How to Drive Artificial Intelligence Surveillance Cameras Nuts

In order to deceive surveillance cameras, a fashion designer and hacker has developed a new clothing line that allows people camouflage themselves as a car in the recordings.

The garments are also covered with license plate images that trigger automated license plate readers, or ALPRs, to inject junk data into systems used to monitor and track civilians. more

Business Security Trend: Proactive Information Security... Legislated by law!

via Brian G. Cesaratto, Epstein Becker Green
New York is the latest state to adopt a law that requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect that information.

New York now joins California, Massachusetts and Colorado in setting these standards. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training and incident response planning and testing. 

Businesses should immediately begin the process to comply with the Act’s requirements effective March 21, 2020.

Notably, New York’s law covers all employers, individuals or organizations, regardless of size or location, which collect private information on New York State residents.

In order to achieve compliance, an organization must implement a data security program that includes:

• reasonable administrative safeguards that may include designation of one or more employees to coordinate the security program, identification of reasonably foreseeable external and insider risks, assessment of existing safeguards, workforce cybersecurity training, and selection of service providers capable of maintaining appropriate safeguards and requiring those safeguards by contract;
  
• reasonable technical safeguards that may include risk assessments of network, software design and information processing, transmission and storage, implementation of measures to detect, prevent and respond to system failures, and regular testing and monitoring of the effectiveness of key controls; and

• reasonable physical safeguards that may include detection, prevention and response to intrusions, and protections against unauthorized access to or use of private information during or after collection, transportation and destruction or disposal of the information.

 

FREE: "Top Secret: From Ciphers to Cyber Security" GCHQ Exhibit in London

Historic gadgets used by British spies will be revealed for the first time later this week, as one of the country's intelligence agencies steps out the shadows to mark its centenary -- and to educate people about the risks of cyber-attacks.

The Government Communications Headquarters (GCHQ) will hold an unprecedented exhibition at London's Science Museum, taking visitors through 100 years of secret conversations and eavesdropping...

A prototype of the Enigma cipher machine used by the Germans will be on display. But the standout exhibit at this new exhibition is the 5-UCO machine developed in 1943 to send decrypted German messages to officers in the field...

"Top Secret: From Ciphers to Cyber Security" opens to the public on Wednesday and runs until February 2020. more

FREE but must book ahead: Science Museum, Exhibition Road, South Kensington, London SW7 2DD  ~Kevin

Eavesdropping and TSCM Trends Track Each Other

Conclusion: As organizations and individuals realize that electronic eavesdropping is escalating, they search for Technical Surveillance Countermeasures (TSCM) services, aka bug sweeps.

FREE - Security Message Screen Savers

Security Message Screen Savers

• Reminders work.
• Put your idle computer screens to work.
• Three backgrounds to choose from, or commission custom screens.
  

High Profile Executives — A Company’s Most Vulnerable Target

High-profile people—executives, the board of directors, and other leaders—are privy to sensitive information that cybercriminals lust after which makes them primary targets... 

FBI statistics show that defrauding CEOs is a “$12 billion scam.” When private information about these high-net-worth individuals gets exposed, it carries a high degree of risk for that individual and their business alike. It might even include threats against the executive’s own physical security or that of their family...

When information is readily available about a wealthy person, bad actors have more leverage to compromise them. Consider that Facebook’s board of directors recently granted Mark Zuckerberg a $10 million yearly allowance to security. That money goes to personnel, equipment, and services needed to keep him and his family safe by maintaining vigilance across both physical and digital realms. more

To Catch a Spy - The Art of Counterintelligence

Longtime Central Intelligence Agency operative and former CIA chief of counterintelligence James “Jim” Olson delivered a talk on his career experiences and challenges Tuesday night to a near-capacity crowd at the Annenberg Presidential Conference Center.

Earlier this year, Olson released a book, To Catch a Spy: The Art of Counterintelligence, which he said is rooted in his three decades in the arena of counterintelligence. It offers “a wake-up call,” in Olson’s words, for the American public about why counterintelligence matters, and why America must protect its trade and national security secrets.

Olson said 50 countries are known to be spying against the U.S. currently. “The worst culprit, by far, is China — followed by Russia, Cuba and Iran,” he said.

“In my 31-year career in the CIA, I saw evil face-to-face more often than I care to remember,” Olson said. “People I knew and trusted — people I considered friends — betrayed us, and their treachery was close to me. It was personal, and indescribably painful. The damage that these traitors did to our country was devastating.” more

Protecting Confidential Information - The Japanese Model

Japan - The government is making every effort to keep information on the new Imperial era name secret until its announcement Monday and officials are even checking plants inside the Prime Minister’s Office for possible bugging devices...

The government will ask members of the expert panel, parliamentary leaders and Cabinet ministers not to bring any recording devices, including smartphones, into the rooms where the new era name will be presented and not to leave there before the announcement.

The government plans to check the belongings of panel members before they enter the Prime Minister’s Office and have government personnel escort them to restrooms so they will not make any contact with outsiders. more

Facebook - Also Concerned About Their Privacy

Nick Lovrien, the tech behemoth's chief global security officer, said in an interview...

"We work to protect intellectual property in many ways, and that's everything from making sure [employees'] computer screens on airplanes are covered so people don't accidentally share information they're not supposed to, to accidentally leaving things on the printers ... to white boards being cleaned at night," Lovrien said, adding that Facebook has additional systems in place "that identify if people are inappropriately accessing information they shouldn't have."

That's not just a theoretical risk. In the last six months, two Chinese Apple employees working on the company's secretive self-driving car project have been charged with stealing the iPhone maker's trade secrets...

Business Insider has spoken with numerous current and former employees and reviewed internal documents for an in-depth investigation into how Facebook handles its corporate security.

Sources described a hidden world of stalkers, stolen prototypes, state-sponsored espionage concerns, secret armed guards, car-bomb concerns, and more. Today, there are a staggering 6,000 people in Facebook's global security organization, working to safeguard the company's 80,000-strong workforce of employees and contractors around the world. more

Ultrasonic Microphone Jammers — Do They Really Work?

It’s a question I get asked occasionally when one of our clients sees one of these devices being advertised on the internet.

Who can blame them for asking? The ads claim they can stop microphones from working properly. Instant privacy from electronic eavesdroppers, and anyone who is attempting to record your conversations.

Finally, Kryptonite for microphones!?!? Wow, how does that work?

The ultrasonic microphone jammer explanation is really simple... more

Business Espionage – A Cunning Protection Plan to Protect us and U.S.

We are bombarded with news stories and court trials tornado-ing around Chinese spies. They’re everywhere. Collecting everything. They are such a fixture in and around our hapless businesses that it only seems right to offer them health insurance, a pension plan, cookies and milk.

But wait. Let’s think this through.

Aren’t these the folks who had the secrets of silk stolen from them by Justinian I? Humm, could this be why great neckties are made in Italy, not China? Even their espionage death penalty law couldn’t protect them. Boom! Business espionage devastated their economy.

I also recall a dude from the UK, Robert Fortune, sort of an early 007. He was sent to steal the secrets of tea production from… Have you guessed yet? China! That caper is now know as The Great British Tea Heist. Boom! Business espionage devastated their economy yet again.

Oh, and what about the Chinese secret of making porcelain? A French Catholic priest stole that one. BOOM!! I could go on and on. Gunpowder, paper, etc. Bing! Bam! BOOM! 

Feeling sorry for China yet? Don’t. They are making up for it, right now. The disk drive that just started whirring in your computer… it might be them.

And, don’t think this is just some cosmic Yin and Yang, great mandella, or as we say here in New Jersey, “What goes around, comes around.” No, that explanation is too simplistic, not to mention fatalistic. There is more to this industrial espionage business. The circle is bigger. This is history repeating itself, over and over and over, but I think I have the solution... more

Tired of Smartphone Security Vulnerabilities? Go Dumb!

Punkt - The MP02 is significantly more complex than the MP01, so we have teamed up with BlackBerry to keep it secure. BlackBerry adds enhanced security to the device at the point of manufacture, which means the MP02 is hardened and highly secure. With BlackBerry’s integrated software components, the MP02 will be built with security from the start so you can trust that your data will be safe. more

The new Nokia 3310 2.4” polarized and curved screen window makes for better readability in sunlight. Remember when you could leave the house without a charger? Well, with the Nokia 3310, you can. It comes with a long-lasting battery, so you can talk all day, or leave the phone on standby for up to a month. When needed, a Micro-USB port makes charging simple. more

The Light Phone 2 is a 4G LTE phone with a beautiful black & white matte display. It's a more reliable, durable, and practical phone than its predecessor. It brings a few essential tools to the Light Phone, like messaging,  an alarm clock, or a ride home, so you can leave behind your smartphone more often... or for good. We call this experience 'going light'. more (An indiegogo project at the moment.)

Another dumb phone, the Alba Flip fits right between the borderline-brain-dead dumbness of the Light Phone and the smarter-than-you’d-think trickery of the Nokia remakes. Plus, it's a flip phone, which you've got to love. The Alba Flip is not designed to be a basic phone. Alba are a brand designed for those who struggle with conventional mobile phones, either through technophobia or because of visual impairments. more (Warning: 2G only which is becoming harder to rely upon as it is phasing out. In the U.S. that means T-Mobile 2G.)


And, the dumbest one I've ever used... The BM70 is the smallest phone which supports 4G network. With built-in Micro SIM card slot, it can store 250 contact numbers. Not only a mini cell phone, also a Bluetooth earphone more (Only $12.99, and yes it really works.) ~Kevin

If you don't go dumb, go smart, and smarter.

Shred Bin Security – Yours Stinks – Fix it for Free

Shred Bin Security — How to upgrade it... probably for free!
If you have a sizable contract with a shredding company, keep reading.
 
The Shred Bin Security Conundrum

Your organization realizes they need help getting rid of their wastepaper. Some of it can be recycled. Easy. There are plenty of recycling companies around. Some of it, however, contains sensitive information that must be destroyed.

So, you contact your local "I-Rip-A-Part" shredding company.

You are offered your choice of two shred bin styles, if you are lucky. The elegant particle board beige box, or the converted garbage can.

Both scream security joke. But hey, they only gave you two choices. So, you take what "I-Rip-A-Part" gives you. After all, it's their business. They know best.

Your employees may not laugh out loud, but they get the message. Management either doesn't know much about shred bin security, or they only care enough to make it look like they are doing their due diligence. The result...

Pretty soon these start popping up.

 

Who's laughing now?
Just the office snoops, competitive intelligence professionals, activists, news media, hackers, etc.

Let me provide some background before providing a workable solution. The crummy shred bin issue is a problem for most U.S. based organizations.

The problem has two roots:

1. A lack of understanding about information security on the part of the confidential information custodians.
2. Shredding companies preying on this ignorance to maximize their profits. (Number one allows number two.)

Most shred bins being provided by shredding companies are nothing more than security theater; a mental bandage playing to the threat. They are inexpensive, ineffective, and won't prevent any semi-espionage adept person from taking what's inside. 

Attacks include: unscrewing the cabinet, picking the cheap lock, sticking a $8.00 flexible grabber through the slot, bending the plastic lid back, or pulling the inner liner bag through the slot... more

Counterespionage Checklist: How to Be Safe on the Internet

An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go. more  Scott Adams

Protecting Trade Secrets in Court Requires Special Security, Like TSCM

Federal prosecutors said a Chinese national employed by an Oklahoma petroleum company has been charged with stealing trade secrets.

Authorities said Hongjin Tan, 35, is accused of stealing trade secrets from his unnamed U.S.-based employer that operates a research facility in the Tulsa area.

An affidavit filed by the FBI alleges that Tan stole trade secrets about an unidentified product worth between $1.4 and $1.8 billion to his employer to benefit a Chinese company where Tan had been offered work. more

Gal Shpantzer, SANS NewsBites news editor notes... "Have you discussed the concept of trade secrets with your legal counsel? Trade secrets are only legally protected if you secure them in a certain manner, above and beyond normal confidential data. www.justice.gov: Reporting Intellectual Property Crime: A Guide for Victims of Copyright Infringement, Trademark Counterfeiting, and Trade Secret Theft (PDF)

Judge: "When did you last check for bugs?"

TSCM - Technical Surveillance Countermeasures

Security Director Alert - Well Produced Information Security Awareness Videos for Employees

Foreign intelligence entities, which may include foreign governments, corporations, and their proxies, are actively targeting information, assets, and technologies that are vital to both U.S. national security and our global competitiveness. 

Increasingly, U.S. companies are in the cross-hairs of these foreign intelligence entities, which are breaching private computer networks, pilfering American business secrets and innovation, and carrying out other illicit activities.

The National Counterintelligence and Security Center is dedicated to raising awareness among government employees and private industry about these foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard that which has been entrusted to their protection.

The following products will enable personnel to better understand these threats and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access. It will also serve to help them protect their personal, confidential information that may be used by others to gain their trust. more

Videos:
Social Media Deception Trailer
Social Media Deception
Social Media Deception Full Video
Social Engineering
Spear Phishing (30 second trailer)
Spear Phishing 2017
Spear Phishing Full Video
Travel Awareness
Human Targeting
Supply Chain Risk Management
Economic Espionage  (True story.)

Quote of the Week

"It’s generally the government’s view that corporations are as responsible for their own information technology security as they are for their own physical security." — Dick Fadden, former national security adviser to Stephen Harper and past director of the Canadian Security Intelligence Service (CSIS)

A First Step Toward Making Counterespionage Actually Work

Pennsylvania High Court Finds Duty to Safeguard Employee Information

In Dittman et al. v. UPMC, the Pennsylvania Supreme Court ruled that employers have an affirmative legal responsibility to protect the confidential information of their employees. In reversing two lower court decisions, the justices ruled that by collecting and storing employees' personal information as a pre-condition to employment, employers had the legal duty to take reasonable steps to protect that information from a cyber attack. more

It's a small step, but... My cunning plan to really protect sensitive information may be catching on. The plan is explained in these two posts from about five and a half years ago...

A Cunning Plan to Protect Us from Business Espionage - March 21, 2012

Espionage Outrage Reaches the Boiling Point ...and a solution. - April 5, 2012

M, I, See... see you real soon...

The park around Lake Eola offers a great view of the downtown skyline, but Orlando police said someone's been peeping into some of the apartments closer than the naked eye can see with either a super high-powered camera or a drone.

"I don't even think about people watching me or anything like that. So, to me, that's just mind-blowing, honestly,” said downtown resident Mary Pericles.

Women who live in The Waverly and Post Parkside apartments say they've seen a drone flying outside their windows at least three times. more

More Than 200 Companies Making Counter-Drone Systems

The ability of unmanned aerial vehicles to fly legally over fences, walls and property lines is disrupting more than just the few industries that use drones commercially. 

As the drone market grows, so does the anti-drone market. The market for products that track, trap or break unmanned aerial vehicles (UAV) is growing alongside the market for drones, much of it driven by fear that UAVs could be weaponized by terrorists or used as platforms for corporate espionage.

This is less far-fetched than it sounds. One tech industry executive told Semiconductor Engineering that he recently found a drone hovering outside his 45th-floor hotel room in Shanghai. He immediately closed his laptop computer.

“There is a laundry list, more than 200 companies, making counter-drone systems of one kind or another, and they do market mitigation capabilities that most people can’t use,” Michael Blades said. “But drones are cheap to get, easy to fly, and are not always easy to see. So if a company is concerned about trade secrets, or even just about the security to know if there’s anyone around taking pictures, they might look into countermeasures.” more