Thursday, March 31, 2022

Become a Successful Security Consultant - Step One

The Successful Security Consulting (SSC) Course is a one-day specialized training program.

 

It was developed for those who are interested in becoming security consultants, and those who recently launched an independent security consulting practice. 

 

This is a one-day program presented by leading technical and management security consultants. Seasoned, subject matter expert instructors provide pertinent and proven industry experiences.

 

Topics include:

  • The Business of Security Consulting
  • Security Consulting Practice Areas
  • Establishing and Operating a Consulting Practice
  • Getting Business and Attracting Clients
  • Executing a Consulting Assignment
  • Avoiding Common Mistakes and Pitfalls

The class is also helpful to experienced security consultants who are looking for new ideas and ways to reinvigorate their existing consulting practices. Don’t miss this opportunity to advance your career and your business.

 

Attendees of the Successful Security Consulting Course receive credit hours for CSC through IAPSC and CPE credits through ASIS. 

 

The 37th Annual IAPSC Conference will be held at The Westin Westminster in Colorado June 13-15, 2022. 

 

SCC attendees are encouraged to extend their stay and register for the Annual IAPSC Conference from Tuesday, June 14 – to Wednesday, June 15. Discounted rates and Early Bird registration are available through Wednesday, April 13.  Read more on the IAPSC website.

Monday, March 28, 2022

Is My Hotel or Airbnb Bed Bugged?

We get asked this when someone finds a bit of miniature electronics embedded in the sheets or other linens. 

If you are seeing one of these buried in the hem of your linens the answer is no. You can relax.

These are RFID tags. Commercial laundries attach them to linens to keep track of who belongs to what. 

As one supplier explains... "UHF RFID textile laundry tags are designed to optimize industries laundry processes, providing durability and suitability for washing, drying, dry cleaning and ironing. They can be used for many different applications such as laundry application, logistics, anti-counterfeiting, supply chain management control, inventory control, asset tracking, process control..."

If you are concerned about privacy in your rented bedroom learn how to find hidden spy cameras.

Three Declassified Spy Gadgets Of The CIA

Informally known as the “Agency” or the “Company”, the Central Intelligence Agency is a civilian foreign intelligence service of the United States government. Its main task is to gather, process, and analyze national security information from all over the world, mostly through the use of human intelligence and performing actions behind the curtain. It was former-President Harry S. Truman’s initiative to create the Central Intelligence Group out of the Office of Strategic Services on January 22, 1946, which was transformed itself into the Central Intelligence Agency by the implementation of the National Security Act of 1947.

Here are three of the declassified spy gadgets that were designed by the CIA and could be found in their museum:




 

Spy Quote of the Week

“There’s no such thing as technology that’s too old for operations.” 
~ Toni Hiley, Director, CIA Museum 
 
One good reason why a corporate TSCM program is so important. 

FBI Trolls Russian Embassy with Geotargeted Ads for Disgruntled Spies

The FBI’s latest counterintelligence operation against Russia is hardly secretive—you just have to be standing in the right place.

In the wake of Russian President Vladimir Putin’s unprovoked invasion of Ukraine, the FBI stepped up its recruiting efforts in the US, hoping to attract Russians who are dissatisfied or disillusioned with the war. People standing in close proximity to the Russian embassy in Washington, DC, can see the ads, which appear in Russian, on Facebook, Twitter, and Google.

One ad appeared in a Washington Post reporter’s Facebook feed when he was standing on the sidewalk next to the embassy’s walls on Wisconsin Avenue NW, but none appeared in his feed when he crossed the street.

“It’s a brilliant recruiting strategy because I think there’s probably a lot of folks within the Russian government that are incredibly dissatisfied with Putin’s war, and therefore it’s a great opportunity to see if any of those dissatisfied people could help us understand Putin’s intentions better,” Peter Lapp, a former FBI counterintelligence agent, told the Post. more

Monday, March 21, 2022

Disney's Alleged Art Espionage Theft - You Decide

When Andrew Martin created a fan-art sculpture of one of the Tiki drummers from Disney's attraction the Enchanted Tiki Room, he planned on turning it into a tip bucket for a Tiki drink night at a local bar...

Instead, he sculpted it during a seven-hour livestream in 2018 and posted the design online so other people could 3D print the sculpture, too. Then, earlier this year, Disney started selling what Martin argues is the exact same sculpture as a 50th Anniversary commemorative music box for $125...

The same imperfections and details on Martin's sculpture are shown on Disney's, too. No credit was given to Martin, even after he reached out to the company multiple times and posted about it to the tune of millions of views on TikTok and Instagram. more

Five Individuals Charged - Spying on U.S. Residents on Behalf of the PRC Secret Police

 ...As part of their efforts, the defendants electronically spied on the pro-democracy activists.  For example, posing as an art dealer interested in purchasing the artwork of the dissident artist, Ziburis secretly installed surveillance cameras and GPS devices at the dissident’s workplace and in his car.  While in the PRC, Sun watched the live video feed and location data from these devices.  The defendants made similar plans to install surveillance equipment at the residences and on the vehicles of two other dissidents.  Liu and Ziburis planned to gain access to one such residence by posing as a member of an international sports committee... more 

If you think you might be a target of any spy operation contact a professional Technical Surveillance Countermeasures (TSCM) security consultant for assistance.

A History of Wiretapping in the United States

Our privacy was not first invaded by J. Edgar Hoover. They’ve been listening in for far longer than that. 

Wiretapping is nearly as old as electronic communications. Telegraph operators intercepted enemy messages during the Civil War. Law enforcement agencies were listening to private telephone calls as early as 1895. Communications firms have assisted government eavesdropping programs since the early 20th century―and they have spied on their own customers, too. Such breaches of privacy once provoked outrage, but today most Americans have resigned themselves to constant electronic monitoring. 

How did we get from there to here? Hochman explores the origins of wiretapping in military campaigns and criminal confidence games, and tracks the use of telephone taps in the U.S. government’s wars on alcohol, communism, terrorism, and crime... more

Snopes Fact Checks Spy Shoes Story

For the last few years at least, an image has been circulating on the internet containing a bright yellow pair of shoes with lifted heels where the toes should go. The image was often shared alongside commentary that the shoes were warn by spies, who used them to throw would-be spy hunters off their trail.

We were unable to locate the original photograph, but there is no evidence that the pictured shoes were worn by real spies, during World War II or any other time.


We reached out to the International Spy Museum in Washington, D.C., asking whether the shoes look like anything that could have plausibly been worn by real spies... more

Saturday, March 19, 2022

Ex-Biotech Executives Sentenced for Genentech Trade Theft

Two co-founders of a Taiwan biotechnology company were sentenced Tuesday for plotting to steal trade secrets from Genentech in a $101 million scheme, prosecutors said.

Racho Jordanov, former CEO of JHL Biotech Inc., and former chief operating officer Rose Lin were sentenced in San Francisco federal court to a year and a day each in federal prison, the U.S. attorney's office said. more  original press release. 

A year and a day in prison over a $101 million scheme to steal trade secrets?!?! Doesn't seem like much of a deterrent for stealing trade secrets. Companies with trade secrets have to be more self-reliant. Consider adding Technical Surveillance Countermeasures (TSCM bug sweeps) to the security program.

Attorney Deborah S. Brenneman at Thompson Hine LLP explains some fine points of U.S. trade secret law...

Reasonable Efforts to Protect the Secrecy of Trade Secret Information
When prosecuting a trade secret claim, a company must not only demonstrate the value of the information at issue, but also that it exercised “reasonable efforts under the circumstances” to protect the information. In effect, courts will not step in to help if the owner has failed to help itself with security measures that match the business risk. 

In DePuy Synthes Prods. v. Veterinary Orthopedic Implants, Inc., 990 F.3d 1364 (Fed. Cir. 2021), the issue was whether to seal a court filing that contained confidential information about a manufacturer’s identity. There was no NDA or other contract establishing confidentiality; instead, the litigant relied on proof that it had kept the information confidential through its own internal security policies and protocols, but this was held to be insufficient. 

Similarly, the plaintiff in ASC Engineered Sols., LLC v. Island Industries, Inc., 2021 U.S. Dist. LEXIS 117177 (WD Tenn), sought summary judgment on the question of whether its efforts to protect its trade secrets were reasonable. The employer pointed to its policies and practice to inform employees about confidentiality and its marking of emails and documents with secrecy legends. The court was not persuaded. It held that such information could be considered but was not decisive because the company’s employees had denied seeing the security policies.

These cases highlight the need for companies to audit and evaluate the steps they take to protect their trade secrets. Policies are important, but practices are determinative. more

Tough Week for Spies



  • Bulgaria expels 10 Russian diplomats on allegations of spying. more

  • U.S. accuses five of spying and harassing China’s critics, effort to smear congressional candidate. more

  • Norwegian photographer arrested in Greece on spying charges. more

  • Reported Detention of Russian Spy Boss Shows Tension Over Stalled Ukraine Invasion more

  • Submarine Spy Couple Tried to Sell Nuclear Secrets to Brazil more

  • Russian spy captain killed on 'top secret' operation in Ukraine. more

  • Spy agencies' leaks of Russian plans point to the future of information warfare. more

  • Slovakia expels 3 Russian diplomats after spy services info. more

  • The long-haul fight over police spying allegations is on. more

  • Muslims Continue Battling FBI For Spying on OC Mosques After Supreme Court Ruling more

  • Russian spy chiefs ‘under house arrest’ as Putin turns on his security chiefs over invasion setback. more

  • New FBI documents link Saudi spy in California to 9/11 attacks. more

  • Cyberspace making Canadian secrets more vulnerable, spy service official warns. more

  • Why 78% Of Employers Are Sacrificing Employee Trust By Spying On Them more

  • Neighbour fed up with spying child: 'I'm entitled to privacy in my own garden'. more

The Government Will Pay for Your Bug Sweep... if you're an Australian

Domestic violence survivors to get government support to scan for spyware and hidden cameras.

Mobile phones will be checked for spyware and homes will be swept for cameras under a government plan to expand support for people who have experienced abuse by a current or former partner...

Nearly $55m will be invested in a program that provides technology checks to ensure people who have experienced domestic violence are not subjected to further abuse.

It includes checking a person's phone and computer to see if any GPS tracking programs or bugs have been installed, as well as searching for cameras hidden in toys, vents or lights in homes. more

Don't live in Australia? Want to check for spycams yourself? Learn how to do it.

Saturday, March 12, 2022

Some Thoughts on Mobile Spyware

It really is a great time to be a mobile threat. As mobile devices become ever more critical in our daily lives, hackers are seizing on a vulnerable blindspot in the enterprise attack surface...

Mobile threats often emanate from app stores, where many types of mobile malware hide as legitimate apps...

Spyware Detection Tips
As Sun Tzu once said, “There is no place where espionage is not possible.” Spyware exemplifies that statement perfectly. Spyware turns a personal mobile device into a corporate espionage bug just by entering an office, nestled in someone’s pocket...

To secure this largely-unrecognized vector, enterprises can look to mobile threat defense. When incorporated as part of a zero trust approach, MTD technology can examine the security of individual mobile devices, alerting the enterprise to threats and blocking access. It can ensure the device hasn’t been infected, jailbroken or compromised and act to protect corporate data if a threat arises. more

Aerospace Company Accuses California Aviation Start-Up of Stealing Trade Secrets

Aerospace supplier Moog Inc. said stolen trade secrets and an all-out raid of its flight software employees
 by an aviation startup in California have jeopardized its foray into unmanned helicopter aviation.

The Elma company called the data allegedly stolen by a former employee "breathtaking in its scope."

Moog, in a federal lawsuit filed this week in Buffalo, said a software engineer who quit the company's Los Angeles-area office in December took more than 136,000 digital files related to flight control software to her new employer, Skyryse, a six-year-old startup.

Moog accuses Misook Kim, a former employee, of copying to an external hard drive files that contained the source code of Moog's proprietary software programs, which it said took more than 15 years to develop by dozens of Moog engineers at a cost of hundreds of millions of dollars.

Moog said it is not aware of any other instance where a Moog employee copied to an external hard drive even a fraction of the data it said Kim did in November.

According to the lawsuit, "What Kim did is entirely without precedent at Moog." more

How Apple's FaceTime Glitch Allowed Eavesdropping

It's the bug taking a bite out of Apple. A flaw in the FaceTime app allowed eavesdropping. Here's how the glitch worked:

Users swiped up while calling someone then tapped add person. By adding their own number, it created a group FaceTime call and then...

"Just like magic that other phone number picked up automatically and you're able at that point to hear everything that's acquirable from an audio perspective from that phone without the other person picking up,” said Jonathan S. Weissman, Senior Lecturer in the Department of Computing Security at RIT.

Weissman says the glitch went even further... more


Ex-Russian Spy who fell in love with target blasts Putin:

‘He’ll stop at nothing’


A former Russian spy who says she was trained in the same grueling military program as Vladimir Putin is speaking against her country’s president, claiming he will stop at nothing to win the war in Ukraine.

Aliia Roza, 37, hit headlines last year after it was revealed she had fallen in love with a target she had been trained to honeytrap.

The brunette beauty — who fled Russia after barely escaping with her life — says Putin is used to getting exactly what he wants and won’t take kindly to any kind of loss. more

Industrial Espionage Movie: A 30 Minute Wake-Up Call

The FBI's Office of Private Sector, Counterintelligence Division and Training Division present this 30-minute film entitled Made in Beijing: The Plan for Global Market Domination. In the world of global adversaries, the People’s Republic of China stands at the forefront with its sustained and brazen campaign of industrial espionage, posing the single greatest threat to our freedom, national security, and economic vitality.  Made in Beijing: The Plan for Global Market Domination sounds the alarm, helping private sector partners recognize the urgent need to protect their crown jewels against industrial espionage. more

Friday, March 11, 2022

Shocking Security Discovery: Fake Surveillance Cameras Don't Deter Crime


TX - Mount Bonnell is known for its spectacular views of Austin, but it’s also getting a reputation as a hot spot for car break-ins... 

From Jan. 1 – March 7, there have been 100 car burglaries within 2,000 feet of the park according to the Austin Police Department’s Crime map... 

Austin Parks and Recreation told KXAN after a rash of incidents in July, August and September, it installed dummy cameras at Mount Bonnell as a theft deterrent... 

The department told us the fake cameras were later removed since crime did not decrease. more