Stop Working for Russia, Britain Tells its Private Spies

The British government has warned the country’s burgeoning private intelligence and security industry to stop doing work for hostile states like Russia, China and Iran.

In new guidance for security professionals published this week, the U.K. Home Office said such work risks breaking tough new national security laws — and could even see pros sent to prison for up to 14 years...

It suggests companies should “strongly consider” turning down work if a potential client works for a foreign state’s public sector, fails to provide sufficient information about their identity, or asks them to gather sensitive information. more

Secret Recordings Reveal Sister's Sad Schadenfreude Shortcoming

 via The New York Times...

My sister revealed that she often records phone conversations that she has with our father without his knowledge. She says she does it because he is so “funny,” i.e., eccentric, but I get the impression that she is laughing more at him than with him.  I find his conversations less humorous than distressing, since he is often, at the best of times, in a state of heightened psychological dysregulation and anxiety, and the pandemic has just made things worse.  Because of my sister’s behavior, my niece has grown up thinking there’s nothing wrong or unethical with recording conversations without the other person’s knowledge or consent and has herself started to do this.

When I found out what my sister was doing, I was uneasy and told her that it was illegal to record someone without their consent. Her rapid retort was, “It’s not in New York,” where she lives, as if that made it OK. more

Security Management: Which Type of Employee Do You Inspire

Engineer admits he wiped 456 Cisco WebEx VMs after leaving the biz, derailed 16,000 Teams accounts.  

Sudhish Kasaba Ramesh, who worked at Cisco from July 2016 to April 2018, admitted in a plea agreement with prosecutors that he had deliberately connected to Cisco's AWS-hosted systems without authorization in September 2018 – five months after leaving the manufacturer. 

He then proceeded to delete virtual machines powering Cisco's WebEx video-conferencing service... According to prosecutors, Ramesh's actions resulted in the shutdown of more than 16,000 WebEx Teams accounts for up to two weeks, which cost Cisco roughly $1.4m in employee time for remediation and over $1m in customer refunds. more

OR...

Earlier this week, the FBI arrested a 27-year-old Russian citizen for attempting to carry out a ransomware attack against a US company. It turns out that company was Tesla.

According to a complaint shared by the Department of Justice, in July, Egor Igorevich Kriuchkov traveled to the US and contacted a Russian speaking, non-US citizen who was working at the Tesla Gigafactory in Sparks, Nevada. 

After meeting with that individual, Kriuchkov allegedly proposed a deal. He would pay the employee $1 million to deliver malware to computer systems at the Gigafactory...

The employee immediately informed Tesla, and the company contacted the FBI, which launched a sting operation. Agents arrested Kriuchkov in Los Angeles as he was attempting to leave the US. more

Loyal employees can be worth more than you think. Treat them fairly. Make them feel a part of the security effort, and you will have a security army working for you. ~Kevin

Eavesdropping — at the Ian Potter Museum of Art Melbourne

WHAT: Eavesdropping — Tue, 24. July–Sun, 28. October 2018
WHERE: Ian Potter Museum of Art, Melbourne, Australia
ADMISSION: Free

Eaves­drop­ping is a unique col­lab­o­ra­tion between Liquid Archi­tec­ture, Mel­bourne Law School and the Ian Potter Museum of Art, com­pris­ing an exhi­bi­tion, a public pro­gram, series of work­ing groups and tour­ing event which explores the pol­i­tics of lis­ten­ing through work by lead­ing artists, researchers, writ­ers and activists from Aus­tralia and around the world.

EAVES­DROP­PING used to be a crime. Accord­ing to William Black­stone, in his Com­men­taries on the Laws of Eng­land (1769): ​‘eaves­drop­pers, or such as listen under walls or win­dows, or the eaves of a house, to hear­ken after dis­course, and there­upon to frame slan­der­ous and mis­chie­vous tales, are a common nui­sance and pre­sentable at the court-leet.’

Click to enlarge

Two hun­dred and fifty years later, eaves­drop­ping isn’t just legal, it’s ubiq­ui­tous. What was once a minor public order offence has become one of the most impor­tant politico-legal prob­lems of our time, as the Snow­den rev­e­la­tions made abun­dantly clear. Eaves­drop­ping: the ever-increas­ing access to, cap­ture and con­trol of our sonic worlds by state and cor­po­rate inter­ests. But eaves­drop­ping isn’t just about big data, sur­veil­lance and secu­rity... more

Listening In: Cybersecurity in an Insecure Age (book)

A compelling case for the need to secure our data, explaining how we must maintain cybersecurity in an insecure age.

Tufts University professor Susan Landau has a long and distinguished background in computer security and policy that includes several books on wiretapping and surveillance...

In Listening In: Cybersecurity in an Insecure Age, Landau considers the changing world in which law enforcement must operate with exceptional clarity. She begins with a brief history of cybersecurity. The first known cyberattack was in 1986, when Clifford Stoll began trying to understand a 75-cent discrepancy in computer time; he told the story in detail in his book The Cuckoo's Egg.

The next, and the first proper internet attack -- although it wasn't really intended as such -- was the 1988 Internet Worm. Despite these early warnings, Landau writes, quoting from a US government report, "security lost to convenience in the 1980s. And then it kept on losing". It wasn't until 2008 that cyber-threats began to be taken seriously. more

FutureWatch: Eavesdropping... telepathically

Mary Lou Jepsen believes her technology will be 99.9% cheaper than MRIs (that’s an actual estimate, not a euphemism); radically smaller (the size of a ski cap, not a bedroom); and that its resolution will exceed that of MRIs by a factor of a billion. Yes, that’s an actual “b,” not a typo. And the really cool thing? Her creation might also enable telepathy.

If your mind rebels at the scale of these claims, reread Mary Lou’s credentials, then give an interview with her a listen. You can hear it by searching “After On” in your favorite podcast app...

Here’s where telepathy comes in...

Neurons range from 4 to 100 microns in diameter. This makes them invisible to MRIs, CAT scans, PET scans – pretty much anything other than a scalpel and a microscope. But Mary Lou’s technology could monitor them, if it delivers on its maximum promise. Add some clever machine learning, and the system could closely infer what those neurons are contemplating.

Might all this raise an ethical issue or two? To quote a one-time would-be VP, yooooou betcha! more

Slick and Wise Espionage Ethics Discussion

NM - Two former U.S. intelligence officials will discuss the cloak-and-dagger world of espionage and the difficult ethical dilemmas it poses for U.S. spies at a lecture in Albuquerque on Feb. 25.

Stephen Slick, director of the University of Texas at Austin’s Intelligence Studies Project, and Douglas Wise, retired senior CIA operations officer, will wrestle with the question of whether a profession that requires lying, cheating, stealing, manipulating, exploiting and deceiving should have ethical boundaries. In a Journal interview, Slick said every potential intelligence officer must answer that question for themselves, and that their ultimate responsibility is adhering to U.S. and international law.

The panel discussion – part of the Albuquerque International Association’s ongoing lecture series – is Sunday, Feb. 25, from 3 p.m. to 5 p.m. at the UNM Continuing Education Auditorium.

Slick said the subject of espionage and ethics is popular among his students, who are often contemplating careers in intelligence. more

Seoul Trained Trackers, or Party Police Bugged

South Korea - One maintenance office of a Seoul apartment complex is in hot water after it took its investigation into noise complaints one step too far.

According to residents and security personnel, during a recent five-day period, the maintenance office dispatched security guards to investigate the source of excessive noise among suites on floors 9 through 15 in one building. The guards, deployed from midnight to three in the morning on the apartment corridors, were armed with sound amplifying equipment.

“Throughout the course of the investigation, I ended up listening to the conversations of the residents in each suite, even though I didn’t want to,” one security guard said. “Problems of excessive noise should be resolved through legal and appropriate means, but I think that using a sound amplifier that can result in an invasion of privacy is taking things too far.” more

Are Google and Amazon Patently Eavesdropping?

Patent applications from Amazon and Google revealed how their Alexa and Voice Assistant powered smart speakers are 'spying' on you.
The findings were published in a report created by Santa Monica, California based advocacy group Consumer Watchdog.

The study warns of an Orwellian future in which the gadgets eavesdrop on everything from confidential conversations to your toilet flushing habits...

The study found that digital assistants can be 'awake' even when users think they aren't listening...

In fact, the devices listen all the time they are turned on – and Amazon has envisioned Alexa using that information to build profiles on anyone in the room to sell them goods. more

Spy Store Helps You Be Big Brother

You're not paranoid: Someone may be watching you. Friday's opening of Spysite.com's first New Jersey store, on Route 23, is the proof.

The new location specializes in covert surveillance. Got an overbearing boss? They'll sell you a pen that will secretly record him. Suspect your neighbors are stealing your packages? Owner Grant Huber can sell you a camera and tell you where to hide it so no one suspects...

Employees will show buyers how to use all the gadgets they sell. more

Fun fact: Radio Shack employees were not allowed to instruct customers how to spy using their merchandise. For the answer as to why, click here. ~Kevin

A TSCM Cautionary Tale - The All Blacks Affair

Background... A security consultant for the All Blacks rugby team announces he found a bug in a meeting room chair seat cushion. The arrest. And now, the trial...

An upholsterer called as a witness in the All Blacks bugging trial told a Sydney court he didn’t find any evidence of “tampering” or “reupholstering” when he inspected a chair allegedly used to conceal a listening device in the lead up to the Bledisloe Cup.

All Blacks security consultant Adrian Gard has denied making up claims he found the bug concealed in a chair in the All Blacks’ meeting room at the InterContinental Hotel in Double Bay in August 2016.

Mr Gard has pleaded not guilty to making a false representation resulting in a police investigation into the bug...

All Blacks team manager Darren Shand told the court last week Mr Gard on August 15, 2016, showed him two chairs which he claimed had given off abnormal readings during a bug sweep in the meeting room. Mr Shand said he could see what looked like a listening device. more

Why should you care?
• Not all TSCM "experts" are honest. (I'm shocked!)
• Reputation and experience matters.
• Ignore the smooth talk. Check references thoroughly, before letting them in.
~Kevin

This just in... The bugging device found in a chair in the All Blacks' Sydney hotel is sold at a chain of spy stores, a court has heard. Technician Mark Muratore told Downing Centre Local Court on Wednesday the FM transmitter powered by a nine-volt battery was sold at the Oz Spy chain of stores and on eBay. Mr Muratore told the court about 80 of the FM transmitter devices, known as the RBFM600, were sold each year on eBay and at Oz Spy for $120 (≈$95 usd) each.

Why You Need a Technical Information Security Survey - Reason #413

Reason #413 - Yes, they are out to get you.

Here is a brief excerpt from an Entrepreneur Magazine article I read recently. It's entitled: 



3 Reasons You Should Spy on Your Competition 


"One of the best ways to thoroughly understand your market is to take a look at your competition. By not spying, you are at a significant disadvantage. 

 
Here are three reasons it’s a good idea to spy on your competition…

1. Without spying, it’s impossible to know what you’re up against -- as a result, you can’t completely prepare.
2. It’s easy to do. Don’t be discouraged from spying on your competition by assuming that it is daunting or resource intensive. 
3. It would be wasteful to not spy. Speaking of wasted resources, without spying on your competition it’s very easy to waste time trying to find your ideal market and your reach."

Although the article does not advocate anything illegal, do you really think a budding entrepreneur ingesting this advice will stop after tasting (legal) low-hanging fruits of knowledge? No, forbidden fruit is even more nourishing. They will "ladder up."

Background

There have always been industrial espionage spies and business espionage tricks. Heck, the Industrial Revolution in the U.S. began this way. The Chinese lost their secrets of silk this way.

Spying as a method of getting ahead in business, was not encouraged by the media during most of the 20th Century. Children were taught entrepreneurial ideals, like: hard work, independence, persistence, and inventiveness.

So, how did we get to the point of, "Screw it, let's just spy!”

Corrosion of societal mores is an evolutionary process. Some of you will remember the days when kids had heroes who exemplified moral codes: The Shadow ("The weed of crime bears bitter fruit. Crime does not pay."), Joe Friday (Dragnet), Dan Matthews (Highway Patrol), The Lone Ranger, etc. Others may remember the glamorization of the "good" spy from TV shows like: Secret Agent Man, The Man from U.N.C.L.E., Mission Impossible, and The Prisoner.

These radio and TV shows still languish deep in digital tombs like YouTube; as forgotten as the Greek Chorus. On the bright side, at least these morality plays still exist.

1960’s spy shows spawned a huge market for children’s spy toys. The market remains strong today, and much more technically advanced.

For decades, children have grown up with spy toys. Spy toy manufacturers blatantly promote spying as cool and fun.

The morally strong TV heroes children used to look up to have disappeared. Today’s “Super Hero” has little connection with reality. The good vs. evil dividing line in the plots has become fuzzy. The super heroes themselves are confusing. Dark sides and moral cracks have infected the genre. Several generations of children have been desensitized to spying, and now, as adults, their moral compasses look like Batman fidget spinners.

Today’s Reality

The workplace is now filled with former children who have no compunction about spying. Almost everyone has a spy tool in their pocket that Maxwell Smart could only dream about. And, if one needs a thumb-sized bug that can be listened in on via a cell phone, from anywhere in the world… it can be purchased on eBay for less than $25.00.

Analysis of Business Espionage Today
   • Risk level: Low.
   • Reward level: High.
   • Why people spy in the workplace:
          - Money.
          - Power.
          - Sex
   • Surveillance Tools:
          - Inexpensive.
          - Readily available in spy shops and 
on the Internet.
          - Untraceable when purchased from 
foreign countries.

Other Contributing Factors…

• The mores about eavesdropping and espionage have changed.
• Increased competitive pressures placed on employees, consultants and businesses force ethics bending.
• Media glorification presents spying as sexy and justifiable.
• Since the 60's, spy toys and games have been actively promoted to children as being fun and acceptable. Children grow up.

“We don’t need a Technical Information Security Survey. We’ve never had a spying issue here.”

How would you know?
 
Spy Rule #1 - Stay undetected. 
By definition, successful espionage goes undetected, only failures become known.


If you ignore business espionage, or decide to take a “risk-assessment” gamble, you will never know if you’re bleeding information. (Parasites don’t alert their hosts.)

Business espionage can be forced to fail.
Actively look for:

• evidence of information loss,
• evidence of electronic surveillance: audio, video and data,
• information loss vulnerabilities in: the workplace, your transportation, your home office, and at off-site meeting venues,
• loopholes in your perimeter security,
• decaying or broken security hardware, upon which you rely,
• information security policies employees no longer follow,
• information security vulnerabilities inherent in normal office equipment,
• and, an independent security consultant, whose specialty is the Technical Information Security Survey, to do this for you.

Vigilant organizations conduct these surveys during off-hours, on a quarterly basis. Diligent organizations tend to have their surveys conducted biannually. Negligent organizations, well, they just have their pockets picked. The point is re-inspections limit windows-of-vulnerability. They also cost less.

An independent consultant’s report is proof of the organization’s due diligence, and may be very helpful in showing enhanced duty of care for trade secrets and other sensitive information in legal settings.

Considering what is at stake, a Technical Information Security Survey is very economical insurance, even better than insurance… it can prevent losses in the first place. Add it to your security program.

The 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones

John* tapped out a simple text message to his wife in January 2016. "I love you," it read.

But this wasn't the only message she saw. Unbeknownst to John, his wife had bugged his smart phone. She was spying on John, eavesdropping on all of his texts and multimedia messages, and tracking his every move through the device's GPS...

John is just one of tens of thousands of individuals around the world who are unwitting targets of powerful, relatively cheap spyware that anyone can buy. Ordinary people—lawyers, teachers, construction workers, parents, jealous lovers—have bought malware to monitor mobile phones or computers, according to a large cache of hacked files from Retina-X and FlexiSpy, another spyware company.

The breaches highlight how consumer surveillance technology, which shares some of the same capabilities and sometimes even the same code as spy software used by governments, has established itself with the everyday consumer. more

Spying Feeds the Monkeys ...in real life

Do Not Feed The Monkeys: Voyeuristic Spying Game Launches In 2017

from the press release...
“We all have a natural tendency to wonder about other people’s lives. Sometimes the best stories are kept secret … all in the name of privacy. It begs the question: Why miss out on life’s best experiences because they’re not your own? We’re trying our hand at an answer with Do Not Feed the Monkeys. Hope you enjoy the ride!” more

Chatty Kathy's Grandkids May be Criminals

Internet-connected toys pose privacy risks to children, and their parents often aren’t aware, according to advocacy groups for children and consumers.

A complaint filed Tuesday with the Federal Trade Commission alleges that two talking dolls—My Friend Cayla and I-Que Intelligent Robot, both made by Genesis Toys Inc.—collect and use personal information from children in violation of rules prohibiting unfair and deceptive practices.

The complaint was drafted by several groups, including the Campaign for a Commercial Free Childhood, a coalition of groups dedicated to ending child-targeted marketing, and Consumers Union. The groups also filed complaints with data protection, consumer protection and product safety regulators for the European Union, France, the Netherlands, Belgium, Ireland and Norway. more grandma

Yahoo Email'ers Fed-Up with Hacking and Spying Find Forwarding Door Locked

After back-to-back revelations that hackers had compromised a staggering 500 million Yahoo Mail accounts and that the company had complied with a US government request to open incoming emails for surveillance, 

some users are having a hard time switching to any of Yahoo's competitors.

While it remains unclear how many users intend to leave over the privacy concerns and bad publicity, several told the Associated Press that their ability to do so has been hampered since the beginning of the month, when Yahoo disabled its automated email-forwarding option.

Those who had already set up their forwarding are unaffected, but those who wish to begin forwarding messages now are unable. more

Med Students Caught Cheating with Spycams & Smart Watches

A top Thai medical college has caught students using spy cameras linked to smartwatches to cheat during exams in what some social media users have compared to a plot straight out of a Mission: Impossible movie.

Key points:

• Thai students caught using spyglasses to send images of exam questions to accomplices
• Accomplices sent answers back to students' smartwatches
• Students paid 800,000 baht ($31,000) for equipment, answers

Arthit Ourairat, the rector of Rangsit University, posted pictures of the hi-tech cheating equipment on his Facebook page, announcing that the entrance exam in question had been cancelled after the plot was discovered.

Three students used glasses with wireless cameras embedded in their frames to transmit images to a group of as yet unnamed people, who then sent the answers to the smartwatches.

Mr Arthit said the trio had paid 800,000 baht ($31,000) each to the tutor group for the equipment and the answers.

"The team did it in real-time," Mr Arthit wrote. more

Why Blackberry is No Apple

BlackBerry appeared Monday, April 18, to acknowledge it helped Canadian federal police crack a Montreal crime syndicate that had been using its messaging system,

while insisting its smartphone security remains impenetrable.

In a blog post, BlackBerry chief executive John Chen reiterated the company's long-held stance "that tech companies as good corporate citizens should comply with reasonable lawful access requests."  more

SeaWorld Admits Employees Spied

SeaWorld admits employees posed as animal activists to spy on critics...

Multiple SeaWorld employees posed as animal-welfare activists so they could spy on critics, the company admitted Thursday.
The acknowledgment comes seven months after People for the Ethical Treatment of Animals accused SeaWorld of spying. The animal-welfare group, which has waged an intense campaign against SeaWorld, went public with evidence that a San Diego employee attended protests and made incendiary comments on social media while posing as an activist.

Reading from a statement while speaking with analysts, Chief Executive Officer Joel Manby said SeaWorld's board of directors has "directed management to end the practice in which certain employees posed as animal-welfare activists. more

"Official? Nah, I'm just hanging out here."

UK government wants to send tech companies officials to jail 

for disclosing snooping details on users.

Under a new sweeping law, many tech companies like Twitter, Yahoo and Google may face prison if they tip off their customers about spying operations by police and the security services.

These tech giants have a policy of notifying users when it’s suspected that a state-level actor is attempting to hack into their account. Twitter, Facebook and Google had previously assured their users that they would also warn them of any potential government spying. more