Infographic - NSA Interactive Spy Chart

This is a plot of the NSA programs revealed in the past year according to whether they are bulk or targeted, and whether the targets of surveillance are foreign or domestic. Most of the programs fall squarely into the agency’s stated mission of foreign surveillance, but some – particularly those that are both domestic and broad-sweeping – are more controversial.

Click to see whole chart.

Just as with the New York Magazine approval matrix that served as our inspiration, the placement of each program is based on judgments and is approximate.
For more details, read our FAQ or listen to our podcast. Also, take our quiz to test your NSA knowledge. (more)

Leaked: 10 Months Of The Houston Astros' Internal Trade Talks

Two years ago, the Houston Astros constructed "Ground Control"—a built-from-scratch online database for the private use of the Astros front office.

It is by all accounts a marvel, an easy-to-use interface giving executives instant access to player statistics, video, and communications with other front offices around baseball.

All it needs, apparently, is a little better password protection.

Ground Control Failure

Documents purportedly taken from Ground Control and showing 10 months' worth of the Astros' internal trade chatter have been posted online at Anonbin, a site where users can anonymously share hacked or leaked information. (more)

TSCM Find - Police Ombudsman Headquarters' Conference Room & Wi-Fi Bugged

Ireland - The headquarters of the Garda Ombudsman Commission has reportedly been targeted by a secret bugging operation. 

According to a report in today's Sunday Times, the watchdog's phone and internet were compromised in a highly sophisticated hacking incident...

The spying operation was uncovered when the Ombudsman hired security consultants to investigate whether its office had been bugged.
The investigation found that a phone in a meeting room had been rigged to eavesdrop on confidential conversations.

The room was used to hold case conferences related to investigations being carried out by the commission.

The Wi-Fi network at the Garda Ombudsman office had also been hacked - allowing emails and confidential material to be intercepted. (more)

UPDATE:
Mr Shatter has asked the Commission for a report on its decision to hire a British Security company last year to investigate if it had been placed under electronic surveillance.

A source within GSOC has confirmed to RTÉ that the company told it that it had found evidence of electronic surveillance in one of its meeting rooms and that its wi-fi system may have been compromised. (more)

Plan to Ban Instant Messaging has Unintended Consequences

Goldman Sachs Group Inc. is planning to ban traders from using some computer-messaging services in a bid to protect proprietary information at the heart of its sales-and-trading operation.

Under a new policy, the Wall Street firm won't allow person-to-person communication over instant-messaging (IM) services created by Bloomberg LP, Yahoo Inc., AOL Inc. and other third-party providers including Pivot Inc., according to a draft of a memo reviewed by The Wall Street Journal.

Goldman is seeking to prevent information from internal conversations from being filtered and disseminated beyond the bank's walls. The planned ban reflects a mistrust of technology developed by messaging-service providers that can make its traders more efficient but also be used to mine private communications for closely guarded intelligence on securities pricing. (more)

FutureWatch: Expect other financial institutions to follow.

Unintended Consequence: Scraping (a Wall Street term for collecting useful tidbits of info) attempts will continue as always, but it won't be easy pickings anymore. Conventional spycraft (bugging and wiretapping) worked before IM came along. It continues to work, and will become the best option again. Technical Surveillance Countermeasures (TSCM) inspections are the most cost-effective defense.

Data Security and Breach Notification Act of 2013 & Information Security Tips

American IT departments' decisions could inadvertently put organizations at risk of an information security breach if they don't have sufficient protocols for the disposal of old electronic devices...
Despite the many public wake-up calls, most American organizations continue to be complacent about securing their electronic media and hard drives...

Congress is hoping to hold businesses accountable for the protection of confidential information with the introduction of the Data Security and Breach Notification Act of 2013, which will require organizations that acquire, maintain, store or utilize personal information to protect and secure this data. (q.v.)

Mitigation tips:

• Think prevention, not reaction.
• Put portable policies in place for employees with a laptop, tablet or smartphone to minimize the risk of a security compromise while traveling;
• Protect electronic data. Ensure that obsolete electronic records are protected as well. (Remember, all that data was somewhere else before it became electronic data. Protect that too.)
• Create a culture of security. Train all employees on information security best practices... Explain why it's important, and conduct regular security audits (including TSCM) of your office to assess security performance. (more)

The Wall of Sound Meets its Match - Sono - An Acoustical Wall Filter Idea

Austrian industrial designer Rudolf Stefanich has created a concept device that is capable of filtering outside noise from entering your room.

Called ‘Sono’, it transforms any window into an “active noise canceling system”, allowing users to eliminate and filter the sounds that pass through their windows.

By turning a knob, the device filters out disruptive noises like car horns and construction works, but allows pleasant sounds like birds chirping or the sound of the wind through.
“In our loud and busy world, a moment of silence has become a scarce and almost luxurious experience,” said Stefanich. “Sono lets you reclaim that silence for your home.” (more)

FutureWatch - The same concept could be used to prevent eavesdropping via acoustical leakage from rooms.

Commercial Espionage Fears Prompts... a conference?!?!

Jamacia - Commercial espionage affecting Jamaican businesses are to be addressed at a two-day conference on Cyber Security and Digital Forensics, to be staged at the University of the West Indies from September 30 to October 1.

Mr. Robinson said he became aware of the level of corporate espionage occurring in Jamaica recently, and the conference will address this concern in a fulsome way.

“We’re not talking about a man hacking into a website and defacing it. We’re talking about criminals doing this for financial gain, or to prove a point. They can hack into a critical national infrastructure and disrupt the country in a significant way; for example your Air Traffic Control system, and you know the damage that can be done,” the State Minister said.

“There are just so many ways someone with a computer can create havoc and we need to be on top of that as a country,” he emphasized. (more)

The "Let's Talk About This" love boat sailed a long time ago. It's time for action. BTW... Corporate espionage via computers is only one hole in your security dike. Be sure your security program handles it all.

New Mobile Survey Reveals 41% of Employees Are Deliberately Leaking Confidential Data

Congratulations and condolences to the nation’s CIOs for being responsible for data security. 

There’s now more job security but now there’s less information security too. Because, according to a new survey from uSamp, 41% of workers used an unsanctioned cloud service for document storage in the last 6 months, despite the fact that 87% of these workers knew their company had policies forbidding such practices.

Welcome to the mobile workplace. It’s less secure and loaded with risk.

And, according to the research, the estimated annual cost to remedy the data loss is about $1.8 billion. So what’s a CIO to do? On the one hand, it’s her job to help employees remain productive, but it’s also her job to secure the company’s confidential information.

Six IT experts were asked about their take on the matter, here are their suggestions... (more) 

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Spy Cameras, Secret Audio Help Fight Movie Piracy

If all the sounds of the summer blockbuster "Man of Steel" were stripped away ...a light humming would still be heard. The barely audible noise is an audio watermark...

Designed by engineers at San Diego company Verance Corp., the watermark is a unique signal to Blu-ray disc players that the movie being watched was illegally recorded at a movie theater. After 20 minutes of playtime, the disc player shuts the movie down and offers the viewer the chance to continue watching—by paying for the movie through legitimate sources like Amazon.com Inc. and Netflix Inc.

...a San Diego startup, PirateEye, believes they can combat piracy using a vastly different technology.

The PirateEve camera, in theaters, can spot people recording a movie.
 
It installs cameras above theater screens that can detect recording devices in the audience and then send pictures of offenders to theater security.

PirateEye's camera-spotting technology was adapted from a military application that placed sensors under combat helicopters to scan the ground below for reflections from scopes on sniper rifles. 

Hollywood studios provided several million dollars in investment for the company, which has also been funded by private investors. (more)

Secret Recording of Rupert Murdoch's Staff Meeting Published

A recording from March earlier this year, obtained by investigative website Exaro, shows the 82-year-old... raging against the police and claiming that the inquiry into corrupt payments to public officials has been blown out of proportion.

Throughout the recording, which lasts about 45 minutes, the News Corp boss repeatedly accuses the police of incompetence - of being "unbelievably slow" he says at one point.

He belittles the corrupt payments issue. And for anyone convicted over it... (more)

Isn't it time to sweep your boardroom?

Quote of the Year - You Decide

Quote 1: "You are not even aware of what is possible. The extent of their capabilities is horrifying. We can plant bugs in machines. Once you go on the network, I can identify your machine. You will never be safe whatever protections you put in place."

Quote 2: "You can't come up against the world's most powerful intelligence agencies and not accept the risk. If they want to get you, over time they will." (more - with video interview) 

From an interview with Edward Snowden, self-confessed Intelligence Community whistle-blower, now on the run.

Dead man running?
Russia has offered to consider an asylum request from the US whistleblower Edward Snowden... (more) (sing-a-long)

Sen. Mitch McConnell's "Bug" - Recorded Acoustical Leakage

The center of political intrigue and an FBI investigation in Kentucky's U.S. Senate race is the otherwise inconspicuous second floor hallway of the Watterson West office building in Louisville.

...behind plain, black doors is Sen. Mitch McConnell's campaign headquarters.

It is in this hallway on February 2 that two members of the Progress Kentucky SuperPAC allegedly recorded a private campaign strategy meeting underway inside an office on the other side of one of those plain, black doors, according to Jacob Conway a member of the Jefferson County Democratic Party's Executive Committee.

"You have about a half an inch gap right there where a recording device or a microphone could have been inserted," Benton said, pointing to the bottom of the door...

With the campaign's permission, WHAS11 tested whether an iPhone voice memo program could successfully record a conversation by placing the phone's mouthpiece at the bottom door opening.

Playback of the test recording confirmed that it captured the voices of campaign workers meeting behind the door. The workers had been advised of the recording test...

Some legal analysts suggest that if the closed door meeting could be heard from the hallway, the recording might not be a crime. During the WHAS11 visit, some voices could be heard, without electronic assistance, from the hallway. (more)

Imagine, two guys in the hallway listening under the door. Eavesdropping doesn't get any more basic than that. Spying tricks haven't changed, there are just more of them these days. All the old tricks still work. 

If they had their offices inspected by a TSCM team they would have been notified about the acoustical leakage vulnerability... in time to protect themselves.

Security Director Tip of the Month - More Secure Conferencing Calling

Over the years, you have read many posts here about organizations being victimized by eavesdroppers on their conference calls. I am expecting you will see fewer in years to come...

CrowdCall, a specialized conference-calling app available for iOS and Android smartphones and the web. 

Instead of scheduling a dial-in line, e-mailing all parties involved and then hoping everyone calls at the appointed time, CrowdCall's interface lets users choose up to 20 participants from their contacts list and LinkedIn connections and dial them immediately (assuming the contacts have added their phone number to their LinkedIn profiles). When participants answer, they simply push "1" to enter the conference--they don't even need to have the app to participate.

...one feature in particular makes it attractive to small businesses. Because the call originator controls invitations, unauthorized participants can't use dial-in information to access the call, providing a measure of security when discussing sensitive information. (more)

Employee Bugs Boss - True Story

"Employee hid a recording device in supervisor's office. In addition, without authorization, Employee made copies of supervisor's negative comments about Employee that Employee located by conducting an  unauthorized search of the supervisor's office and briefcase. Employee provided the notes to lawyer in support of lawsuit against supervisor. Finally, Employee lied to investigators during the course of the administrative inquiry."

Think this can't happen to you?
Think again.
This case comes from the files of the FBI. 
Why? 
It was their employee. (more)

P.S. This report was labeled "NOT FOR PUBLIC DISSEMINATION" (oops, again)

Click to enlarge.

If the competition isn't bugging you, they are probably doing this...

Interesting read...
A competitive intelligence consultant discusses things that can help a business--at the expense of another. (more)

Spy vs. Spy vs. Judge Leonie

A former CIA officer who pleaded guilty to identifying a covert intelligence officer was sentenced on Friday to 30 months in prison.

John Kiriakou and prosecutors agreed on the term as part of the plea agreement he struck in October.

Kiriakou, 48, declined to make a statement at the Alexandria, Virginia, federal court prior to sentencing by U.S. District Judge Leonie Brinkema. "Alright, perhaps you've already said too much," Brinkema said. (more)

Van Eck Grown Up - Time to look at eavesdropping on computer emissions again.

1985 - Van Eck phreaking is the process of eavesdropping on the contents of a CRT or LCD display by detecting its electromagnetic emissions. It is named after Dutch computer researcher Wim van Eck, who in 1985 published the first paper on it, including proof of concept.[1] Phreaking is the process of exploiting telephone networks, used here because of its connection to eavesdropping.

2009 - A simple experiment showing how to intercept computer keyboard emissions. 

It is notable that there is: 
• no connection to the Internet; 
• no connection to power lines (battery operation); 
• no computer screen in use (eliminates the screen emissions possibility); 
• and no wireless keyboard or mouse. 
Intercepted emissions are solely from the hard-wired keyboard.

The interception antenna is located about one meter away. (This is why we look for antenna wires under desks, and metal parts on desks to which wiring is attached.) 
(video 1) (video 2)

The point is, if one can get an antenna withing close proximity of your computer, what you type belongs to them.
 
December 2012 - Not satisfied with pulling information from your keyboard, injecting information becomes a concern (pay attention investment firms).

"The roughly half-dozen objectives of the Tactical Electromagnetic Cyber Warfare Demonstrator program are classified, but the source said the program is designed to demonstrate ready-made boxes that can perform a variety of tasks, including inserting and extracting data from sealed, wired networks.

Being able to jump the gap provides all kinds of opportunities, since an operator (spy) doesn’t need to compromise the physical security of a facility to reach networks not connected to the Internet. Proximity remains an issue, experts said, but if a vehicle can be brought within range of a network, both insertion and eavesdropping are possible." (more)

2013 is going to be an interesting year. ~Kevin

Business Espionage: Papal Butler's Trial Begins

The pope's once-trusted butler went on trial Saturday for allegedly stealing papal documents and passing them off to a journalist in the worst security breach of the Vatican's recent history — a case that embarrassed the Vatican and may shed some light on the discreet, internal workings of the papal household... 

Security was relaxed, with the guards at the tribunal entrance mostly concerned that none of the press or public brought in any recording devices: They even checked pens to make sure they couldn't record, and sequestered cell phones into safe boxes. (more)

Industrial Espionage? You decide...

Just coincidence? There are many car designers in the world, but how many could independently come up designs this similar for 2012-2013?
 

Click to enlarge.

"Ford puts a great deal of emphasis on styling with the new Mondeo, saying that its sports coupe profile provides “visual lightness.” The lines are more angular than previous versions with a sharper crease along the side breaking the lines and providing a bit of visual flair. Up front, there’s a trapezoidal grille like something stolen off an Aston Martin..." (more)

Click to enlarge.

Could they be right? 
You decide.

While you're deciding, think about this. What are you doing to protect your bright ideas, business strategies and private conversations? Help is available. Give Murray Associates a call.

International Hotel Rooms: The Enemy's Gateway To Economic And Industrial Espionage

by Luke Bencie
"For most international business travelers, overseas hotel accommodations can conjure up an array of images. Depending on the region of the world they travel, frequent fliers know that lodging is never consistent.

For example, Southeast Asian hotels deliver a personal attention to detail that can only be found in the Orient, while hotels in the Middle Eastern Gulf states compete against one another through stunning opulence to attract powerful sheiks and wealthy oil barons. Closer to home, Latin America and Caribbean provide relaxing, tropical beach resort, while Europe still offers old world charm in quaint surroundings..."   Read the whole article here.

Mr. Bencie also conducts instructional seminars for executives who travel overseas. (more) 

If the above article applies to you, you should also read: 
• Top Five Ways Business Executives are Spied Upon Overseas and How They Can Protect Themselves (Luke Bencie)
• The Top Twenty Information Security Tips for Business Travelers to Closed Society Countries (Kevin D. Murray)
• Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World (Edward Lee)