Security Director Alert: Latest Electronic Surveillance of Corporate Executives

What is going on at Boohoo?
• Espionage claims arise as boardroom battle continues.

• Cautionary tale.

The past few months have been turbulent for Boohoo, to say the least. Yet, last week, things seemed to come to a head when claims of espionage arose at the fast fashion giant.

According to a report by The Times, three current and former executives of Boohoo are believed to be the victims of stalking and surveillance. The alleged espionage is said to have been committed against Boohoo’s co-founder and executive chair Mahmud Kamani, chief executive Dan Finley and former CEO, John Lyttle.

The allegations were brought to light after the company informed the Information Commissioner’s Office (IOC) of a related incident taking place outside of its Manchester headquarters. The report was confirmed by the IOC in a statement to the press, which read: “We can confirm that Boohoo Group has made us aware of concerns regarding the discovery of surveillance equipment outside its head office.”

In a more recent update, the Times has now reported that police in Manchester and Kent are investigating the claims, with Greater Manchester Police stating to the media outlet that it was looking into allegations “involving serious distress”. No arrests have been made, so far. more

Spybuster Tip # 675

Prior to any attack (physical, information theft) some form of surveillance tradecraft (audio, video, data or visual surveillance) will be used. 

If you are a business executive don't ignore this. 

More tips here.

‘Prison yard’ Surveillance | Lawsuit Alleges Apple Spies on Employee's iPhones

An Apple worker has filed a lawsuit against the company, alleging it spies on its employee’s personal iCloud accounts and iPhones.

As reported by Semafor, the lawsuit filed Sunday claims Apple says it can “engage in physical, video and electronic surveillance” of employees, including accessing data on personal iPhones it “actively encourages” staff to work.

Apple refutes the claims of the lawsuit, which alleges several other employment law violations including free speech suppression and illegal clawback policies. more

Corporate Espionage: Steward Health Care Deployed Spy Outfits to Thwart Critics

Despite its financial turmoil and eventual bankruptcy, Steward Health Care allegedly spent millions spying on its adversaries, hiring intelligence companies to track and intimidate critics worldwide.

In what resembles a poorly written spy novel, Steward's leadership hired agents who placed tracking devices on the car of a financial analyst, accessed a healthcare executive’s phone to potentially blackmail him and circulated an allegedly false wire transfer to frame a politician, a report said.

The videos and documents with the incriminating details were obtained by journalism outfit the Organized Crime and Corruption Reporting Project and shared with the Boston Globe, who investigated the case further.

According to reporters, Steward executives who deployed these intelligence firms prioritized paying their bills over all others, including invoices from vendors and suppliers. Monthly expenses for intelligence services reached as high as $440,000, and from 2019 to 2023, Steward allocated over $7 million to these operations.

As to the legality of all of this, because the spying and fraud took place in various jurisdictions globally, it may not be possible to prosecute anyone responsible. more

‘His cameras are everywhere’

Clients worry as Martinsville security camera installer investigated for spying...
The owner of a Martinsville security company was in court Friday, facing child pornography charges, including images he may have taken himself. Adam R. Anderson, 42, is pleading not guilty to these felony counts. Court documents reveal he’s also under investigation for allegedly spying on clients using his security systems.

Holly Clark signed up for Anderson Video Security and Alarm LLC after her garage was broken into a few years ago. Holly Clark signed up for Anderson Video Security and Alarm LLC after her garage was broken into a few years ago.

After meeting with tech experts, Clark said she believes he may still have ownership and access to the cameras within his company.

“The thing is, it’s not just me,” she said. “He put cameras in at the library, the city pool, and has allegations of child porn. Do you want his cameras at the city pool? His cameras are everywhere.”

Clark said she and other customers are considering a class action lawsuit against Anderson to get sole ownership of the installed security systems. more

China Says It Has Detained Spy Working for the U.K.

China has taken into custody an alleged British spy, the country’s national security agency said, as Beijing steps up warnings over national security and the infiltration of foreign spies in the country.

In a social-media post on Monday, China’s Ministry of State Security alleged that MI6, the U.K. foreign-intelligence service, in 2015 recruited a foreign national surnamed Huang and provided both training and “specialized spy equipment for intelligence liaisons.”

According to the MSS, the British instructed Huang to enter China as a representative of a consulting agency and send back intelligence. The Chinese agency didn’t specify Huang’s nationality or name the consulting firm. more

This is not the first time a business consultant has been detained there on charges of spying.

Stores Silently Deploying Facial Recognition to Spy on Shoppers

Major retailers in the US are already using facial recognition cameras to spy on shoppers, a campaigning group has warned...

Cameras are being used not just to catch persistent shoplifters, but also to monitor shoppers and analyze their emotions, so that stores can deliver personalized adverts on screens inside the store, George warned...

‘But it’s also being used for marketing purposes, they are gathering information on shoppers and seeing what they are buying and not buying - and using AI tools to analyse the emotions of shoppers and see what sort of ads to direct at them.’ more

Blackmail with Email, or The Employer's Lawyer Destroyer

Last month, Lewis Brisbois Bisgaard & Smith, one of the nation’s largest law firms, was rocked by the announcement that two top partners were starting their own boutique practice and taking as many as 140 colleagues with them.

The shock inside Lewis Brisbois’ downtown Los Angeles headquarters soon gave way to anger... over the weekend, Lewis Brisbois struck back.

In an extraordinary move, its management team directed the release of scores of emails in which Barber and Ranen used vile terms for women, Black people, Armenians, Persians, and gay men and traded in offensive stereotypes of Jews and Asians. In one fell swoop, the venerable firm managed to torpedo its new rival, destroy the defecting partners’ careers and send the legal establishment reeling. more

-----

“Say it with flowers,

Say it with mink,

But never, ever say it with ink."

-----

Business Espionage: The Employee Competitor… and what to do about it

Ring to pay $5.8M - Staff & Contractors - Snooping on Videos

Ring, the Amazon-owned maker of video surveillance devices, will pay $5.8 million over claims brought by the Federal Trade Commission that Ring employees and contractors had broad and unrestricted access to customers’ videos for years.

The settlement was filed in the U.S. District Court for the District of Columbia on Wednesday. The FTC confirmed the settlement a short time later. News of the settlement was first reported by Reuters.

The FTC said that Ring employees and contractors were able to view, download, and transfer customers’ sensitive video data for their own purposes as a result of “dangerously over-broad access and lax attitude toward privacy and security.”

According to the FTC’s complaint, Ring gave “every employee — as well as hundreds of Ukraine-based third-party contractors — full access to every customer video, regardless of whether the employee or contractor actually needed that access to perform his or her job function.” The FTC also said that Ring staff and contractors “could also readily download any customer’s videos and then view, share, or disclose those videos at will.”

The FTC alleged on at least two occasions Ring employees improperly accessed the private Ring videos of women. In one of the cases, the FTC said the employee’s spying went on for months, undetected by Ring. more

Retail Employee Says Company Installed Illegal Audio-Recording Cameras at Work

In the U.S., most surveillance laws are dictated at the state level. While the majority of workplaces allow companies to install video cameras that capture visuals of whatever is going on in the store, including interactions of customers and employees, recording audio of their conversations is strictly prohibited in many states.

One of those states is New York, which has implemented anti-eavesdropping statutes that protect employees' conversations from being recorded while at work.

TikToker Ethan Carlson, who posts under the handle @therealethancarlson, recently uploaded a video about his workplace's audio-enabled cameras, prompting many viewers to urge him to report his employer.

In a now viral clip, Ethan says to the camera, "This is not a f--king drill, my place of work has installed these cameras."

He then points his camera lens and zooms in to show security devices installed up high in his store. more

Pegasus Spyware Maker NSO Avoiding a TKO

Will spyware maker NSO Group's struggles reduce use of its eavesdropping tech? Critics doubt it.

Embattled Israeli spyware vendor NSO Group announced a major reorganization Sunday — replacing its longtime CEO and laying off roughly 100 of its 700 employees — but experts who track the growing trade in surveillance technology say that’s unlikely to curtail deployment of the company’s technology designed to secretly monitor its targets...

More broadly, however, NSO may serve as a cautionary tale for the myriad other spyware vendors around the world hawking their wares. “Spyware tech is a risky investment,” Scott-Railton said. “Investors don’t usually line up to get wiped out.” more

In Other Corporate Spy News...

Enterprise giant Oracle is facing a fresh privacy class action claim in the U.S.

The suit, which was filed Friday as a 66-page complaint in the Northern District of California, alleges the tech giant's "worldwide surveillance machine" has amassed detailed dossiers on some five billion people, accusing the company and its adtech and advertising subsidiaries of violating the privacy of the majority of the people on Earth. more

Walmart Patents Technology to Eavesdrop on Workers

In the latest piece of evidence that we’re living squarely in a dystopia, Walmart has won a patent for technology that will allow bosses to eavesdrop on their workers. 

The audio surveillance technology can measure workers’ performance and listen to their conversations with customers at checkout. The “listening to the frontend” technology, as its called, might never be used—it’s one of many patents the company has applied for in recent years—but shows that company bosses are thinking about how they can use tech to monitor their workers. 

Walmart said in a statement: “We’re always thinking about new concepts and ways that will help us further enhance how we serve customers... more

Wiretap Suit: Law firm's Managing Partner had a 'Fixation' with Employee Surveillance

The managing partner of a Chicago law firm apparently monitored his employees with video cameras and a telephone system that allowed recording of phone calls, according to a lawsuit filed last week in federal court in Chicago.

The April 7 suit claims that the law firm’s managing partner, Edward “Eddie” Vrdolyak Jr., had a “fixation with audio and video surveillance.”

The suit cites “information and belief” that the firm’s offices in Chicago and Nashville, Tennessee, were equipped with a network of audio and surveillance cameras that Vrodyak monitored from several video screens in his office. more

Corporate Security News: Employees Offered $$$ for Planting Ransomware

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer's network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme -- a young man who said he was trying to save up money to help fund a new social network. more

BAT S#!T Crazy - Corporate Espionage Gone Wild

In the past week, a spate of reports, including from the BBC and the University of Bath, has detailed how British American Tobacco (BAT) ran a spy ring in SA.

Of course, none of this is new – we’ve been writing about it for aeons now. But because so much time has lapsed since this story initially broke in SA, perhaps a recap is in order.

Years ago, BAT took off the gloves in a bid to claw back market share from competitors who emerged selling the same product, but cheaper. 

BAT’S strategy was simple: disrupt its competitors to the point of making it impossible for them to operate. 

To do this, BAT relied on a security firm — Forensic Security Services (FSS) — to co-ordinate activities, under the guiding hand of British American Tobacco SA’s (BAT SA’s) anti-illicit trade head. But it also used a series of in-place “agents” at its competitors’ businesses even as it co-opted law enforcement agencies and deployed a shared agent with the State Security Agency (SSA): triple agent and honey trap Belinda Walter.

All of this was monitored from BAT’s global headquarters, Globe House in London.

One former employee explained it as follows: “Our primary work description was to spy on competitors and disrupt business operations on behalf of BAT SA, [which] was fully aware that FSS was obtaining information illegally, and these (sic) included obtaining recorded conversations.”  more

Peyton Manning - Patriots Locker-Room Bugging Accusation

The New England Patriots’ cheating scandals didn’t stop at Spygate and Deflategate, according to Peyton Manning.

Manning said that he knew the Patriots bugged the visiting locker room at Gillette Stadium with hot mics to eavesdrop on conversations between opposing players.

“Every time I played against New England, I used to talk to my receivers in the showers,” Manning said during ESPN’s “Monday Night Football Manning-cast in Week 2’s matchup between the Green Bay Packers and Detroit Lions.“Don’t talk about a play next to my locker because I know it’s bugged. I know it’s got a hot mic in there... more

Security Director Alert: Wireless Key-Logger Hides in USB-C to Lightning Cable

A USB-C to Lightning cable with a hidden wireless key-logger can enable an attacker to capture everything you type from a distance of up to a mile.

Any tech-literate person knows you should never plug a USB key into any of your devices unless you trust the person giving it to you, but fewer know that the same applies to USB cables...

“We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile,” he added...

...the new cables now have geofencing features, where a user can trigger or block the device’s payloads based on the physical location of the cable.  more

These spy cables come in various configurations, including standard USB charging cables. They look exactly like authentic cables. An electronic test can identify a malicious spy cable easily. In fact, you can do it yourself. Click here for instructions.

Cyber Attacks Are Making Work-From-Home Expensive for Businesses

Working from home during the pandemic cost German companies some 53 billion euros ($62 billion) worth of damages from cyber attacks, according to estimates by the Cologne Institute for Economic Research.

Overall damages hit a record 224 billion euros last year, more than double the value reported in a 2019 survey. Increased remote work accounted for about a quarter of the increase, according to researcher Barbara Engels, whose calculations are based on a Bitkom survey. more

Wanted: Disgruntled Employees to Deploy Ransomware

 via krebsonsecurity.com
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.

 

Image: Abnormal Security.

Crane Hassold, director of threat intelligence at Abnormal Security, described what happened after he adopted a fake persona and responded to the proposal in the screenshot above. It offered to pay him 40 percent of a million-dollar ransom demand if he agreed to launch their malware inside his employer’s network.

This particular scammer was fairly chatty, and over the course of five days it emerged that Hassold’s correspondent was forced to change up his initial approach in planning to deploy the DemonWare ransomware strain, which is freely available on GitHub. more

Apple's Double Agent Spy Blows Cover Over Pay

An active member of the Apple jailbreak and leaking community reportedly served as a "double agent" and spied for the Cupertino tech giant's security team.

Andrey Shumeyko, who goes by handles JVHResearch and YRH04E, advertised leaked Apple apps, internal company documents, and stolen devices to a community that traded in such commodities. However, unbeknownst to others in the community, he also shared a wealth of details about its inner workings to Apple.

According to Motherboard, Shumeyko reportedly provided Apple with the personal information of people who sold stolen prototype devices and Apple employees who leaked information online...

Shumeyko said he is sharing his story because he felt like Apple took advantage of him and didn't compensate him for the information that he provided to the company's Global Security team. more

Facebook Reportedly Fired 52 Employees Caught Spying on Users

Facebook fired 52 employees for abusing their access to the social network’s user data — including creepy men who obtained location data on women they were romantically interested in, according to a new report. 

Using their access to troves of user data through Facebook’s internal systems, male engineers were able to view women’s locations, private messages, deleted photos and more, according to a bombshell report in the Telegraph...

While 52 employees were fired for such transgressions in 2014 and 2015, Facebook’s then-chief security officer Alex Stamos reportedly warned that hundreds of others may have slipped by unnoticed. more