North Korean man investigated for industrial espionage...
A North Korean man in his 40s is reportedly under investigation by the Ministry of State Security for turning over internal analyses from his workplace to a Chinese trader, Daily NK has learned.
The internal analyses the man gave to the trader reportedly concerned technology used to develop North Korean-style cosmetics. There is speculation that he will be sent to a political prison camp for espionage. more
The backdoor is activated by sending an encrypted text message. Harrison Sand, a researcher at Norwegian security company Mnemonic, said that commands exist for surreptitiously reporting the watch’s real-time location, taking a snapshot and sending it to an Xplora server, and making a phone call that transmits all sounds within earshot.
Sand also found that 19 of the apps that come pre-installed on the watch are developed by Qihoo 360, a security company and app maker located in China. more (q.v. our 2017 post & etc.)
A malicious cable is any cable (electrical or optical) which performs an unexpected, and unwanted function. The most common malicious capabilities are found in USB cables. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions...
The worst malicious cables take control of a user’s cell phone, laptop, or desktop...
We purchased and tested several malicious USB cables. From what was learned during these tests our technical staff developed several new inspection protocols. more
Nowadays more than ever, corporate espionage and hacking and stealing of IP has become a business discipline – with the threat not only coming from Asia. Desperation of many businesses due to dire economic outlooks, isolationism of nations and the new security gaps have amplified the willingness to obtain competitor information.
Take car manufacturers. These companies typically go through great lengths to get hold of their competitors’ newly released models to test and often dismantle them to get more information on the parts used and build process. This is mostly seen as legal.
Daimler, for example, used a cover entity to rent and test Deutsche Post DHL’s own electric van Streetscooter. Deutsch Post discovered what Daimler was doing through the van’s location data as it had made numerous laps around Daimler’s test track. The company later accused Daimler of industrial espionage. Daimler argued, however, that it was just “Mystery shopping”.
An educated and credentialed Technical Surveillance Countermeasures (TSCM) specialist can help solve your security concerns, some of which you didn't even know existed!
RedCurl is its name.
Corporate espionage is its game.
Security researchers today published findings on a new APT group they claim has been stealing data from organizations around the world as far back as 2018. Since then, RedCurl has targeted at least 14 private companies in 26 attacks designed to steal documents containing commercial secrets and employees' personal information.
Its targets span a range of industries and locations. The group has targeted organizations in construction, finance, consulting, retail, banking, insurance, law, and travel...
There is no indication who might have hired RedCurl, where they might be based, or who is behind these attacks, he adds. The group is fairly new, and researchers hope to learn more over time.
"Corporate espionage is not something that we're used to on the cyberscene," Mirkasymov says. Researchers believe the frequency of these attacks indicates it's likely to become more widespread in the future. more
----------
Three corporate espionage reasons why VW was not a good career choice...
March 14th - Former VW employee says he was fired after questioning deletion of documents. more
June 16th - Former VW employee sought by U.S. arrested in Croatia... more
August 14th - Former VW employee under investigation for corporate espionage found dead in burned-out car...was investigated by the police on suspicion of violating business secrets. more
----------
The U.S. National Security Agency and Federal Bureau of Investigation today issued a joint cybersecurity advisory warning on a previously undisclosed form of Russian malware...although the objectives of Drovorub were not detailed in the report, they could range from industrial espionage to election interference. more
----------
Once again, LinkedIn is the battleground for nation state espionage operations. Every counterintelligence and insider threat professional should be paying attention...The goal of the social engineer is to entice the target to at least take a gander at the job offering being discussed and click the attachment which is provided. This attachment carries the payload of malware designed to compromise the device and network of the target. Once the device is compromised and the group has access to the content, their espionage goals are achieved. more
----------
...and Corporate Espionage can also be entertaining...
A team of academics has detailed this week a vulnerability in the Voice over LTE (VoLTE) protocol that can be used to break the encryption on 4G voice calls.
Named ReVoLTE, researchers say this attack is possible because mobile operators often use the same encryption key to secure multiple 4G voice calls that take place via the same base station (mobile cell tower)...
Researchers say that the equipment to pull off a ReVoLTE attack costs around $7,000. While the price might seem steep, it is certainly in the price range of other 3G/4G mobile interception gear, usually employed by law enforcement or criminal gangs...
A scientific paper detailing the ReVoLTE attack is also available for download as PDF from here and here. The paper is titled "Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE." more
 |
| Vol. 2 (Af-x.10): plate between pages 302 & 303 |
The illustration depicts a piazza-listening device.
The voices from the piazza are taken by the horn up through the mouth of the statue in the room on the piano nobile above, allowing both espionage and the appearance of a miraculous event. more
The modern eavesdropping equivalent is the ventilation plenum. Acoustical ducting is something most people don't consider when concerned about eavesdropping. We do.
"The threat model in corporate espionage is absolutely one of theft of property. It’s a lot easier to steal somebody’s laptop than to hack it." ~ toxik
“This data collection threatens to allow the Chinese Communist Party
access to Americans’ personal and proprietary information — potentially
allowing China to track the locations of Federal employees and
contractors, build dossiers of personal information for blackmail, and
conduct corporate espionage,” the TikTok order reads. more
U.S. Secretary of State, Mike Pompeo, claimed that TikTok sends user data to China, exerting pressure on the video-sharing social networking service. Pompeo brought attention to the fact that if personal information flows across a Chinese server, it will eventually end up in the hands of the Chinese Communist Party which he calls an “Evil Empire”.
TikTok has denied U.S. allegations but a report by cyber experts at ProtonMail says otherwise. The report is more a warning as it states – “Beware, the social media giant not only collects troves of personal data on you, but also cooperates with the CCP, extending China’s surveillance and censorship reach beyond its borders.” more
In other news...
Microsoft said Sunday it will continue talks to buy short-form video app, TikTok after its chief executive spoke with President Trump, following a weekend of uncertainty clouding the future of the Chinese-owned app. more
Connect the Dots...
When Microsoft bought Skype, Wired Magazine noted, "The Skype client itself is written almost as if it were a piece of malware, using complex obfuscation and anti-reverse engineering techniques, and it would be disquieting for Microsoft to release something that behaved in such a shady way; at the very least, the client would surely have to be rewritten to avoid the obfuscation and outright hostility to
managed networks that Skype currently has... Ultimately, it's hard to see how the Skype purchase is worthwhile from a
technology or user-access perspective. The technology isn't good enough
and the users aren't lucrative enough or plentiful enough to justify
it. more
TikTok, it appears, is also giving government fits. Who ya gonna call?
 |
| Click to enlarge. |
 |
| Secret Passphrase: "Your shoe is untied." |
