Sunday, March 31, 2019

Security Tip: Why it Always Pays to Hire The Best.

Following the revelation that the The National Enquirer had obtained intimate texts and images between Amazon CEO Jeff Bezos and Lauren Sanches, Bezos ordered an investigation into who was behind the data breach.

In a post on The Daily Beast, Bezos’ security consultant Gavin De Becker says that his team of investigators have “concluded with high confidence that the Saudis had access to Bezos’ phone...” more

That Loud Burp You Hear Today is History Repeating Itself

The upstart nation was a den of intellectual piracy. One of its top officials urged his countrymen to steal and copy foreign machinery. Across the ocean, a leading industrial power tried in vain to guard its trade secrets from the brash young rival.

In the late 18th and early 19th centuries, the rogue nation was the United States. The official endorsing thievery was Treasury Secretary Alexander Hamilton. And the main victim was Britain.

How times have changed...

Now, the United States accuses China of the very sort of illicit practices that helped America leapfrog European rivals two centuries ago and emerge as an industrial giant. more

A proposed solution.

Protecting Confidential Information - The Japanese Model

Japan - The government is making every effort to keep information on the new Imperial era name secret until its announcement Monday and officials are even checking plants inside the Prime Minister’s Office for possible bugging devices...

The government will ask members of the expert panel, parliamentary leaders and Cabinet ministers not to bring any recording devices, including smartphones, into the rooms where the new era name will be presented and not to leave there before the announcement.

The government plans to check the belongings of panel members before they enter the Prime Minister’s Office and have government personnel escort them to restrooms so they will not make any contact with outsiders. more

Inside Info Discussed Outside is a Big Deal... killer

Careless talk costs dollars. That’s the lesson from a case heard last week by one of France’s financial regulators.

Lazard Ltd. dealmaker Vincent Le Stradic spent two and a half hours aboard a Eurostar train from London to Paris in 2014 working on a $15 billion takeover bid by Iliad SA for T-Mobile US Inc.

He was oblivious to the fact that the casually dressed man sitting next to him was Alexandre Zaluski, a UBS Group AG banker, who passed the information to a colleague, ultimately resulting in the bank pitching to Iliad to help finance the deal...

It’s an open secret in the media industry that some of the best scoops can be picked up by eavesdropping in lawyers and banker hangouts, from London’s Ye Olde Cheshire Cheese and Michael’s in Midtown Manhattan to Hong Kong’s Captain’s Bar and Mumbai’s Willingdon Sports Club. more

Working on a takeover, merger or acquisition? 
Put an information security consultant on your team.

FutureWatch - Spying on What Drones Spy

Should you worry about drone jacking if your business relies on taking aerial video footage? Probably. For one thing, camera drones are one of the juiciest targets for cybercriminals around. They know that companies using these vehicles tend to install high-quality cameras and accessories, in order to capture the best possible footage. So camera drones are a prime target - if only due to their resale value. 

But the data captured by camera drones could be even more attractive. Security experts have shown that it's relatively simple to steal the login credentials of pilots, providing total awareness of flight paths, footage, and any other data. This can be sold on to third parties, , or just exploited for personal use.

When unedited footage leaks, it can be a huge reputational risk for the company that captured it, as well as a loss of valuable proprietary data. So it makes sense to secure your footage as much as possible, but how can you do so? more

Wednesday, March 27, 2019

This Week in Corporate Espionage

HONDA
Calling corporate espionage a threat to its competitive advantage in the all-terrain vehicle market, Honda of South Carolina is going to court to find out who posted unauthorized photos of its Talon side-by-side vehicles on the Internet...

...photos and detailed, confidential information about the Talon models started showing up on Internet sites hondasxs.com and HondaProKevin.com.

According to Honda’s complaint, someone using the screen name “hondasecrets” posted photos of Talons taken inside the factory. Another using the name “HondaTalon” posted specifications “regarding the horsepower, maximum speed, and measurements, which Honda had not yet released to the public,” the complaint states. more

-----

TESLA
Tesla Inc. accused one of its former engineers of stealing highly confidential autopilot information before bolting to the Tesla of China, Xpeng Motors, eight months after one of Apple Inc.’s ex-employees was charged with taking sensitive robocar secrets to a new job with Xpeng.

Allegations that a second Silicon Valley giant (see below) was betrayed by one of its own workers bound for the same Chinese startup come amid a major U.S. crackdown on Chinese corporate espionage. more

-----

APPLE
A former hardware engineer (Zhang Xiaolang) for Apple’s autonomous vehicle development team who went to work for Xpeng is facing criminal charges brought by the U.S. Justice Department. He has pleaded not guilty...

Zhang told Apple he wanted to be closer to his ailing mother in China just before revealing to his supervisor that he intended to work for Xpeng. Apple grew more suspicious after seeing his increased network activity and visits to the office before he resigned, prosecutors said in a criminal complaint. He was arrested after he passed through the security checkpoint at Silicon Valley’s San Jose International Airport to board a flight to China. more

Spybuster Tip #471 - Block People Who Track You via Email

Ugly Email is a Gmail / Firefox plug-in. When a tracker is detected, it shows the icon of an eyeball in the subject line to alert you that a tracker is hidden inside the email.

Blocked trackers include:
  • MailChimp
  • SendGrid
  • Drip
  • Mailgun
  • Streak
  • Bananatag
  • Yesware
  • Postmark
  • Sidekick
  • TinyLetter
  • MixMax
  • MailTrack
  • toutapp
  • Litmus
  • Boomerang
  • ContactMonkey
  • Cirrus Insight
  • Polymail
  • YAMM
  • GetResponse
  • phpList
  • Close.io
  • Constant Contact
  • Marketo
  • Return Path
  • Outreach
  • Intercom
  • Mailjet
  • Nethunt
...and Ulgy Email is soliciting suggestions for other email spies to add to the list. Ugly Email claims it does not store, transfer, transmit or save any of your data.

Student Newspaper Accused of Bugging an On-Campus Apartment


Ireland - A student newspaper accused of “bugging” an on-campus apartment in its investigation into an alleged initiation ceremony has been defended by the National Union of Journalists.

A referendum will be held in Trinity College Dublin in April about whether to strip The University Times of most of the funding it receives from the student’s union over the reporting methods used for a story on the Knights of the Campanile, an all-male sporting society.

The referendum was triggered when 500 students signed a petition calling on the student’s union to reconsider its funding. Reporters left a recording device outside the apartment of Ben Arrowsmith, a student and captain of the society. The paper reported this month that they heard “groaning, gagging and retching... more

The Case of The Very Dumb Spycam Man

CA - A detective identified the man charged with filming dozens of cops in a police station restroom by recognizing his shoes, according to newly revealed court documents that allege his spying was more widespread than previously known...

He took note of the distinctive dress shoes in the stall next to him, and later that day, detectives confronted Sergio Nieto, the clerk who was wearing them, according to the documents.


Nieto admitted he’d been filming officers as they used the toilet and said he’d also spied on people in the bathroom of a 24 Hour Fitness at The Promenade at Downey shopping center. more

Corporate Romper Room - Don't Bee a Slack Slacker

More than 10 million people use Slack every day, mostly to communicate with co-workers. The app has gained so much popularity in the five-plus years since its launch that private investors value the company at over $7 billion.

“I love my people, but they never shut up on Slack,” said the CEO of a security company who asked not to be named so he could speak openly about his concerns. “It’s very good for productivity, but the problem is we’re working on security, so we have to be careful about what we say.”

Employees communicate on Slack using “channels” to focus conversations on various topics specific to different departments. It followed corporate chat tools from Microsoft, Google and Cisco as well as a plethora of start-ups, but none gained Slack’s level of adoption or had so much success in pulling workers away from email and into messaging groups. more

Information Security and Cryptography Seminar - June 17-19, 2019

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience. This includes the foundations needed to understand the different approaches, a critical look at the state-of-the-art, and a perspective on future security technologies.

The material is presented at three different levels. At the highest level, the basic concepts are presented in detail, but abstractly (e.g., as black boxes), without mathematics. No background is required to follow at this level. At an intermediate level, the most important concrete schemes, models, algorithms, and protocols are presented as well as their applications. Here some minimal mathematical and systems background is assumed. At the deepest level, which is not required to understand the higher levels, different special topics, requiring some mathematical background, are discussed.

Lecturers:
Prof. David Basin and Prof. Ueli Maurer
Advanced Technology Group GmbH
Grundgasse 13
9500 Wil
Switzerland
F: +41 (0)44 632 1172

Seminar Location: 
Marriott Courtyard Zurich North
Max-Bill-Platz 19
CH-8050 Zurich
Switzerland
more

Monday, March 25, 2019

Security Director Alert: Check for These Bug-Like Products at Your Location

Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions.

A series of both unauthenticated and authenticated remote code-execution vulnerabilities have been uncovered in a variety of Grandstream products for small to medium-sized businesses, including audio and video conferencing units, IP video phones, routers and IP PBXs.

Attackers can also use the vulnerabilities to gain access to cameras and microphones to turn them into listening devices. “The most notable aspect of the vulnerabilities is what you can do simply by using the programs that get shipped on the device,” Brendan Scarvell, senior security consultant at Trustwave SpiderLabs, told Threatpost in an interview.

“This includes playing audio through the speakers, recording conversations through the microphone, activating cameras and taking photos, installing custom software/malware etc. This is pretty bad for places such boardrooms or executive offices where confidential conversations frequently happen. more

Many common office products have information security vulnerabilities. A Technical Surveillance Countermeasures (TSCM) survey, conducted by a competent consultant, will discover them for you.

College Student Pleads Guilty to Illegal Wiretapping

A Maryland university student has pleaded guilty to illegally wiretapping a congressional staffer and putting the conversation on Facebook Live without consent...

Prosecutors say Burdett, a 21-year-old advocate for Maryland Marijuana Justice, took part in a rally in front of Rep. Andy Harris' office in Salisbury, Maryland, in October. Then he and others met with a member of the congressman's staff in his office.

Harris' staff told the group not to record the meeting, citing office policy, but prosecutors say Burdett recorded and streamed it on Facebook Live without the staffer's consent. more

FutureWatch - Who Really Lives in that Apartment

NY - A Brooklyn landlord intends to install facial recognition technology at the entrance of a roughly 700-unit rent-stabilized complex, raising alarm among tenants and housing rights attorneys about what they say is a far-reaching and egregious form of digital surveillance...

We don’t want to be tracked,” said Icemae Downes, a longtime tenant. “We are not animals. This is like tagging us through our faces because they can’t implant us with a chip.more

Thursday, March 21, 2019

Korea - Molka Means Spycam - Government Creates a Handbook for Women

The Seoul Metropolitan Government on Monday distributed guidelines on how to respond to spycam crimes for victims and law enforcement officers, amid a growing epidemic of spycam porn in the country. 

Divided into two parts -- for civilians and police officers -- the handbook was designed to raise awareness of what constitutes secondary damage to victims of spycam porn and how police officers and victims can handle such cases, according to the Seoul city government.

For example, the guidelines recommend that victims secure evidence -- such as a hidden camera -- if possible and remember the perpetrator’s appearance. If illegally filmed videos have already been distributed, the advice is to copy the links and obtain screenshots. Then the victims should report the situation to the police and ask the website or social media companies to remove the videos, the handbook says. more

-----

The (K-Pop) scandal magnifies the proliferation of hidden camera porn in South Korea — an issue which drove 22,000 women to the streets last June in the largest women’s demonstration in the nation’s history. Known as molka, meaning “spycam”, hidden camera porn has become an increasingly visible issue in South Korea, as the distribution of footage from secret, tiny cameras — often depicting women in sexual or intimate circumstances without their consent — has grown in recent years. From 2013 to 2017, police estimate nearly 6,000 cases of spycam porn each year. more

Korea - 1,600 hotel guests were secretly filmed...

...on cameras hidden in wall sockets, with footage live-streamed to paying customers!

Two South Korean men have been arrested after allegedly installing spy cameras in dozens of hotel rooms, secretly recording more than 1,600 guests and live-streaming the footage.


The men are accused of installing cameras in electrical sockets, hair dryer holders and digital TV boxes in 30 hotels in ten cities across South Korea, local police said.

They would then broadcast the footage on a website with thousands of members, charging a $44.95 monthly fee. more

Important: Learn how to inspect your hotel room (or any expectation of privacy area) for spy cameras ...and what to do if you find one.
On-line, self-paced, video training for private individuals and business.

Korea - K-pop Sex Scandal Reveals Practice of Sharing Spycam Porn

A sex scandal engulfing South Korea's K-pop industry is drawing attention and criticism to the country's problem with illegal spy cam "porn," says NPR's former Seoul correspondent...

Earlier this month, police questioned K-pop star Jung Joon-young about allegations he secretly filmed himself having sex with women and then shared the footage in private group chats.

"Tiny cameras that can be the size of lipstick containers or lighters are hidden in public places like subway stations, but also in highly private places like dressing rooms and bathrooms," Hu explained.

"The most common kind that's traded online, and shared online, and sometimes profited off of online, is footage of women having sex." more

Wednesday, March 20, 2019

Cops Spying on Cops, the Village President & Spycamer's in Crawlspaces

IN - A second lawsuit has been filed against New Carlisle alleging command staff in the police department secretly recorded private conversations... The five plaintiffs claim that Deputy Police Chief Brian Thompson and Chief Calleb Dittmar allegedly secretively “placed, or caused to be placed,” recording devices in the ceilings of non-essential areas of the department. more

-----

IL - Former Hinckley Chief of Police Kimberly S. Everhart has been charged with eavesdropping and official misconduct after Illinois State Police say she illegally recorded a conversation with the village president in 2017. more

-----
 
GA - A Catoosa County man is facing a handful of privacy invasion charges after he allegedly broke into a Ringgold residence and planted monitoring equipment, police say.

According to the Catoosa County Sheriff’s Office: Samuel David Townsend, 32, of 103 Parkview Drive in Ringgold, was arrested March 7 on charges of first-degree burglary, possession or sale of an eavesdropping device, unlawful eavesdropping, and Peeping Tom.

...resident reported suspicious sounds coming from underneath her home.

The victim said she was getting out of the shower when she heard a sound coming from the house’s master bathroom. The woman claimed she initially thought a mouse was in the home, but that the noise got louder almost like something was being cut...

...a white truck parked out on the street in front of the home and that the crawl space at the back of the house was open...

Sheriff Gary Sisk said Townsend did some work at the home in the past, and that he planted a recording device. more

Spybuster Tip # 629 - Watch What You Say at the Drive-Thru

Next time you have a private conversation while in a drive-through, you might want to keep it quiet — as workers in fast food restaurants are able to hear you, even when you can’t hear them.

Well, as long as they are wearing a headset and you’re parked next to the microphone with your window down, that is.

...the revelation on r/LifeProTips: They posted; “If we apologize [sic] and say we’ll be with you in a minute – you’re not on hold, we can hear everything. If you’ve ordered but the drive-thru line won’t let you pull ahead yet – we can hear every single thing you’re saying.

Suggesting that having the ability to eavesdrop isn’t always a good thing, they added: “I wish I could forget some of the stuff I’ve heard.more

Mr. Blobby - UK TV Star & Accidential Voyeur

UK - Mr. Blobby is a big, pink blobby thing covered in yellow dots resembling a dangerous bout of liver cirrhosis. He also happens to be a dearly loved kids’ character on British TV.

However, he could have some explaining to do to Mrs. Blobby after he was caught perving on a naked woman in a bath on a billboard in the northern British city of Leicester.

Thankfully, all is not what it seems and it appears ...

A storm on Friday damaged the existing billboard’s skin – an ad for telco firm BT that showed a woman in a bath watching her laptop – which then revealed the previous ad that featured Mr. Blobby. more

Doctor Charged with Filming Women in Bathroom

We're guessing, "It's okay, I'm a doctor," will not be a valid defense.

NJ - New evidence has emerged in the case of a former Rutgers Robert Wood Johnson Medical School doctor charged with secretly recording women in a bathroom at the city hospital, according to prosecutors.

...after being charged last month in a 160-count indictment with invasion of privacy, computer theft, wiretapping, burglary, official misconduct and impersonation. ...is facing third-degree charges of allegedly photographing or videotaping victims, without their consent or knowledge, while their "intimate parts" were exposed. He’s facing fourth-degree charges in similar instances, except the victims were wearing underwear. ...the FBI is still investigating. more

Security Director Alert: Mirai Botnet Targets Corporate Presentation Systems

A new variant of the crushing Mirai botnet, which specifically places enterprises in its crosshairs, has been discovered by security researchers...

Click to enlarge.
Mirai is still a botnet designed to exploit IoT devices, but in its latest iteration it seeks out vulnerable business devices - specifically, wireless presentation systems and the TVs used to present to rooms full of clients, partners and colleagues. 

"This new Mirai is a perfect example of why every organisation needs to map their own networks from an external point of view and close off everything that is open and does not need to be," said Jamo Niemela, principal researcher at F-secure. "The types of new devices that Mirai attacks have no business of being visible to the Internet."

The WePresent WiPG-1000 wireless presentation system and the LG Supersign TV were the two devices singled-out by researchers as most vulnerable to the attack. more

In addition to checking for electronic eavesdropping devices and general information security loopholes, make sure your TSCM technicians examine IoT device settings.

Tuesday, March 19, 2019

Keep Your Number Private – And Still Receive Calls!

An inexpensive and easy service...

"Keep your real phone number hidden while making calls and sending texts for work, dating, Craigslist sales, and more thanks to Hushed. You'll use their simple and secure app to easily make calls on your second number (you'll even choose the area code) without committing to another long, expensive phone contract. Customize your voicemail and use Wi-Fi or data to talk without expensive service charges. It's true communication anonymity delivered." more

Bonus: 

The Tasmanians Have a Great Sense of Humor

Sign on hotel wall at Hobart Airport...


Monday, March 18, 2019

Ten Years of Bugging a Woman's Home Brings... a misconduct hearing?!?!

UK - A serving South Yorkshire police officer will face a misconduct hearing after being accused of bugging a woman’s home to listen in on her private conversations.

PC Christopher Birkett is accused of placing covert listening devices in a woman’s home on ‘various dates’ between March 2007 and August 2017 to listen in on her conversations.

It is alleged that on some of the occasions, PC Birkett was on duty at the time. more

Facebook - Also Concerned About Their Privacy

Nick Lovrien, the tech behemoth's chief global security officer, said in an interview...

"We work to protect intellectual property in many ways, and that's everything from making sure [employees'] computer screens on airplanes are covered so people don't accidentally share information they're not supposed to, to accidentally leaving things on the printers ... to white boards being cleaned at night," Lovrien said, adding that Facebook has additional systems in place "that identify if people are inappropriately accessing information they shouldn't have."

That's not just a theoretical risk. In the last six months, two Chinese Apple employees working on the company's secretive self-driving car project have been charged with stealing the iPhone maker's trade secrets...

Business Insider has spoken with numerous current and former employees and reviewed internal documents for an in-depth investigation into how Facebook handles its corporate security.

Sources described a hidden world of stalkers, stolen prototypes, state-sponsored espionage concerns, secret armed guards, car-bomb concerns, and more. Today, there are a staggering 6,000 people in Facebook's global security organization, working to safeguard the company's 80,000-strong workforce of employees and contractors around the world. more

The Case of The Handyman Cam

A Kentucky man accused of installing a video camera in a family’s bathroom is now facing additional felony charges...41-year-old Ryan C. Lloyd was charged with video voyeurism...

Police say a family hired Lloyd to fix a light fixture. A few days later, the family discovered a camera with an SD card had been wired to the light fixture. Police found 87 recordings on the card, including two images of a naked juvenile and images of two partially nude adults. more

Friday, March 15, 2019

FutureWatch: Stingrays May Be Stung by Apple Cell Phone Patent

Apple has filed a patent application on a new method of encryption, which complicates obtaining of confidential information.

The patent describes a technology that will not allow any device to keep track of the IMSI (international mobile subscriber identifier)...

Innovation may interfere with the use of Stingray devices, which act as masts for mobile phones. These devices can track the location of users or even to listen to personal calls. They are also sometimes called IMSI catchers. more

FutureWatch: Cheaper Infrared Cameras

A new breakthrough by scientists with the University of Chicago, however, may one day lead to much more cost-effective infrared cameras—which in turn could enable infrared cameras for common consumer electronics like phones, as well as sensors to help autonomous cars see their surroundings more accurately.

They tweaked the quantum dots so that they had a formula to detect short-wave infrared and one for mid-wave infrared. Then they laid both together on top of a silicon wafer.

The resulting camera performs extremely well and is much easier to produce. "It's a very simple process," Tang said. "You take a beaker, inject a solution, inject a second solution, wait five to 10 minutes, and you have a new solution that can be easily fabricated into a functional device." more

The New 'Cone of Silence', or The Death of Acoustical Ducting

Boston University researchers, Xin Zhang, a professor at the College of Engineering, and Reza Ghaffarivardavagh, a Ph.D. student in the Department of Mechanical Engineering, released a paper in Physical Review B demonstrating it's possible to silence noise using an open, ringlike structure, created to mathematically perfect specifications, for cutting out sounds while maintaining airflow.

"Today's sound barriers are literally thick heavy walls," says Ghaffarivardavagh. ...they are a clunky approach not well suited to situations where airflow is also critical...

They calculated the dimensions and specifications that the metamaterial would need to have in order to interfere with the transmitted sound waves, preventing sound—but not air—from being radiated through the open structure. The basic premise is that the metamaterial needs to be shaped in such a way that it sends incoming sounds back to where they came from, they say.

As a test case, they decided to create a structure that could silence sound from a loudspeaker. Based on their calculations, they modeled the physical dimensions that would most effectively silence noises... The metamaterial, ringing around the internal perimeter of the pipe's mouth, worked like a mute button. more

Corporate Security: Will Your "Secret" Status Hold Up in Court?

via Epstein Becker Green - Peter A. Steinmeyer
A federal judge in Chicago recently taught a painful lesson to an Illinois employer: even if information is sufficiently sensitive and valuable that it could qualify as a “trade secret,” it won’t unless the owner of the information took adequate steps to protect its secrecy. 

This doesn't qualify.
In a thorough opinion issued in the case, Abrasic 90 Inc., d/b/a CGW Camel Grinding Wheels, USA v. Weldcote Metals, Inc., Joseph O’Mera and Colleen Cervencik, U.S. District Judge John J. Tharp, Jr. of the Northern District of Illinois explained that “there are two basic elements to the analysis” of whether information qualifies as a “trade secret”:

(1) the information “must have been sufficiently secret to impart economic value because of its relative secrecy” and

(2) the owner “must have made reasonable efforts to maintain the secrecy of the information.” more

Contact a Technical Information Security Consultant if you are unsure about the "reasonable efforts" you should be taking.