Showing posts with label IT. Show all posts
Showing posts with label IT. Show all posts

Monday, November 16, 2020

EaaS - Espionage as a Service

Ransomware-as-a-service has become so popular and profitable that bad actors in the dark markets are expanding their range of illicit services to offer dedicated phishing and espionage campaigns too.

Over the past half a year, BlackBerry’s Research and Intelligence team has been keeping a close eye on a cyber-espionage campaign that is targeting individuals around the world. Dubbed ‘CostaRicto’ by BlackBerry, the campaign seems to be run by 'hackers-for-hire', a group of skilled APT actors with bespoke malware tooling and complex VPN proxy and secure shell (SSH) tunneling capabilities...

When it comes to espionage campaigns, outsourcing the whole or even part of the campaign is a compelling proposition, particularly for businesses and individuals who are looking for inside information on their competitors but don’t necessarily have the skills, tools or experience to do this themselves. (and/or want plausible deniability) more

The use of cutouts is a popular and very effective spy tactic. Most corporate espionage (and competitive intelligence) is based on this method. 

Pretext'ers, employment moles, buggers, blackmailers, aerial reconnaissance pilots, private investigators, and bribers are just a few of the EaaS types. Now, hackers join the list. The one thing they have
in common is stay invisible and don't get caught. 

Thus, the victim never realizes they have been victimized. 

Thus, only corporations with smart security directors conduct Technical Surveillance Countermeasures (TSCM) inspections, information security surveys and provide employees with counterespionage training.

Jilted IT Expert Bugged Wife’s TV and Car

A jilted IT expert bugged his ex’s TV and car after their 20-year marriage ended... He sneaked into his estranged partner’s home while she was away and planted a listening device in the TV and hid an iPhone in her car.

Ms Ewart told a court: “He sent text messages to me about TV shows I had been watching.” 

Ewart, of Washington, admitted stalking and was jailed for 18 weeks, suspended. He must wear an electronic tag to keep him away from his ex. more  & more

Tuesday, December 18, 2018

El Chapo Got Wiretapped Because the IT Guy Screwed Up

It only took five weeks, but jurors in the trial of Joaquín “El Chapo” Guzmán finally got hear the infamous drug lord speak. Chapo's voice filled the courtroom Thursday as prosecutors played a taped phone call between the alleged Sinaloa cartel leader and members of the FARC guerrilla group. The two sides could be heard negotiating a six-ton cocaine deal. The exchange was damning...

It’s still unclear exactly how U.S. authorities obtained the recording, but witness Jorge Cifuentes seemed to have a pretty good idea. He blamed the cartel’s IT guy...

Cifuentes appeared to be vigilant about digital security. Prosecutors showed the jury his detailed accounting records, which included items like "cellular inhibitors" and "microphone searchers" among his expenses. "You turn it on during a meeting and there's no way anyone can tape it or send out anything," Cifuentes said, describing one of the devices...

The irony was that authorities were only able to obtain the call because the men were forced to use conventional cellphones while their secure network was down. Cifuentes called Cristián "an irresponsible person," and said the engineer screwed up by forgetting to renew the license on the software they had purchased. more

Note: This also reveals what can happen when someone with a little knowledge (Jorge Cifuentes) tries to play TSCM expert... "You turn it on during a meeting and there's no way anyone can tape it or send out anything,"

Be careful who you hire to advise you on corporate technical counterespionage.

Tuesday, August 7, 2018

Anatomy of a Bankruptcy

CA - The Gardena-based parent company of the retail chains Fallas and Anna’s Linens said Monday it filed for bankruptcy reorganization and plans to close 74 of its 344 stores. National Stores Inc., a family-owned firm, operates in 22 states and Puerto Rico...

National Stores said the bankruptcy filing was due to certain under-performing stores and severe weather in various regions that hurt sales.

In addition, the company suffered a data breach in the second half of last year in which some customers’ payment-card information was exposed at dozens of stores, and as a result “access to operating funds diminished” for the company, National Stores said. more

Three reasons for the failure, in the order stated:
  1. Under-performing stores.
  2. Severe weather.
  3. Data breach diminished operating funds.
Number One is manageable. 
Number Two is vague. 
Number Three is a killer.
The list should be reversed, to show order of importance order.

Takeaway... Information security (from IT to TSCM) can make or break any business.

Wednesday, June 21, 2017

Security Alert: If Your Phone Says Avaya... ask IT about this.

Internet telephony company Avaya has patched a high-severity vulnerability in its Aura Application Enablement Services product that put phone call and API data running through the server at risk for interception.

Researchers at Digital Defense found a vulnerability where an attacker could, without authentication, abuse Remote Procedure Calls (RPC) into the server and modify input in such a way that they would be granted remote administrative access...

“Anything that passes through that server [would be at risk],” said Mike Cotton, vice president of research and development... “An attacker could send malformed input at the interfaces and take control over the service and any voice data...  “Eventually you can get root command through remote compromise,” he said.

In an advisory updated June 14, Avaya said versions 6.3.1, 6.3.2, 6.3.3 and 7.x are affected. The company said that versions 6.3.1, 6.3.2 and 6.3.3 should install Super Patch 7 and apply AE Services 6.3.3.7 security hotfix. Users on 7.0.x should upgrade to 7.0.1 and install Super Patch 4 and AE Services 6.3.3.7 security hotfix as well. Users on 7.1 should apply AE Services 7.1.0.0.0 Security Hotfix.

“Certainly for enterprises that use the product, this is a high-impact vulnerability,” Cotton said. “The ultimate severity is how many business-critical apps are attached to this thing and where it’s sitting within the network infrastructure. This is something I would prioritize and move to the top of patching lists.” more

Monday, February 20, 2017

Revenge of the IT Guy (Case #254)

A sacked system administrator has been jailed...

after hacking the control systems of his ex-employer – and causing over a million dollars in damage. 

Brian Johnson, 44, of Baton Rouge, Louisiana, US, had worked at paper maker Georgia-Pacific for years, but on Valentine's Day 2014 he was let go.

He didn't take that lying down, and spent the next two weeks rifling through the firm's systems and wreaking havoc from his home. 

Johnson was still able to connect into Georgia-Pacific servers via VPN even after his employment was terminated.

Once back inside the corporate network, he installed his own software, and monkeyed around with the industrial control systems.

Artist's conception.
His target was the firm's Port Hudson, Louisiana, factory, which produces paper towels and tissues 24 hours a day. In a two-week campaign, he caused an estimated $1.1m in lost or spoiled production. more

Mr. Johnson's emotions imagined as music inside his head.

Monday, February 6, 2017

Security Director Alert - Check the Security of Your Networked Printers

Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages.

Stackoverflowin claims to be a high-school student from the U.K. who is interested in security research...

The issue of publicly exposed printers is not new and has been exploited before to print rogue and sometimes offensive messages. However, the issue was renewed last week when researchers from Ruhr-University Bochum in Germany published a paper on different attacks against network printers and an assessment of 20 printer models. The researchers also released a Printer Exploitation Toolkit and published a printer hacking wiki.

Users should make sure that their printers can't be accessed through a public Internet Protocol address at all, Stackoverflowin said. However, if they need to do this, they should enforce access rules in their routers and only whitelist certain IP addresses, or set up a virtual private network, he said. more

I occasionally find networked printers are a back door to company networks. The most common issue is unsecured WiFi access. Have your IT department review this post and then double-check the security of the printers. Or, contact me for a complete technical information security inspection (TSCM). ~Kevin

Saturday, December 31, 2016

Security Director Alert - Russian Cyber Activity, GRIZZLY STEPPE

The Department of Homeland Security (DHS) has released a Joint Analysis Report (JAR) that details Russian malicious cyber activity, designated as GRIZZLY STEPPE. 

This activity by Russian civilian and military intelligence services (RIS) is part of an ongoing campaign of cyber-enabled operations directed at the U.S. Government and private sector entities.

DHS recommends that network administrators review the Security Publication for more information and implement the recommendations provided.

Thursday, December 29, 2016

Mobile Security: The InfoWorld Deep Dive

As iPhones, iPads, and Android devices become increasingly standard business equipment, IT organizations struggle on how to manage and secure them, and the data that runs through them.

Click to enlarge.
This guide, available in both PDF and ePub editions, explains the security capabilities inherent to each major mobile platform and where using third-party tools make sense -- and where they don't.

It also walks you through the factors to consider in terms of risk for your corporate data, and outlines a rational way to protect that data without getting tied up in knots.  more

Click to enlarge.

Thursday, November 10, 2016

Wiretapping & Electronic Surveillance - The IT Spy Guy v. Estranged Wife

PA - An employee of a midstate county faces charges of spying on his estranged wife.

36-year-old David Randall Maurer - who works for the Dauphin County information technology department - is charged with violating the wiretapping and electronic surveillance act.

State Attorney General Bruce Beemer alleges that Maurer installed spyware monitoring software that captured key strokes, screenshots and websites that his estranged wife visited on her laptop.

He allegedly used the information to log into her private email and Facebook accounts. more

Wednesday, June 1, 2016

"What are the most important characteristics of a great InfoSec professional in 2016?"

23 Information Security Leaders Reveal the Most Important Traits for InfoSec Pros in 2016

Digital Guardian compiled their responses to create a comprehensive guide outlining the most important characteristics for InfoSec professionals. (My contribution appears below. The additional 22 thoughtful responses appear here.)
---

"The single most important characteristic for successful InfoSec professionals in 2016 is..."

Inquisitiveness.

With this quality, an InfoSec professional will question the status quo, look for loopholes, seek new solutions, follow-up on red flags early on, and look at InfoSec from a holistic viewpoint.

The viewpoint is the most important element. It shapes all other aspects of the job. The inquisitive person will see their job not as an IT defender, but as a defender of information, no matter how it is generated, stored, or transmitted. The great InfoSec professional realizes all the data stored on the computers was available to the adversary long before it ever entered a database.

This holistic outlook takes into account the genesis of information. It may start out as a phone call, which may be wiretapped; a conference room strategy meeting, which can be bugged; unsecured written information left on desks or unlocked file cabinets, which may be easily photographed; information stored on a photocopier hard drive, which can later be reprinted; or on an unsecured Wi-Fi Appearance Point, or wireless printer, whose transmissions may be intercepted. The list of info-vulnerabilities is long.

In recent years, the rush has been to focus on IT security, and rightly so. But, in doing so, the gap between great InfoSec professionals and tunnel-visioned InfoSec managers has become wide and clear. Great InfoSec professionals, being inquisitive, see and handle the big picture. It isn't just computers. The real task is detecting and plugging any method by which information can leak out. Today's great InfoSec professionals defend accordingly. They are much more successful than their colleagues, who only put out fires.  ~Kevin

Friday, July 17, 2015

How IT Can Spy on Your Smartphone

So what can your employer see about you on your smartphone if you let IT manage that device through an MDM tool?

On an iPhone or iPad, Apple's iOS restricts IT's visibility, so your private data stays private....in iOS IT can see only your full list of apps. If you give IT permission, it can see your location. Respondents' other sensitive areas are shielded: personal email, personal contacts, texts, voicemails, phone and Internet usage details, and data stored in apps.

IT can see anything in your corporate email, contacts, and calendar since it manages those servers, and it can see your Web activities conducted on its network since it can snoop that traffic.

...IT can see what apps you have installed (not only those deployed by IT), your battery level, your storage capacity and amount used, your phone number and its hardware ID (called an IMEI), your carrier and country, and your device's model and OS version. Plus, if you give IT permission to do so, it can track your location (iOS forces apps and websites to ask for your permission first, so they can't do it secretly).

Android shields almost as much as iOS does, but IT can change that... The default situation for Android users is slightly less private than for iOS users. The big difference involves location information access. iOS asks you when an app first requests access, and it lets you revoke the access at any time in the Settings app. Android asks when you install an app and does not let you revoke the permissions later; however, the forthcoming Android M changes that, working like iOS. more

What you want kept private, and where mobile devices oblige...

Device information All adults' discomfort in IT seeing Young adults' discomfort in IT seeing iOS shields from IT Android shields from IT
Personal email 78% 66% Yes Yes
Personal contacts 75% 63% Yes Yes
Texts and instant messages 74% 62% Yes Yes [2]
Voicemails 71% 63% Yes Yes [2]
Phone and Internet usage details 69% 59% Yes Yes 
Information stored in mobile apps 71% 60% Yes [1] Yes [1]
List of all installed apps 67% 57% No No
Location 66% 57% User decides User decides [3]
Source: MobileIron
[1] Except data sent to corporate servers from apps
[2] Apps can access this data, so IT could monitor it if desired through an app
[3] At install only in Android 4 and earlier

Sunday, November 23, 2014

This Week in Wiretap News

ID - The former information technology director of a hospital in Blackfoot was sentenced to three years of probation after he was convicted of wiretapping. A Bingham County judge imposed the sentence for 46-year-old Jack York on Friday. York was accused along with three others of recording telephone calls by a former hospital doctor and his staff between June 2009 and August 2010. (more) (more)

Taiwan - An aide to Ko Wen-je was arrested yesterday by Taipei prosecutors looking into alleged wiretapping of the independent Taipei mayoral hopeful's office... (more)

DC - American investigators intercepted a conversation this year in which a Pakistani official suggested that his government was receiving American secrets from a prominent former State Department diplomat, officials said, setting off an espionage investigation that has stunned diplomatic circles here,  The New York Times in a report Friday said. That conversation led to months of secret surveillance on the former diplomat, Robin L. Raphel, and an F.B.I. raid last month at her home, where agents discovered classified information, the officials said. (more)

Turkey - More details have surfaced about the Gülenists' wiretapping of the then prime minister Recep Tayyip Erdoğan, after an indictment regarding the investigation was submitted to court. The Gülenists planned every step in detail, according to the indictment. The Ankara chief public prosecutor's office has prepared an indictment on 13 suspects, who are accused of wiretapping then Prime Minister Recep Tayyip Erdoğan, charging the suspects with "political spying" after an investigation into the alleged offenders was completed. (more)

CA - Counsel Timothy Perry discusses how wiretaps are vulnerable to attack, especially in white collar cases. He explains some details of the wiretap statute and discusses how defense attorneys can best address wiretap evidence in a white collar case. (video) 

NC - A judge Friday unsealed a trove of court documents that could shed light on a secret cellphone tracking program used by police nationwide. The judge in Charlotte, N.C., acted after a petition from the Charlotte Observer to make the documents public. Included are 529 requests from local Charlotte-Mecklenburg police asking judges to approve the use of a technology known as StingRay, which allows cellphone surveillance. (more)

NYC - Add New York City’s Taxi and Limousine Commission to the list of powerful groups investigating Uber for allegedly spying on its users. The commission, which regulates Uber, is “looking into allegations” that the mobile car-hailing app violated users’ privacy by tracking them without their permission. (more)

Thursday, October 16, 2014

Tunnel Vision Focus on IT Security - The Biggest Mistake...

...companies make when securing sensitive data.

FACTS

• All pre-computer era information theft tactics still work, and are still used.
• Most “computerized” information is available long before it is put into a computer.

• Data theft is the low hanging fruit of the business espionage world. The real pros use ladders.


Murray's Holistic Approach to Information Security

1. Protect information while it is being generated (discussions, audio and video communications, strategy development). Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices and conference rooms on a scheduled basis. Example: Ford Motors found voice recorders hidden in seven of their conference rooms this summer.

2. Protect information while it is in transit (phone, teleconference, Board meetings, off-site conferences). Wiretapping and Wi-Fi are still very effective spy tools. Check for wiretaps on a scheduled basis, and/or encrypt the transmissions. Conduct pre-meeting TSCM inspections. Tip: Never let presenters use old technology FM wireless microphones. The signal travels further than you think, and is easily intercepted.

3. Protect how information is stored. Unlocked offices, desk and file cabinets are a treasure trove of the freshest information. Print centers store a copy of all print jobs. Limit written distribution of sensitive information. Crosscut shred sensitive waste paper. All these vulnerabilities and more should be covered during the security survey portion of your TSCM inspection.

4. Educate the people to whom sensitive information is entrusted. Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Explain the importance of information security in terms they can understand, e.g. “Information is business blood. If it stays healthy and in the system, your job, and chances for advancement, stay healthy.”

Effective information security requires a holistic protection plan. IT security is an important part of this plan, but it is only one door to your house of information.
 
There is more you need to know. Contact a TSCM specialist for further assistance. (counterespionage.com)

Friday, August 8, 2014

Free Tip: Recover Files Locked by Cryptolocker Ransomware

If your computer files have been (or will be) held for ransom by Cryptolocker, bookmark this site... https://decryptcryptolocker.com/

FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker.

These folks will analyze one of your locked files and send you the decode key, FREE.

Sunday, July 27, 2014

The Easy Fix to About 70% of Data Hacks

You never know when malware will bite. Even browsing an online restaurant menu can download malicious code, put there by hackers.

Much has been said that Target’s hackers accessed the giant’s records via its heating and cooling system. They’ve even infiltrated thermostats and printers among the “Internet of Things”.
 
It doesn’t help that swarms of third parties are routinely given access to corporate systems. A company relies upon software to control all sorts of things like A/C, heating, billing, graphics, health insurance providers, to name a few. If just one of these systems can be busted into, the hacker can crack ‘em all...

One way to strengthen security seems too simple: Keep the networks for vending machines, heating and cooling, printers, etc., separate from the networks leading to H.R. data, credit card information and other critical information. Access to sensitive data should require super strong passwords and be set up with a set of security protocols that can detect suspicious activity. (more)

Wednesday, July 16, 2014

See Threat, Ignore Security - IT = Idocracy Time

In a study, most IT execs at critical infrastructure companies revealed that their organization was compromised in the last year, but only 28 percent of them said that security was a top priority across their enterprise.

Nearly 600 global IT and IT security execs across 13 countries were polled for the “Critical Infrastructure: Security Preparedness and Maturity” report, released Thursday. And of those respondents, 67 percent said they had dealt with at least one security compromise, leading to the loss of confidential information or disruption to operations, at their companies.  
In an interview with SCMagazine.com, Dave Frymier, CISO of Unisys, found it concerning that so many respondents seemed to be knowledgeable of threats to their organizations, but that this awareness hadn't translated to a heightened focus on security. (more) (10 things "Idocracy" predicted that came true.)

Time to yank some of that IT "security" budget and put it back where it was doing some good - traditional information and intellectual property security measures. Call us.

Monday, July 14, 2014

How bad is computer security in the business world?

Complete disarray, if you believe a friend of mine who's worked in the industry forever. Behold his hair-raising tales... (more)

Tuesday, June 24, 2014

Business Espionage: Old Spy Tactics Return

Last month it was reported that British intelligence agency MI5 had, in a series of high-level meetings, painted a worrying picture for leading British corporations in which their IT workers may become targets for foreign powers seeking sensitive data.

The idea of an IT department infiltrated with double agents may sound a little fanciful but the threat of a rival nation trying to influence them is far more realistic than many may think according to Uri Rivner, vice-president for cyber strategy at Israeli security company BioCatch.

“Obviously there are cases like this,” says Rivner, who compares the situation to having “someone on the inside” of a bank before committing a robbery. Of the companies or organisations that will be targeted, he says that “whatever a nation is good at, that’s interesting to other nations”.

In the case of the UK, he says this may be the financial sector, while in Scandinavia two industries in particular, telecommunications and mining, “have been targeted”. (more)

Wednesday, May 7, 2014

New Spy Game: Tag Your IT

Foreign intelligence agencies are trying to recruit tech staff in big businesses in an attempt to gain access to vital IT systems, MI5 has warned British business chiefs.

In recent months, the UK security service has had a series of "high-level conversations with executives" to warn of the risk, according to the Financial Times. Targeting IT staff — who often have unfettered access to the most important systems — is seen as one of the quickest ways to gain access.

The security service is warning that IT workers have been recruited to help overseas spies gain sensitive personnel information, steal corporate or national secrets and even upload malware to compromise the network.
(more)