Heineken and Shell Linked to Massive Espionage Scandal in Italy

Dutch beer brewer Heineken and Anglo-Dutch fossil energy company Shell have been linked to a major espionage scandal ongoing in Italy. The Italian company Equalize is accused of stealing and selling tax data and police information on Italian politicians and businessmen, among others, to its customers. Heineken and Shell were among those customers, NRC reports.

On paper, Equalize provides services like business intelligence and reputation management. It conducts research into the reliability of suppliers, the position of competitors, or misconduct by customers’ staff. Under the counter, Equalize also sold confidential data gained from hacking into police systems, the Italian tax authorities’ systems, and the reporting center for suspicious bank transactions, according to the Italian authorities. The company also had informants within Italian government organizations. more

Seminar in Information Security & Cryptography

Seminar in Information Security & Cryptography
Zurich Switzerland, June 11−13, 2025
Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich

We are pleased to announce our seminar in Information Security and Cryptography. A full description of the seminar, including all topics covered, is available at
https://www.infsec.ch/#seminar. Early registration is until February 28th.

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects. The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography including blockchains and cryptocurrencies.

The seminar takes place in Zurich, Switzerland. The lectures and all course material are in English. Participants will receive certification for their attendance.

Free TSCM AI Knowledge Wiki

The website, counterespionage.net, provides a comprehensive range of resources related to Technical Surveillance Countermeasures (TSCM), which can be considered as a knowledge wiki for several reasons:

1. Informative Articles: It features detailed articles explaining what TSCM is and its importance in protecting corporate privacy and intellectual property. For example, the article on What Is TSCM? outlines the holistic approach needed for effective TSCM evaluations.

2. Free Resources: The site offers free TSCM security reports, publications, and videos that educate users about various aspects of surveillance and counter-surveillance techniques. You can find these resources in the TSCM Information section.

3. Guides and Tips: It includes practical guides such as the Security Director’s Guide to Discussing TSCM with Management and tips for businesses on counterespionage, which serve as valuable educational tools.

4. Case Studies and Testimonials: The website also shares case studies and client testimonials that provide real-world examples of TSCM applications, enhancing the learning experience for users.

5. FAQs and Expert Insights: The presence of a FAQ section allows users to get quick answers to common questions about TSCM, further contributing to its role as a knowledge base.

Overall, the combination of educational content, practical resources, and expert insights makes this website a valuable TSCM knowledge wiki. more

China: ‘Secret’ Military Books Sold for Less Than US$1.

Chinese spy agency issues warning after ‘secret’ military books sold for less than US$1. 

China’s top spy agency has warned against the mishandling of confidential information as it tries to educate the public about its anti-espionage law, citing a case in which military-related materials were found to have been sold by a recycling station. 

On its official WeChat account on Thursday, the Ministry of State Security recounted the case of a man with the surname Zhang who bought four books from a waste recycling station. more

Why You Really Need a Technical Information Security Consultant

The non-existence of a trade secret asset: ‘confidential’ information
by R. Mark Halligan 

FisherBroyles LLP

For years, there has been a debate whether “confidential” information is analogous to a “trade secret.” It is not. Information is either protected as a “trade secret” or not protected as a “trade secret.” Any other characterization of “confidential” information undermines the protection of trade secret assets and interferes with lawful and fair business competition.

There is no such thing as non-trade secret “confidential” information.

There is no such thing as “confidential” information that does not rise to the level of a trade secret.

There is no middle ground: Either the information is a “trade secret” (and protectable) or not a trade secret (and not protectable).

A “trade secret” is an intellectual property asset that requires reasonable measures to protect the information as a “trade secret” and proof that such information derives an actual or potential economic advantage from the secrecy of the information. more

Your business is based on information and conversations considered confidential, sensitive, or intellectual property. These create your competitive advantage. No less important than trade secrets, and yet, not protected under trade secret law. 

So, what protection do you have? 

Start by adding a Technical Information Security Consultant to your team. Their proactive surveys can spot espionage issues like electronic eavesdropping, information security risks, and employee compliance with information security policies—before they become losses.

Privacy Risks: Phones Purchased at Police Auctions

Law enforcement agencies nationwide regularly sell items that are seized in criminal investigations or are unclaimed from lost-and-found inventories. 

Many of these items—vehicles, jewelry, watches and electronic devices like cellphones—end up at online auction houses.

People looking for a bargain can bid on cellphones in bulk, snatching up dozens at rock bottom prices for parts or other uses. This ultimately provides revenue for the police agencies, making for a good deal for everyone involved. Or is it?

A recent study by University of Maryland security experts found that many of the phones sold at police property auction houses are not properly wiped of personal data. The study, conducted over two years with cellphones bought from the largest police auction house in the U.S., uncovered troves of personal information from previous owners that was easily accessible. more

Alert: Not All Documents Labeled Confidential Actually Are

A Harris County Texas District Court jury found a telecom company acted in bad faith by filing a $23 million trade secret misappropriation lawsuit against a rival where the underlying technology was found to not actually be a trade secret...

As Texas courts have noted, and Liquid Networx cited in its motion for directed verdict, affixing a confidentiality label to a document does not necessarily make the information within a trade secret. See Providence Title Co. v. Truly Title, Inc., 547 F. Supp 3d 585, 609 (E.D. Tex. 2021) (“[B]usiness information is not necessarily a trade secret simply because it is confidential.”)...

It is important to always consider the nature of the document, how it was created, what value comes from keeping it confidential, what efforts are made to keep it from third parties, and what safeguards are used when it is disseminated to third parties, in analyzing trade secrets. more

Note: TSCM information security surveys are used by savvy businesses to show serious trade secret protection efforts. 

Step one: Identifying Your Trade Secrets

Can you identify your business’ most valuable information, how it is stored and who has access to it?

Are you sure? 

It may surprise you that even some of the most sophisticated companies in the world don’t have a proper handle on their information “crown jewels” or trade secrets until someone tries to take them. 

Now is a good time to review your business’ approach to protection of its trade secrets and other confidential information and make sure you have done everything you can to protect them.

Why now? Data is one of the most valuable assets any business has. Industrial espionage is becoming more prevalent (and sophisticated)... more

Once you know what you have to protect, install an alarm system. In this realm, Step One is creating a scheduled program of Technical Surveillance Countermeasures (TSCM) inspections.

Corporate TSCM Information Security Inspections - Myths, Excuses & Reality

There are some myths and excuses that really need to be debunked.

(Not sure what a TSCM inspection is. Check here first.) 

TSCM SECURITY INSPECTION MYTHS and EXCUSES

Espionage is a Covert Act

Excuse: “I don’t see that we have a problem. No one is bugging our offices and boardroom.” 

 

Reality: The first rule of espionage is, “Be invisible.” You won’t know if you are being eavesdropped on if you never check.

Fear of being Labeled Paranoid

Myth: Peer pressure from upper management. 

 

Reality: Most top management appreciate proactive security thinking from their staff.

Lack of Awareness

Excuse: Yes. 

 

Reality: A lack of awareness of the risks associated with electronic eavesdropping, or the need for TSCM security inspections is common. Management may be unaware of TSCM as an available countermeasure.

Cost

Myth: TSCM inspections can be expensive. The costs involved in hiring a professional TSCM specialist, or purchasing specialized equipment, and conducting regular inspections can be a deterrent to scheduling TSCM inspections. 

 

Reality: Espionage losses are more expensive, much more. Hiring a TSCM specialist is very cost-effective, if you hire a competent firm. TSCM inspections are cheap insurance. Actually, better than insurance; TSCM can prevent the loss in the first place.

Perception of Low Risk

Excuse: Some businesses may believe that the risk of electronic eavesdropping is low in their industry or specific workplace. They might assume that their organization does not hold valuable or sensitive information that would attract eavesdroppers. 

 

Reality: Being “in business” means having a competitive advantage, and others do want it.

Lack of In-House Expertise

Excuse: Conducting TSCM inspections requires specialized knowledge and equipment. If a business does not have the expertise in-house they may choose not to pursue these inspections. 

 

Reality: Hiring an information security consultant–who has TSCM as their speciality–is the solution.

 

More TSCM Security Inspection Myths & Excuses

Fear of Disruption

Myth: TSCM security inspections can temporarily disrupt normal business operations. The process involves sweeping the premises, potentially causing interruptions or inconveniences to employees or ongoing activities. Some businesses might be reluctant to undergo such disruptions. 

 

Reality: Most inspections are conducted after business hours. When necessary, a TSCM team will assume the same dress and demeanor as employees, have a plausible reason for being in the area, and will work around employees so as not to disturb them.

Trust in Existing Security Measures

Excuse: Businesses may have confidence in their existing security measures, such as physical security, cybersecurity, or access controls. They might believe that these measures are sufficient to protect against eavesdropping and thus forego TSCM security inspections. 

 

Reality: Experience has shown that do-it-yourself security measures are never sufficient to protect against eavesdropping and other forms of information loss. TSCM inspections always identify vulnerabilities and provide recommendations for improvement.

Lack of Legal or Regulatory Requirements

Excuse: Depending on the industry or geographical location, there may be no legal or regulatory obligations that mandate TSCM inspections. In the absence of such requirements, businesses may choose not to prioritize these inspections. 

 

Reality: The financial success of a business should be a more effective motivator than a legal requirement.

Perception of Invasion of Privacy

Myth: TSCM security inspections are invasive or a breach of employee privacy. They might fear that conducting such inspections could harm employee morale or create an atmosphere of distrust. 

 

Reality: Employees appreciate security measures which protect their livelihood and personal privacy. When an employer demonstrates care for information security, employees will act more carefully too.

Limited Resources

Excuse: Small businesses or those with resource constraints may prioritize other operational needs over TSCM security inspections. They might allocate their limited resources to other critical areas or invest in measures they perceive as more immediate concerns. 

 

Reality: Defense is mandatory for survival. Budget waste and misallocation can usually fund TSCM security inspections without added expense, once corrected.

Overconfidence

Excuse: Some businesses might have a sense of overconfidence in their security measures, believing that they are already adequately protected against electronic eavesdropping. This false sense of security can lead to complacency and a disregard for TSCM inspections. 

 

Reality: These businesses are at-risk.

Carefully assess the risks in your workplace. Schedule TSCM security inspections, because… corporate espionage is not a myth.

###

Murray Associates is an independent technical information security consulting firm. They provide electronic surveillance detection and counterespionage services to business, government and at-risk individuals.

Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.

Letterlocking: How Secrets Were Kept Before Gummed Envelopes

Mary, Queen of Scots used a "spiral locking" technique to seal the last letter she wrote before her execution, indicating that she wanted the contents to remain secret, according to research published in the Electronic British Library Journal.

An example of letterlocking -- where people doubled letters as envelopes to ensure the security of a document -- the fallen monarch used a spiral locking process to seal a message that was "a last will and testament and a bid for martyrdom," the research published on Friday says.

Letterlocking was used widely throughout early modern Europe, and was an essential process of ensuring the security of letters before mass-produced gummed envelopes were manufactured in the 19th-century

It played a crucial role in the "history of secrecy systems," enabling "global correspondence in the early modern period as fundamentally as computer coding underpins digital communication today," the research paper says. more

Spy Trick # 712 - The Memory Card Ring (Make Your Own!)

Honus, a former bicycle industry designer turned professional jeweler can teach you how to make your own spy ring.  

This is how spies (and corrupt employees) can sneak file cabinets of documentation out of companies, no matter how good their security is. more  
more spy rings
Secret Message Decoder Ring Great Christmas gift

Seminar in Information Security & Cryptography

Zurich Switzerland, June 14−16, 2021
Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich

We are very pleased to announce that the seminar in Information Security and Cryptography on June 14-16 in Zurich Switzerland will take place and we still have a few places free.

We are fortunate that the situation with COVID-19 has improved to the point where we may hold the seminar, under the provisions of the Swiss Federal Office of Public Health (BAG) and their regulations for hotels and restaurants. 

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects. The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography including blockchains and crypto currencies.

The lectures and all course material are in English. A full description of the seminar, including all topics covered, is available at https://www.infsec.ch/seminar2021.html. There are hotel rooms at a special group rate (deadline 24th of May) Please ensure you are allowed to enter Switzerland as every country has different regulations.

Information Security as a Service (ISaaS) - The Future of Information Security

Free-world businesses know they have a problem. They are bleeding their life-blood. Manufacturing was phlebotomized first. Bleeding now is their intellectual property and confidential information. What happens when these are gone?

We are watching a death of a thousand cuts, but it can be stopped. This paper examines how to do it... more

What Work From Home is Doing to Corporate Security

Behavox, AI-based data operating platform used by firms to catch misconduct before it causes massive regulatory fines and company crises, has found a startling increase in corporate misbehavior and decline in employee morale as a result of working at home indefinitely...

The ECR Report reveals numerous misconduct and morale issues resulting from loosening professional standards, widespread frustration, and mounting stress. 

Prominent findings include the prevalence of illegal misconduct, such as employees willingly breaking security policies, corporate theft, and espionage, as well as harmful behavior like racism, sexual harassment, and bullying... 

Key Findings

Illegal Misconduct: Pornography, Drugs, And Espionage - the report cites instances of employees who:

● Intentionally broke the company's security policy (19 percent)

● Witnessed employees stealing corporate information (16 percent in U.S., 8 percent overall)

● Know an employee who willingly introduced a security threat to sabotage their company (16 percent)

● Know actual employees arrested for suspected corporate or international espionage (11 percent)
more

.....Word on The Street.....

Goldman Sachs: Bank boss rejects work from home as the 'new normal'
“I do think for a business like ours, which is an innovative, collaborative apprenticeship culture, this is not ideal for us. And it’s not a new normal. It’s an aberration that we’re going to correct as soon as possible,” he told a conference on Wednesday. more

.....What Smart Corporations Will Be Doing Soon.....

Electronic Eavesdropping Detection – The Other Corporate Covid Deep Clean
"The reality is, organizations just don’t know if employees will be returning to hot-wired offices."

.....UPDATE 3/10/2021.....  

A Quarter of American Workers Are Already Back at the Office
Employers are hoping FOMO gets you to come in, too.

Open Mike Strikes Out

As the New York Mets and Miami Marlins mulled over whether to play a game on Thursday night, a man who appeared to be Mets general manager Brodie Van Wagenen unknowingly let the public know of a plan from Major League Baseball.

Cameras were rolling on the Mets' page of the MLB app Thursday afternoon and picked up a candid conversation from someone believed to be the Mets general manager.

"Baseball is trying to come up with a solution," the man says. "You know what would be super powerful?"

The man then pauses to tell the two people he's speaking to that this doesn't leave the room, unaware that the camera is rolling. more

Security Management: Which Type of Employee Do You Inspire

Engineer admits he wiped 456 Cisco WebEx VMs after leaving the biz, derailed 16,000 Teams accounts.  

Sudhish Kasaba Ramesh, who worked at Cisco from July 2016 to April 2018, admitted in a plea agreement with prosecutors that he had deliberately connected to Cisco's AWS-hosted systems without authorization in September 2018 – five months after leaving the manufacturer. 

He then proceeded to delete virtual machines powering Cisco's WebEx video-conferencing service... According to prosecutors, Ramesh's actions resulted in the shutdown of more than 16,000 WebEx Teams accounts for up to two weeks, which cost Cisco roughly $1.4m in employee time for remediation and over $1m in customer refunds. more

OR...

Earlier this week, the FBI arrested a 27-year-old Russian citizen for attempting to carry out a ransomware attack against a US company. It turns out that company was Tesla.

According to a complaint shared by the Department of Justice, in July, Egor Igorevich Kriuchkov traveled to the US and contacted a Russian speaking, non-US citizen who was working at the Tesla Gigafactory in Sparks, Nevada. 

After meeting with that individual, Kriuchkov allegedly proposed a deal. He would pay the employee $1 million to deliver malware to computer systems at the Gigafactory...

The employee immediately informed Tesla, and the company contacted the FBI, which launched a sting operation. Agents arrested Kriuchkov in Los Angeles as he was attempting to leave the US. more

Loyal employees can be worth more than you think. Treat them fairly. Make them feel a part of the security effort, and you will have a security army working for you. ~Kevin