Snooping on Mobile Phones: Prevalence and Trends

Abstract: Personal mobile devices keep private information which people other than the owner may try to access.

Thus far, it has been unclear how common it is for people to snoop on one another’s devices. Through an anonymity-preserving survey experiment, we quantify the pervasiveness of snooping attacks, defined as "looking through someone else’s phone without their permission."

We estimated the 1-year prevalence to be 31% in an online participant pool. Weighted to the U.S. population, the data indicates that 1 in 5 adults snooped on at least one other person’s phone, just in the year before the survey was conducted.

We found snooping attacks to be especially prevalent among young people, and among those who are themselves smartphone users. In a follow-up study, we found that, among smartphone users, depth of adoption, like age, also predicts the probability of engaging in snooping attacks.

In particular, the more people use their devices for personal purposes, the more likely they are to snoop on others, possibly because they become aware of the sensitive information that is kept, and how to access it. These findings suggest that, all else remaining equal, the prevalence of snooping attacks may grow, as more people adopt smartphones, and motivate further effort into improving defenses. more

Business Espionage Alert: Select Your Hotel Carefully

You are a business executive or a member of the government with sensitive data on your laptop computer. You check into a luxury hotel in the United States or in many other countries. Chances are this hotel may be owned by a Chinese company even though it carries a known western brand name. Often such investors get their money directly from the Chinese Government.

You connect your computer to the hotel wifi and you may notice your secure connection can no longer be secure. Ever noticed wanting to send an email using your own domain, and you have to unblock "authentication" to make it work while connected to a hotel network? Did you ever wonder how this could open up your computer data to foreign espionage? You are no longer the only one worrying...

Chinese global investments in tourism, specifically in name brand luxury hotels and resorts is overwhelming. This is the same for Chinese investments in the United States, as it is for Chinese domination in Cuba, South America, India, South East Asia and many African countries...

A review of the Chinese $1.95-billion acquisition of New York's Waldorf-Astoria Hotel in 2014, possibly recognizing that the hotel's role as the official residence of the U.S. ambassador to the United Nations and the frequent lodging for U.S. and foreign dignitaries with business in New York made it a prime target of CFIUS (The Committee on Foreign Investment in the United States). No action by US authorities were taken...

The next time you travel on business, you have sensitive data on your computer that could lead to industrial espionage attacks, or you are a government official with data you don't want to get into Chinese hands, select your hotel carefully. more

Concerns for Energy Espionage Climb

The FBI is warning U.S. energy companies that the oil industry's downturn is increasing their vulnerability to theft of technological secrets.
 
Companies that long have faced the prospect of economic espionage must now be prepared for the possibility that workers who have been laid off could be targeted by foreign entities and competitors wanting to steal intellectual property. 

"FBI investigations indicate economic espionage and trade secret theft against U.S. oil and natural gas companies and institutes are on the rise," according to an unclassified briefing report prepared for the energy industry.

Agents shared the report recently with about 150 energy sector executives, managers and others who gathered behind closed doors at the FBI building... more

How Business Espionage Really Works (Hint, it ain't just computers.)

The Dirty Dozen

1. Trespassing on the property of a competitor.
2. Secretly observing the activities or properties of others.
3. Using electronic eavesdropping equipment.
4. Learning trade secrets by hiring people who work for a competitor.
5. Hiring a spy to get specific information from an other company.
6. Planting an undercover operative on someone else’s payroll.
7. Stealing documents or property (includes electronic documents).
8. Conducting phone negotiations for a license, franchise, or distributorship in order to gain inside information.
9. Gaining information by staging a phony market research study or similar interview project.
10. Bribing. Most forms of bribery are unethical, including those disguised as “gifts”.
11. Blackmailing.
12. Extorting. 

From: Best Practice Guidelines in Business Espionage Controls & Countermeasures
  

Britain's Foreign Secretary Denies Office Cat is a Spy

Britain's foreign secretary Philip Hammond was forced to issue a denial after his own Conservative party colleague claimed the "chief mouser" at the UK's Foreign Office could be a European Union (EU) spy.

Palmerston, a cat that was adopted by the Foreign and Commonwealth Office, had been recently announced as the "chief mouser" to help tackle the problem of mice in the building in central London.

However, as the debate around Britain's membership of the EU heats up in the lead up to the June 23 referendum, a member of the camp in favour of remaining in the economic bloc told the House of Commons yesterday that those in favour of Brexitmay fear Palmerston has not been fully vetted.

"There is a serious point here. Can I ask my right honourable friend whether Palmerston has been security cleared or not... can I ask him, has he been positively vetted by the security service and scanned for bugs by GCHQ? And can my right honourable Friend assure the House –and the more paranoid element in the Brexiters - that he isn't a long term mole working for the EU Commission," Tory MP Keith Simpson asked Hammond.

The foreign secretary chose to the address the bizarre query, claiming Palmerston's attendance record had been impeccable.

He told MPs: "He is definitely not a mole. I can categorically assure my honourable friend that Palmerston has been regularly vetted." more

Survey: Corporate Espionage Rated as a Top Risk - Assessments Become Common

A large number of companies feel the existing security standards, legal, regulatory and compliance frameworks in the industry were not adequate to support corporate security requirements, a survey by PwC India and American Society for Industrial Security (ASIS) said.

The survey revealed that cybercrime and corporate espionage have been rated as two of the most serious threats to organizations in the coming years.

More than half the respondents felt precautionary and preventive measures taken is still not adequate...

The survey also highlighted that about 73 per cent of the respondents felt that the number of security incidents had increased in the past two years and would continue over the next two years.

While five years back physical security assessment was rare and uncommon, today almost 46 per cent of the organizations surveyed conduct a physical security risk assessment once a year, whereas 17 per cent do it monthly. more

New Old News - Official Warning - Wall Wart Eavesdropping Device

(My clients received their warning on January 14, 2015. ~Kevin)

FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.

FURTHER READING

MEET KEYSWEEPER, THE $10 USB CHARGER THAT STEALS MS KEYBOARD STROKES

Always-on sniffer remotely uploads all input typed into Microsoft Wireless keyboards.

The FBI's Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks.

To lower the chances the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers that are nearly ubiquitous in homes and offices.

"If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information," FBI officials wrote in last month's advisory. "Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen." more

Edward Snowden Will Sue Norway

Edward Snowden will sue Norway in an attempt to secure free travel to the country, a Norwegian law firm representing him told Reuters Thursday.

The ex-contractor at the U.S. National Security Agency (NSA) has been invited to Norway to receive an award for his work defending free speech, but his attorneys said he is worried that traveling there would allow the Norwegian government to extradite him to the U.S., where he is wanted on charges of espionage.

The Norwegian branch of the global organization of writers PEN International, which hopes to give Snowden the free speech award, said in a statement that “we will do our utmost to ensure that Snowden may receive the prize in person.” more

Finally, an American Spy is Honored – Show Us the Money

It took nearly a century to get a woman on the front of the $20 bill, but only about a year for a small New Jersey company to contribute a vital two cents to the effort.

Since April 2015, Montclair-based Mosaic Strategies Group has helped manage a website for Women on 20s to make the country's currency co-ed — one that finally paid off big last week when the U.S. Treasury announced Harriet Tubman would replace Andrew Jackson on the $20 bill.

Gov. Chris Christie...
"As long as the $20 bill still works when I hand it to somebody, I quite frankly don't really care who's on it," Christie said Friday. more

True to its nature, Comedy Central’s Drunk History, shed some light on a lesser-known chapter of Tubman’s life in a September 2015 episode entitled “Spies.”

In one segment, ... a slightly inebriated Crissle West relates Tubman’s less-heralded exploits. “Harriet Tubman does not get her just due,” West explains. “You hear her name and think she led the slaves to freedom. But you most certainly do not know that she was a spy for the Union.” more

Did Edison Also Invent Corporate Spying?

He's known for the light bulb, recordings, motions pictures and discoveries too numerous to mention. But did Thomas Edison also condone corporate spying on his enemies? Did he help create corporate espionage? 

While he may not have invented it ... information from one of his employees can certainly be interpreted that way.

McCoy is on the left.

That employee was Joseph F. McCoy, who was hired at 20 years of age to work for the Edison Company. Not much is known about him except some basic details, but as Sloat-Olsen told the story of his jobs over the years, McCoy emerges as a shadowy figure, but influential in numerous ways...

In electric light dealings, companies like American Electric, U.S. Electric Company and Westinghouse were all on Edison's radar, so Sloat-Olsen says McCoy was sent to work at each of those companies, without their knowing he was an Edison employee, to find out about their plans or if they could be bought out. more

Chinese Spy Sentenced to Death... by China

A Chinese man has been sentenced to death for leaking more than 150,000 classified documents to an unidentified foreign power, state television said on Tuesday, offering unusual details of a kind of case rarely mentioned in public.

The man, a computer technician from Sichuan named as Huang Yu, worked for a government department which handled state secrets, but he was a bad employee and was sacked, the report said. more

19 Years Ago: Economic Espionage in America - Booknotes Interview on C-Span

A fascinating video interview with the author of Economic Espionage in America.
As relevant today as it was in 1997.


YouTube.com description: "Industrial espionage, economic espionage or corporate espionage is a form of espionage conducted for commercial purposes instead of purely national security. Economic espionage is conducted or orchestrated by governments and is international in scope, while industrial or corporate espionage is more often national and occurs between companies or corporations." more

Corporate Espionage: Move to Zap Zillo for $2 Billion

One of the most contentious fights in the history of real estate listings is going nuclear, thanks to a “staggering” claim of damages from Move in its trade secret theft lawsuit against Zillow.

According to legal documents obtained by HousingWire, Move, which operates Realtor.com for the National Association of Realtors, is claiming that Zillow owes the company $2 billion in damages over allegations of trade secret theft involving Errol Samuelson, who was once Move's chief strategy officer...

Move filed suit against Zillow after Samuelson left, alleging that Samuelson and Zillow stole trade secrets and proprietary information, and that they then made efforts to cover up the alleged theft...

The original lawsuit alleged breach of contract, breach of fiduciary duty and misappropriation of trade secrets and accused Samuelson of misappropriating trade secret information by acquiring it using improper means, and by copying it without authorization.

“Plaintiffs (Move) have asserted a huge case,” Zillow notes in the legal filing. “They claim $2 billion in damages, assert 46 separate trade secrets (not including the 1000-plus documents claimed as trade secrets in their entirety) and have assigned at least 29 different lawyers to prosecute their claims.”  more

Spy Agency Few Know Gets Free Land for HQ

A US spy agency's new $1.7 billion western headquarters will be constructed in St Louis, Missouri...

NGA Campus East, the headquarters of the agency

The National Geospatial-Intelligence Agency (NGA) hopes to build its new western HQ in north St Louis, where it was offered free land...

So what exactly is the NGA?

The NGA is part of the Department of Defense and works with the CIA and the Air Force to provide intelligence that is largely geographical in nature...

According to the NGA, "anyone who sails a U.S. ship, flies a U.S. aircraft, makes national policy decisions, fights wars, locates targets, responds to natural disasters, or even navigates with a cellphone relies on NGA." more

Scary Password Stats

Market Pulse Survey 

Click to enlarge.

Reveals Growing Security Negligence in the Workplace 
Despite Employees’ Concern Over Risk to Personal Data 
more 

Yes, 1 in 5 would sell their passwords... and it only take one to spring a leak.  ~Kevin

Business Espionage: Guaranteed Rate Hit with $25M Judgment

A jury awarded Mount Olympus Mortgage Co. more than $25 million in a lawsuit alleging "corporate espionage" by former employee Benjamin Anderson and his new employer, Guaranteed Rate.

Anderson and another former Mount Olympus originator who now works for Guaranteed Rate, Brian Decker, were accused of stealing loan files, borrower information and other proprietary data from the Irvine, Calif.-based lender.

"The purpose of the scheme was to divert hundreds of MOMCo loan customers to Guaranteed. The Individual Defendants misappropriated MOMCo's confidential and proprietary information and directed MOMCo customers to Guaranteed," the lawsuit, filed in an Orange County, Calif., superior court, reads.

The complaint alleges the pair acted with the encouragement of Chicago-based Guaranteed Rate. more

The Puzzling Case of Corporate Espionage

Chris Wirth started Liberty Puzzles just over a decade ago as a sort of homage to his childhood and to the original wooden puzzles of the 1930s...

...Liberty’s sales back up the idea that puzzles are popular again. Liberty has grown considerably every year since it opened up shop. Lately, though, its puzzles have been so popular it’s “overwhelming,” says Wirth. But when we asked him how many puzzles the company sells each year, he declined to reveal anything. “We’ve been the victim of corporate espionage,” he says. Like people scouting out its Boulder, Colorado factory operations and stealing precious information. Who knew puzzle intelligence operatives were a thing? more

Apple Concerned About Spy Tech Being Added to Servers

Apple's huge success with services like iTunes, the App Store, and iCloud has a dark side.

Apple hasn't been able to build the all the data centers it needs to run these enormous photo storage and internet services on its own. And it worries that some of the equipment and cloud services it buys has been compromised by vendors who have agreed to put "back door" technology for government spying... more

Is Your Wireless Keyboard & Mouse Vulnerable to Eavesdropping? Better check...

Some of the computer dongles that come with wireless keyboards and mouses may offer hackers a fairly simple way to remotely access and take over your computer, according to a new report from Internet-of-things security startup Bastille.

Click to enlarge.

Atlanta-based Bastille says it has determined that a number of non-Bluetooth wireless keyboards and mouses from seven companies—including Logitech, Dell, and Lenovo—have a design flaw that makes it easy for hackers from as far as about 90 meters away to pair with the dongle that these devices use to let you interact with your computer. A hacker could do things like control your computer or add malware to the machine.

In tests, the company found around a dozen devices that were susceptible to the flaw, which it’s listing online. more

PS - In addition to stealing keystrokes, this technique can also be used to inject keystrokes into the victims keyboard.  ~Kevin

Goverment Level TEMPEST Hack Keeps Dropping in Price

Researchers from Tel Aviv University and Technion have...found a way to steal data from air-gapped machines while their equipment is in another room.

“By measuring the target's electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall,” Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer write in a recently published paper...

“The attack in its current form uses lab equipment that costs about $3000...
“The attacks are completely non-intrusive, we did not modify the targets or open their chassis"

The equipment used included an antenna, amplifiers, a software-defined radio, and a laptop. This process was being carried out through a 15cm thick wall, reinforced with metal studs, according to the paper. more