Tuesday, December 29, 2020

Security Director Alert: DHS Warns US Businesses of China’s Data-Collection Practices

A 15-page “business advisory” released Tuesday by DHS cautions that Chinese intelligence services could collect and exploit data held by U.S. firms doing business in China
, highlighting longstanding concerns from U.S. officials. Beijing has denied allegations of economic espionage...

Chinese law requires Chinese businesses and citizens, including in academia, to “take actions related to the collection, transmission and storage of data that runs counter to principles of U.S. and international law and policy,” DHS said in a press release. 

The department urged U.S. firms to “minimize the amount of at-risk data being stored and used” in China, or in places accessible to Chinese authorities. more

Need help. Click here.

There is a New Kind of Bug Comin' to the UK, Mate

In collaboration with UAVTEK, we have developed a nano “Bug” drone and delivered the first 30 units to the British Army, which has put it through its paces as part of a trial. 

The Bug is a nano-Unmanned Aerial Vehicle (UAV) weighing 196g – similar to the weight of a smartphone – with 40 minute battery life and a 2km range

It boasts a stealthy low visual profile and the ability to fly even in strong winds of more than 50mph...

The teams are now working on the next developments on the nano-UAV, exploring sensing equipment and capabilities which could be added, as well as how the Bug could be integrated with other military equipment. more


Check Your Holiday Rental for Hidden Surveillance Cameras

Australia - There's something unsettling about the idea of being watched while you and your loved ones kick back on holidays. If you've searched online to find whether holiday rental landlords spy on their guests, there's plenty to feed your paranoia...

Still, if something feels off or you want to sweep the house, there are some steps you can take. Although without professionals and high-tech gear involved, it can't be 100 per cent accurate...

Julian Claxton, a counter-espionage specialist, recommended a hidden camera detector — small devices that project a light that will reflect off the lens of a covert camera... "The reality is, that's how a lot of these cameras can be found — through anomalies. Things that just don't look right within an environment," he explained.


Tips:

  1. Inspect what's on the Wi-Fi network... Many cameras sold in consumer electronic stores need an internet connection so they can be viewed remotely from a computer or app. This could provide a clue.

  2. Try to spot the camera lens... Julian Claxton, a counter-espionage specialist, recommended a hidden camera detector — small devices that project a light that will reflect off the lens of a covert camera.

  3. Check the power points... Hidden cameras need ongoing power, so Mr Claxton suggested looking at what's connected to power points.
     
  4. Look for oddly placed objects... Hidden cameras can be built into just about anything, but for the lay person, Mr Claxton suggested using "a bit of common sense". more

Also, consider taking a one-hour, on-line, video Spycam Detection Training course.

Tuesday, December 22, 2020

Industrial Espionage and IP Theft in the Manufacturing Threat Landscape

 via Rob Acker...
Today, the manufacturing industry promotes innovation, productivity and trade to capitalize on opportunities created by changing demand and technological advancements. However, the move towards connected manufacturing has introduced sophisticated threats to data, intellectual property (IP) and operations.

Industrial Espionage and IP Theft
Manufacturing organizations invest heavily in IP development. It’s often an organization’s most valuable asset and its theft is among the most damaging of manufacturing cyber-threats. Recently, manufacturing executives cited IP protection as their primary concern...

 Although manufacturing organizations are reasonably advanced in their awareness of the cyber and information security risks they face, preparedness varies. A certified ISO 27001 Information Security Management System (ISMS), paired with independent testing, detection and response services, provides a transparent solution. more

Chinese Spies: from Chairman Mao to Xi Jinping (book)

As China expands its reach around the globe, it is important to understand not only its foreign, economic and security policies but also its massive covert operations. 

Roger Faligot, an investigative journalist who specializes in studying intelligence agencies, first published Chinese spies in French. It proved so successful that he recently had a significantly expanded version translated into English - Chinese spies: from Chairman Mao to Xi Jinping.

Faligot’s ambitious book spans a century of Chinese espionage, from the beginnings of the Chinese Communist Party to the Xi Jinping era...

Faligot’s ground-breaking book is essential reading for both intelligence professionals and generalists seeking to understand the reach of China’s hidden hand. Given rapid technological developments, one can only hope that Faligot is working on a follow-up volume. more

Russian Spy Crank Yanked into Confessing

Poisoned Kremlin critic Alexei Navalny duped a Russian spy into confessing to the botched assassination attempt — revealing that nerve agent had been smeared on his underpants, according to a report.

The 44-year-old opposition leader posed as a senior official from Russia’s National Security Council demanding an urgent debriefing about why the poisoning in August failed, according to a recording shared with CNN.

In a sting where he used a number disguised to look like it was from the headquarters of Russia’s Federal Security Service (FSS), Navalny tricked Konstantin Kudryavtsev into revealing key details about how he had been poisoned with Novichok in August, CNN said. more

Yet Another Air-Gapped Computer Hack

Academics from an Israeli university have published new research today detailing a technique to convert a RAM card into an impromptu wireless emitter and transmit sensitive data from inside a non-networked air-gapped computer that has no Wi-Fi card.

Named AIR-FI, the technique is the work of Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev, in Israel.

Over the last half-decade, Guri has led tens of research projects that investigated stealing data through unconventional methods from air-gapped systems. 

These types of techniques are what security researchers call "covert data exfiltration channels." They are not techniques to break into computers, but techniques that can be used to steal data in ways defenders aren't expecting. more

Friday, December 18, 2020

The Ultimate Spy, or Better Learn How to Say "Yes, Master"

 via Sundance...

This fascinating and visually stimulating documentary examines simulation theory—the idea that this world we live in might not be entirely real. The theory is as old as Plato's Republic and as current as Elon Musk's Twitter feed and A Glitch in the Matrix traces its genesis over the years, from philosophical engagements by the ancient Greeks to modern explorations by Philip K. Dick, the Wachowskis, and game theorists.

A new trailer for the upcoming documentary A Glitch in the Matrix gives a haunting look at the theory that we are all living in a giant simulation. The title alludes to the Wachowskis’ popular Matrix franchise, which is perhaps the most significant cultural exploration of the trippy thought experiment.

A Glitch in the Matrix will premiere at the 2021 Sundance Film Festival in the Midnight Section line-up. After Sundance, A Glitch in the Matrix will be in theaters and on demand on February 5, 2021.

"Solarwinds" Attack Announcement (AA20-352A) from CISA

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations 

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations...

CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations. CISA advises stakeholders to read this Alert and review the enclosed indicators. more

Note: In addition to cybersecurity, a quality TSCM program is required to protect against multiple other attack vectors.

TSCM Tech Alert: If You Detect a Signal at 9.65 GHz You're Being Watched

A New Satellite Can Peer Inside Buildings, Day or Night

A few months ago, a company called Capella Space launched a satellite capable of taking clear radar images of anywhere in the world, with incredible resolution — even through the walls of some buildings.

And unlike most of the huge array of surveillance and observational satellites orbiting the Earth, its satellite Capella 2 can snap a clear picture during night or day, rain or shine...a capability that will only get more powerful with the deployment of six additional satellites next year. Is that creepy from a privacy point of view? Sure...

The satellite beams down a powerful 9.65 GHz radio signal toward its target, and then collects and interprets the signal as it bounces back up into orbit...

Possibilities abound. Train two SAR satellites on the same target and they can actually image targets in three dimensions down to minute differences in height. more

Monday, December 14, 2020

Exercise Like Your Walter Mitty Secret Agent Life Depended On It

via Justin Harper, Business reporter, BBC News, Singapore

I was the hero in my very own spy story, speeding from one checkpoint to another to foil the bad guys.

The plot came from a running app called Running Stories, which casts you as a secret agent in a story playing out with a heart-thumping soundtrack.

It is one of the latest apps designed to make exercise more entertaining, using real-time data that integrates the plot with your surroundings.

Key events in the storyline are triggered when a runner passes specific GPS markers and landmarks.

From being shot at by snipers to racing to catch a speedboat along the river, the plot kept me engaged and burned plenty of calories. more



John le Carré - RIP


John le Carré, whose exquisitely nuanced, intricately plotted Cold War thrillers elevated the spy novel to high art by presenting both Western and Soviet spies as morally compromised cogs in a rotten system full of treachery, betrayal and personal tragedy, died on Saturday in Cornwall, England. He was 89. (Born David John Moore Cornwell in Poole, Dorset, on Oct. 19, 1931.) more

Saturday, December 12, 2020

World's Smallest & World's Best Spy Cameras of 2020

World's Smallest

Weighing just 1g, Austrian company AMS has announced they have made the world's smallest camera. The NanEyeC has a footprint of just 1x1mm so is smaller than the size of a pinhead.

The 102,000 pixel camera only shoots in black and white, but is designed to be invisible when mounted in wearable devices, such VR headsets – and will doubtless also become the ultimate spy camera. more

 
 World's Best Spy Cameras of 2020

We've put together this guide to spy cameras to help you pick out the best one for your home. 

Some are simple small cameras that can be placed somewhere that most people won't notice them, while others are disguised as objects like photo frames or USB chargers. 

We've even found a camera that's disguised as a light bulb! 

As you might imagine, there are loads of creative options in this area. more


 

Another TSCM Fail - Dentist Sweeps Office - In Situ Spycam Missed

Two weeks ago a school district conducted their own "in-house" TSCM sweep for spycams after an employee was charged with 30 child pornography and voyeurism charges. Big fail. Multiple reasons.

This week...

An Illinois dental practice has been sued by 11 employees after an hygienist allegedly hid two cameras in the work bathroom, new court papers show.


One camera was discovered Oct. 22 in a unisex employees’ bathroom of the national dental chain Aspen Dental in Crestwood, and it was turned over to the police department, according to the lawsuits filed in Cook County Circuit Court on Thursday.

That same day, dental hygienist Armani Alexander, 25, “admitted to placing the camera” in the bathroom and was arrested, the court papers say.

The office assured the workers that they swept the premises and didn’t find any more cameras.

Yet Oct. 26, a second camera was discovered in the same bathroom, court documents allege...

Aspen admitted that a background check for Alexander — who had only been with the company for two months — “was flagged for criminal activity,” the court papers say...

The workers — who are each suing for at least $50,000 — have brought claims of negligent hiring and supervision against the practice. more

No surprise there. This DIY amateur hour bug sweep was an exercise in negligence. 

Consider these points...
  • The police were given the first camera and had a confession the same day. "Case closed."
  • We don't know if the police conducted a follow-up inspection for additional cameras. If they didn't, they failed. If they did, they failed to find the second camera.
  • The practice knowingly hired a hygienist with known criminal activity ...and didn't investigate further.
  • No mention of an independent Technical Surveillance Countermeasures (TSCM) specialist being called in to investigate. Big fail.
  • "The office assured the workers that they swept the premises and didn’t find any more cameras." (Visions of Steve Martin.) ..."Yet Oct. 26, a second camera was discovered in the same bathroom."

 Why is all this important?

Emotional pain and embarrassment aside... not conducting a professional emergency sweep will have expensive consequences, and may put this dentist out of business.

  • 11 employees suing for $50,000.00 each = $550,000.00
  • Cost of recruiting, hiring and training new staff = $????.00
  • Loss of business due to the bad publicity = $????.00+
  • Total cost of their DIY "sweep" (rough guess) "a lot!"
  • Cost of a professional TSCM sweep for an average dental office suite ≈ only $4,500 - $6,000.
Want to proactively check for spycams yourself? Learn how to do it first.
If you have an active situation, find a competent TSCM professional.

Friday, December 11, 2020

10 Years Ago This Month - Merry Christmas, kid.

"Mommy has a new toy she would like you to play with."
 
 

 "Find out who's telling the truth—and who's not—by giving your suspect a lie detector test! Attach the sensor to your suspect's finger. Ask tough questions to really make 'em squirm! The indicator lights light up when your suspect isn't telling the truth. Busted!"

You better watch out
You better not cry
Better not pout
I'm telling you why
Santa Claus is coming to town
He's making a list
And checking it twice;
Gonna find out Who's naughty and nice
Santa Claus is coming to town...
 
SHOCKING 2020 UPDATE...
The latest model lie detector toy for kids electrocutes them if it thinks they are lying.
 
From the sales pitch... 
  • If you tell the truth, no shocking and you can move out your hand safely. But if you tell a lie, you will be shocked by electric. 
  • Toys for your friends, Fool's Day Party, Prank gifts, Halloween Prank, Christmas gift.
  • It would be a great warm-up game at a party. more

I can't wait to see what 2030 brings.

Thieves Steal Radio Equipment from Russian ‘Doomsday Plane’

A Russian military aircraft designed to allow the country’s leadership to survive and fight a nuclear war has been crippled, the victim of a particularly brazen burglary. Thieves stole 39 pieces of communications equipment from the Ilyushin Il-80 aircraft, nicknamed “Maxdome” by NATO.

The incident took place at the Beriev Taganrog Aviation Scientific and Technical Complex, outside the Russian city of Rostov. Inspectors noticed an open hatch leading inside the plane and soon discovered the equipment was missing. more  one sing-a-long possibility? (nsfw)



Sunday, December 6, 2020

This Week in (the other type of) Corporate Espionage


NLRB Accuses Google of Spying On and Retaliating Against Employees

The National Labor Relations Board (NLRB) lodged a formal complaint against Google, LLC and Alphabet, Inc. (collectively Google) on Wednesday, contending that the company interfered with workers’ rights to organize and retaliated against certain employees for attempting to unify. According to an article by Ars Technica, and a redacted filing consolidating the cases, the NLRB stepped in after several employees made complaints about their former employer’s restrictive and punitive actions. more  

Private spies reportedly infiltrated an Amazon strike... A union is taking legal action.
Amazon could face a court battle with a Spanish workers' union over a report that said private investigators were hired to infiltrate and secretly surveil a strike outside one of its warehouses. According to a 51-page document obtained by the Spanish news site El Diario, private detectives spied on an Amazon workers' strike at a warehouse near Barcelona, Spain... more

Employers Are Spying on Remote Workers in Their Homes
As the Covid-19 pandemic has forced more people to work from home, employers have begun using digital surveillance technology to increase control and maintain productivity. more

Credit Suisse Spy Agency Was More Global, Inept Than Previously Reported
The most amazing thing about Credit Suisse’s CEO-sinking spy scandal isn’t that the bank’s internal KGB existed at all, but how hilariously, spectacularly shitty it was at the job. The most important thing, after all, about a covert operation is not the information it uncovers, but that it remain covert, undetected by those under its watch. Not only were CS’s Keystone Kops unable to achieve this most basic secrecy over and over and over again, they weren’t able to concoct an effective cover-up of their rare successful operations from the world’s most credulous law firm. more

NJ Whistleblower Allies File Lawsuit Against Carpenters' Union Over Spying
Five former employees of Eastern Atlantic States Regional Council of Carpenters have sued the union for allegedly spying on and then firing them over their support of a whistleblower who sparked a federal corruption investigation of the union. more

Oil & Gas Industry Corporate Espionage, or Those Fracking Spies

According to the FBI, corporate espionage in the global oil and gas industry mostly involves stealing intellectual property, including a company's trade secrets, research, and proprietary information...

The main culprits are domestic and/or foreign commercial rivals, start-up companies, foreign Intelligence officers (spies), disgruntled employees (insider threat), or organized criminals.

In the case of Texas fracking companies, employees of drilling firms were targeted when they traveled outside the United States with the contents of their company laptops stolen.

Alternatively, individuals were actively placed inside target companies, or disgruntled employees would simply go rogue and begin collecting and selling trade secrets, mainly as an act of defiance to strike back at their employers. more

Government-Mandated Tax Software Contains Malware

U.S. and German investigative and intelligence agencies issued grave warnings in recent months that Chinese government-mandated tax software contains malware, which enables backdoor access into the applications that install it.

If the allegations are true, local units of foreign companies operating in China as well as global financial institutions will be exposed to the risk. more

Diplomats Reportedly Zapped with Microwaves

Mysterious neurological symptoms experienced by U.S. diplomats in China and Cuba appear to be caused by directed microwave energy, according to a new report by the National Academies of Sciences (NAS) obtained by The Hill...

A source familiar with the symptoms told NBC News, which was the first to report on the findings from NAS, that the CIA had determined Russian operatives who had worked on microwave weapons were in the same cities as CIA agents at the time they began experiencing the neurological symptoms.

U.S. diplomats in Cuba began experiencing the symptoms in late 2016, reporting they were hearing strange sounds and experiencing odd physical sensations before becoming sick. Some of those symptoms disappeared, while others lingered.

Cuba has denied any knowledge of the illnesses. more