The Secret, Insecure Life Of Security Cameras

Smart" cameras are one of the most ubiquitous IoT devices in the business world today, but they’re also one of the riskiest regarding cybersecurity.

What makes these devices so problematic—and a hacker’s dream—is that they fail at basic cybersecurity, are often accessible from the internet and almost always have outbound access to the internet, too...

Corporate Espionage
A more serious threat with smart cameras is that hackers can use them to spy on a company through video and audio feeds.

Sophisticated hackers can use this type of access to monitor susceptible areas in the company, such as boardrooms, executive conference rooms and manufacturing facilities. I’ve recently seen over half a dozen corporations compromised this way. The hackers remained undetected for years while they had direct access to important meetings and manufacturing operations.

Sneaky Data Theft
Smart cameras also make it harder for companies to detect stolen data leaving their networks. In a typical IT attack, hackers run the risk of getting caught when they try to exfiltrate data from the network. However, cameras and other types of IoT are a prominent blind spot for IT teams since they typically don’t monitor the cameras’ network traffic or block them from connecting to new IP addresses. This makes cameras a perfect conduit for data theft. more

Corporate Espionage: ASML Claims Employee Stole Chip Secrets–Sold them to China

ASML has a monopoly over the global semiconductor industry, and has currently restricted the sale of its machinery to China. 

ASML claims that in an episode of corporate espionage, an employee stole their chip manufacturing secrets and sold it to China...

Based on its preliminary investigations, ASML believes that the misappropriated data will not have a negative impact on its current operations, although it concedes that some “export control requirements” may have been breached. ASML has subsequently disclosed the data breach to the appropriate authorities, and it is “implementing further corrective steps in light of this event.” more

'Rabbit Hole' Clip Shows Kiefer Sutherland as a Mastermind of Corporate Espionage

A lengthy new clip has been released for Paramount+'s upcoming spy thriller series, Rabbit Hole...

Rabbit Hole stars Kiefer Sutherland as John Weir, a master manipulator who helps corrupt corporate businesses...

This scene shows how the series will be a diabolical foray into corporate espionage. more

Corporate Espionage Can Be Very Cost-Effective (if undetected)

UK - A traffic clerk at a London warehouse was asked to leak confidential corporate information to a rival in exchange for a £50 payment from a delivery driver, according to an extraordinary corporate espionage claim lodged in the High Court. 

In the claim filed last week, Sheffield-based logistics firm Tuffnells alleged that DX Group employees Tom Middlewood, Jim Sinden and Joe Trappitt — all former employees of Tuffnells — conspired to obtain daily customer service reports. more You may also want to read: The Employee Competitor… and what to do about it

Corporate Espionage: Newly Identified Hacker Group - Dark Pink

A newly identified hacker group Dark Pink attacked seven high profile targets, including government and military institutions, in Southeast Asia and Europe from June to December 2022, Russian cybersecurity company Group-IB said.

The main goal of the hacker group is corporate espionage, as criminals are trying to steal documents and record sounds from the electronic devices of the victims, the Russian cybersecurity firm said.

The hackers sent their victims email messages containing a link to a website, according to the statement. When the victim clicked on this link, a malicious file was downloaded, which then stole personal information from devices, including passwords, browser history, and data from Viber and Telegram. more

The 2.4 GHz Bug: $10

Another Good Reason to Schedule TSCM Corporate Security Inspections

This 2.4 GHz bug is just one of many eavesdropping devices, GPS trackers and spy cameras flooding the market these days. Corporations valuing information security and privacy need to be especially alert.

Many of these surveillance devices are not sophisticated, but they are very effective. 

Worse, they are readily available to anyone with a credit card and internet access. Most are so inexpensive they are considered “toss-away” — use once, don’t retrieve — perfect for short-term, low-risk use. Let’s examine… more

Twit Gets 3 1/2-Year Term on Spying for Saudis

A former Twitter Inc manager convicted of spying for Saudi Arabia by sharing user data several years ago and potentially exposing users to persecution was sentenced to 3-1/2 years in prison on Wednesday, U.S. prosecutors said. more

Just Because You are Paranoid... Device Found in CEO's Car

Eskom CEO, André de Ruyter, has doubled down on the claim that he stumbled upon a highly sophisticated tracking device under the driver’s seat of his Volvo...

This comes after details were provided to press in October about a circuit board, described as an “NSA-level device”, that De Ruyter found while cleaning his car.

Articles cited a preliminary report prepared by former police commissioner George Fivaz who claimed the device isn’t commercially available, and is typically used by law enforcement and intelligence agencies...

Journalists were provided photos of the circuit board, which they duly published....

Security researcher Daniel Cuthbert was willing to comment on the record.

He explained that, based on the evidence, the device was likely nothing more than a remote of some kind.

Such a remote button could be a gate or garage opener, a panic button, or a way to arm and disarm a home alarm.

MyBroadband’s in-house researcher and electronic engineer Wikus Steyn agreed.

“There is no GPS chip or antenna, so no tracking that way. I see no mic onboard, although there is what seems to be a 2-pin input at the top, but that is most likely for a push button,” Steyn stated. He also said the quality of soldering suggests cheap mass production. more

Our take... I agree with Dan and Wikus. (but be sure to read the last paragraph) If the TI IC info in the photo is correct TI lists the chip's applications as:

1.2 Applications

• Low-Power, High-Performance, Wireless Systems With Data Rate Up to 1250 kbps
• ISM/SRD Bands: 169, 433, 868, 915, and 920 MHz
• Possible Support for Additional Frequency Bands: 137 to 158.3 MHz, 205 to 237.5 MHz, and 274 to 316.6 MHz
• Smart Metering (AMR/AMI)
• Home and Building Automation
• Wireless Alarm and Security Systems
• Industrial Monitoring and Control
• Wireless Healthcare Applications
• Wireless Sensor Networks and Active RFID
• IEEE 802.15.4g Applications
• Wireless M-Bus, All Modes

Eskom CEO, André de Ruyter, may have misidentified this item, but it definitely doesn't mean he is not being surveilled. Thoughts of tracking and bugging are not normal. Something has made him suspicious. Trust your instincts, André. Get some professional TSCM help, and don't make it a public issue.

Espionage Group Using USB Devices to Hack Targets

USB devices are being used to hack targets in Southeast Asia, according to a new report by cybersecurity firm Mandiant.

The use of USB devices as an initial access vector is unusual as they require some form of physical access — even if it is provided by an unwitting employee — to the target device.

Earlier this year the FBI warned that cybercriminals were sending malicious USB devices to American companies via the U.S. Postal Service with the aim of getting victims to plug them in and unwittingly compromise their networks...

The hackers behind it are concentrating on targets in the Philippines. The researchers assess the group has a China nexus, although it did not formally attribute the cyber espionage operation to a specific state-sponsored group. more

Trade Secret Litigation 101

Trade secrets, and their associated value, are an understated facet of commercial activity. The intellectual property owned and protected by businesses carry with them enormous economic weight and are often the target of inappropriate corporate activities such as espionage and theft. 

Too often, these pieces of property are insufficiently protected, misunderstood, and do not get the attention they deserve. As such, trade secret litigation has evolved into a niche, but growing area of law practice.

Below, we will explore some of the key elements of trade secret litigation, its scope and magnitude, distinctions between trade secrets and other types of intellectual property, as well as several other important considerations... more

Espionage Claim in Airbus Court Fight

Airbus has faced claims that it is using a court battle with an airline to obtain “super sensitive” commercial secrets about Boeing, its main rival.

In the latest twist to the dispute between Qatar Airways and Airbus, the world’s second largest aircraft manufacturer, a judge heard allegations that amounted to corporate espionage.

The Gulf airline is bringing a £1.3 billion claim against Airbus over allegations that problems with cracking paint rendered the A350 passenger aircraft unsafe. more

Fears Grow of Russian Spies Turning to Industrial Espionage

Russia acknowledged this week that parts of its technology industry are dependent on foreign knowledge and lagging competitors by more than a decade, raising concerns that the country’s cyber spies will be used for industrial espionage.

Experts told The Record that Western companies should be on “full alert” for attacks from Moscow’s intelligence services. President Vladimir Putin has suggested in recent months that the country’s Foreign Intelligence Service (SVR) should support technological development as the country deals with mounting sanctions.

The admission about the state of Russia’s microelectronics industry is contained in a new strategic policy document from the Ministry of Industry and Trade, reported Tuesday by Kommersant. It lists a number of acute problems facing Russia’s domestic technology industry, including its dependence on foreign intellectual property; its lack of production capacity; and Russia being unattractive to investors. more

FutureWatch - Metaverse Espionage

By 2026, it is predicted that 25 per cent of people will spend at least one hour a day in the metaverse. There, they’ll be able to participate in activities such as working and shopping, and 30 per cent of firms will have their products and services ready for the metaverse.

The metaverse — which includes blockchains and cryptocurrencies — is still in its early stages. As its possibilities expand, it’s important to consider the potential threats and dangers as the metaverse introduces risks related to legislation, property, control, fraud, privacy threats, ethics and security...

The metaverse can bring many fraud risks, such as market manipulation, cyber breaches and attacks, privacy breaches, money laundering, corporate espionage and identity theft.

Unlike traditional social media platforms, users have no guarantee that the data they share is only shared with those they choose to share it with in the metaverse. That means user identities can be tracked and revealed

As one researcher explains: “We cannot just turn off who can follow our avatars in the metaverse as we can do in the traditional social media.” more

Demise of a Corporate Spy

Shares of Pegasystems have dropped 65% since the start of the year and are unlikely to recover.

(Spoiler Alert... Appian Awarded $2.036 Billion in Damages Against Pegasystems Inc.) 

Appian, for investors who are unfamiliar, is a fellow SaaS vendor that competes in the business process management (BPM) space and also emphasizes low-code software. Appian sued and won a corporate espionage case against Pegasystems. 

In a nutshell, Pegasystems was found guilty of trade secret appropriation: it hired an employee of a government contractor to provide it with access to Appian software. This contractor then passed information (including video recordings of the Appian development environment) to Pegasystems employees. Pegasystems' CEO, Alan Trefler, was also found to have participated in meetings with this contractor present... Appian won a $2.036 billion judgment in its favor. more

Does your company have a Surreptitious Recording in the Workplace policy? If not, read Surreptitious Workplace Recording — and what to do about it.

NFL Espionage Book Released Today - "Spies on the Sidelines"

by Kevin Bryant

Hi, I’m so excited to announce that today is release day for Spies on the Sidelines: The High-Stakes World of NFL Espionage! I’d like to say a huge thanks to everyone who has supported me in getting to this point. I’m in debt to so many people for their contributions. Thank you all so much!

ABOUT THE BOOK

Spies on the Sidelines details the collection techniques NFL teams utilize to gather information about their opponents in order to gain a game day advantage, as well as the countermeasures used to defend against these. The book spans the entire history of the league and contains anecdotes from each and every NFL team.

ORDERING INFORMATION

If you still haven’t ordered Spies on the Sidelines (perhaps you’ve been waiting for just this day), here’s how to get yourself a copy—and don’t forget the book makes a great gift for the football fans in your life too.

Hardcover: The hard cover version is most easily purchased through Amazon (as everyone already has an account) but can also be bought through the publisher, Rowman & Littlefield (www.rowman.com), and there is a 30% discount with the code RLFANDF30 if the book is ordered from their website. Other options are also available at www.SpiesOnTheSidelines.com.

E-book: The e-book version can be found at Amazon, Rowman & Littlefield, and Apple Books.

Audio book: Unfortunately it's not quite available. The plan is to have it out by 1 September 2022.

What Can a Private Investigator do for Your Business?

Businesses can go under for several reasons, sometimes they simply aren’t profitable whereas other times something sinister is happening underneath that most business owners aren’t aware of.

Corporate espionage is bigger than you may think and if you have a product or industry secret that your competitors would love to get their hands on then hiring a private detective can help. There are many ways your competitors may use to steal your business data, some of which could be installing malware on your company computers or bugging your office or meeting rooms.

A private detective can be hired to search your business for electronic bugs and get rid of them accordingly. If you think this is a work of fiction and it doesn’t happen you would be mistaken. Bugs are placed in businesses and private residents illegally all of the time. more

I Would be Shocked if I am Not Being Spied On: Elon Musk

On the micro-blogging site Twitter, Musk posted a picture, which reads "Does anyone else feel like they are being watched?".

While replying to that, a user wrote "you are 24/7 on all your devices and online services, including your own Starlink. In your case it is not just mass surveillance. You are a priority target".

"I would be shocked if I am not being spied on haha. My only ask is that anyone spying on me please not affect call quality too much or I cannot hear what is being said!" Musk said in a reply to the user. more

Corporate Espionage is Entering a New Era

Companies need to take it more seriously...

In May a jury awarded Appian, whose headquarters are in McLean, Virginia, a whopping $2bn in damages after it had accused Massachusetts-based Pegasystems of illegally snooping on it to gain a competitive edge.

The trial revealed that Pegasystems executives had referred to a contractor hired to obtain some of the ingredients of Appian’s secret sauce as “our spy” in internal documents, and had dubbed the overall spying effort “Project Crush”...

The episode illustrates how interest in business espionage, and learning how to foil it, has broadened. Snooping is no longer mostly centred on a few “sensitive” industries that have long been vulnerable, such as defence and pharmaceuticals. It is increasingly used to target smaller companies in surprising sectors, including education and agriculture. It has, in short, become more of a general business risk. more

Series: Types of Industrial Espionage

Industrial espionage refers to various activities performed to gain an unfair competitive advantage, rather than for national security purposes. As we discussed in a previous article, the ways in which industrial espionage can affect a company are numerous and include theft of trade secrets and disruption to operation.

Section 1832 of the Economic Espionage Act of 1996 (the “Act”) criminalizes the theft of trade secrets “intended for use in interstate or foreign commerce, to the economic benefit of anyone other than the owner.” The trade secret owner is required to take “reasonable measures” to keep the information secret. 

For individuals, convictions in violation of 18 U.S.C. § 1832 can result in a prison sentence of up to 10 years or a monetary penalty, or both. For organizations, the fine may be “not more than the greater of $5,000,000 or 3 times the value of the stolen trade secret . . . including expenses for research and design and other costs of reproducing the trade secret.” Section 1832 requires that the products be “produced for” or “placed in” interstate or foreign commerce. more

One excellent reasonable measure is the Technical Surveillance Countermeasures (TSCM) inspection, conducted periodically. 

Ex-Coca-Cola Chemist Sentenced for Stealing $120 Million Trade Secret

A Chinese chemical engineer was sentenced to 14 years in prison for stealing trade secrets on drink can coatings to establish a Chinese company backed by the Chinese government.

Xiaorong “Shannon” You, 59, was sentenced on Monday by a federal judge in Greeneville, Tennessee, on the charges of conspiracy to commit trade secret theft, conspiracy to commit economic espionage, possession of stolen trade secrets, economic espionage and wire fraud. In addition, she is ordered to pay a $200,000 fine and serve three years of supervised release.

“Stealing technology isn’t just a crime against a company,” Acting Assistant Director Bradley S. Benavides of the FBI’s Counterintelligence Division said in a release. “It’s a crime against American workers whose jobs and livelihoods are impacted.” more

Extra Credit...
How to Turn a Coke Can Into an Eavesdropping Device