Saturday, May 30, 2015

Antalya Police Tears Down its Office Walls, Paranoid About Bugging

Turkey - The police intelligence unit in Turkey’s primary holiday resort province Antalya has torn down its own walls in a search for a bugging device according to a tip, fueling the debate on government wiretapping.

The search was reported to have been conducted sometime in the past 8 months and apparently had not uncovered any device. The incident is likely to be regarded as indicative of the extent Turkey’s wiretap saga has reached.

Police intelligence forces who were detained and released over eight months ago were once again detained earlier in the week, in one of the latest episodes of the raids to target the police force over illegal wiretapping allegations.

Since the dated December 17, 2013 corruption probe which implicated the government, “illegal wiretapping” cases has resulted in the mass purge of the police force with hundreds of hundreds being imprisoned. Critics have slammed the government for arbitrarily using the allegations as a pretext to politicize the force. more

Friday, May 29, 2015

China Didn't Invent Industrial Espionage

The U.S. Justice Department last week charged six Chinese scientists for stealing trade secrets and engaging in industrial espionage on behalf of China. 

A separate case, announced Friday, involved the former chairman of the physics department at Temple University, a China-born U.S. citizen who allegedly passed along semiconductor technology while working at an unnamed American company.

Such cases often are held up as evidence of China’s perfidy and unscrupulous dealings in the global economy. But before getting into high dudgeon mode, the U.S., and for that matter, almost every Western nation, might wish to remember their own, no-holds-barred campaigns to swipe industrial secrets.

In fact, one of the first cases involved the theft of industrial secrets from China. In the 17th and 18th centuries, the Chinese alone possessed the ability to produce high-end “hard-paste” porcelain, an expensive material beloved by Europe’s elites. In the 1680s, a French Jesuit, Pere d’Entrecolles, traveled to China, where he saw the kilns and likely read technical works on the subject... more

Thursday, May 28, 2015

Business Espionage - Quote of the Week

"Commercial espionage is considered to be on the rise as our dependence on digital data – and technologies in the workplace – becomes more and more severe... We're only seeing the tip of the iceberg at the moment." ~ Dr Dionysios Demetis, Hull University Business School (UK) more

Summer Reading - Corporate Espionage

Here are five stories that delve deep into the murky world of corporate information gathering.

1. “Drug Spies” (Richard Behar, Fortune, September 1999)

This story about corporate spies fighting pirated drugs in the high stakes pharmaceutical industry reads like a summer action movie, complete with former Scotland Yard detectives, solitary confinement in a Cyprus prison and multinational drug giants.

2. “Confessions of a Corporate Spy” (George Chidi, Inc., February 2013)

George Chidi’s work is more social engineering than cloak-and-dagger, but this first-person piece from a competitive intelligence consultant offers fascinating insight into the less legally shaky subset of the corporate intelligence world. Bonus: the last third of the article functions as a how-to for aspiring information gatherers.

3. “The Secret Keeper” (William Finnegan, New Yorker, October 2009)

If there is a gold standard in the corporate intelligence world, it’s Kroll Inc., Jules B. Kroll’s namesake consulting group. Here the New Yorker profiles Mr. Kroll, who is “widely credited with having created an industry where there was none.”

4. “A Spy in the Jungle” (Mary Cuddehe, The Atlantic, August 2010)

Cuddehe was a freelance reporter with a busted rental car in a CancĂșn parking lot when a friend called with a “research” job:

…an offer from Kroll, one of the world’s largest private investigation firms, to go undercover as a journalist-spy in the Ecuadorian Amazon. At first I thought I was underqualified for the job. But as it turned out I was exactly what they were looking for: a pawn.

Her recollections, and reflections on why she chose not to take the job, are an interesting counterpoint to the New Yorker article.

5. “The Pizza Plot” (Adam L. Penenberg and Marc Barry, New York Times Magazine, December 2000)

Schwan’s knew that Kraft was going to roll out a new kind of frozen pizza, and that if they wanted to compete they would have to find out all sorts of specifics before the launch. This article, which is adapted from Penenberg and Barry’s 2000 book Spooked: Espionage in Corporate America, is a dazzlingly fun look at just how Schwan pulled that off.

Debate Over NSA ‘Spying’ Program, Explained in Under 2 Minutes

Congress has less than a week to decide the fate of a government surveillance program that was created after 9/11 to prevent terrorist attacks. The program, enabled by a provision under the Patriot Act, gives the National Security Agency a number of tools to fight terror, such as the ability to collect phone records in bulk. With the U.S. Senate deeply divided on the issue, The Daily Signal breaks down the debate happening on Capitol Hill. more

Free Espionage Movies Near Washington, DC

VA - The Crystal City Business Improvement District has revealed the lineup for its annual outdoor summer movie festival. The theme this year: espionage.

The movies are shown weekly on Monday at sunset — around 8:30 p.m. — and are held rain or shine, except in the event of dangerous weather.

Families are encouraged to bring a blanket to the free event. The outdoor “theater” is located in the courtyard of an office building at 1851 S. Bell Street.

The lineup is:
June 1 — Mission: Impossible
June 8 — Mission: Impossible II
June 15 — Mission: Impossible III
June 22 — Mission: Impossible- Ghost Protocol
June 29 — Charlie Wilson’s War
July 6 — RED
July 13 — Argo
July 20 — Tinker Tailor Soldier Spy
July 27 — Body of Lies
Aug. 3 — Enemy of the State
Aug. 10 — The Bourne Identity
Aug. 17 — The Bourne Supremacy
Aug. 24 — The Bourne Ultimatum
Aug. 31 — The Bourne Legacy



MIA - "The Conversation"


Tuesday, May 26, 2015

South Korea's New Law Mandates Installation Of Government-Approved Spyware

The app, "Smart Sheriff," was funded by the South Korean government primarily to block access to pornography and other offensive content online. But its features go well beyond that.

Smart Sheriff and at least 14 other apps allow parents to monitor how long their kids use their smartphones, how many times they use apps and which websites they visit. Some send a child's location data to parents and issue an alert when a child searches keywords such as "suicide," ''pregnancy" and "bully" or receives messages with those words...

Last month, South Korea's Korea Communications Commission, which has sweeping powers covering the telecommunications industry, required telecoms companies and parents to ensure Smart Sheriff or one of the other monitoring apps is installed when anyone aged 18 years or under gets a new smartphone. The measure doesn't apply to old smartphones but most schools sent out letters to parents encouraging them to install the software anyway...

South Korea's new system is by no means impervious. For one, it can only be fully applied to Android phones not Apple Inc. phones. more

Monday, May 25, 2015

A Memorial Day Thought - The Thing We Forgot to Fight For

We fight like hell for freedom, but we let the world pick our intellectual pockets.

Sure, the US has a counterespionage law. But it is a half-way measure. Ok, we do more than Canada. They don't even have a law.

Question... What is the quality of your freedom once your jobs are stolen, and your intellectual property is ripped out from under you? 

Memorial Day is a good day to re-print this post from April 5, 2012.

----------------------------------

Gen. Keith B. Alexander, (NSA)
...called the continuing, rampant cybertheft “the greatest transfer of wealth in history.” (bio)
---
Shawn Henry, (FBI) 
...current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures too weak to stop them, he said. (bio)
---
Richard A. Clark, (presidential advisor) 
"Yet the same Congress that has heard all of this disturbing testimony is mired in disagreements about a proposed cybersecurity bill that does little to address the problem of Chinese cyberespionage." (bio)
---

Letter to the Editor - The New York Times

Dear Editor,

Richard A. Clarke’s op-ed piece, “How China Steals Our Secrets,” (4/2/12) states the current business espionage problem perfectly, but we need a solution. Consider this...

The Chinese secrets of: silk and tea production; making porcelain, gunpowder and paper, could not survive Western espionage attacks – not even when protected with death penalties. Espionage killed their economy, and the damage lasted for centuries. Obviously, our competitive advantages are also our National Interest Assets.

The one-sided, punish-the-spy security model, still being used today, never worked. We need to make it two-sided. There must be a proactive legal responsibility to protect.

The solution... Corporate caretakers must be held accountable for protecting their valuables; our national treasures. We need a law creating business counterespionage security standards, with penalties for inadequate protection. We already
successfully employ the same concept with medical and financial record privacy.

Kevin D. Murray
Spybusters, LLC
---

A cybersecurity law alone will not stop spying. 
If implemented, it will force an increase in traditional spy techniques, such as: bugging, wiretapping, physical intrusions and social engineering. (Remember, computer data is available elsewhere long before it is computerized.) 

Protecting our competitive advantages requires a holistic approach; a National Interest Assets law which would also...

• Protect the entire intellectual property timeline, from brainstorming and initial discussions, to the final product or business strategy. 

• Impose a responsibility of due care upon the creators and holders competitive advantage information.

• Specify compliance requirements aimed at countering traditional business espionage practices. Technical Surveillance Countermeasures Inspections (TSCM / bug sweeps), information-security audits, and information-security compliance procedures; safeguards which can be easily mandated and monitored.

This is a no-brainer, Congress.

The cost of keeping National Interest Assets safe is infinitesimal compared to current losses (not to mention the long-term effects). Just ask the Chinese.
~Kevin

Saturday, May 23, 2015

Spy Trick # 482 - Keyless Car Break-in Mystery Solved

If you have a wireless key fob for a car with a remote keyless system, then you might want to start keeping your keys in a freezer or other Faraday Cage to protect it from high-tech thieves, who can use a $17 power amplifier to break into your vehicle.

Cars with keyless entry systems are capable of searching for a wireless key fob that is within a couple feet of the vehicle, but car thieves can use a $17 "power amplifier" to boost the key searching capabilities, sometimes up to around 100 meters, and pull off a high-tech car break-in. more extra spy credit

Friday, May 22, 2015

Does Android Factory Reset Protect Your Information

If you sell or gift your old Android phone to someone, is it enough to do a factory reset to wipe all your sensitive data? And if your Android gets stolen, how sure are you that your anti-theft solution will do a good job wiping it and/or locking the device?

Consumers generally have no insight in how well these features work. Their only option is to trust the manufacturers' and developers' assurances, and wait for security researchers to test the solutions.

Now, two researchers from the Security Group at the University of Cambridge Computer Laboratory have published two papers that answer those questions.

The first one details the results of a security analysis of Android's Factory Reset option, tested on 21 second-hand Android smartphones from 5 vendors running Android versions v2.3.x to v4.3.

In the second paper, they revealed the results of their testing of the top 10 mobile anti-virus apps' anti-theft functions (“remote wipe” and “remote lock”). Again, the results are bad: they found flaws that undermine MAV security claims and highlight the fragility of third-party security apps. more

Coming Soon - Surveillance Cacti - Prick

AZ - The Town of Paradise Valley is adding a new gadget to its collection of surveillance tools: permanent roadside license plate readers. Several Valley police agencies, including Paradise Valley, already use license plate readers mounted on patrol cars. But the decision by council leaders to install the technology at eleven locations across town signals a broader use of the cameras.

They will be mounted on poles and embedded inside faux cacti to record the location, date and time of the plate number. Some of the cameras have already been installed and the program is expected to go online in June. The total cost for the project is $752,000...



Paradise Valley Community Resource Officer, Kevin Albert says strict protocols will be in place for investigators who are trained and designated to access the database. He also says simply having the plate numbers on file will not compromise privacy rights. (right) more

Next on the TSA Hit List... Igniting Shoe Laces


Thursday, May 21, 2015

This Week's Interesting Questions - Author Asks for Upcoming Book

An author contacted me this week with a few questions. She is writing a book, "about hearing and our relationship with sound. A small section of the book looks at electronic eavesdropping." I am always glad to help. Here is how the interview went...

How did you get involved in surveillance detection?
It started with an interest in amateur radio, electronics and building projects in high school. During college I was introduced to the world of surveillance electronics and investigations during a summer job. I switched majors from mass communications to criminal justice. I took a job as an investigator with Pinkerton's Inc. and eventually became Director of Investigations for New Jersey and Director of Electronic Countermeasures company-wide. I left them to open my own Technical Surveillance Countermeasures (TSCM) firm in 1978 and have enjoyed every day since.

What characteristics do you think are useful in this business?
Inquisitiveness is the most important characteristic, by far, on the technical end. But to be successful, one needs to learn all aspects of how to conduct business (marketing, advertising, bookkeeping, personal relations, etc.)

You have some fascinating stories of spying on your website. How far will people go to listen in on conversations?
The phrase that comes to mind is, "Whatever it takes." I've seen everything from simple holes in the wall, to pre-bugged gifts sent in via mail, to planting spyware on smartphones.


What are some of the most extreme or unusual examples you have witnessed in your work?
A wired-up person who was part of an industrial plant tour: asking pointed questions of employees he met, dictating what he saw and read off of desktop paperwork, and recording the sounds of the manufacturing process for later reverse engineering.

A company that planted 14 bugs in their own offices, and then tried to blame their competitor for doing it, in a law suit. In the same vein, a company president who did a poor job of installing a wired microphone in the ceiling of the main conference room and had the cable leading to the office of a VP he was trying to frame. Neither group succeeded.

A trusted employee who planted a covert video camera in the women's locker room of a country club. (This type of issue is the latest epidemic in our field.)

How small are the smallest of covert listening devices today? Is the technology changing much? If so, in what ways?
The real "smallest" eavesdropping devices are software in nature – used to turn smartphones into bugs, and desktop/laptop computers into audio-video bugs. In terms of available hardware to make eavesdropping devices, the "smallest" components, such as microphones and video cameras, look like this...
http://www.misumi.com.tw/

 
http://www.knowles.com/eng/Products/Microphones/Surface-mount-MEMS

(Smaller microphones are made, but these are indicative of the ones which are readily available.)

Is the technology changing much? If so, in what ways?

Eavesdropping and espionage technology is not changing, it is expanding.
New technology is being developed all the time, and the "old" technology isn't going away, it is being refined. Old technology still work. Old and new are being used today. As mentioned above, "Whatever it takes." This is why the recent high focus on IT/computer security won't solve the computer security problem. In order to hack, pre-attack intelligence is necessary. This is gathered using many of the "old" tools: social engineering, video surveillance, electronic eavesdropping, and black bag intrusions.

There is no information fresher and more valuable than the spoken word. It comes right from the brain, not from a computer, not from something written, from the brain. This is why people eavesdrop!

Thursday, May 14, 2015

mSpy - Cell Phone Spyware Company - Servers Hacked

via krebsonsecurity.com
mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked.

Last week, a huge trove of data apparently stolen from the company's servers was posted on the Dark Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy "users." more

Wednesday, May 13, 2015

New Protection Against Commjacking (Wi-Fi & Cellular)

An Israel-based cyber security software company, CoroNet, announced on Tuesday the launch of a breakthrough product addressing the fastest growing cyber threat worldwide -- cellular and Wi-Fi hacking or “commjacking.” Commjacking involves an attacker hijacking a communication channel between any device and the WiFi network or cellular tower to which it is connected. CoroNet is launching a new software service that that detects and evades commjacking on networks, in real-time, making any device resilient to the attack...

“Equipment used for commjacking used to be only in government domains because it cost some $2.5 million and was very large,” said Liwer. “Now, equipment which used to require a whole van to transport fits into a 13-inch laptop bag and costs between $29 and $1500 dollars for cellular or Wi-Fi.”



Cellular hacking stations or IMSI Catchers are now the size of a 13-inch lap top, making it cheap and convenient to access. (Reuters)

It happens like this. Cell phones are designed to look for the closest and best cellular connection on their particular network and then automatically connect to it. The cell phone doesn’t ask your permission to connect to that tower because its job, fundamentally, is to ensure you have the best possible service you can get wherever you are.

By setting up a “fake” tower (that 13-inch laptop sized hardware we mentioned before) the attacker can force any nearby smartphones or cellular devices to join his network. The hacker then has the ability to see and collect all the data flowing to and from your device as it travels to the real cellular tower. The tools are so efficient there’s no lag in transmission at all, and victims won’t even notice they’ve been attacked.

“This is a completely unprotected backdoor,” Liwer said, “And it’s unprotected because any research on protection against this has been suppressed by governments around the world who enjoyed having that backdoor. They never imagined this technology would leak into the hands of the wrong people. But now it leaves the majority of the population completely defenseless.”

According to Liwer, there are two main types of attackers who use these cell phone spying tools: Members of organized crime and tactical targeted attackers.

The first kinds of attackers have the goal of gathering as much data as they possibly can...

The other kinds of attackers are known as tactical targeted attackers. These are attackers who are employed to conduct corporate or government espionage. These attackers are hoping to gather very specific kinds of data. Often times the data has been encrypted, for example via a VPN, and so the attacker will seek to disable that encryption method, forcing the target to use less secure means of transmitting information. If the target can’t be forced to use a less secure methods, however, the attacker can still gather that encrypted data and with a little time and effort decrypt it.

“Encryption works on keys,” said Liwer “and in order to get encryption keys all you need is computing power and time … in the last two years the cost of computing went down dramatically. An attacker can have a super computer working for him on Amazon servers for pennies per minute. If the information is important enough to him, he will be able to get it.”

In light of these attacks, Liwer and the team at CoroNet have been working on a groundbreaking new solution they hope will help close the gaping backdoor in our cellular communications. The software service CoroNet is launching has the ability to detect commjackers in the network and route data and voice around the attacker to safe network nodes, so that the device will not be able to connect to the malicious network.

“Think of CoroNet as a sonar,” Liwer said, “and the networks, both cellular and Wi-Fi, around your device as the ocean. Using about 300 different parameters we are able to construct an image of the network outside of your device, identify anomalies in the network behavior and mark those anomalies as hostile or non-hostile,” said Liwer.

 

CoroNet's new software service detects and evades cellular commjack attacks, helping users stay safe. CoroNet

Using a complex algorithmic system, CoroNet’s software examines network behavior over time and identifies patterns attackers execute to lure devices into their network or disturb the network around in general.

“We can’t see the cellular and Wi-Fi networks surrounding us, but they are a physical thing,” said Liwer, in which attackers leave their “footprints.”



CoroNet real time threat map. more

Weatherwoman Damned as a Spy

In October 2014, we heard an odd story about a National Weather Service employee in Ohio:
the FBI announced that Xiafen “Sherry” Chen, a 59-year-old hydrologist at the Wilmington, Ohio, Weather Service office, was arrested — handcuffed and escorted out of the building — for charges that ultimately amounted to spying for China.

Except, it turns out, she wasn’t a spy... more sing-a-long

New Spy Briefcase Tracks Itself... and much more

The iMbrief is designed to function as a mobile office and is aimed at being fashionable, secure and versatile. First thing's first, of course, it provides users with a means of storing and transporting documents securely, with an LED light inside to illuminate the contents.

• Access to the iMbrief is via a fingerprint scanner or the accompanying mobile app.
• It has a Kensington lock slot.
• A siren to warn users of any unauthorized access attempts and to scare thieves.
• An SD card slot for internal data storage.
• A Wi-Fi SD card allows data to be accessed wirelessly.
• Mobile devices can be charged both internally and externally (four USB charging ports in total)
• A GPS sensor allows the location of the iMbrief to be tracked.
• Can be use to play music and calendar appointments via its built-in Bluetooth speakers.
• The speaker is used as the security siren as well.

The case is charged via a USB port and takes around two hours for a full charge of the 5,000 mAh primary battery. A full charge can apparently last for over a month if only the fingerprint scanner is being used, but if it runs out of power, it must be charged before it can be opened again.


The briefcase has an aluminum-alloy shell and is will be offered in grey, black and burgundy if it reaches the market (December or January). It weighs around 4 lb (1.8 kg) and measures 450 x 330 x 95 mm (17.7 x 13 x 3.7 in). It is available with a detachable shoulder strap. more

I'm in!

Monday, May 4, 2015

Spy Babe - Computer Harpie or Siren - You Decide

Canada - A Quebec woman is facing criminal charges for allegedly taking over people's computers remotely, spying on them through their web cameras and harassing them through their computer speakers. 

Valérie Gignac, 27, was released on bail today on the condition that she not use a computer or have access to the internet...

Investigators allege the suspect used malicious software to spy on people through their web cameras.

Police also say Gignac eavesdropped on private conversations, communicated with victims through their computer speakers and logged onto extreme pornography websites...

Investigators believe the victims included children in Canada and abroad, and say there could be more victims.

They also say Gignac is the owner of an online hacking forum that has 35,000 users worldwide. more sing-a-long

Politico's Son Complains About Being Tapped... While Being Tapped

NY - A powerful New York State legislative leader was allegedly recorded complaining about his calls being recorded — while his conversation was being recorded.

Majority Leader Dean Skelos (R) and his son, Adam Skelos, were arrested Monday on federal corruption charges. US Attorney Preet Bharara accused them of a orchestrating a scheme that led to Adam Skelos getting a job in exchange for government sewer contracts and other favors...

According to the complaint, Adam Skelos was caught in an "intercepted call" telling his father it was unfortunate he couldn't get any "real advice" because "you can't talk normally because it's like f---ing Preet Bharara is listening to every f---ing phone call. It's just f---ing frustrating." more sing-a-long

Current King of the Voyeur Jungle - Pleads Not Guilty - Judge Says Stop, Lyon

CA - Disgraced Sacramento real estate mogul Michael Lyon was back in court Monday... after being released from jail last month...

His hearing was postponed to May 18 in Sacramento Superior Court on 16 felony counts of electronic eavesdropping that expose him to potentially more time behind bars.

When he was released April 1, Lyon, 59, the former chief executive officer of Lyon Real Estate, had served six months for violating the terms of a plea agreement his lawyer worked out with the District Attorney’s Office in 2011. During that arrest last year, prosecutors allege, investigators discovered methamphetamine and other drugs in his home and seized electronic equipment that they analyzed in preparing the latest eavesdropping charges.

The new case follows a similar set of charges brought against Lyon in 2010, in which he was accused of secretly videotaping his interactions with prostitutes and making surreptitious recordings of friends and employees in bathrooms and elsewhere. He pleaded guilty...

Prosecutors now allege that he continued the illicit recordings, despite repeated warnings from the court that he stop. The new complaint alleges that the 16 counts took place on 14 separate dates with eight different unnamed victims between Jan. 15, 2014, and Sept. 27, 2014.

Lyon has pleaded not guilty.

When he was released last month, Sacramento Superior Court Judge Ben Davidian told him he could have “no cameras of any kind” in his possession, including a cellphone camera. more

Sunday, May 3, 2015

Kolon Blows $360 Million Down the Crapper - DuPont Still Bullet-Proof

Kolon Industries Inc. admitted conspiring to steal DuPont Co.’s Kevlar trade secrets 
as a U.S. judge signed off on its plea agreement and $360 million penalty...

“There’s no doubt this case involves brazen and blatant conduct,” U.S. District Judge Anthony Trenga said before accepting the company’s guilty plea. Trenga said he was particularly troubled by Kolon employees destroying documents after DuPont sued in 2009.

The charges were initially filed against Gyeonggi, South Korea-based Kolon Industries Inc., which split into two public companies in 2010, Kolon Industries and Kolon Corp. The theft of secrets occurred before the split.

Kolon’s guilty plea also covered attempts to steal trade secrets from a second company, Tokyo-based Teijin Ltd. more

Airbus'ed by Spies

Airbus on Thursday said it would file a criminal complaint against unknown parties after German media reports of the company having been the target of industrial espionage by the U.S. ...
German newspaper Bild reported earlier this week that the National Security Agency spied or sought to spy on Airbus and other companies and that the German government had known about it for several years. more

Edinburgh Spy Week

Edinburgh Spy Week: Fictions of Espionage will run again in May 2015 with a whole new range of talks, films and events that explore the world of espionage in literature and film.

Highlights include:
  • May 19th - An Evening with Graham Greene at the National Library of Scotland.
  • May 22nd - James Robertson, ‘The Blanket of the Dark: Secrets, Truth and Lies in Real and Imagined Scotland’.
  • May 22nd - Publish your own spy fiction! A workshop with Tim Stevens.
  • May 23rd - ‘Secrecy and the Modern World’: a day of talks and discussions at the University of Edinburgh. Speakers include Kieron O’ Hara and Charles Cumming.
  • Throughout the week: A series of Greene adaptations at the Edinburgh Filmhouse.
For more information on the week, including a full programme of events and details on how to book a place, visit the website at: www.spyweek.llc.ed.ac.uk