Quote of the Week: "Nobody with Sensitive Information is Immune to Espionage"

Australian Security and Intelligence Organisation director-general Mike Burgess said that in the “prevailing threat environment, national security truly is national security – everybody’s business”.

He said foreign intelligence agencies were “aggressively targeting” three key areas: science and technology, particularly advanced technology; public and private sector projects to gain a commercial advantage; and Antarctic research, green technology, critical minerals, and rare earths extraction and processing.
What information are spies taking?

Mr Burgess warned this meant “nobody with sensitive information is immune” and gave examples of recent operations investigated by ASIO. more

Dr. Seuss on Surveillance

Dr. Seuss wrote a story about a Hawtch-Hawtcher Bee-Watcher who had a rather peculiar job. He was tasked with keeping an eye on his town’s only lazy bee. 

The idea was that if a bee is watched, it’ll work harder, right? 

Well, guess what? That didn’t seem to work at all! So, they decided to assign another Hawtch-Hawtcher to watch the first one, and then another to watch the second… and so on. Before you know it, the entire town was watching each other watch a bee!

Security Director Alert: Latest Electronic Surveillance of Corporate Executives

What is going on at Boohoo?
• Espionage claims arise as boardroom battle continues.

• Cautionary tale.

The past few months have been turbulent for Boohoo, to say the least. Yet, last week, things seemed to come to a head when claims of espionage arose at the fast fashion giant.

According to a report by The Times, three current and former executives of Boohoo are believed to be the victims of stalking and surveillance. The alleged espionage is said to have been committed against Boohoo’s co-founder and executive chair Mahmud Kamani, chief executive Dan Finley and former CEO, John Lyttle.

The allegations were brought to light after the company informed the Information Commissioner’s Office (IOC) of a related incident taking place outside of its Manchester headquarters. The report was confirmed by the IOC in a statement to the press, which read: “We can confirm that Boohoo Group has made us aware of concerns regarding the discovery of surveillance equipment outside its head office.”

In a more recent update, the Times has now reported that police in Manchester and Kent are investigating the claims, with Greater Manchester Police stating to the media outlet that it was looking into allegations “involving serious distress”. No arrests have been made, so far. more

Spybuster Tip # 675

Prior to any attack (physical, information theft) some form of surveillance tradecraft (audio, video, data or visual surveillance) will be used. 

If you are a business executive don't ignore this. 

More tips here.

Cautionary Tale for Traveling Executives - A Case of Spy Tradecraft...

A Bulgarian espionage ring working on behalf of Russia in the UK used video-recording spyglasses and honey traps to gather information on journalists and dissidents...

...five Bulgarian nationals who are accused of spying in Britain as part of a ring co-ordinated by Jan Marsalek, the former chief operating officer of Wirecard. 

London’s Old Bailey heard the group targeted journalists Christo Grozev and Roman Dobrokhotov, as well as Kazakh dissident Bergey Ryskaliyev, tracking them variously on flights and across European cities during 2021 and 2022. 

One member of the group, Katrin Ivanova, 33, used specially-designed glasses to record images and videos to watch Grozev on a flight from Vienna to Montenegro in June 2022, prosecutor Alison Morgan KC said. The group had accessed an airline industry database called “Amadeus” through another Bulgarian contact to ascertain the flight details and seat numbers of their targets, the court heard. 

Ivanova also sat nearby Dobrokhotov on a flight in November 2021 and memorised his phone pin code, reporting it back to her handlers, Morgan added. “That was a correct capture and showed the tradecraft of Miss Ivanova,” Morgan told the court. 

The group also discussed bribing hotel staff, employing pickpockets and infiltrating a target’s home by hiring Bulgarian and Romanian cleaning teams, the court heard. more

Bulgarian national Katrin Ivanova (Elizabeth Cook/PA)

and... Russian agent discussed deploying a “true sexy bitch” in a “honeytrap” spy plot against an award-winning journalist, a court has heard...Prosecutor Alison Morgan KC told jurors that, as well as trying to “befriend” Mr Gozev, Gaberova had been engaged in capturing surveillance images of him at the conference...

She said: “These images were extremely important as they showed Christo Grozev together with others of interest to Russia, Eliot Higgins. 

“Roussev would later seek to use face recognition software to check that the image did show Christo Grozev with Higgins together.”...

She showed off her “tradecraft” by relaying images, using covert recording equipment and capturing Mr Dobrokhotov’s iPhone PIN number, Mr Morgan said. more

Singapore Sting: How spies Listened in on German General

Brigadier General Frank Gräfe has a work call to dial into with his boss - the commander of the German air force...What none of the call's participants know is that they're being eavesdropped on - and their conversation is being recorded. Two weeks after the call took place, the audio tape was leaked by Russia's state-run RT channel...Their man in Singapore had, according to the German government, sprung "a data leak".

But how were spies able to eavesdrop?

The answer we've been given so far boils down to a case of human error. According to German authorities, the "data leak" was down to just one participant dialing in on an insecure line, either via his mobile or the hotel wi-fi. more

Questions for executives... 

• Are the numbers and passcodes for your conference calls distributed via email? 
• Do you or your assistants post these at their desks? 
• Are the numbers and passcodes ever changed? 

Observations from our TSCM inspections over the years... Yes. Yes. No. Take a hint from this cautionary tale. ~Kevin

Corporate Espionage: A Very Basic Cautionary Tale

Aesop’s fable, “the Tortoise and the Hare,” famously warns us about the dangers of arrogance and complacency in the face of a determined adversary. 

Unfortunately, in the modern race for supremacy between the United States and the People’s Republic of China (PRC), it appears that American policymakers and executives have failed to heed this warning, bearing disastrous consequences for industries vital to U.S. national security.

Like the hare, the United States had long enjoyed a substantial lead in developing defense-industrial sectors and innovating dual-use technologies. However, Washington has since rested on its laurels and exposed itself to theft through its lax counterintelligence posture. 

Meanwhile, the PRC — marrying the patience and long-term vision of the fabled tortoise with the remarkable leapfrogging ability enabled by its pervasive industrial espionage — has now caught up and even surpassed the United States across a plethora of key defense and technology sectors. Therefore, if spying and stealing are how the PRC plans to ‘win the race’ in modern strategic competition, the United States can only hope to prevail by investing far more robustly in counterintelligence. more

Maybe this could help.

Yet Another USB Cautionary Tale

Duped with a malicious USB...

Mr Burgess (ASIO Director General Mike Burgess) referenced an unnamed Australian company that found global success making a product "similar to a motion detector" before their sales suddenly dropped.

"A little while later, their product started being returned to the factory because they were broken," he said.

"When they opened their branded products, they discovered they weren't their branded products, because the components were inferior, they were exact knock-offs."

The problem was eventually traced to an international conference, where someone had offered to share information with one of the company's employees by plugging a USB into their laptop.

"That USB downloaded malware onto that laptop, which later on, when they were connected back to their corporate network, was used to steal their intellectual property," he said.

"That intellectual property was passed from the intelligence services to state-owned enterprise that mass-produced the goods and sold them on the market that undercut them." more

More USB Security Information...

 • USB – Hacked Charging Cables

• USB – Malicious Spy Cable Detector Instructions

• USB – General Memory Stick Warning

• USB – Malicious Cables

• USB – NSA Type Cable Bug – $6.74

Extra USB Spy News - Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. "The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage and transfer of data between computer systems," Kaspersky said in its APT trends report for Q3 2023. more

If Ants Can be Tricked, What Chance do Corporations Have?

A cautionary tale for corporations that think they are espionage-proof.

In a study in the journal Science, researchers report that blue butterfly caterpillars infiltrate red ant colonies and grub food by mimicking the raspy sound of the ant queen.

It’s good to be the Queen. You get fed and cared for and generally treated like royalty. But if you’re a blue butterfly caterpillar, you can get the same benefits by just pretending to be queen. Because these crafty caterpillars trick ants into feeding them—by mimicking the sound of their queen.

Ants are social creatures whose colonies contain a queen ant, and hordes of worker ants who feed the queen and take care of all her young. Blue butterfly caterpillars have come up with clever ways to exploit that system. These parasitic caterpillars take up residence in the nests of red ants. And they mooch free meals in part by waggling their heads to beg for food like all the other ant grubs. 

But that’s not all. Scientists using sophisticated recording equipment were able to listen to the caterpillars chatter. And found that the interlopers imitated the sounds of an adult queen. more

• Your company is filled with hard-working, innocent, social creatures.
• Anyone bent on corporate espionage knows they just have to blend in.
• They will listen to your sounds.
• They will exploit your system.
• They will imitate loyalty.
• They will eat your lunch.
• Fight back.

Legacy Systems Threaten Security in Mergers & Acquisitions

Here’s a simple fact: Legacy systems are far more likely to get hacked. This is especially true for companies that become involved in private equity transactions, such as mergers, acquisitions, and divestitures...

We have seen two primary trends throughout 2023:

– Threat groups are closely following news cycles, enabling them to quickly target entire portfolios with zero-day attacks designed to upend aging technologies — disrupting businesses and their supply chains.

– Corporate espionage cases are also on the rise as threat actors embrace longer dwell times and employ greater calculation in methods of monetizing attacks. more

A Tale of High-Stakes Corporate Espionage... a cautionary tale.

When Chinese tech giant Huawei learned it was set to lose a $200 million contract, a run-of-the-mill equipment deal spiraled into a saga of hidden microphones, drone encounters and covert surveillance, according to investigators for a Danish telecoms firm. Bloomberg reporters crisscrossed Copenhagen for the tale of TDC’s 5G showdown, in which technology, business and national security collide. more

No business is immune. Help is available. Click here. 

Cautionary Tale: Commercial Espionage - Bugging of Business Meetings

The billionaire owners of the Telegraph newspapers say their businesses are in good shape following claims they are on the cusp of receivership...

The sale of the Ritz hotel in London in 2020 exposed a bitter rift between the two families of the twins, with claims of commercial espionage over the bugging of business meetings.

At the centre of the affair was CCTV footage allegedly showing Sir Frederick's nephew handling a device. It saw the billionaire and his daughter, Amanda, sue three of Sir David's sons for invasion of privacy...

One person close to the talks said the banking group's patience over the debt was "running out", the FT said. more  previous coverage

How to Spot a Chinese Spy on Social Media

National security experts say foreign adversaries are using popular job sites like LinkedIn and Indeed to recruit spies and extract trade secrets from U.S. workers...

There are a few things to look out for if you think you’re being targeted on social media. 

• Urgency: Be cautious of anyone who connects on social media and makes it seem like they need information quickly.
• Do your research: Be skeptical of anyone who claims to be part of a company or think tank where there is little or no information available on the organization.
• Probing questions: Be wary of social media accounts that connect and follow up with a lot of questions pertaining to industry specifics.

“They’ll offer that person an opportunity that is difficult to turn down,” said MacIntyre. “For example — an all-expense paid trip, a high paying new job — all of these can be appealing to people and then once they get that person over into their country to agree to do that, those people are often put in compromising situations or are pressured to provide information that they shouldn’t provide.”

Both experts said it’s best to follow the old adage: if the offer sounds too good to be true, then it probably is. more

Attorney's Wiretap Claims Against Old Firm To Continue

Vrdolyak Law Group LLC must face a proposed class action alleging it recorded the conversations and phone calls of employees without their consent in violation of the Federal Wiretap Act and state laws, a federal court ruled.

Plaintiff Daniel Alholm timely filed his state and federal wiretapping claims against the law firm, Judge Mary M. Rowland of the US District Court for the Northern District of Illinois said Tuesday.

Rowland rejected the firm’s argument that Alholm filed the wiretapping claims after the two-year statute of limitations had run, and denied its motion to dismiss as to those claims. She also dismissed Alholm’s fraud claims against the firm, but affirmed that the court would exercise supplemental jurisdiction over his state law misappropriation of likeness claims.

Alholm alleged that the firm surveilled employees in both its Chicago and Nashville offices, recorded conference calls and employees’ individual calls, and made unethical management and financial decisions. more

Moral: If you are a business that needs to record workplace activity, consult with a law firm that knows the local laws, first.

Cautionary Tale: Secreted Cell Phones

UK - Match of the Day presenter Gary Lineker has laughed off the moment sex noises transmitted by a YouTube prankster disrupted the show's live coverage.

Noises from a porn clip were heard as Lineker presented pre-match build-up before the Wolves v Liverpool fixture.

A frenzied studio hunt uncovered a planted mobile phone - and YouTube prankster Daniel Jarvis claimed he was behind the stunt on Tuesday's show. The BBC apologised to any viewers who were offended.

But Lineker, who later tweeted a picture of the mobile phone he said was "taped to the back of the set", said he thought there was nothing to apologise for. Calling it a "good prank", he said: "As sabotage goes it was quite amusing." more

In another environment a hidden cell phone could well have been used as an eavesdropping bug. 

We're not talking expensive iPhones here. Cheap, mini-sized phones can do the job too. Short-term, quick-drop, and expendable. Another good reason to conduct Technical Surveillance Countermeasures inspections in corporate offices and conference rooms.

PI Surveillance of Hand Injury Plaintiff Becomes 30.1 Billion Lawsuit

Cheap surveillance devices get expensive...

$11M settlement sparks $13.1B suit against American Family Insurance
A new lawsuit seeking billions of dollars in punitive damages claims AmFam and other parties illegally surveilled the plaintiff and her family...

It said that the lawyers hired the PI firm, at AmFam’s behest, to install surveillance devices around Mezqutal’s property and on family vehicles throughout the month of October 2019, or thereabouts.

“The AmFam defendants’ directions to the Martinelli Investigations Defendants included the mandate to have the investigators do whatever they needed to do to get surveillance of the plaintiff,” it said. “This direction was passed on to the Martinelli Investigations defendants by the Baker Donelson defendants.”

The PI defendants “unlawfully entered” Mezquitals’ property and “placed various electronic devices” on her property and two vehicles “to unlawfully record the activities of Plaintiff and her minor children. The electronic devices included at least one hidden video camera and multiple GPS tracking devices.”

The complaint said the PI team strapped a Spypoint Link-Dark “trail cam” digital camera, which is to a tree positioned to “capture plaintiff’s house, vehicles, and a portion of Plaintiff’s driveway. “The view provided by the Spypoint Link-Dark camera is not possible to obtain from a public road or from any other public property, it said. The “unlawful recordings were made without the consent of all persons observed and included photographs, videos, and electronic recordings of the activities of plaintiff and her minor children in a private place that was out of public view.”

The complaint includes claims for invasion of privacy, trespass to realty, trespass to personality, intentional infliction of emotional distress, negligence and punitive damages and seeks joint and several liability for all the defendants. more  (Spypoint camera sales video)

Be Careful What You Fish For

The U.S. accused a Chinese MIT professor of spying. Now cleared, he helped discover what may be the ‘best semiconductor material ever found’

A team of researchers has discovered what the Massachusetts Institute of Technology calls the “best semiconductor material ever found,” even better than silicon, the material used in just about every computer chip on earth.

In July, scientists from MIT, the University of Houston, and other institutions announced they had proved that cubic boron arsenide performs better than silicon at conducting heat and electricity, opening up new possibilities for smaller and faster chips. The team includes China-born professor Gang Chen, the former head of MIT’s Department of Mechanical Engineering, who was the subject of a yearlong investigation by the Department of Justice before the agency dropped espionage charges because of lack of evidence. more

Woman Allegedly Hacked Ex’s Alexa to Scare off New Girlfriend

Double Feature!
An IoT Cautionary Tale...
A Crazy Ex Tale...

A jilted London woman allegedly hacked into her ex-boyfriend’s Amazon Alexa device and used it to scare off his new girlfriend, a report said.

Philippa Copleston-Warren, 45, was accused in a London court of using the virtual assistant to flash the lights inside her former boyfriend’s house on and off and tell his new sweetie to scram after he ended their relationship of two years, The Sun reported.

“The defendant spoke through the Alexa account to tell the complainant’s friend in the property to leave and to take her stuff,” prosecutor Misba Majid told Westminster Magistrates’ Court, according to the newspaper.

“This so distressed the girlfriend, it caused her to cry and she left.”

Copleston-Warren (inset), a management consultant, controlled the device from London, about 130 miles from her businessman ex-beau’s house in Lincolnshire, the paper reported.

She is also accused of hacking her ex’s Facebook account and uploading nude pictures of him. more

Spybuster Tip # 721: Learn how to adjust ALL the features of your digital assistant. This could have been prevented.

Security Management: Which Type of Employee Do You Inspire

Engineer admits he wiped 456 Cisco WebEx VMs after leaving the biz, derailed 16,000 Teams accounts.  

Sudhish Kasaba Ramesh, who worked at Cisco from July 2016 to April 2018, admitted in a plea agreement with prosecutors that he had deliberately connected to Cisco's AWS-hosted systems without authorization in September 2018 – five months after leaving the manufacturer. 

He then proceeded to delete virtual machines powering Cisco's WebEx video-conferencing service... According to prosecutors, Ramesh's actions resulted in the shutdown of more than 16,000 WebEx Teams accounts for up to two weeks, which cost Cisco roughly $1.4m in employee time for remediation and over $1m in customer refunds. more

OR...

Earlier this week, the FBI arrested a 27-year-old Russian citizen for attempting to carry out a ransomware attack against a US company. It turns out that company was Tesla.

According to a complaint shared by the Department of Justice, in July, Egor Igorevich Kriuchkov traveled to the US and contacted a Russian speaking, non-US citizen who was working at the Tesla Gigafactory in Sparks, Nevada. 

After meeting with that individual, Kriuchkov allegedly proposed a deal. He would pay the employee $1 million to deliver malware to computer systems at the Gigafactory...

The employee immediately informed Tesla, and the company contacted the FBI, which launched a sting operation. Agents arrested Kriuchkov in Los Angeles as he was attempting to leave the US. more

Loyal employees can be worth more than you think. Treat them fairly. Make them feel a part of the security effort, and you will have a security army working for you. ~Kevin

Satellite Comms Globally Open to $300 Eavesdropping Hack

Satellite internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. And all they need is $300 worth of off-the-shelf equipment to pull it off...

Essentially what this means is that if they were able to perform an interception, adversaries could eavesdrop on vast sections of the globe. more

Personal Alert: Home Sellers Eavesdropping on Buyers

You never want to reveal too much enthusiasm when home shopping. But now many are giving away their hand before they ever get inside. more