Friday, October 30, 2020

Florida Woman Arrested for Hacking Home Camera System

A woman from Naples, Florida has been arrested after allegedly hacking into the home camera system of a family member as part of an extortion attempt.

Agents with the Florida Department of Law Enforcement arrested Jennifer Lenell Small on October 26 and charged the 44-year-old with a third-degree felony cybercrime.

Agents say that Small accessed the home camera system of a male family member as part of an extortion attempt that involved a contested will. Her alleged victim was a former employee of her husband's construction company.

"Small gained access to the camera and stored recordings after her husband’s construction company fired the victim and he turned the cell phone back into the company," said a spokesperson for the Florida Department of Law Enforcement.

The company cell phone that the victim had returned to his employer had an app installed on it that allowed the victim to view footage from his home security camera system...

A FDLE spokesperson said: "Small sent a short video clip to the victim telling him she had hours of videos that she would use against him in court if the victim did not agree to mediation." more

Spybusters Tip #934: Wipe your devices before passing them on.

New York Times — Fighting the ‘Bugging Epidemic’

With surveillance gear cheaper and easier to use, security experts say checking your environment for cameras and microphones is not a crazy idea.

People worry that Big Brother and Big Tech are invading their privacy. But a more immediate concern may be the guy next door or a shifty co-worker. 


 A growing array of so-called smart surveillance products have made it easy to secretly live-stream or record what other people are saying or doing.
Consumer spending on surveillance cameras in the United States will reach $4 billion in 2023, up from $2.1 billion in 2018, according to the technology market research firm Strategy Analytics. Unit sales of consumer surveillance devices are expected to more than double from last year.

The problem is all that gear is not necessarily being used to fight burglars or keep an eye on the dog while she’s home alone. Tiny cameras have been found in places where they shouldn’t be, like Airbnb rentals, public bathrooms and gym locker rooms. So often, in fact, that security experts warn that we are in the throes of a “bugging epidemic.”

It is not paranoid to take precautions. A lot of spy gear is detectable if you know what to look for, said Charles Patterson, president of Exec Security, a firm in Tarrytown, N.Y... more

STEVE WOZNIAK & STEVE JOBS — Blue Box up for Auction

Blue Box, 1972. An original first iteration "blue box" populated circuit board made by Steve Wozniak and marketed by Steve Jobs and Wozniak, 51 x 72 mm, with speaker wire and 9volt battery connector.

Provenance: Purchased directly from Steve Wozniak by the consignor in Autumn 1972 during a drive together from Sunnyvale to Los Angeles.

Bid estimate:
US$ 4,000 - 6,000
£ 3,100 - 4,600

While "phone phreakers" (hobbyists who were fascinated by the phone system) had used a "blue box" since the 1950s to avail themselves of free phone service, the first digital blue box was designed by Steve Wozniak in 1972. 

It was marketed and sold by Wozniak (who took the phone phreak name "Berkeley Blue"), Jobs (known as "Oaf Tobar"), and friends in Berkeley and throughout California in 1972 and 1973. 

Wozniak cites the number of boxes they produced at 40 or 50, while Jobs put the number at 100; but certainly many of those were confiscated as phone phreaking arrests increased throughout 1973 to 1975, in part due to the commercial distribution of the devices. 

These blue boxes represent the first commercial collaboration between the two Apple computer giants, and the circuit boards the first printed boards by Woz. 

Very few of the Wozniak originals have survived and even fewer of these first iteration boards as Wozniak soon changed the circuit board layout to accommodate a less expensive membrane keypad. The early models would have been made by Wozniak himself. more

Back Story: I examined the photos closely. The IC chips have manufacturing dates of 1973 & 1974, thus the provenance appeared misleading. I advised the specialist at Bonhams. To his credit, and that of the auction house, they very quickly researched it further. The auction now has an addendum which clears up the mystery...

"PCB was purchased unpopulated directly from Steve Wozniak by consignor and parts were later added by consignor. Wozniak confirmed in an email to the consignor that this was one of his boards and that Steve Jobs had it printed."
 

Scarier than Halloween - Ponder This Over the Weekend...

In an influential 2003 paper, University of Oxford philosopher Nick Bostrom laid out the possibility that our reality is a computer simulation dreamed up by a highly advanced civilization. In the paper, he argued that at least one of three propositions must be true:
  1. Civilizations usually go extinct before developing the capability of creating reality simulations.
  2. Advanced civilizations usually have no interest in creating reality simulations.
  3. We’re almost certainly living inside a computer simulation.

Now, Columbia University astronomer David Kipping took a hard look at these propositions, also known as Bostrom’s “trilemma,” and argued that there’s essentially a 50-50 chance that we are indeed living in a simulation, Scientific American reports.

Thursday, October 29, 2020

Microsoft Says Iranian Hackers Targeted Conference Attendees

Microsoft says Iranian hackers have posed as conference organizers in Germany and Saudi Arabia in an attempt to break into the email accounts of “high-profile” people with spoofed invitations. 

The targets included more than 100 prominent people invited by the hackers to the Munich Security Conference, which is attended by world leaders each February, and the upcoming Think 20 Summit, which begins later this week in Saudi Arabia but is online-only this year.

“We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” said Tom Burt, Microsoft’s security chief, in a prepared statement. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries.” more

Wednesday, October 28, 2020

Surveillance Startup Used Own Cameras to Harass Coworkers

A surveillance startup in Silicon Valley is being accused of sexism and discrimination after a sales director used the company’s facial recognition system to harass female workers. 

Verkada, which was valued in January at $1.6 billion, equips its office with its own security cameras. 

Employees at Verkada accessed the company's facial recognition system to take photos of women colleagues and make sexually explicit jokes.

Last year, the sales director accessed these cameras to take photos of female workers, then posted them in a Slack channel called #RawVerkadawgz alongside sexually explicit jokes. The incident was first reported by IPVM and independently verified by Vice. more

Phones, Cameras, Cardkeys - What Will Track You Next?

Thanks to a new system developed at EPFL, building owners can detect the number of occupants and track their movement using sensors installed on floor slabs. This novel approach could be particularly useful for enhancing safety in retirement homes or managing buildings' energy use more efficiently...

Scientists at ENAC's Applied Computing and Mechanics Laboratory (IMAC), headed by Professor Ian Smith, have developed an alternative approach.  

"By installing sensors in a building's floor slabs, we can measure the vibrations created by footsteps. That lets us calculate the number of people in the building as well as where they are located and their trajectory," says Slah Drira, the IMAC Ph.D. student who completed his thesis on this topic.

To each his own gait...

"The signals our sensors record can vary considerably depending on the person's anatomy, walking speed, shoe type, health and mood," says Drira.

His method uses advanced algorithms—or more specifically, support vector machines—to classify the signals recorded by the sensors. Some interpretation strategies were inspired by the convolutional neural networks often employed in pixel-based image recognition, and can identify the footstep characteristics of specific occupants. more

Have Some Free Time? Learn How to Detect Spy Cameras

On-line, self-paced, professional video training course to detect spy cameras in “expectation of privacy” areas for organizations and private individuals. more

Spycam detection training

Brit Accused of Spying on 772 People via Webcam...

... tells court he'd end his life if extradited to US.

'I've seen programmes on American prisons' says wife

A Briton is reportedly fighting extradition to the United States after deploying webcam malware onto hundreds of women's laptops so he could spy on them undressing and having sex.

Christopher Taylor, a 57-year-old labourer, appeared by video link at Westminster Magistrates' Court to contest an extradition attempt by the US government, according to the Court News UK newswire.

Taylor told District Judge Michael Fanning that both he and his wife would kill themselves if he was forcibly removed to the US...

A US grand jury in the state of Georgia indicted Taylor, of Vicarage Road, Wigan, with computer fraud and wire fraud charges in January last year, the court was told. The Briton is accused of spying on 772 victims from 39 different countries after tricking them into installing CCTV camera management software called Cammy. more

Friday, October 23, 2020

Corporate Security: Patent and Trade Secret Enforcement in China

via Zhong Lun Law Firm
Over the past decade, patent and trade secret litigation has become increasingly popular in China. 

This chapter focuses on China’s adjudication system in patent and trade secret cases, on the various ways to collect evidence and the procedures involved. It also looks at recent trends to help foreign companies understand China’s patent and trade secret litigation system and to safeguard their legal rights and interests in China...

Electronic intrusion, violation of confidentiality obligations and other criminal acts are also recognized as misappropriation of trade secrets. In addition, commercial espionage crimes have also been added, which are defined as “stealing, spying, buying, and illegally providing trade secrets for foreign institutions, organizations and personnel”. more

The "electronic intrusion" part is important. Not conducting regular Technical Surveillance Countermeasures (TSCM) inspections risks weakening your standing, and missing crucial supporting evidence.



Orianne Cevey vs. Phil Collins - Accusations of Hidden Cameras

There’s been many twists and turns in the ongoing legal battle between Phil Collins and his on-again, off-again ex-wife Orianne Cevey. 

...the Swiss jewelry designer is alleging she’s being spied on by the Grammy winner after discovering a large number of hidden cameras in the hotly contested home.

In an affidavit obtained exclusively by the Daily Mail, Cevey claims she “discovered approximately 20 hidden cameras throughout the Family Home, including in my personal bathroom and changing room. These cameras were installed without my knowledge or consent. I covered these cameras with Band-Aids in order to preserve my privacy and the privacy of my children in the Family Home." more

When it comes to electronic surveillance, Band-Aid solutions are often applied. Corporations and high profile individuals either ignore the threat, or hire the most inexpensive, least knowledgeable, and least effective individuals to protect their information and privacy. Here is a list of questions to ask before you hire anyone to debug your home or business.

"Bond?, James Bond?!?! ...You're Putting Me on."

Recently declassified Cold War-era documents about a suspected British agent named James Bond have the Polish public and some in the intelligence community shaken, not stirred.

On Feb. 18, 1964, the agent named Bond, James Bond, arrived in Warsaw, then behind the Soviet Union's Iron Curtain, a barrier separating the Communist Eastern Bloc from the West.

Officially, he was employed as an archivist for the British Embassy Military Attache. But he soon earned the attention of Polish counter-intelligence officers. At one point, he was spotted snooping around a military base along the Soviet border, the Wall Street Journal reported. more

Friday Funnies

High Bridge, NJ - Tin Foil Hat Contest
Worried about microwave mind zapping, spies, aliens, or your nosy neighbor?  You may find a answer to your concerns here... Polka Dot Café in High Bridge, NJ more

Trump’s Twitter Account Was Hacked
President Trump’s Twitter account was hacked last week, after a Dutch researcher correctly guessed the president’s password: “maga2020!more

Ghostbusters sneakers from Reebok
Reebok is releasing this fun and cartoony Ghostbusters "Ghost Smashers" sneaker design on Halloween. more (You really need the matching backpack to complete the outfit.)

Wednesday, October 21, 2020

Spycam Detection Training - Now with English, Spanish & Korean Closed Captions

On-line, entertaining, self-paced, video training with Certificate of Completion...

Click to enlarge.
SPYCAM DETECTION TRAINING
teaches the basic investigative skills necessary to identify and detect covert spy cameras. 
 
It also provides a complete due diligence strategy to help organizations protect their employees, customers and visitors against this privacy invasion. 
 
By taking a pro-active approach to “the video voyeur in the workplace problem" the organization also mitigates the risk of expensive lawsuits, damaging publicity and loss of good will.

In addition to the forensic training, the student receives a 25-page course text which includes a strong Recording in the Workplace policy template, a simple Inspection Log form and links to additional information.

Upon completing the course, the student will be able to conduct a professional inspection without the need for expensive instrumentation. Should an organization want to invest in instrumentation (useful for large scale inspections) links to these items are provided in the course text.

SPYCAM DETECTION TRAINING is primarily useful for:

  • security managers,
  • facilities managers,
  • store managers,
  • security officers,
  • private investigators,
  • landlords,
  • real estate management companies,
  • targets of activist groups,
  • and businesses which invite the public into their locations.

Recognizing and detecting spy cameras is also a valuable skill for:

  • law enforcement personnel,
  • security management students,
  • and the general public wishing to protect themselves against video voyeurism.

The course is structured to give the student:

  • a full understanding of the video voyeur problem,
  • a written policy which provides deterrence, leverage, and shows due diligence in court,
  • an understanding of the different types of spy cameras and how to identify them,
  • instruction on how to plan and execute a proper inspection,
  • and instruction on what to do if a camera is found and how to handle the evidence.

The course takes about an hour to complete.

Spy cameras are inexpensive and readily available via the Internet and local spy shops. Every child and adult is a potential target. Business especially have a duty to protect the people using their expectation of privacy areas.

Although SPYCAM DETECTION TRAINING focuses heavily on protecting workplace environments, there is a greater good. By taking this course you will be able to use what you have learned to protect yourself and your family during your everyday travels. The effect is cumulative. As more people take this course, opportunities for video voyeurs decreases. 

Preview SPYCAM DETECTION TRAINING for FREE.

Tuesday, October 20, 2020

Kevin's Security Scrapbook Tops 100,000 Visitors from the USA Alone!

 Thank you, everyone! ~Kevin




The Most Underrated Threat to Corporate Information Security

Sharp spike in internet sales of USB spy cables has corporate security and IT directors concerned. Murray Associates researched and developed a solution. 

• Malicious USB cables look exactly like the real thing.
• Some act as eavesdropping bugs.
• Some have GPS tracking capability.
• The worst ones… more  pdf

Cautionary Tale: What's Worse Than Being Caught on an Open Microphone?

Being caught on an open camera...

"I believed I was not visible on Zoom," he told Vice. "I thought no-one on the Zoom call could see me. I thought I had muted the Zoom video."

Jeffrey Toobin, 60, also a prominent CNN commentator, has been in demand as the US election campaign intensifies.

The incident, first reported by Vice News, happened during an election simulation involving the New Yorker and WNYC radio last week.

Mr Toobin, in a statement to Vice, said: "I made an embarrassingly stupid mistake, believing I was off-camera." more

Spybuster Tip #840:
• Always assume the mic and camera are live, and act appropriately.

Spybuster Tip #841:
• Know how to use your tech.

Estimated Lifespan of Your Passwords

Click to enlarge.

Spread the Word - Not the Germs


Friday, October 16, 2020

Consumer Reports - All the tools You Need for Online Safety

Keep Your Data Secure With a Personalized Plan

Cut down on data collection and prevent hackers from invading your laptop, tablet and even your phone. Answer a few simple questions to get customized recommendations to help you:
  • Safely backup files
  • Browse online without tracking
  • Avoid phishing scams
  • Prevent identity theft

CR Security Planner is a free, easy-to-use guide to staying safer online. It provides personalized recommendations and expert advice on topics such as keeping social media accounts from being hacked, locking down devices ranging from smartphones to home security cameras, and reducing intrusive tracking by websites.

Consumer Reports is an independent, nonprofit member organization that works with consumers to create more fairness, safety, and transparency in the marketplace. We don’t run third-party ads, and no company will ever exercise influence over our recommendations of products or services.

Even North Korea has Industrial Espionage Problems

North Korean man investigated for industrial espionage...
A North Korean man in his 40s is reportedly under investigation by the Ministry of State Security for turning over internal analyses from his workplace to a Chinese trader, Daily NK has learned.

The internal analyses the man gave to the trader reportedly concerned technology used to develop North Korean-style cosmetics. There is speculation that he will be sent to a political prison camp for espionage. more

Covid 19 Affects MI5's Spies Street Surveillance Tactics

The pandemic has changed the way millions of people work -- and even spies aren't exempt.

Near-empty streets caused by fewer people traveling into city centers can make it difficult for Britain's spies to track suspects, the new head of MI5, the UK's domestic security service, has said.

Ken McCallum told journalists Wednesday that his agents have adjusted the way they work as a result of the coronavirus crisis, after crowds thinned in public spaces. more

Facebook "Bug" Bugged iPhone Camera - Bugged Instagram'er Sues

Facebook has got itself in trouble again as the California-based tech giant has been allegedly sued for spying on Instagram users using the camera on the phone, Bloomberg reported.

According to the lawsuit, which has come following reports from July, the photo-sharing application had been accessing the camera on the iPhone to spy on users even when they weren’t activated.

Facebook has denied the claim and blamed a bug saying that it’s correcting the problem. more

Woman Allegedly Hacked Ex’s Alexa to Scare off New Girlfriend

Double Feature!
An IoT Cautionary Tale...
A Crazy Ex Tale...

A jilted London woman allegedly hacked into her ex-boyfriend’s Amazon Alexa device and used it to scare off his new girlfriend, a report said.

Philippa Copleston-Warren, 45, was accused in a London court of using the virtual assistant to flash the lights inside her former boyfriend’s house on and off and tell his new sweetie to scram after he ended their relationship of two years, The Sun reported.

The defendant spoke through the Alexa account to tell the complainant’s friend in the property to leave and to take her stuff,” prosecutor Misba Majid told Westminster Magistrates’ Court, according to the newspaper.

This so distressed the girlfriend, it caused her to cry and she left.

Copleston-Warren (inset), a management consultant, controlled the device from London, about 130 miles from her businessman ex-beau’s house in Lincolnshire, the paper reported.

She is also accused of hacking her ex’s Facebook account and uploading nude pictures of him. more

Spybuster Tip # 721: Learn how to adjust ALL the features of your digital assistant. This could have been prevented.

In Other News... Japan to Release Radioactive Water Into Sea

Japan is to release treated radioactive water from the destroyed Fukushima nuclear plant into the sea, media reports say.

It follows years of debate over how to dispose of the liquid, which includes water used to cool the power station hit by a massive tsunami in 2011.

Environmental and fishing groups oppose the idea but many scientists say the risk it would pose is low. more

What could possibly go wrong?

Enjoy the weekend, with a good flick.

Monday, October 12, 2020

New Malware Toolset Used for Industrial Espionage

Malware authors are using an advanced toolset for industrial espionage, warned researchers at cybersecurity firm Kaspersky.

...the tool uses “a variety of techniques to evade detection, including hosting its communications with the control server on public cloud services and hiding the main malicious module using steganography.”

...files are disguised to trick employers into downloading them. They contain names related to employees’ contact lists, technical documentation, and medical analysis results to trick employees as part of a common spear-phishing technique...

MontysThree is designed to specifically target Microsoft and Adobe Acrobat documents, Kaspersky said. The malware can enable attackers to capture screenshots and gather information about the victim’s network settings, hostname, etc. more

Espionage Alert: Children's Smartwatch is a Trojan Horse

A popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time, a researcher said.

The X4 smartwatch is marketed by Xplora, a Norway-based seller of children’s watches...

The backdoor is activated by sending an encrypted text message. Harrison Sand, a researcher at Norwegian security company Mnemonic, said that commands exist for surreptitiously reporting the watch’s real-time location, taking a snapshot and sending it to an Xplora server, and making a phone call that transmits all sounds within earshot. 

Sand also found that 19 of the apps that come pre-installed on the watch are developed by Qihoo 360, a security company and app maker located in China. more  (q.v. our 2017 post  & etc.)

Sunday, October 11, 2020

Bugged Turtle Eggs – Good Surveillance Tech

The Wire Inspired a Fake Turtle Egg That Spies on Poachers 

Scientists 3D-printed sea turtle eggs and stuffed transmitters inside. When poachers pulled them out of nests, the devices tracked their every move.


In the HBO series The Wire, Baltimore cops Herc and Carver devise an unorthodox way to listen in on a drug dealer named Frog, right on the street: They shove a tiny, $1,250 microphone into a tennis ball, which they then place in a gutter. 

Listening in from a building across the street, they watch as Frog picks up the ball and absentmindedly tosses it between his hands, sending thuds and an electric screech into Herc’s headphones. Quickly over it, Frog chucks the ball over their building. Carver rushes after it, only to watch a semi truck crush their very expensive tennis ball.

The Baltimore PD’s failure, though, may still be biologists’ gain. Drawing both from the imaginary surveillance tennis ball and a story arc from Breaking Bad, in which the Drug Enforcement Agency uses GPS to track methylamine barrels, real life researchers have developed the InvestEGGator: a fake sea turtle egg filled with a transmitter in place of an embryo, a clever new way to track where poachers are selling the real deal. more

Friday, October 9, 2020

The FBI Hotel Wi-Fi Security Checklist


The Federal Bureau of Investigation is issuing this announcement to encourage Americans to exercise caution when using hotel wireless networks (Wi-Fi) for telework.
FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels. 

US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks. 

Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cyber security practices can minimize some of the risks associated with using hotel Wi-Fi for telework. more

Thursday, October 8, 2020

Mystery Deepens Around Unmanned Spy Boat Washed Up In Scotland

Last week a small unmanned vessel washed up on the rocky Scottish Isle of Tiree, about a hundred miles from the U.K.’s nuclear submarine base at Faslane.  

It was identified as a Wave Glider, a type made by U.S. company Liquid Robotics, which is capable of traveling thousands of miles and is used by both the U.S. Navy and Britain’s Royal Navy as well as other government agencies and scientific researchers. 

The local Coast Guard have been unable to trace the owner so far, but the craft’s configuration suggests it was on a secret mission...

...the mystery remains over who was operating it, what it was doing — and why they are keeping quiet. more

UPDATE:

What is a Wave Glider and how do they work? 

Wave Gliders are unmanned surveillance boats built by the American company Liquid Robotics.

They are used by the British and American navies to monitor the movement of submarines in hostile territories.

The boats tow sensors under water to detect vessels entering or operating in a targeted area and send messages to shore-based operators via satellite.

During a mission to patrol the waters around the Pitcairn Islands, the Wave Glider successfully intercepted and collected data on three vessels whose AIS signatures were unavailable.

A new Wave Glider was released in 2019.

Dave Allen, Chief Executive Officer, Liquid Robotics said at the time: 'Over the years our customers’ missions have grown in complexity and scale, operating in one of the most challenging environments on Earth – the ocean. 

'In response we’ve continued to raise the bar for unmanned surface vehicles. 

'We’ve poured 12 years of lessons learned into this newest Wave Glider to ensure we can meet and exceed our customers’ mission demands.' more

 

Former Police Officer Jailed for Threats to Release Compromising Images

Australia - A former Portuguese police officer who installed covert cameras in his ex-partner's home and threatened to share compromising photos of her has been sentenced to four years in jail in a Brisbane court...

Prosecutor Alexandra Baker said the man, who had been a police officer in Portugal for 12 years, installed cameras covertly in his ex-partner's home and monitored her through spyware on her phone.

Ms Baker said the cameras made more than 4,500 recordings, including some of the woman in states of undress, and Marques Malagueta had threatened to release sensitive images...

The court heard Marques Malagueta was likely to be deported. more

In Other News...

Electric shocks to the tongue can quiet chronic ringing ears...

Tinnitus—a constant ringing or buzzing in the ears that affects about 15% of people—is difficult to understand and even harder to treat. Now, scientists have shown shocking the tongue—combined with a carefully designed sound program—can reduce symptoms of the disorder, not just while patients are being treated, but up to 1 year later.

It’s “really important” work, says Christopher Cederroth, a neurobiologist at the University of Nottingham, University Park, who was not involved with the study. The finding, he says, joins other research that has shown “bimodal” stimulation—which uses sound alongside some kind of gentle electrical shock—can help the brain discipline misbehaving neurons. more

Wednesday, October 7, 2020

Physical Security's 15 Greatest Hits

When it come to corporate espionage, many tricks are available for getting around your security measures. We can alert you to them. Our counter espionage survey can identify the weak spots in your organization’s physical and information security efforts and make recommendations to remediate them. 

The following video demonstrates bypass techniques from physical security professionals Brent White at WeHackPeople.com, and Deviant Ollam, and Rob Pingor of RedTeam Alliance.

  

Physical security is important to any business or government organization. Even though an organization has taken all the security measures possible, corporate spies know how to bypass many of them.

The first line of defense for any secure building or office is the door. Many of these are controlled by card-key access controlled locks. Exiting is often automated using an IR or infrared door lock release sensor. Unfortunately, many common security measures are simple for spies to circumvent. more

Apple T2 Security Chip Has Unfixable Flaw

Intel Macs that use Apple's T2 Security Chip are vulnerable to an exploit that could allow a hacker to circumvent disk encryption, firmware passwords and the whole T2 security verification chain, according to team of software jailbreakers.... 

On the plus side, however, it also means the vulnerability isn't persistent, so it requires a "hardware insert or other attached component such as a malicious USB-C cable" to work. more 

Malicious USB cables are the latest, and arguably the most insidious, threats on the corporate information security landscape. Every USB cable on premises, and those being used elsewhere by employees, needs to be vetted for authenticity. Security directors are enlisting the aid of technical counterespionage consultants to perform this task.

Tuesday, October 6, 2020

The Story of the Murray Associates Logo

“Does the logo have a meaning, or is it just a nice design?”

The logo does indeed have meaning. It was inspired by my college textbook. I saw the dots as information in motion, and the rings as protection.

Logo Report CMYK 300dpi

  • Blue dots are information.
  • The red ring is protection.
  • The gray ring represents the many unknown forces trying to steal the information.

Simple… and not inspired by a department store, shooting targets, or a brand of cigarette. Just my design inspired by a book which taught me a lot.

Another reason the shape is appealing is that circles represent comfort, safety, warmth—exactly how I want to make our clients feel.

The logo seems counter-intuitive for a security firm. It goes against the norm… swords, shields, lightning bolts, birds of prey; symbols seen in most security logos. People forget, strong and harsh symbols are used by governments. They are meant to inspire warriors and intimidate enemies. Clients are not enemies.

Murray Associates TSCM

The way we use the logo behind the company name is also intentionally symbolic, in a subliminal way. It’s the “rising sun” look; used to invoke that upbeat feeling you get when your problems are solved… sing-a-long ~Kevin D. Murray

Monday, October 5, 2020

Dumb Cyber Attack – Hacker Receives Our Darwin Award

...the hacker responsible for this attack on a luxury goods company which happened back in 2018 but has just been revealed by Max Heinemeyer...

The luxury goods business had installed ten fingerprint scanners so as to restrict access to warehouses in an effort to reduce risk. "Unbeknown to them," Heinemeyer continues, "an attacker began exploiting vulnerabilities in one of the scanners. In perhaps the weirdest hacker move yet, they started deleting authorized fingerprints and uploading their own in the hope of gaining physical access."

The AI brain picked this up because one scanner was behaving differently than the others, meaning the security team became aware of the attack within minutes. And, of course, had some pretty conclusive evidence to provide to law enforcement. more

Friday, October 2, 2020

Best Business Espionage Article of the Year (A corporate executive must read.)

The Espionage Threat to U.S. Businesses

By Bill Priestap, Holden Triplett

Many authoritarian governments are doing everything they can, including using their spy services, to build successful businesses and grow their economies. Indeed, even some nonauthoritarian governments are taking this approach. The reason for this is simple: A large number of nation-states view privately owned companies within their jurisdictions as extensions of their governments. They support and protect the companies as if those entities were integrated parts of government...

(Main Points)

  • U.S. companies must understand that in many cases they are no longer simply competing with corporate rivals. They are competing with the nation-states supporting their corporate rivals—nation-states with enormous resources and capabilities and with very little restraint on what they will do to succeed.

  • U.S. businesses are decidedly not supported by U.S. government spy agencies. For this reason, they are often competing on an uneven playing field.
     
  • Exacerbating the problem is the fact that businesses and investors are woefully unprepared for this new environment.

  • Intelligence and the art of spying are no longer constrained to the government sphere. While spy tools and tactics are more readily available, what is truly driving this proliferation is the intelligence realm’s shift in focus from government to businesses.

  • In addition, most companies are focused too myopically on strong cybersecurity as a panacea for spying. Of course, cybersecurity is extremely important, but it protects only one vector by which a nation-state could spy on and subsequently loot a company.
     
  • If businesses want to protect their assets, then developing an understanding of spies and their activities should become standard practice for business leaders and investors today.
     
  • Spy services may also target a business via its partners and vendors, so it is equally important to shield those entities from potential attack or attempted exploitation.
     
  • Understanding and mitigating the activities of spies must become standard practice for business leaders. And if investors don’t see companies doing this, they should hold onto their money—tightly. more