The Sundance Film the FBI Doesn't Want You to See

(T)ERROR is the first film to document an active FBI counterterrorism sting investigation.

In the feature documentary (T)ERROR, which premiered this week at the 2015 Sundance Film Festival, everyone is spying on everyone: the informant on the target, the target on the informant, the FBI on the informant, the filmmakers on the FBI.

Incredibly, directors Lyric R. Cabral and David Felix Sutcliffe manage to film not just the one doing the surveilling but also the one being surveilled — without either subject knowing the other is also appearing on-camera.

It’s a daring feat made even more impressive when you realize the FBI has no idea that the informant they’re using is in fact simultaneously using them.

But unlike Homeland or some John le Carré novel, where spying is sexy and the characters are all perspicacious, (T)ERROR depicts the reality of today’s domestic intelligence gathering: it is not glamorous, the vernacular is informal, the surveillance techniques utilized include “advanced” approaches like trying to befriend someone on Facebook, and incompetence abounds (at one point a confidential phone number is discovered by typing it into Google).
(more)

Economic Espionage - NYC Russian Banker Arrested by FBI

Federal prosecutors arrested a Russian banker in New York on Monday and charged him as a spy, accusing him and two others of secretly gathering information about the New York Stock Exchange, U.S. energy resources and sanctions against Moscow.

Prosecutors described clandestine meetings and coded communications between the banker and his handlers, one of whom worked as a trade representative of the Russian Federation in New York, the other as an attaché to the Permanent Mission of the Russian Federation to the United Nations.

The spycraft alleged in the complaint reads like a throwback to the Cold War. Yet the alleged operatives’ target was more modern: economic intelligence... 

The most interesting part...
Mr. Buryakov suggested they ask about the NYSE’s use of exchange-traded funds, potential limits on the use of automated high-frequency trading systems... NYSE spokesman declined to comment.
(more)

• The movie Blackhat illustrates market manipulation, and why it would interest them.
• Classic spycraft is alive and well. It ain't all IT-based.
• Nice job, FBI!

The No Back Door Bill is Back

Sen. Ron Wyden (D-Ore.) is reintroducing legislation that bars the government from requiring technology companies to build so-called "backdoor" security vulnerabilities into their devices to allow access to their data.

Wyden first introduced the bill last December after FBI director James Comey criticized moves by some phone companies to encrypt devices to prevent anyone from accessing their data without permission, even law enforcement.

Comey has called on Congress to update a 1994 law to allow a workaround, saying the phone locks could stall some law enforcement investigations.

“The problem with this proposal is that there is no such thing as a magic key that can only be used by good people for worthwhile reasons,” Wyden said in a floor statement Thursday. “There is only strong security or weak security.”
(more)

No Warrant Wiretaps - There is a Santa "Clause"

If you're in a public place, don't expect your phone calls and texts to stay private. At least not if the FBI flies a Cessna over your head or drives a car around your neighborhood while you're out for a walk.

Warrant?

The FBI won't bother to obtain search warrants before it uses interception devices on people in public, according to a letter written by Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and staffer Sen. Chuck Grassley (R-Iowa).

These devices include Stingrays, the cell-tower decoy interception devices used to scoop up data from devices around it. The FBI puts Stingrays and similar devices known as dirtboxes in cars and small airplanes as a way to quickly dragnet data from a large number of devices while it is hunting for a device that belongs to a suspect.
(more)

Double Check Your Tech

via Bruce Schneier...
This is a creepy story. The FBI wanted access to a hotel guest's room without a warrant. So agents broke his Internet connection, and then posed as Internet technicians to gain access to his hotel room without a warrant.

From the motion to suppress:

The next time you call for assistance because the internet
service in your home is not working, the "technician" who comes
to your door may actually be an undercover government agent.
He will have secretly disconnected the service, knowing that
you will naturally call for help and -- when he shows up at
your door, impersonating a technician -- let him in. He will
walk through each room of your house, claiming to diagnose the
problem. Actually, he will be videotaping everything (and
everyone) inside. He will have no reason to suspect you have
broken the law, much less probable cause to obtain a search
warrant. But that makes no difference, because by letting him
in, you will have "consented" to an intrusive search of your
home.

Basically, the agents snooped around the hotel room, and gathered evidence that they submitted to a magistrate to get a warrant. Of course, they never told the judge that they had engineered the whole outage and planted the fake technicians. (more)

Weird World Bugging News...

Wait. What!?!?  An eavesdropping organ transplant scandal, 47 wiretapping cops, carte blanche surveillance in the USA, SRG's self-licking surveillance ice cream cone, and a spy shop morphing into a pot shop! Too weird.

Taiwan - Taipei mayoral candidate Sean Lien (連勝文) said yesterday that his opponent Ko Wen-je (柯文哲) should drop out of the election if police are not able to confirm the existence of the alleged eavesdropping devices that Ko's election team claimed they discovered connected to their office phone; Lien added that Ko is only trying to divert attention away from his recent human organ transaction scandal. (more)

Turkey - Malatya Police Department launched an investigation on Wednesday into 47 police officers, who are allegedly affiliated with the Gülen Movement, for unlawful wiretapping charges. According to initial reports, the investigation encompasses the wiretapping of phone conversations during the past four years. (more)

US - A federal regulatory body is discussing a rule change Nov. 5 that would allow the FBI to conduct electronic surveillance of devices wherever they're located. (more)

UK - Security Research Group shares jumped 17% as the electronic surveillance and property services firm accompanied a significant increase in half-year earnings with a bullish full year outlook. Its Specialist Electronics unit, which sells IED detectors to the military and bugging devices to police forces, recorded an operating profit of £274,000, up from £7,000. The division was helped by a £268,000 deal with Australian homeland security services for its ‘SuperBroom’ handheld detectors (ironically, a bug detector). (more)

NV - Medical marijuana businesses are one step closer to opening up shop in the Silver State... MediFarm is closing in on a deal to buy The Spy Shop building in Midtown. (more)

Texas Oil - Target of Business Espionage

TX - “...look at the Eagle Ford Shale and the billions of dollars that's bringing into the Texas economy, the bad guys see that,” said FBI San Antonio Special Agent in Charge Christopher Combs...

Christopher Combs nailed it in this interview.

...they are also looking to snatch company secrets. "It's corporate espionage, there’s no question about it," said Combs. “Foreign governments or foreign companies are looking for any competitive advantage. Whether it's the widget that you use to drill, or it's a process that you use to track inventory better. They're really looking at the company as a whole to find out every little thing that you do that makes you a better company on the world market."...

“We also worry about foreign governments placing people in companies where they really want to find out the secrets," said Combs. ... "They'll take an individual and maybe spend years to work that individual into a particular position in the company, so that they can gather those secrets and bring them overseas," Combs said. Combs also warned about disgruntled U.S. employees who want to take revenge on their companies. "It's not just the threats coming in from the outside, but what information is going from the inside out," he said. 

It's a warning to companies, no matter the industry, to keep an eye out. “It has to be a holistic perspective where you are looking at the people who work in your corporation, your internet and security, and how you conduct business, whether it's here in the country or overseas,” said Combs. (more)

1958 - The Hollow Coin Spy Case

CIA Archives: The Hollow Coin - Espionage Case of Rudolf Abel (1958) 

Vilyam (Willie) Genrikhovich (August) Fisher (Вильям Генрихович Фишер) (July 11, 1903 — November 16, 1971) was a noted Soviet intelligence officer. He is generally better known by the alias Rudolf Abel, which he adopted on his arrest. His last name is sometimes given as Fischer; his patronymic is sometimes less exactly transliterated as Genrikovich. 

The Hollow Nickel Case (also known as The Hollow Coin), refers to the method that the Soviet Union spy Vilyam Genrikhovich Fisher (aka Rudolph Ivanovich Abel) used to exchange information between himself and his contacts, including Mikhail Nikolaevich Svirin and Reino Häyhänen. 

On June 22, 1953, a newspaper boy (fourteen-year-old newsie Jimmy Bozart), collecting for the Brooklyn Eagle, at an apartment building at 3403 Foster Avenue in Brooklyn, New York, was paid with a nickel (U.S. five cent piece) that felt too light to him. When he dropped it on the ground, it popped open and contained microfilm inside. The microfilm contained a series of numbers. 

He told the daughter of a New York City Police Department officer, that officer told a detective who in two days told an FBI agent about the strange nickel. After the FBI obtained the nickel and the microfilm, they tried to find out where the nickel had come from and what the numbers meant...

FBI to Congress - More Power Please

The FBI is asking Congress to give it new powers to force technology companies to turn over private information on their customers. 

FBI Director James Comey warned Thursday that new technologies are making it easy for criminals to hide incriminating information from police...

For several years, the FBI has been warning about the problem of new technologies allowing criminals to "go dark." But Comey explained that his new push was prompted by the decisions by Apple and Google to provide default encryption on their phones that will make it impossible to unlock them for police, even when faced with a court order. (more)

FBI Seeks Expansion of Internet Investigation Powers

A Department of Justice proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for domestic law enforcement to hack into computers of people attempting to protect their anonymity on the Internet. The DOJ has explicitly stated that the amendment is not meant to give courts the power to issue warrants that authorize searches in foreign countries—but the practical reality of the underlying technology means doing so is almost unavoidable...

As for extraterritorial hacking, the DOJ commentary explicitly states that the proposal does not seek power to extend search authority beyond the United States: 

• In light of the presumption against international extraterritorial application, and consistent with the existing language of Rule 41(b)(3), this amendment does not purport to authorize courts to issue warrants that authorize the search of electronic storage media located in a foreign country or countries. AUSA Mythili Raman, Letter to Committee.

Yet the commentary also articulates a standard of searches that “are within the United States or where the location of the electronic media is unknown....

The latter standard seems to be a significant loophole in the DOJ’s own formulation of the approach, particularly given the global nature of the Internet. For instance, over 85% of computers directly connecting to the Tor network are located outside the United States. (more)

The Ford Motors Bugging Case - FBI Continues Investigation

The FBI has taken a computer disk and internal Ford e-mails in a continuing investigation of a former employee who was fired in June after the company found recording devices she had hidden in a building on its Dearborn, Mich., world headquarters campus.

Ford fired Sharon Leach, 43, a mechanical staff engineer who worked at Ford for 16 years, in late June after company security personnel saw her leave and return to the same conference room on multiple occasions. She told them she was recording conference meetings using the bugs...

According to court records, the FBI seized eight listening devices from Ford headquarters on July 11. It earlier had seized more than two dozen items from Leach's Wyandotte, Mich., home weeks earlier, including bank statements, tax records, a buy.com shipping bag, a Post-It note with numbers and a key chain with keys labeled "do not duplicate." (more)

FBI Citizens Academy - Hey, corporate America, turn around and pay attention.

“The top secret, government, political secrets, all that top secret stuff that you kind of think about spies, probably less than 10% of what they are trying to go after.” 

FBI experts say that 90% of what they go after, is industrial and trade secret espionage, and the target: students and executives from companies traveling abroad carrying trade secrets from their research and development at universities and companies.. And it's highly sought after.

“Every company, your research and development, it’s your next product down the road, and if I can steal that information and beat you to the market it's going to be devastating for you as a company.” (more) (video)

The FBI Speaks Out: Economic Espionage and Protecting Trade Secrets

When: 7/30/2014
From 5:00 PM until 7:00 PM
Where: Boston Bar Association
16 Beacon Street
Boston, Massachusetts
United States

Trade secret thefts, both domestic and international, cost U.S. companies billions of dollars per year.  Over 85 percent of trade secret thefts involve employees and business partners.  It is imperative to put a trade secret protection program in place. The FBI will show you why and how. 
​
In a joint BBA/BPLA sponsored event, federal enforcement specialists Carmine Nigro and Ted Distaso, Brian Moriarty of Hamilton Brook Smith Reynolds, P.C., and Russell Beck of Beck Reed Riden LLP discuss methods of trade secret theft and best practices in theft prevention. (more) (register)

FYI - Just up the street from:
Cheers (pub)
84 Beacon St.
Boston, MA 02108
"Where everybody knows your name." (But that's another privacy issue.)

Ford - Listening Devices Found in Company Meeting Rooms

A former Ford engineer is being probed by the FBI after listening devices were found in meeting rooms at company offices.

Ford issued a statement saying that it "initiated an investigation of a now-former employee and requested the assistance of the FBI."

It also adds that Ford's offices were not searched by the agency. "Ford voluntarily provided the information and items requested in the search warrant. We continue to work in cooperation with the FBI on this joint investigation. As this is an ongoing investigation, we are not able to provide additional details." (more)

(Sharon) Leach admitted hiding the devices under tables to help her transcribe meetings, her lawyer said... 

The devices were installed before meetings but could not be easily removed, her lawyer said. The audio devices were left in the conference rooms and unintentionally recorded other meetings.

In all, Leach gave Ford security eight Sansa recording devices, her lawyer said. Those are the same devices listed on the FBI’s search warrant on July 11. (more)

Flash: 100+ Arrested in Global Malware Crackdown

The FBI and police in several countries have arrested more than 100 people and conducted hundreds of searches in recent days in a global crackdown on hackers linked to the malicious software called Blackshades, two law enforcement officials told CNN. 

The years-long investigation is targeting one of the most popular tools used by cybercriminals. The malware sells for as little as $40 and can be used to hijack computers remotely and turn on webcams, access hard drives and capture keystrokes to steal passwords without the victim's knowledge, CNN Justice Reporter Evan Perez and CNN Justice Producer Shimon Prokupecz report.
People familiar with the investigation say U.S. prosecutors are expected to announce more details today. (more)

Don't Be a Pawn: A Warning to Students Abroad

Former American college student Glenn Duffie Shriver studied abroad in Shanghai, People's Republic of China.

There, he became a target of Chinese intelligence services and crossed the line when he agreed to participate in espionage-type activity.

He pleaded guilty to conspiring to commit espionage for a foreign government and was sentenced to a four-year term in federal prison.

This video contains excerpts from a prison cell interview where Shriver tells his own story, and warns U.S. students about the foreign intelligence threat. (more)

U.S. Notified 3,000 Companies About Cyberattacks in 2013

Federal agents notified more than 3,000 U.S. companies last year that their computer systems had been hacked, White House officials have told industry executives, marking the first time the government has revealed how often it tipped off the private sector to cyber intrusions.

The alerts went to firms large and small, from local banks to major defense contractors to national retailers...

“Three thousand companies is astounding,” said James A. Lewis, a senior fellow and cyberpolicy expert at the Center for Strategic and International Studies. “The problem is as big or bigger than we thought.”

The number reflects only a fraction of the true scale of cyberintrusions into the private sector by criminal groups and foreign governments and their proxies, particularly in China and Eastern Europe. The estimated cost to U.S. companies and consumers is up to $100 billion annually, analysts say. (more)

How do the FBI and Secret Service know...

...your network has been breached before you do?
 
Knock, knock! Secret Service here. "Is this your customer payment card data?"

By all accounts, many of the massive data breaches in the news these days are first revealed to the victims by law enforcement, the Secret Service and Federal Bureau of Investigation (FBI). But how do the agencies figure it out before the companies know they have been breached, especially given the millions companies spend on security and their intense focus on compliance?

The agencies do the one thing companies don’t do. They attack the problem from the other end by looking for evidence that a crime has been committed. Agents go undercover in criminal forums where stolen payment cards, customer data and propriety information are sold. They monitor suspects and sometimes get court permission to break into password-protected enclaves where cyber-criminals lurk. 

They have informants, they do interviews with people already incarcerated for cybercrime, and they see clues in the massive data dumps of information stolen from companies whose networks have been breached. (more)

G-Men Chase Sprint'er Over Inflated Wiretap Billing

Sprint Corp. overcharged the Federal Bureau of Investigation, the Drug Enforcement Administration and other law-enforcement agencies by more than 50% to facilitate eavesdropping on phone calls, the U.S. Justice Department alleged in a lawsuit filed Monday.

The suit accuses Sprint of inflating the bills it submitted to federal law-enforcement agencies for wiretaps and other surveillance services to cover capital expenditures necessary to respond to the requests—something prohibited by federal law and Federal Communications Commission rules, according to the complaint filed in federal court in San Francisco.

Sprint covered up the fact that the extra charges were included in the bills paid by the FBI and others by disguising them as regular surveillance costs, the suit alleges. As a result, the federal government overpaid Sprint by $21 million over a period of three and a half years.
Sprint said it didn't break the law and will fight the charges. (more)

Business Espionage - "Corn ain't just chicken feed, Bubb"

Two Chinese agricultural scientists face charges after they were caught trying to smuggle a variety of seeds — stolen from a biopharmaceutical plant in Kansas — into China, Reuters reports.

After a tour of agricultural facilities and universities in the Midwest and Arkansas, the two Chinese nationals were caught with the seeds as they boarded a plane for home, the report says. 

(In a separate, but parallel espionage case, "Investigators found ears of corn stashed in an Illinois self-storage unit, dozens of bags of corn kernels stuffed under the seat of a car, and hundreds of pictures of corn fields and production facilities.")

Don’t be fooled because they’re “just” seeds. The unidentified victim of the theft had invested about $75 million in patented technology to create the seeds, the report says. (more)