North Korean man investigated for industrial espionage...
A North Korean man in his 40s is reportedly under investigation by the Ministry of State Security for turning over internal analyses from his workplace to a Chinese trader, Daily NK has learned.
The internal analyses the man gave to the trader reportedly concerned technology used to develop North Korean-style cosmetics. There is speculation that he will be sent to a political prison camp for espionage. more
Friday, October 16, 2020
Even North Korea has Industrial Espionage Problems
Monday, October 12, 2020
Espionage Alert: Children's Smartwatch is a Trojan Horse
The X4 smartwatch is marketed by Xplora, a Norway-based seller of children’s watches...
The backdoor is activated by sending an encrypted text message. Harrison Sand, a researcher at Norwegian security company Mnemonic, said that commands exist for surreptitiously reporting the watch’s real-time location, taking a snapshot and sending it to an Xplora server, and making a phone call that transmits all sounds within earshot.
Sand also found that 19 of the apps that come pre-installed on the watch are developed by Qihoo 360, a security company and app maker located in China. more (q.v. our 2017 post & etc.)
Sunday, September 20, 2020
How to Detect Malicious USB Cables
A malicious cable is any cable (electrical or optical) which performs an unexpected, and unwanted function. The most common malicious capabilities are found in USB cables. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions...
The worst malicious cables take control of a user’s cell phone, laptop, or desktop...
We purchased and tested several malicious USB cables. From what was learned during these tests our technical staff developed several new inspection protocols. more
Can’t identify the bugged cable?No worries. You can’t tell just by looking, even we can’t.
That’s why we put a small black mark on it.
It is Cable 3.
Wednesday, August 19, 2020
Why Corporations Need a TSCM Consultant On-Board
Nowadays more than ever, corporate espionage and hacking and stealing of IP has become a business discipline – with the threat not only coming from Asia. Desperation of many businesses due to dire economic outlooks, isolationism of nations and the new security gaps have amplified the willingness to obtain competitor information.
Take car manufacturers. These companies typically go through great lengths to get hold of their competitors’ newly released models to test and often dismantle them to get more information on the parts used and build process. This is mostly seen as legal.
Daimler, for example, used a cover entity to rent and test Deutsche Post DHL’s own electric van Streetscooter. Deutsch Post discovered what Daimler was doing through the van’s location data as it had made numerous laps around Daimler’s test track. The company later accused Daimler of industrial espionage. Daimler argued, however, that it was just “Mystery shopping”.
The sudden shift to remote work has massively amplified the problem of protecting proprietary information. As companies had to implement remote access technologies fast (or upgrade existing infrastructures) to ensure business continuity, they often fell back on improvisation. This led to the frequent neglect of even the most basic security and compliance protocols. more
An educated and credentialed Technical Surveillance Countermeasures (TSCM) specialist can help solve your security concerns, some of which you didn't even know existed!
Saturday, August 15, 2020
Corporate Espionage in the News
RedCurl is its name.
Corporate espionage is its game.
Security researchers today published findings on a new APT group they claim has been stealing data from organizations around the world as far back as 2018. Since then, RedCurl has targeted at least 14 private companies in 26 attacks designed to steal documents containing commercial secrets and employees' personal information.
Its targets span a range of industries and locations. The group has targeted organizations in construction, finance, consulting, retail, banking, insurance, law, and travel...
There is no indication who might have hired RedCurl, where they might be based, or who is behind these attacks, he adds. The group is fairly new, and researchers hope to learn more over time.
"Corporate espionage is not something that we're used to on the cyberscene," Mirkasymov says. Researchers believe the frequency of these attacks indicates it's likely to become more widespread in the future. more
----------
Three corporate espionage reasons why VW was not a good career choice...
March 14th - Former VW employee says he was fired after questioning deletion of documents. more
June 16th - Former VW employee sought by U.S. arrested in Croatia... more
August 14th - Former VW employee under investigation for corporate espionage found dead in burned-out car...was investigated by the police on suspicion of violating business secrets. more
----------
The U.S. National Security Agency and Federal Bureau of Investigation today issued a joint cybersecurity advisory warning on a previously undisclosed form of Russian malware...although the objectives of Drovorub were not detailed in the report, they could range from industrial espionage to election interference. more
----------
Once again, LinkedIn is the battleground for nation state espionage operations. Every counterintelligence and insider threat professional should be paying attention...The goal of the social engineer is to entice the target to at least take a gander at the job offering being discussed and click the attachment which is provided. This attachment carries the payload of malware designed to compromise the device and network of the target. Once the device is compromised and the group has access to the content, their espionage goals are achieved. more
----------
...and Corporate Espionage can also be entertaining...
As the conflict between global corporations heats up, one man decides to strike back against the unseen forces that quietly rule the modern world, using an entirely unanticipated weapon — his own mind. That’s the idea at the center of American Ronin...The series is the first collaboration between writer Peter Milligan (Shade the Changing Man, Hellblazer, X-Force) and artist ACO (Midnighter, Nick Fury), with the two playing off each other’s strengths to create a story that’s part-corporate espionage, part-superhuman thriller and unlike anything else on the stands at the moment. more
Wednesday, August 12, 2020
Attack Can Decrypt 4G (LTE) Calls to Eavesdrop on Conversations
A team of academics has detailed this week a vulnerability in the Voice over LTE (VoLTE) protocol that can be used to break the encryption on 4G voice calls.
Named ReVoLTE, researchers say this attack is possible because mobile operators often use the same encryption key to secure multiple 4G voice calls that take place via the same base station (mobile cell tower)...
Researchers say that the equipment to pull off a ReVoLTE attack costs around $7,000. While the price might seem steep, it is certainly in the price range of other 3G/4G mobile interception gear, usually employed by law enforcement or criminal gangs...
A scientific paper detailing the ReVoLTE attack is also available for download as PDF from here and here. The paper is titled "Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE." more
Friday, August 7, 2020
1650 Kircher Musurgia Listening Devices
Vol. 2 (Af-x.10): plate between pages 302 & 303 |
The illustration depicts a piazza-listening device.
The voices from the piazza are taken by the horn up through the mouth of the statue in the room on the piano nobile above, allowing both espionage and the appearance of a miraculous event. more
The modern eavesdropping equivalent is the ventilation plenum. Acoustical ducting is something most people don't consider when concerned about eavesdropping. We do.
Corporate Espionage Quote of the Week
"The threat model in corporate espionage is absolutely one of theft of property. It’s a lot easier to steal somebody’s laptop than to hack it." ~ toxik
National Security Concerns — Executive Orders Against TikTok
President Trump issued two executive orders late Thursday against China-based TikTok and messaging app WeChat, citing national security concerns in a sweeping order that could prevent the companies from doing most business in the United States....
“This data collection threatens to allow the Chinese Communist Party
access to Americans’ personal and proprietary information — potentially
allowing China to track the locations of Federal employees and
contractors, build dossiers of personal information for blackmail, and
conduct corporate espionage,” the TikTok order reads. more
Monday, August 3, 2020
Staffing Firm Alleges Corporate Espionage by Former Employees
In a 54-page filing with the Federal District Court in Northern District earlier this month, Adecco accuses the upstart Staffworks of raiding its Corning, Elmira, Utica and Syracuse staff to steal proprietary account information and using it to steal long-established business...
- Former employees commandeered a Adecco Corning office Facebook page for their own use, renaming it and taking control of posts.
- A former Adecco employee broke into locked office filing cabinets, drilling through locks, "to remove colleague personnel files and other Adecco documents containing confidential information." The employee contends she was only trying to obtain personal items from the locked cabinet.
- Proprietary pricing information and profit margin details was emailed from internal email accounts to personnel accounts before Adecco cut off access.
- Those named in the suit refused to return company laptops and mobile devices with critical and confidential client and company details.
- In their last weeks of employment , three defendants sabotaged client relationships by failing to enter information into a payroll system, later using the foul-up as evidence that Adecco was "going downhill," in an attempt to land new clients. more
The Vatican Hack
A report, released July 28, said that hackers may have used a counterfeit condolence message from Cardinal Pietro Parolin, the Vatican Secretary of State, to gain access to Vatican communications. more
Block TikTok, or Microsoft to the Rescue
U.S. Secretary of State, Mike Pompeo, claimed that TikTok sends user data to China, exerting pressure on the video-sharing social networking service. Pompeo brought attention to the fact that if personal information flows across a Chinese server, it will eventually end up in the hands of the Chinese Communist Party which he calls an “Evil Empire”.
TikTok has denied U.S. allegations but a report by cyber experts at ProtonMail says otherwise. The report is more a warning as it states – “Beware, the social media giant not only collects troves of personal data on you, but also cooperates with the CCP, extending China’s surveillance and censorship reach beyond its borders.” more
In other news...
Microsoft said Sunday it will continue talks to buy short-form video app, TikTok after its chief executive spoke with President Trump, following a weekend of uncertainty clouding the future of the Chinese-owned app. more
Connect the Dots...
When Microsoft bought Skype, Wired Magazine noted, "The Skype client itself is written almost as if it were a piece of malware, using complex obfuscation and anti-reverse engineering techniques, and it would be disquieting for Microsoft to release something that behaved in such a shady way; at the very least, the client would surely have to be rewritten to avoid the obfuscation and outright hostility to
managed networks that Skype currently has... Ultimately, it's hard to see how the Skype purchase is worthwhile from a
technology or user-access perspective. The technology isn't good enough
and the users aren't lucrative enough or plentiful enough to justify
it. more
Pure Conjecture Disguised as Analysis...
Microsoft already had Windows Live Messenger. Did it really need Skype? Skype you might recall was a predominately Estonian-based encrypted platform. It was giving governments fits worldwide. Then, in 2011, Microsoft bought it. Guess what happened.
TikTok, it appears, is also giving government fits. Who ya gonna call?
Friday, July 17, 2020
International Conferences on Business Espionage and Cyber Security
ICBECS 2021: 15. International Conference on Business Espionage and Cyber Security aims to bring together leading academic scientists, researchers and research scholars to exchange and share their experiences and research results on all aspects of Business Espionage and Cyber Security. It also provides a premier interdisciplinary platform for researchers, practitioners and educators to present and discuss the most recent innovations, trends, and concerns as well as practical challenges encountered and solutions adopted in the fields of Business Espionage and Cyber Security. more
ICBECS 2020: 14. International Conference on Business Espionage and Cyber Security, August 19-20, 2020 in Budapest, Hungary (to be held digitally) more
Monday, July 6, 2020
Security Director Alert: Why Home Offices Also Need TSCM
Since the lockdowns began, cybersecurity experts began to worry that it would be easier for attackers to compromise security systems. The fear of the pandemic, financial stress, and other distractions at home turned workers into ripe targets for scammers, as stress lowers people’s guard to tactics like phishing.
In the case of workers using VPNs, some experts see them as the perfect way to get a bad actor into a company’s network, likening it to a hypodermic needle. All an attacker needs is a few employees to click on some malware, perhaps from an email or a fake resume and they could be in — and some cyber experts even speculated that attackers might target unsecured Wi-Fi networks. more
Tuesday, June 23, 2020
How to Detect Hacked Charging Cables
Click to enlarge. |
- They Appear Normal
- They Blend In
- They Suck Up Your Data
Imagine a charging cable which looks exactly, and I mean exactly, like any stock charging cable. Oh, just one difference. This charging cable has built-in Wi-Fi and can run penetration programs on whatever it is plugged into.
Hacked charging cables exist, in four versions and two colors, white and black, and they sell for $119.99.
Ostensibly, they are, “built for covert field-use by Red Teams.” However, anyone can buy one. We did.
Determining if the following claims are true is important to protecting our clients.
“It looks like the real thing. It feels like the real thing, down to the millimeter.” Has “features that enhance remote execution, stealth, and forensics evasion.”
Our tests revealed... more
Wednesday, June 17, 2020
Why Law Firms Need TSCM More Than Ever
Hackers for hire can be extremely useful for some people and organizations. Although the report by the University of Toronto revealed that Dark Basin had infact conducted commercial espionage on behalf of clients against opponents involved in high profile public events.
But their work didn’t stop there. They also worked on criminal cases, financial transactions, news stories and advocacy in an attempt to throw doubt on prosecutions. more
TSCM - Technical Surveillance Countermeasures / Bug Sweep / Information Security Audit
Monday, June 15, 2020
Industrial Espionage Case: U.S. Company Awarded $3.36 Million
Prosecutors launched a probe into the alleged industrial espionage in February 2017 and decided to charge UMC and the three UMC employees in September, citing violation of Taiwan's Trade Secrets Act for sharing the information with Jinhua. more
'Spy City: The History of Espionage in New York City' Interactive
Secret Passphrase: "Your shoe is untied." |
– George Washington
From the Revolutionary War to the present day, covert ops have flourished in the five boroughs of New York City — after all, its myriad of parks, miles of subway, and millions of residents have long created the perfect environment for espionage activity. This is the story of Spy City, your mission begins now.
Join our special guest as we explore the history of espionage in New York City over four centuries of covert activity, from government spies to top-secret programs. more
Click link for full info and to get tickets ($10, thanks for your support!):
https://bit.ly/SpyCityNYCJune
U.S. Security Director Sentenced to 16 Years Hard Labor in Russia
He was arrested in a hotel room in Moscow 18 months ago with a USB flash drive which security officers say contained state secrets.
The Moscow City Court found him guilty of receiving classified information.
Whelan - who is also a citizen of the UK, Canada and Ireland - denounced the closed trial as a "sham" ahead of the verdict.
US Secretary of State Mike Pompeo called for Whelan's immediate release. more