Tuesday, December 23, 2014

Companies May Get a New Weapon in the Fight Against Economic Espionage

Currently, intellectual property owners that want to file suit for trade secret theft can only do so in state court. Under the Senate’s Defend Trade Secrets Act and the House’s Trade Secrets Protection Act, plaintiffs could sue in federal court, where it can be easier to reach defendants that have fled to another state or country.

Both bills, which are similar in scope, have Democratic and Republican sponsors, who cited federal estimates that U.S. businesses lose $300 billion a year as a result of trade secret theft. (more)

Kangaroo Knocks Out Drone

The kids are scared. What's a mother to do?

Army Needs Super Fly Robot Spy (wannahelp?)

Army invites investors, engineers to help develop technology like fingernail-sized fly bot whose wings flap without motors.

Click to enlarge.
Researchers at the U.S. Army are taking advantage of an unusually unclassified approach to military systems development to ask for help turning a clever robotic fly into an almost undetectable spy.

The robotic flies are – or will be – semi-autonomous robots that look like real bugs and fly using wings that flap without being controlled by a motor. (more)

Skype for Android App - Eavesdropping - Feature or Flaw

The Skype for Android app reportedly features a flaw that allows other users to eavesdrop without any real effort.

As discovered by a Reddit user Ponkers (via Android Police), the security bug in Android app can "can force the Android version of Skype to answer, allowing you to eavesdrop."

The old fashioned way.
As Ponkers explains, first it requires two devices signed into Skype account Android phone (device 1) and desktop (device 2). Now, if the user calls the target Android device (device 3) with the Android phone (device 1) and then disconnects from Internet while the target Android phone (device 3) has answered, it results in a call back from the target Android phone (device 3) to the user on desktop (device 2), and an automatic connection without the owner of the device necessarily knowing. (more)

Monday, December 22, 2014

SpyCams in the Pathology Department - Staffers Bugged

Australia - SA Health has admitted using cameras hidden in smoke detectors to monitor its staff at SA Pathology premises in Adelaide.

Two cameras were installed in October in offices... as part of an investigation into processing delays for pathology reports...

A staff member, who did not want to be identified, said it did not take staff long to notice something suspicious. "The staff felt violated, there's also a microphone attachment to it so [we do not know] whether they were listening in or conversations were being recorded," they said.

However, a spokesperson for SA Health said the cameras were not used to record audio. (more)

Security Flaws Let Hackers Listen in on Cell Phone Calls

German researchers say the network that allows cellphone carriers to direct calls to one another is full of security holes. (more)

Man Bots Ex-Girlfriend's Computer... for several years

PA - A former Pennsbury School District computer technician from Doylestown Township was placed on probation for three years for remotely spying on his ex-girlfriend and their child.

Joseph Tarr, 31, admitted to controlling the Middletown woman’s home computer and its webcam for several years. By the time he was arrested, Tarr had numerous audio and video recordings of the activities in the woman’s home — all captured without her knowledge, authorities said. (more)

PI Tip # 512 - Make: Coffee Cup SpyCam

Take your cup of Joe from classic to classified with a tilt-triggered spy camera.

The trick is to modify two paper coffee cups — install the device in one, slide it into the second, and align holes cut in the bottoms of each. Two LEDs can be seen through the standard plastic lid — one illuminates when the tilt switch is activated, the other flashes twice after a picture has been taken.


Think your cover has been blown? Simply rotate the cups to hide the camera... (more)

Self-Destructing Spy Phone (Can't tell you any more right now.)

Chalk this up as one of the stranger corporate announcements this week, delivered by BlackBerry CEO John Chen...
Click to enlarge.

“We are pleased to announce that Boeing is collaborating with BlackBerry to provide secure mobile solution for Android devices utilizing our BES 12 platform. That, by the way, is all they allow me to say. So sorry (if) it seems like I am reading it word for word. .. I’m true to my commitment here.”...

It’s a sealed device, with epoxy around the casing and tamper-proof screws to prevent it from being opened... 

Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,” a lawyer for Boeing wrote in a letter to the FCC... (more)

Thursday, December 18, 2014

How to Spy on Your Competition...

...by keeping tabs on their Internet presence. (And, how they may be spying on you!)

Connecticut's Quirky Recording Laws - Check Your State Laws Too

Daniel Schwartz, partner at Shipman & Goodwin LLP, recently pointed out some interesting facts about Connecticut's recording laws...

If you do a search on the Internet, you’re likely to discover that Connecticut is a “two-party” state when it comes to recording telephone conversations. What does that mean? In plain English, it means that both parties to a phone conversation must consent to the recording for it to be legal. You can read the law (Conn. Gen. Stat. Sec. 52-570d) for yourself here...

For ordinary, in-person communications, Connecticut is a one-party state — meaning that only one party’s consent is needed to record a conversation. (You can find the law regarding eavesdropping at Conn. Gen. Stat. Sec. 53a-189.)

What does this mean in the workplace? It means that your employees can legally record conversations with their bosses and then try to use those communications as evidence to prove a discrimination claim or another employment-related claim.

Employers can set up reasonable rules in the workplace prohibiting the taping of conversations and tell employees that they cannot record it, but that only means that the records violate the employer’s rules, not Connecticut law.

And what this also means is that the employee cannot record a conversation between two other people; one party must always consent to the conversation. (more) 

P.S. A FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it," is available to Murray Associates clients. Contact me for your copy.

Steal from Apple - Patent - Then Sue Apple (Industrial Espionage?)

You decide...

Chinese phone vendor claims Apple's iPhone 6 looks too similar.

Few have probably heard about Digione, but one of the Chinese company’s latest products looks quite similar to the iPhone 6, and could potentially spark a patent dispute with Apple.

The little-known Chinese smartphone maker revealed Monday it sent a letter to Apple in September, claiming that the iPhone 6 may infringe on a company-registered patent.

The patent in question covers a mobile phone design that features an exterior look very similar to the iPhone 6’s. Digione’s subsidiary applied for the patent in January and the company was granted the patent in July, according to China’s State Intellectual Property Office.

To publicize the issue, Digione’s smartphone brand 100+ took to a social networking site Monday and posted the letter it had sent to Apple. (more)

So, what's the penality for wiretapping in Turkey? (hit the Zildjian)

Turkey - An Ankara prosecutor submitted an indictment to court on Friday regarding the illegal wiretapping activities by members of the Gülen Movement who infiltrated key government bodies in an attempt to topple the government... Prosecutor Tekin Küçük accused the former chief of the intelligence unit of the National Police Department, Ömer Altınparmak, of spying and is seeking up to 290 years in jail for the suspect. (more) (rimshot)

What is the Largest Spy Network in the Planet?

The non-state actor behind the most pervasive surveillance network in human history has managed to avoid scrutiny. Until now. Revealed: Santa the spymaster.

Here is what we know about the man identified as Santa Claus. He operates under several aliases, to include Father Christmas, St. Nicholas, and Kris Kringle. His outfit is reportedly based out of the North Pole, though reconnaissance platforms have yet to capture his base of operations. His surveillance network is peerless, invasive, and worldwide. He spearheads a single annual clandestine mission. We know he’s coming to town, and we know when, and yet he has eluded capture for two centuries. (He is also, apparently, immortal.)

Santa Claus is, in short, the single most successful spymaster in human history. And while total global surveillance by a non-state actor isn’t necessarily to be applauded, he has earned the world’s begrudging respect for his organization’s sheer competence. Despite his old and sprawling operation, Claus has thus far managed to avoid the sort of intelligence leaks that have proved catastrophic in recent years to the National Security Agency and U.S. Department of State. Indeed, his secrets are kept not only by members of his inner circle, but also a vast swath of the adult world. Accordingly, young people generally under the age of 12 are left entirely in the dark as to Claus’s intentions and temperament. (more)

Scoop - Corporate Espionage Show

FutureWatch - Showtime is developing a half-hour comedy... Titled “Professionals,” the laffer centers on two partially broken mid-level employees who become ensnared in a dangerous game of corporate espionage. The project commitment is for three scripts, written by David J. Rosen, with Marc Webb attached to direct. (more)

Wednesday, December 17, 2014

Cops Can't Spy on Your Yard and Home Without Warrant... sometimes


WA - A federal judge on Monday tossed evidence that was gathered by a webcam turned on for six weeks—that the authorities nailed to a utility pole 100 yards from a suspected drug dealer's rural Washington state house.

The Justice Department contended that the webcam, with pan-and-zoom capabilities that were operated from afar, was no different from a police officer's observation from the public right-of-way.

"After reviewing relevant Fourth Amendment jurisprudence and applying such to the facts here, the Court rules that the Constitution permits law enforcement officers to remotely and continuously view and record an individual’s front yard (and the activities and people thereon) through the use of a hidden video camera concealed off of the individual’s property but only upon obtaining a search warrant from a judge based on a showing of probable cause to believe criminal activity was occurring. The American people have a reasonable expectation of privacy in the activities occurring in and around the front yard of their homes particularly where the home is located in a very rural, isolated setting. This reasonable expectation of privacy prohibits the warrantless, continuous, and covert recording of Mr. Vargas’ front yard for six weeks. Mr. Vargas’ motion to suppress the evidence obtained as a result of the video feed is granted." (more)

Norway - Eavesdropping Devices Found - UPDATE

Stingray mobile phone surveillance equipment estimated to cost up to £200,000 has been found hidden near the Norwegian parliament, believed to be snooping on legislators.

Following a two week investigation, Norway's Aftenposten newspaper reported to the Norwegian National Security Authority (NSM) that it had discovered IMSI-catchers (International Mobile Subscriber Identity) of a type believed sold by Harris Corporation, located inside fake mobile phone stations near government and parliamentary buildings in Oslo. At least six devices were found, each about the size of a suitcase. Potential targets within a radius of one kilometre of the equipment include the prime minister's office, the ministry of defence, Stortinget (parliament) and the central bank, Norges Bank, ministers, state secretaries, members of parliament, state officials, the American and Israeli embassies as well as many private businesses...

Initially IMSI-catchers only collect data from the sim-card but the intrusion can escalate, as the Aftenposten report explains: The most advanced versions can register several hundred numbers in just a few minutes. Once a mobile phone has been detected by a fake base station, the IMSI-catcher can enter an active mode to eavesdrop on certain conversations. Then it will transmit the conversation to the real GSM-system acting as a ‘man-in-the-middle.

The fake base station can even register SMS-messages and install spyware enabling its operator to switch on the microphone so that the mobile phone can be used to bug rooms and meetings. (more)

Tuesday, December 16, 2014

Constables Gone Wild

UK - A detective constable accused of spying on unsuspecting hotel guests during a 10-month voyeurism spree appeared in court.

DC Daniel Williams, 36, is said to have watched the victims at the Jurys Inn in Milton Keynes and the The Mandolay Hotel, Guildford, Surrey between January and October this year... Williams, who has been suspended from duty, also faces separate allegations of involvement in the sex trade.

He allegedly incited girls work as prostitutes and hid the profits in socks stuffed into his chimney... Williams, who was working at Tooting police station at the time of the alleged offenses, is further charged with using the police computer to run checks on his clients. (more)

USA - A Kingston constable is facing charges of spying on two teenage girls known to him through a two-way mirror while they were camping in a recreational vehicle in Northumberland County.

Point Township (PA) police charged John C. Gould, 54, of Market Street, with six counts of invasion of privacy... Two girls ages 15 and 17 told Kingston police in early July they suspected Gould spied on them while they showered inside the RV while camping... A two-way mirror was attached to the bathroom wall permitting a one-way view of the bathroom from a bedroom, according to the complaint. A lamp without a shade was placed near the mirror to diminish visibility of the mirror, according to the complaint. (more)

Elf on the Shelf - Naughty or nice – or maybe just creepy?

Since 2005, the Elf on the Shelf has been a holiday tradition in homes. Children love seeing the little elf pop up in unexpected places. But one Canadian professor says the doll is not all fun and games — it’s teaching children to accept people spying on them.

In her paper, published in the Canadian Center for Policy Alternatives, Laura Pinto... argues that the children with an elf in their home, often cater to and try to always be on their best behavior for the doll, a fictional representation of power, instead of “engaging in and honing understandings of social relationships with peers, parents, teachers, and ‘real life’ others.”

The professor tells the Toronto Star, “If you grow up thinking it’s cool for the elves to watch me and report back to Santa, well, then it’s cool for the NSA to watch me and report back to the government.(more)

More Fake Cell Phone Sites Discovered

A WUSA9 investigation has identified "very high suspicion" levels for cell phone spying in Washington, D.C. and in tests in the Ferguson, Mo. area.

WUSA9 recorded the suspicious activity using a device that detects unauthorized external access to a test phone connected to a standard cellular network.

The findings come as a Chinese website promises cell phone interception equipment for as little as $1,800 a unit in a spy world that was once controlled by government officials at costs near $500,000 a piece. (more)

Sony's Industrial Espionage Grand Slam

The Sony e-mail hack is too irresistible to ignore. The confiding messages trash stars like Angelina Jolie and Adam Sandler. The seven-figure salaries of studio execs, nearly all men, are underlined. Juicy remarks — all the more believable because of misspellings and bad grammar — kid about President Obama’s taste in movies. To top it off, North Korea might be behind it all.

Click to enlarge.
It’s the kind of tinsel town mess that is too good not to be true...

It was theft, a cyber break-in, that led to the disclosures. Hackers broke into the Sony Pictures Entertainment system and stole a boatload of private information: salaries, e-mails and personal data, with only a fraction trotted out so far.

It’s industrial espionage on a grand scale. Repairing Sony’s computer systems will cost tens of millions while some 30,000 Sony employees are left exposed... It’s a mugging, tech-style.

There are takeaways for the rest of us.  
• Never e-mail anything you can’t explain in public. 
• Think twice before hitting the send key. 
• Don’t assume anything remains secret after it’s typed out on screen. (more)

After 50 Years, Charlie is Finally Employed

The US military has been developing a robotic tuna that can infiltrate enemy territory.

The spy fish, which is made to look like a bluefin tuna, weighs a hundred pounds and is 5ft long.

Dubbed Project Silent Nemo, The United States Office of Naval Research is in the process of testing the tuna. The robot is controlled by remote control but can also be programmed to swim a pre-determined route.

Nemo could see active service in as little as a year’s time. (more)

Spy Cartoon - Smoke Screen Excuse for Smoke Signal Tapping


Monday, December 15, 2014

Thus, giving new meaning to watching the submarine "raceys"...

The Navy has issued a new report confirming the involvement of 12 sailors and petty officers in watching a series of secretly recorded videos 

taken over a period of ten months of fellow female shipmates undressing and showering. Only one of the men is accused of recording the videos.

"This was not 11 guys, each with different [cameras]," an anonymous source told the Navy Times. "It was really one guy doing the videography piece and then sharing it with other people." (more) (sing-a-long)

James Bond Held by Hackers - Cue Q

The producers of James Bond films have acknowledged that an early version of the screenplay for the new movie "SPECTRE" was among the material stolen in the massive cyberattack on Sony Pictures Entertainment. 

The producers said in a statement Saturday that they are concerned that third parties who received the screenplay might seek to publish it — and warned the material is subject to copyright protection around the world.

The producers promised to "take all necessary steps to protect their rights against the persons who stole the screenplay, and against anyone who makes infringing uses of it or attempts to take commercial advantage of confidential property it knows to be stolen." (more)

Norway Alerts Politicians After Eavesdropping Devices Found

Norwegian police said Sunday they have warned politicians about possible eavesdropping of cellphone calls after several listening devices were reportedly found in central Oslo, including near government buildings and Parliament.

Siv Alsen from the security police said the National Security Authority has begun an investigation, but could not provide more information pending the agency's report...

Her comments followed media reports that illegal listening and tracking devices were found in fake mobile base stations, which could be used to monitor calls and data, as well as trace the movement of people in the area. (more)

Double Check Your Tech

via Bruce Schneier...
This is a creepy story. The FBI wanted access to a hotel guest's room without a warrant. So agents broke his Internet connection, and then posed as Internet technicians to gain access to his hotel room without a warrant.

From the motion to suppress:

The next time you call for assistance because the internet
service in your home is not working, the "technician" who comes
to your door may actually be an undercover government agent.
He will have secretly disconnected the service, knowing that
you will naturally call for help and -- when he shows up at
your door, impersonating a technician -- let him in. He will
walk through each room of your house, claiming to diagnose the
problem. Actually, he will be videotaping everything (and
everyone) inside. He will have no reason to suspect you have
broken the law, much less probable cause to obtain a search
warrant. But that makes no difference, because by letting him
in, you will have "consented" to an intrusive search of your
home.

Basically, the agents snooped around the hotel room, and gathered evidence that they submitted to a magistrate to get a warrant. Of course, they never told the judge that they had engineered the whole outage and planted the fake technicians. (more)

Woman Hides Spycam in Her Butt - Cookie Monster Digs It

There is an important lesson this spycam will teach all men...

Friday, December 12, 2014

Interesting Spy Stories of the Week

A former computer technician at HSBC Holdings’ Swiss unit, “celebrated as a hero abroad,” was indicted in Switzerland on charges of industrial espionage and violating bank secrecy laws, prosecutors said... accused of stealing client data in 2008 from HSBC’s Geneva office and passing it to French authorities... (more)

Verizon Voice Cypher, the product introduced with the encryption company Cellcrypt, offers business and government customers end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can also connect to an organization's secure phone system. Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they're able to prove that there's a legitimate law enforcement reason for doing so. (more)

US-based cyber security solutions firm FireEye has just uncovered a business espionage racket targeting over 100 corporates, to steal information. The FIN4 group, as FireEye calls the hacking outfit, has a deep knowledge of how business deals are reached and how corporate entities communicate within and outside the organization. Unlike in other attacks, the hacker group is said to be very focused. It targets people who might have access to confidential information. (more)

An electrical engineer for a defense contractor was fined $5,000 and sentenced to 180 hours of community service for falsely accusing his boss of spying for another country. (more)

Two Private Eyes, One GPS, One Fake DUI Tip = 200 x "I Take the 5th."

Two private investigators accused of tailing an Orange County councilman with a GPS device and setting up another by calling in a false drunk driving report were charged Thursday with false imprisonment and conspiracy to commit a crime, the district attorney's office said.

Private eye takes the 5th more than 200 times in fake-DUI case
The Costa Mesa councilmen were targeted in the midst of a protracted city-police fight in 2012. The detectives were hired hands for an Upland law firm that had an advertised client list of more than 120 public safety unions and a reputation for aggressive attacks on City Hall, prosecutors say.

Christopher Joseph Lanzillo, 45, of Lake Arrowhead and Scott Alan Impola, 46, of Canyon Lake put a GPS monitor on Councilman Steve Mensinger's car in July 2012, prosecutors say, and tracked him for about a month. (more)

Thursday, December 11, 2014

EU Court Say NO and YES to Private Surveillance Cameras

The European Union's highest court ruled on Thursday that private individuals generally cannot install surveillance cameras to film people on a public path. 

It said, however, that exceptions can be made if they help prevent and prosecute criminal acts.

The case arose after a Czech man installed a surveillance camera under the eaves of his family home from October 2007 to April 2008 after attacks, in some of which windows were smashed. (more)

A Guide to Electronically Stored Information Preservation Responsibilities

The litigation-related duty to preserve relevant evidence, including electronically stored information (ESI), is well established and widely known in the legal community and the business world...

In today’s legal climate, even a company’s seemingly innocent delay in implementing an appropriate method to preserve ESI may be catastrophic...

This white paper guides litigants through their responsibilities to preserve evidence and provides valuable information on implementing a defensible legal hold process. (more) (pdf)

Blackphone Improves - Now with Apps and a Silent Space!

Blackphone, a joint venture between SGP Technologies, Silent Circle, and others, will introduce world's first privacy-focused app store. 

PrivatOS1.1 empowers users to take control of their privacy, without the tradeoffs...

With most smartphones, separating work and play means compromising either privacy or convenience: either work apps and data live in the same place as personal games and social media apps, or users carry two devices to guarantee privacy and separation. Spaces can separate work life from personal life, a "parents only" space from a kid-friendly one, or any other separation users can dream up – no compromises needed.

A "Silent Space" is featured by default and includes the Silent Suite of apps for encrypted communication, Blackphone app store and a bundle of pre-loaded privacy apps. From there, build additional Spaces as you see fit – for whatever purpose you need – with the Blackphone Security Center and PrivatOS keeping you safe across each one.

The accompanying launch of the Blackphone app store ‐ the first one in the world that focuses solely on privacy-focused applications – solidifies Blackphone's position as a global leader in privacy and security.

Available January 2015, the Blackphone app store features curated apps specifically selected by Blackphone as the most secure privacy-optimized apps on the market. Several pre-loaded apps will be immediately available with the latest PrivatOS update in early 2015. (more)

My Kind of Christmas Card

Thanks, Joe!

Friday, December 5, 2014

Update: Jersey Girls Never Say Die and I'm Not a Spy

A New York judge has rejected a 98-year-old woman's request to erase her 1950 conviction for conspiracy to obstruct justice in the run-up to the atomic spying trial of Julius and Ethel Rosenberg.

Manhattan Judge Alvin Hellerstein said Thursday that Miriam Moskowitz's lawyers could not show that newly released records would have changed her trial's result. Moskowitz lives in Washington Township in Bergen County, New Jersey. She served a two-year prison sentence.

She said afterward: "Too bad." She says she's disappointed. (more)

Eavesdropping Lies, Coverups and Other Dumb Politico Moves

Australia - The future of Federal Parliament's top bureaucrat is under a cloud following the release of a scathing report by the Senate's powerful Privileges Committee.

It found Carol Mills provided "contradictory" and "misleading" information to a parliamentary committee about the use of security cameras inside Parliament House.

At issue was whether internal cameras were used to investigate a Parliament House employee who allegedly leaked information to Labor senator John Faulkner... previously said she only became aware in May that security footage had been used... other documents indicated Ms Mills was aware of the issue in February and had approved the use of security camera footage...

Her position as the chief bureaucrat in charge of Parliament House has come under question in recent months, following her decision earlier this year to downgrade security to save money.
That decision was subsequently reversed. (more)

Australia - The release of a secret report into a police bugging scandal has been blocked by Premier Mike Baird's department, leading to warnings the dispute may end up before the Supreme Court.

The Strike Force Emblems report examines allegations of illegal bugging by the NSW police's Special Crime and Internal Affairs (SCIA) and the NSW Crime Commission between 1999 and 2001, but has never been made public. (more)

Malware Planted In Chinese E-Cigarettes

Electronic cigarette manufacturers may have highlighted its numerous benefits to let you lead a healthy, stress-free life.

What they certainly did not highlight was that the device can be used for malware distribution as well...

To avoid such risks, it is advised to disable data pins on the USB and keep only cable charge to prevent any information exchange between the devices it connects.

Alternatively, use a USB Condom, a gadget that connects to USB and makes data pins ineffective. (more)

The History of the Telephone - Infographic

The history of the telephone...
(Wiretapping started in the 1800's. First on telegraph lines, then on the telephone lines.)History of the Telephone
The History of the Telephone by ITS Limited, a provider of telecommunication solutions.

Thursday, December 4, 2014

Cricket Can't Overbill for Wiretaps in Good Conscious

Cricket Communications has agreed to fork over nearly $2.2 million to resolve claims that it over-billed federal law enforcement agencies for the costs of conducting wiretaps and pen registers, federal authorities announced this week...

“A joint investigation by the Office of Inspector General and the U.S. Attorney’s Office revealed that Cricket overcharged federal law enforcement agencies for executing wiretaps and pen registers from 2007 until Cricket lowered its fees in 2010," the U.S. Attorney’s Office said in the press release. “The settlement agreement resolves the United States’ civil claims against Cricket based on the over-billing." (more)

Jersey Girls Never Say Die and I'm Not a Spy

A 98-year-old New Jersey woman's showdown with the federal government over her 1950 conviction in the run-up to the atomic spying trial of Julius and Ethel Rosenberg returns to a Manhattan courtroom.

Miriam Moskowitz asked a judge earlier this year to reconsider her conviction in light of new evidence that emerged in the last decade... The government said she conspired with two men to lie to a grand jury investigating allegations of atomic espionage.

U.S. District Judge Alvin Hellerstein is set to hear oral arguments. He has urged a speedy resolution of the case. (more) (more) (her book) (video)

Espionage Conference: Beat Security into CEOs with a Stick

CEOs and business leaders often ignore cyber intrusions or even cover them up, allege IT experts who attended an espionage conference near Ottawa this week.

But those actions leave publicly listed companies and their corporate boards exposed to massive legal liabilities when cyber attacks leak customer info or damage the company’s competitive value...

...compel company executives and corporate boards to fix security holes, says Errol Mendes, a law professor at the University of Ottawa, who also spoke at the espionage conference.

“Tell them about the potential legal liability,” he said. “Use the legal stick.” (more)

Business Espionage: GlobeRanger Awarded $15 million in Trade Secrets Espionage Case

Background
A lawsuit filed in state court Friday reads like a Hollywood script: It includes sex, deception and espionage in an alleged conspiracy to rob a Richardson company of its livelihood. (more)

The Verdict
According to a Nov. 28 court filing, on Nov. 20 a jury in federal court in Dallas awarded Richard, Texas-based GlobeRanger $15 million in a case that involved the misappropriation of trade secrets related to radio frequency identification technology.  

The case is GlobeRanger Corp. v. Software AG, 3:11-cv-00403, U.S. District Court, Northern District of Texas (Dallas). (more)

Wednesday, December 3, 2014

Russian Politicians May Be Required to Use Dumb Phones

A leftist Russian lawmaker has prepared a bill recommending all MPs to stop using iPhones and iPads to protect themselves from eavesdropping by foreign special services.

Dmitry Gorovtsov, of the center-left Fair Russia party, told the Interfax news agency that his suggestion applied primarily to politicians who had access to classified information...

“In principle, the MPs know that using the most primitive mobile phones, those that cost no more than $20, is a guarantee not only against the theft of your own financial data or spying on your e-mail, but also against bugging,” Gorovtsov said. (more)

The least expensive way to assure you will not be tracked, eavesdropped, or have your information stolen by spyware is to use a dumb cell phone. Sources: johnsphones.com, Kyocera Marbl K127, Motorola W260g, Motorola C139, more

Wiretap Costs Drops

How much does a wiretap actually cost?

Last year, the average wiretap cost $41,119, according to the U.S. Courts Wiretaps Report for 2013, down from $57,540 the previous year. The steady decrease in wiretapping price means it's highly likely that wiretapping is cheaper now than it has ever been before. The average length of these wiretaps was 40 days, and the most prominent wiretapping happened in northern Illinois, where narcotics officers intercepted 136,378 text messages. (more)

Chanel #007 - It Stinks

French researchers claim to have found indisputable evidence that Coco Chanel worked as a spy for the Nazis during the Second World War.

A written record made public for the first time in a documentary broadcast on French television last night is said to prove that the late fashion designer was a member of Abwehr - Adolf Hitler's secret military intelligence agency. (more)

The Amazon is Full of Bugs, or...

...14 more reasons you should have us check your office for electronic eavesdropping devices.

I received the following in my email. It dispels the myth that bugging devices are expensive and difficult to obtain. Most of these are under $100. 

One is $8.06 and holds 150 hours of audio.

Last summer it was reported that Ford Motor Company found similar voice recorders under about eight of their conference room tables.

A Technical Surveillance Countermeasures (TSCM) inspection (conducted by qualified security technicians) is the quickest and most economical way to protect yourself against being a victim. 

Want to know more? Call me.

Click to enlarge.


Monday, December 1, 2014

Australia - Two Anti-Voyeurism Measures

New Anti-Voyeurism Law
Attorney-General Simon Corbell said the wide-ranging crimes legislation would provide greater protection from invasions of privacy in response to advances in technology.

"The offences introduced by the bill, to protect the privacy of individuals, will ensure that the law can appropriately deal with people who indecently engage in behaviour sometimes referred to as up-skirting and down-blousing without the consent of the person being observed, filmed or photographed," he said. (more)

No Drone Voyeurism in Fire Zones
State aviation operations manager David Pearce said drones could be lethal to aircraft, regardless of size, much like a bird strike that "took down an airliner" if it hit the wrong spot. "Helicopters are particularly susceptible. If the drone is sucked into the intake of the jet engines, or goes into the tail rotor, then it's probably curtains for the helicopter.

Mr Pearce said firefighting aircraft would be immediately grounded if a UAV was spotted either near, or within, a fire zone. (more)

Yes, you're a doctor. No, it's not all right.

UK - A South London doctor who took secret video footage of patients and colleagues on the toilet has been jailed for eight years. 

Hearing specialist Lam Hoe Yeoh was sentenced at Croydon Crown Court after it was discovered that he had secretly hoarded 1,100 indecent images and videos of his patients at his home.

The 62-year-old man admitted to seven counts of voyeurism, six counts of taking an indecent photograph of a child and one count of possessing extreme pornography. (more)

FutureWatch: The Uber Hack Will Taxi In Soon

Imagine for a second that your job is to gather intelligence on government officials in Washington, or financiers in London, or entrepreneurs in San Francisco. Imagine further that there existed a database that collected daily travel information on such people with GPS-quality precision– where they went, when they went there and who else went to those same places at the same times.

Now add that all this location data was not held by a battle-hardened company with tons of lawyers and security experts, such as Google. Instead, this data was held by a start-up that was growing with viral exuberance – and with so few privacy protections that it created a “God View” to display the movements of riders in real-time and at least once projected such information on a screen for entertainment at a company party.

And let’s not forget that individual employees could access historical data on the movements of particular people without their permission, as an Uber executive in New York City reportedly did when he pulled the travel records of a Buzzfeed reporter who was working on a story about the company.

Wouldn’t that strike you as a hacking opportunity of remarkable awesomeness?

James A. Lewis, a cyber-security expert with the Center for Strategic and International Studies, said, “Most people have really bad operational security.” (more)

Friday, November 28, 2014

The Bug Heard Round the World

Katana FT-1 is a miniature voice recorder with built-in Wi-Fi transmitter. 

It records high quality audio on a MicroSD card. Yet to listen to the records you don’t even have to touch the voice recorder. All the collected data can be downloaded to an FTP server or host computer using ad-hoc Wi-Fi connection or via Internet. 

To ensure high quality sound and fast upload Katana FT-1 exploits a dedicated audio processor with sophisticated voice compression algorithms (like Vorbis Ogg) and hi-speed Wi-Fi module. So 1 hour of high quality audio recording can be uploaded in just about 14 seconds. (more)

Why do I mention it?
So you will know what you're up against.

Aged Law Urped Up to Decrypt Phone Data

The Justice Department is turning to a 225-year-old law to tackle a very modern problem: password-protected cellphones.

Prosecutors last month asked a federal magistrate in Manhattan to order an unnamed phone maker to provide “reasonable technical assistance” to unlock a password-protected phone that could contain evidence in a credit-card-fraud case, according to court filings... 

...the government on Oct. 10 obtained a search warrant to examine the contents of the phone. In the credit-card case, the phone was locked, so prosecutors asked U.S. Magistrate Judge Gabriel Gorenstein to order the manufacturer to unlock it. They cited the All Writs Act, originally part of a 1789 law that gives courts broad authority to carry out their duties. (more)

Log Jam - Forces You to Shut Up and Experience Where You Are

Artist and coder Allison Burtch has created a new device to save us from our cellphones and ourselves. 

It comes in the form of a 10-inch birch log that jams cellular radio signals, and it’s called the Log Jammer. Packed with about $200 of hardware including a power source, a circuit board of her own design, voltage control components, an amplifier, and an antenna, it can produce radio noise at the 1950 megahertz frequency commonly used by cellphones. It’s powerful enough to block all cellphone voice communications in a 20-foot bubble, and its log-like exterior is designed to unobtrusively create that radio-jamming zone in the great outdoors...

Burtch sees her creation as the inverse of the increasingly common sight of cellular towers disguised as trees. Instead of hiding technology in nature to let people remain connected everywhere, the Log Jammer blends into a natural setting to cut off that constant remote communication—to force people to experience the place they’re in. Burtch paraphrases French philosopher Gilles Deleuz: “The problem is no longer getting people to express themselves,” she says. “It’s creating a needed gap of solitude in which they might find something to say.” (more)

Sunday, November 23, 2014

How They Do It - Spying on Citizens in Central Asia

A recent report from Privacy International 
has tried to shine some light on the methods Central Asian governments are using to track their populaces – and to examine how closely they mirror Russian and Chinese examples, as well as which Western companies have supplied the necessary technology along the way. (more)

Hey Kids! You Too Can Have Cool NSA Spy Toys

Welcome to the home of the NSA Playset.

In the coming months and beyond, we will release a series of dead simple, easy to use tools to enable the next generation of security researchers. We, the security community have learned a lot in the past couple decades, yet the general public is still ill equipped to deal with real threats that face them every day, and ill informed as to what is possible.

Inspired by the NSA ANT catalog, we hope the NSA Playset will make cutting edge security tools more accessible, easier to understand, and harder to forget. Now you can play along with the NSA! (more) 

If you are thinking of contributing a new NSA Playset project, please keep in mind the following requirements:

1. A Silly Name
If your project is similar to an existing NSA ANT project, you can come up with a clever play on that name. For example, if your project is similar to FOXACID, maybe you could call it COYOTEMETH. Of course, if your project doesn't quite line up with anything in the ANT Catalog, you can come up with your own name. If you are feeling less creative, try out the handy name generator found here: http://www.nsanamegenerator.com/ (more)

This Week in Wiretap News

ID - The former information technology director of a hospital in Blackfoot was sentenced to three years of probation after he was convicted of wiretapping. A Bingham County judge imposed the sentence for 46-year-old Jack York on Friday. York was accused along with three others of recording telephone calls by a former hospital doctor and his staff between June 2009 and August 2010. (more) (more)

Taiwan - An aide to Ko Wen-je was arrested yesterday by Taipei prosecutors looking into alleged wiretapping of the independent Taipei mayoral hopeful's office... (more)

DC - American investigators intercepted a conversation this year in which a Pakistani official suggested that his government was receiving American secrets from a prominent former State Department diplomat, officials said, setting off an espionage investigation that has stunned diplomatic circles here,  The New York Times in a report Friday said. That conversation led to months of secret surveillance on the former diplomat, Robin L. Raphel, and an F.B.I. raid last month at her home, where agents discovered classified information, the officials said. (more)

Turkey - More details have surfaced about the Gülenists' wiretapping of the then prime minister Recep Tayyip Erdoğan, after an indictment regarding the investigation was submitted to court. The Gülenists planned every step in detail, according to the indictment. The Ankara chief public prosecutor's office has prepared an indictment on 13 suspects, who are accused of wiretapping then Prime Minister Recep Tayyip Erdoğan, charging the suspects with "political spying" after an investigation into the alleged offenders was completed. (more)

CA - Counsel Timothy Perry discusses how wiretaps are vulnerable to attack, especially in white collar cases. He explains some details of the wiretap statute and discusses how defense attorneys can best address wiretap evidence in a white collar case. (video) 

NC - A judge Friday unsealed a trove of court documents that could shed light on a secret cellphone tracking program used by police nationwide. The judge in Charlotte, N.C., acted after a petition from the Charlotte Observer to make the documents public. Included are 529 requests from local Charlotte-Mecklenburg police asking judges to approve the use of a technology known as StingRay, which allows cellphone surveillance. (more)

NYC - Add New York City’s Taxi and Limousine Commission to the list of powerful groups investigating Uber for allegedly spying on its users. The commission, which regulates Uber, is “looking into allegations” that the mobile car-hailing app violated users’ privacy by tracking them without their permission. (more)

Adequately Protected Trade Secrets Can Keep You Out of Court... and a winner in court.

by Mark L. Krotoski, Esq.
Trade secrets can be among the most valuable assets a company has. According to one study, "Two thirds of enterprises’ information portfolio value comes from the secrets they create."


One trade secret can lead to many products. As a unique form of intellectual property, trade secrets can be vital not only to a company and its employees, but also to other jobs, investments, an industry, the economy and, depending on the trade secrets, even national security.

Two Key Questions for Trade Secret Owners
Given the importance of trade secrets, trade secret owners should ask two key questions:
(1) How many trade secrets do you have?
(2) Are your trade secrets adequately protected?

Many companies have trade secrets which can generate substantial value for the company. Regrettably, experience has shown that large and small companies have not taken the steps necessary to protect them. When the unexpected misappropriation occurs, it is clearly too late...

A culture of protection can establish the tone within the company to safeguard the trade secrets. A layered approach to security has proven effective in past cases to mitigate any misappropriation and to establish the reasonableness of the security measures. An objective assessment of the measures safeguarding the trade secrets can assist in determining the reasonableness u der trade secret law. Most importantly, companies should develop a trade secret protection plan in advance of any misappropriation.
So, as a trade secret owner, how do you answer the two questions? How confident are you that your trade secrets are reasonably protected and will survive court scrutiny if that ever becomes necessary? (more)

If you need help answering these questions, call me. An information security evaluation by an independent outside specialist can help with answers and will count toward fulfilling the adequacy requirement.

Thursday, November 20, 2014

FREE - Enemy-of-the-State Spyware Detection Tool

via eff.org...
"Detekt is an easy-to-use, open source tool that allows users to check their Windows PCs for signs of infection by surveillance malware that we know is being used by government to spy on activists and journalists.

Some of the software used by states against innocent citizens is widely available on the Internet, while more sophisticated alternatives are made and sold by private companies and sold to governments everywhere from the United States and Europe to Ethiopia and Vietnam.

Detekt makes it easy for at-risk users to check their PCs for possible infection by this spyware, which often goes undetected by existing commercial anti-virus products." (more)

Covert Video Leaves Business Running Around Like a Chicken with its...

TN - Koch Foods on Wednesday denied its Chattanooga processing plant is inhumanely treating chickens by scalding the birds alive and shackling them upside-down before slicing open their throats, wings and chests while still conscious.

The allegations by animal protection group Mercy for Animals...
 

The Los Angeles-based group released covert video that it said was taken inside the Koch Chattanooga plant and another operation in Mississippi, complaining that workers are also cruelly throwing chickens and hiding cockroaches from federal inspectors.

The video, narrated by The Simpsons co-creator Sam Simon, demanded that Illinois-based Koch adopt new animal welfare standards to prevent future abuse. (more


P.S. Last year, Tennessee legislators enacted what critics dubbed an “ag-gag” bill they charged was intended to prevent investigations similar to the Mercy for Animals undercover operations as well as one that targeted Tennessee Walking Horse industry abuse.

Republican Gov. Bill Haslam vetoed the bill after getting deluged with complaints, including a plea from country music star Carrie Underwood.

Memory Stick Voice Recorder - Patiently Listens 24/7, for 25 Days

This Voice-Activated USB drive looks and functions like an ordinary flash drive. Secretly, this storage device conceals hidden a microphone. Hang on a lanyard or slip into a pocket for discreet recording. Use this unit at the office, school, to covertly record voice as a secret shopper or investigator, or to simply record notes and interviews at school or work. 
Voice-activation mode. The voice-activation feature allows you to avoid long hours of silent recording and save battery life. This unit can be on standby for up to 25 days waiting to pickup any voices you may hear. 

Portable and easy to use. The flash drive needs no cables or batteries, making it perfect for the covert operative on the go. Recording is as simple as a touch of the button. Choose from normal recording or voice activation. ≈$100.00  (more) (user manual)
   
Why do I mention this? 
So you will know what you're up against.

Speed, Instant Ticket... or, You Can Drive, But You Can't Hide

FutureWatch: Russia - 1200 complexes of photo and video registration will be installed in 381 sections of federal highways and regional roads located in the Moscow region. In particular, new equipment will be installed in almost every district and all major cities of the Moscow region, as well as in the smaller and greater Moscow Ring Road areas... 

It is planned that the installation of photo and video registration systems will be conducted at the expense of an investor company, which, in turn, will receive a share of all fines issued for violation of traffic rules detected by cameras...

According to the authors of the idea, cameras will be able to register the majority of traffic violations, including speeding and driving on the oncoming lane. (more)


• Traffic cameras on steroids.
• Becomes operational just before self-driving vehicles, thus making this less necessary.
• Does the government has some other uses in mind? (Duh.)
• Will this surveillance network be adopted by other countries, too? (Duh.)