. BTW... Corporate espionage via computers is only one hole in your security dike. Be sure your security program handles it all.

Business Espionage - Bra Biz Ops Man Bugged

Michelle Mone's firm bugged director's office amid fears he was about to jump ship to ex-husband's new company, tribunal hears 

MICHELLE MONE monitored recordings from a bug in a director’s office amid fears he was about quit for a job work with her ex, her new business partner claimed yesterday.

Eliaz Poleg told an employment tribunal he came up with the idea of bugging Scott Kilday’s plant pot.

Poleg – the chairman of the company formed from the sale of Michelle’s MJM firm – said he made the move as he had “extreme concerns” over Kilday’s loyalty to the troubled bra business.

Kilday now works for Michelle’s ex-husband Michael, who was bought out of MJM two days before the sale to MAS Holdings. Kilday walked out on MJM after finding the bug.

Poleg told the tribunal in Glasgow: “I know there was stuff on it because Michelle said she was listening and replacing the machine tapes. (more)

Friday, September 27, 2013

When Business Espionage Doesn't Work the Next Step is Sabotage

Real News or Business Sabotage? You decide...

The following "news story" was found in Yahoo News. It is filled with anonymous quotes, no proof, no substance, no follow-up with the side being attacked.

“Apple’s new operating system is making me nauseous and giving me a headache - just like when you try to read in the car,” says one user.

Others complain of “vertigo” when apps “zoom” in and out - and say that using iOS 7 devices has left them feeling ill for days.

Apple’s new iOS 7 operating system has been downloaded 200 million times - and some users are complaining that the animations make them seasick - or worse. (more)


To our clients... In addition to your TSCM bug sweeps and our other business espionage reductions, keep an eye out for business sabotage. Document it. Go after it.

Monday, September 23, 2013

Yet Another Good Reason to Conduct TSCM Sweeps

Police have arrested eight men in connection with a £1.3m theft by a gang who remotely took control of the computer system of a Barclays bank branch.

A man posing as an IT engineer gained access to the Swiss Cottage branch in north London on 4 April, fitting a keyboard video mouse (KVM) device, which enabled the gang to remotely transfer funds to bank accounts under its control. (more)

Fingerprint Security Appears Risky on iPhone, and Elsewhere

Reason 1. - iPhone's fingerprint biometrics defeated, hackers claim.
Just one day after the new fingerprint-scanning Apple iPhone-5s was released to the public, hackers claimed to have defeated the new security mechanism. After their announcement on Saturday night, the Chaos Computer Club posted a video on YouTube which appears to show a user defeating Apple’s new TouchID security by using a replicated fingerprint. Apple has not yet commented on this matter, and, as far as I can tell, no third-party agency has publicly validated the video or the hacker group’s claim. In theory, the techniques used should not have defeated the sub-dermal analysis (analyzing three dimensional unique aspects of fingerprints rather than just two-dimensional surface images) that Apple was supposed to have used in its fingerprint scanner. (more)

Reason 2. - Mythbusters.



Reason 3. - When You're Busted.
Police can't compel you to spill your password, but they can compel you to give up your fingerprint.

"Take this hypothetical example coined by the Supreme Court: If the police demand that you give them the key to a lockbox that happens to contain incriminating evidence, turning over the key wouldn’t be testimonial if it’s just a physical act that doesn’t reveal anything you know.

However, if the police try to force you to divulge the combination to a wall safe, your response would reveal the contents of your mind — and so would implicate the Fifth Amendment. (If you’ve written down the combination on a piece of paper and the police demand that you give it to them, that may be a different story.)" (more)

Is Your Cell Phone Talking to Your Carrier, or Behind Your Back to a Rogue?

It's not easy to tell, but very important if you want to have a confidential conversation.

What is a rogue or IMSI catcher?

"An IMSI catcher is essentially a false mobile tower acting between the target mobile phone(s) and the service providers real towers. As such it is considered a Man In the Middle (MITM) attack. It is used as an eavesdropping device used for interception and tracking of cellular phones and usually is undetectable for the users of mobile phones. Such a virtual base transceiver station (VBTS) is a device for identifying the International Mobile Subscriber Identity (IMSI) of a nearby GSM mobile phone and intercepting its calls." (more)

Folks with a Cryptophone know...

"Each week an increasing number of Cryptophone customers are becoming aware of disturbing, yet unfortunately not surprising changes to the cellular network in their area.

This screenshot sent in by a customer shows the Cryptophone 500 alerting them to changes in the mobile network. In this case standard network encryption has been turned off. This is often an indication that a rogue base station or “IMSI Catcher” is active in the area.

While this knowledge would be of great to concern to most people, Cryptophone users can rest easy knowing that even in the presence of an ‘active’ attack’s like this, their communications are still completely secure." (more) (more)


Think the problem is theoretical? 
"Recently leaked brochures advertising next generation spy devices give outsiders a glimpse into the high-tech world of government surveillance. And one of the most tantalizing of the must-have gizmos available from a company called GammaGroup is a body-worn device that surreptitiously captures the unique identifier used by cell phones." (more)

"Hacker intercepts phone calls with homebuilt $1,500 IMSI catcher, claims GSM is beyond repair" (more

"Septier IMSI Catcher (SIC) has been designed as a tactical solution intended to extract GSM entities. Based on the Septier GUARDIAN infrastructure, Septier IMSI Catcher provides its users with the capability of extracting IMSI and IMEI of GSM Mobile Stations (MS) that are active in the system's effective range.

Septier IMSI Catcher is the perfect solution for both extracting identities from MS in its area of coverage (when these identities are previously unknown) and detecting the presence of known cell phones in the area, notifying the system user about those phones. Septier IMSI Catcher can be equipped with an add-on 3G module that allows identity extraction for 3G cell phones as well. It has several configurations that allow meeting the specific requirements of every operation and are suitable for various working conditions." (more)

Wednesday, September 18, 2013

Ex-Sheriff Pleads Guilty to Wiretapping

WV - Former Clay County Sheriff Miles Slack pleaded guilty Tuesday to a federal charge that he hacked his wife’s work computer.

Slack entered the plea to a wiretapping charge Tuesday in U.S. District Court in Charleston. He faces up to five years in prison. Sentencing was set for Dec. 19.


The government said Slack secretly installed a keystroke logger on a computer in the Clay County Magistrate Court office in April where his wife worked. They were married at the time but have since divorced.

Spyware devices can be purchased online and typically are 1-2 inches long and attached to the keyboard cable. Once installed, they can intercept anything typed on that keyboard. (more)

Tuesday, September 17, 2013

Afraid of Getting a Virus from a Public Recharging Station?

 For every scare, there is an inventor with an answer...
via int3.cc...
Have you ever plugged your phone into a strange USB port because you really needed a charge and thought: "Gee who could be stealing my data?." We all have needs and sometimes you just need to charge your phone. "Any port in a storm." as the saying goes. Well now you can be a bit safer. "USB Condoms" prevent accidental data exchange when your device is plugged in to another device with a USB cable. USB Condoms achieve this by cutting off the data pins in the USB cable and allowing only the power pins to connect through.Thus, these "USB Condoms" prevent attacks like "juice jacking".

Use USB-Condoms to:
* Charge your phone on your work computer without worrying...
* Use charging stations in public without worrying...

If you're going to run around plugging your phone into strange USB ports, at least be safe about it. ;-) (more)

New iPhones Are Coming - Learn How to Sanitize Your Old One

Planning on buying a new iPhone? 


Whether you trade-in, sell or gift your old one, do this first. Erase all your personal data. 

Here's how:
1. Plug your phone into the charger, or make sure you have enough charge to complete the process.
2. Take a moment to back-up the phone. iTunes or iCloud make this easy.
3. Go to SETTINGS > GENERAL > RESET
4. Press ERASE ALL CONTENT AND SETTINGS. Press CONFIRM.
5. (Optional) Press all the other RESETS.
6. Double-check to make sure all your data has gone to the bit-bucket in the sky.

Enjoy your new phone!

Monday, September 16, 2013

How Law Enforcement Can Watch Tweets in Real-time

BlueJay, the "Law Enforcement Twitter Crime Scanner," provides real-time, geo-fenced access to every single public tweet so that local police can keep tabs on #gunfire, #meth and #protest (yes, those are real examples) in their communities. 

BlueJay is the product of BrightPlanet, whose tagline is "Deep Web Intelligence" and whose board is populated with people like Admiral John Poindexter of Total Information Awareness infamy.

BlueJay allows users to enter a set of Twitter accounts, keywords and locations to scan for within 25-mile geofences (BlueJay users can create up to five such fences), then it returns all matching tweets in real-time. If the tweets come with GPS locations, they are plotted on a map. The product can also export databases of up to 100,000 matching tweets at a time. (more)

New Mobile Survey Reveals 41% of Employees Are Deliberately Leaking Confidential Data

Congratulations and condolences to the nation’s CIOs for being responsible for data security. 

There’s now more job security but now there’s less information security too. Because, according to a new survey from uSamp, 41% of workers used an unsanctioned cloud service for document storage in the last 6 months, despite the fact that 87% of these workers knew their company had policies forbidding such practices.

Welcome to the mobile workplace. It’s less secure and loaded with risk.

And, according to the research, the estimated annual cost to remedy the data loss is about $1.8 billion. So what’s a CIO to do? On the one hand, it’s her job to help employees remain productive, but it’s also her job to secure the company’s confidential information.

Six IT experts were asked about their take on the matter, here are their suggestions... (more


Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

"Secure" Integrated Circuit Chip Salami'ed into Spilling Secrets

A technique has been developed to bypass elaborate physical protections and siphon data off the most secure chips potentially including those used to protect military secrets.

The proof-of-concept technique demonstrated by researchers at Berlin's Technical University and security consultancy IOActive was successfully applied to a low-security Atmel chip commonly used in TiVo video recording devices. But the research team found that their complex and expensive attack could be applied to successfully pry data from highly-secure chips.

The attack used a polishing machine to mill down the silicon on the target chip until it was 30 micrometers thin.

The chip was then placed under a laser microscope fitted with an infrared camera to observe heat emanating from where encryption algorithms were running.

A focused ion-beam was then shot at the chip which dug a series of two micrometer -deep trenches in which wiretap probes were inserted.

Together, the elaborate techniques if bolstered by the use of more expensive equipment not available to the researchers could potentially bypass the most advanced chip security mechanisms. (more)

SpyCam Nails Airline Baggage Handlers at JFK

Seven baggage handlers at JFK Airport were arrested Wednesday for allegedly stealing thousand of dollars in items from checked baggage.

After receiving customer complaints of missing items, Israeli airline EL AL installed a camera in the belly of one of their 747 jets.

Over a five month period they caught seven employees - often wearing gloves - rifling through passenger's suitcases and stuffing luxury items in their pockets and down their pants. (more)

Sports Spying - Italian Football

Italy - In a frankly bizarre twist, Sampdoria caught a Genoa scout dressed in camouflage gear spying on their training ahead of Sunday’s derby.

The two local rivals will face off at Marassi on Sunday.

It seems Genoa were hoping to gain an advantage, but were left red-faced when Primavera youth team goalkeeping Coach Luca De PrĂ  was caught spying on Samp’s training session.

It was Sampdoria who revealed the strange story with a statement on their official website and photograph of the man dressed in full camouflage gear to hide in the bushes outside the Bogliasco camp. (more)

Wizard of Id... More True than They Know

Sunday, September 15, 2013

Alps Slayings Could be Linked to Industrial Espionage - Prosecutor

French authorities said Friday they were investigating the possibility that the British family shot dead while on holidays in the Alps a year ago was executed over industrial espionage. (more)

Friday, September 13, 2013

School v. Students - Monitoring Social Media for Anti-Social Behavior

Authorities in California are now snooping on school students’ social media postings to catch law-breaking, bullying and other harmful activities. But parents worry the move is yet another example of Big Brother prying into ordinary Americans’ lives.

Glendale Unified School District, the third-largest in Los Angeles County, has paid Geo Listening Company over $40,000 to follow its students on social media networks. The stated aim is to prevent law-breaking, bullying and doing harm to themselves and others.

Under the scheme, the online activities of Glendale’s 13,000 middle-school and high-school students are closely monitored. (more)

Wednesday, September 11, 2013

Sometimes the Bird Really is a Spy

Over the past few years there have been a flock of spy stories about birds, the latest being a stork in Egypt. He was interrogated and let go, only to be found dead two days later. "...a wildlife organization claiming that it was 'eaten by local villagers.'" (more)

This story is different. Some birds do spy.

The John Downer Productions team created a set of highly realistic robotic penguins to spy on living birds for a recent BBC documentary. Some penguins are timid around humans, and may flee when a normal camera team approaches. So, these robots allow scientists and filmmakers to get up close with the colony and capture intimate details of day to day life in a penguin colony. 


The robots are more than simple spycams. They can:
• Remember the identities of individual penguins based on their patterns of spots.
• Get blown over and right themselves.
• Fall off a ledge without breaking.
• And even carry “egg-cams” to drop off at strategic locations (more)

Business Espionage: BMW Accused of Spying on Paris Electric Car-Share Company

The group that runs Paris car-sharing scheme Autolib’ said Tuesday it had filed a criminal complaint accusing German carmaker BMW of using spies to gather information on its electric cars. 

The Bollore group said it had filed the industrial espionage complaint after two employees of a firm employed by BMW were spotted three times tampering with charging points and Autolib’ vehicles parked in Paris.

BMW denied any wrongdoing...

The group that runs Paris car-sharing scheme Autolib’ said Tuesday it had filed a criminal complaint accusing German carmaker BMW of using spies to gather information on its electric cars.

The Bollore group said it had filed the industrial espionage complaint after two employees of a firm employed by BMW were spotted three times tampering with charging points and Autolib’ vehicles parked in Paris.

BMW denied any wrongdoing.

Friday, September 6, 2013

How to Check an iPhone for Spyware

a tip via Techlicious...
"The best way to detect if your iPhone has been hacked is to download an app like Lookout that tells you whether your phone has been "jailbroken". 

If the answer is yes (and you didn't jailbreak it), there's a good chance your suspected spy did. 

To remove an iPhone hack, simply update to the latest version of iOS. And to protect against future hacks, make sure that your phone is password protected so no one can get physical access to jailbreak it again...

Once you clear the hack, reset all of your passwords for social accounts and iCloud to prevent other means of spying on you."

The New York Times Quote of the Day :)

QUOTATION OF THE DAY

"This is the golden age of spying."
PAUL KOCHER, a cryptographer, on the National Security Agency's ability to circumvent encryption systems in gathering private Internet information.

Thursday, September 5, 2013

IT Industry Admits ‘Losing Battle’ Against State-Backed Attacks

More than half of senior IT security professionals believe the industry is losing the battle against state-sponsored attacks, according to a survey.

Nearly 200 senior IT security professionals were surveyed by Lieberman Software Corporation at the Black Hat USA 2013 conference in Las Vegas, with 58 per cent of saying they believe the profession is losing the battle against state-sponsored attacks.

And 74 per cent of respondents were not even confident that their own corporate network has not already been breached by a foreign state-sponsored hacker, while 96 per cent believe that the hacking landscape is going to get worse over time. (more)


FutureWatch: Look for a migration of sensitive information away from Internet connectivity, followed by a rise in traditional espionage techniques. This shift will amplify the need for traditional security countermeasures, such as TSCM.

Tuesday, September 3, 2013

Business Espionage: HTC - Cell Phone Company Takes a Hit

Taiwan -- Investigators stormed into HTC yesterday to investigate some of the company's design staff, who are suspected of stealing trade secrets and defrauding HTC of nearly NT$10 million.
Ironic HTC homepage.
HTC accused three of its senior design professionals of fraud. The suspects were alleged to have set up new businesses on their own. Investigators started interrogating the suspects and searching their homes and offices yesterday afternoon.

The Bureau of Investigations said that it had received a complaint from HTC saying that three senior employees in the design development department were suspected of designing cellphone cases and lying about it being contract work. The suspects allegedly conspired with a manufacturer to issue fake invoices amounting to nearly NT$10 million for performing design work. Upon receiving the money from HTC, the manufacturer allegedly transferred it to the suspects. (more)

The Newest Eavesdropping Gadget for PIs and Spies - Also a Security & Safety Tool

When people around you put on headphones or earbuds you begin to speak freely. Big mistake. You may have been lulled into a false sense of security by an eavesdropper using The Fuser. 
"The Fuser increases your awareness of the natural sounds around you using its built-in microphone to “mix” the music in your headphones with the outside world, allowing you to enjoy your music while still hearing yourself and others around you talk, laugh, work, play.*
 

Listen to music at work and still engage with co-workers. Take a road trip and not ignore others in the car. Relax at the beach with your music and still hear the waves crash… The possibilities are endless. (Oh, and by the way) *Fuser can also be used without a music device as a powerful hearing aid." (more)

P.S. This is also an excellent safety device for when you are walking, jogging, bicycling, or in any other situation where you need to be alert to your surroundings.

Sunday, September 1, 2013

Industrialists Hit by Cyber Espionage

India - Cyber espionage, the practice of spying to obtain secret information like proprietary or classified details, confidential sales data, turnover, clients' contacts, diplomatic reports and records of military or political nature, have hit city industrialists.

"Cyber espionage is the new trend of cyber crime that is threatening mid-scale and small-scale industries in Ludhiana. Here one could target his business competitors or simply steal other company's details to sell it further in the market. Ludhiana offers them a ready-made market as many start-ups and small scale companies are operational here," said Tanmay Sinha, a cyber expert and an entrepreneur based in Ludhiana.

"In most of the instances, cyber espionage attempts benefit the attacker as these attacks are not random but are well-planned and targeted towards one group. Moreover, these are done by the criminals after studying the history of the target," he added.

Ludhiana police cyber cell has received more than 10 complaints of cyber espionage in the last two months. (more)

Smartphone Spy Lens

Why mention this?
Our PI friends need to know, and so you will know what you're up against.

"The Smartphone Spy Lens is a tiny gizmo you attach to your phone to take photos at a 90° angle. You can slyly hold your phone in texting position, while photoing straight ahead!

Periscope around a corner. Snap candid shots of your camera-shy kids. Take a photo of your dinner plate without having to climb up on the table.

Its high quality glass and mirrored interior ensures no photo quality is lost. Attach the included metal ring around your phone's lens and the Spy Lens magnetizes securely onto it.



Since it twists 360° you'll have all the advantages of a camera with a swivel screen. Hold it high and still see what you're shooting. Hold it low without dropping into an army crawl to set your focus.

With the Spy Lens in place you can lay your phone down and still shoot straight ahead. Turning any surface into an impromptu tripod for self ports, group pix and steady videoing." (more)

Family doctor who used £60 spycam watch...

UK -  ...to film intimate examinations of hundreds of women is banned from profession...

When Bains was arrested at his surgery in Royal Wootton Bassett, Wiltshire, officers discovered 361 video clips filmed on the watch - some as long as 45 minutes.

Around 3,000 potential victims were contacted but the exact number is thought to be ‘close to 300’ - aged between 14 and 51.

A Medical Practitioners Tribunal Service banned Bains from practicing.

The tribunal in Manchester was told that his conviction earlier this year means that his fitness to practice is impaired, and he should be struck off.

In March, Bains appeared at Swindon Crown Court where he admitted 39 counts of sexual assault and voyeurism and asked for a further 65 offences to be taken into consideration.

He is serving a 12 year prison sentence and is not represented at the hearing. (more)