Showing posts with label social engineering. Show all posts
Showing posts with label social engineering. Show all posts

Wednesday, January 22, 2020

FutureWatch: Mind-Reading Called Brain-Hacking - Food for Thought

The world is in the middle of a new technology arms race, according to best-selling historian Yuval Noah Harari, who warns that the prize being fought over this time is not physical territory, but our brains. 

Speaking at the World Economic Forum in Davos, Harari predicted a future where governments and corporations will be able to gather enough data about citizens around the world that, when combined with computational power, will let them completely predict – and manipulate – our decisions. Harari calls this concept "brain-hacking".

"Imagine, if 20 years from now, you could have someone sitting in Washington, or Beijing, or San Francisco, and they could know the entire personal, medical, sexual history of, say, every journalist, judge and politician in Brazil," said Harari.

"You could control a whole other country with data. At which point you may ask: is it an independent country, or is it a data colony?" more   Previous mind-reading posts.

Thursday, October 10, 2019

Japan Ninja Student - Writes Essay in Invisible Ink - Gets A+

Japanese student of ninja history who handed in a blank paper was given top marks - after her professor realised the essay was written in invisible ink.

Eimi Haga followed the ninja technique of "aburidashi", spending hours soaking and crushing soybeans to make the ink.

The words appeared when her professor heated the paper over his gas stove.

"It is something I learned through a book when I was little," Ms Haga told the BBC. more

Wednesday, August 7, 2019

AT&T Employees Took Bribes to Plant Malware

 One AT&T employee made $428,500.

AT&T employees took bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network, the Department of Justice said yesterday...

The bribery scheme lasted from at least April 2012 until September 2017...

The two recruited AT&T employees by approaching them in private via telephone or Facebook messages. Employees who agreed, received lists of IMEI phone codes which they had to unlock for sums of money. more


Remember this survey from 2016? "One in five employees said they would sell their passwords."

The Point: Quarterly Technical Information Security Surveys mitigate this risk, and prove due diligence.

Wednesday, July 10, 2019

Wednesday, June 19, 2019

Washington, DC and The Running of the Spies

Washington, DC - Waves of civil servants, military and law enforcement officers, business people, students, diplomats and tourists saturate the city.

That is the scene on a typical weekday in the world’s most powerful city — whose business revolves around secret meetings, information and documents. Woven into that orderly bedlam are sophisticated networks of foreign nationals whose sole purpose is to steal secrets.

They are spies.

According to the International Spy Museum in D.C., an educational and historical center of U.S. intelligence documentation and artifacts, there are “more than 10,000 spies in Washington.”

While there may be some quibbling about the actual numbers, the FBI agrees with the premise.

“It’s unprecedented — the threat from our foreign adversaries, specifically China on the economic espionage and the espionage front,” said Brian Dugan, Assistant Special Agent in Charge for Counterintelligence with the FBI’s Washington Field Office.

As this unparalleled wave of international espionage, aided by technology, explodes in D.C., the variety of spies has diversified, as well.

“A spy is nondescript. A spy is going to be someone that’s going to be a student in school, a visiting professor, your neighbor. It could be a colleague or someone that shares the soccer field with you,” Dugan said. more

Tuesday, June 18, 2019

Security Message Screen Savers for Business Computers and Laptops (FREE)

Three stock Security Message Screen Savers to choose from. Five rotating screens with the top five information security best practices employees can implement themselves.
  • Reminders work.
  • Put your idle computer screens to work as your security helpers.
  • Three backgrounds to choose from, or commission custom screens.
Click link to see these information security screensavers in action.
FREE to use as-is with "Logo goes here" removed, or can be customized with your business logo.
Need to customize? Contact us for details and cost.

Monday, June 17, 2019

Business Espionage - Thought of the Day - Loose Lips

Written by Chris Erickson is a combat veteran and former Green Beret, with extensive experience deployed to various locations across the world.  

One of the most shocking things for me entering the corporate world after serving on several Special Forces teams was how lax many organizations in highly competitive industries were with information about their operations.

It doesn’t take industrial espionage to sabotage a company, just poor operation security. In World War II, the posters warned us that “Loose Lips Sink Ships” and that’s just as true today as it was then.


Operational Security, or OPSEC as we called it in the military, should be a part of your organizational culture, from the bottom to the top. Simple things such as reminding people not to discuss projects or clients in the elevator or at lunch reduce the amount of exposure and risk of compromise for both yourself and your stakeholders.

It’s far less likely that nefarious agents or bad actors are going to give up sensitive information than the possibility you’ll be compromised by the careless and/or reckless behavior of your employees. more

Wednesday, April 24, 2019

How Real Spies Operate, or Watch the Donut Not the Hole

The most vulnerable targets are not computers, but people. Human intelligence gathering is an art. It’s about taking advantage of people’s vulnerabilities, no matter what they are, to get the information.”

And the arsenal to do so is said to be wide-ranging, from “IP intercept, ISMI catchers, dumpster diving, listening devices (bugs) and informants, to students at universities, Chinese businesses and their employees.” more
Michael Biggs and Larry Johnson quoted in the article.

Monday, December 24, 2018

Security Director Alert - Well Produced Information Security Awareness Videos for Employees

Foreign intelligence entities, which may include foreign governments, corporations, and their proxies, are actively targeting information, assets, and technologies that are vital to both U.S. national security and our global competitiveness. 

Increasingly, U.S. companies are in the cross-hairs of these foreign intelligence entities, which are breaching private computer networks, pilfering American business secrets and innovation, and carrying out other illicit activities.

The National Counterintelligence and Security Center is dedicated to raising awareness among government employees and private industry about these foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard that which has been entrusted to their protection.

The following products will enable personnel to better understand these threats and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access. It will also serve to help them protect their personal, confidential information that may be used by others to gain their trust. more

Videos:
Social Media Deception Trailer
Social Media Deception
Social Media Deception Full Video
Social Engineering
Spear Phishing (30 second trailer)
Spear Phishing 2017
Spear Phishing Full Video
Travel Awareness
Human Targeting
Supply Chain Risk Management
Economic Espionage  (True story.)

Monday, September 24, 2018

Corporate Espionage: Employees Solicited to Sell Company Secrets

There's a booming job market for corporate insiders willing to share secret info with cyber criminals.
  • Amazon said this week it's investigating whether company insiders have been selling proprietary information to buyers in Asia in order to give them a selling advantage.
  • Many companies, especially in big technology, banking and telecom, face heavy incentives overseas for employees to sell internal information or access.
  • The problem is so common that in some jurisdictions, criminal enterprises post "job ads" looking for specific insiders to aid in targeted schemes.
"The salaries listed are quite high, sometimes 10 times what the average salary for an average job at a bank would be...They look for people who can tell them how to log in and how to connect to certain accounts" ~Ziv Mador more

Thursday, April 19, 2018

Denny Hatch is Pissed at 451 Privacy Sucking Companies... under one roof!

Denny Hatch* warns... Verizon's OATH is a consortium of 451 "marketing partners" engaged in massive snoop operations to steal every scintilla of data about you, your family, your children, friends, business associates, enemies, even your pets.

Click to enlarge.
Up for grabs: your most intimate secrets, correspondence, searches, downloads, purchases, trysts, travels, travails and browsing.

Any and all Internet intercourse by and about you is captured and spread...

For 27,679 words describing the details of Oath, click here.
Be sure to click on all permutations. more

* Denny's Note to Readers: May I send you an alert when each new blog is being published? If so, kindly give me the okay by sending your First Name, Last Name and e-mail to me. I guarantee your personal information will not be shared with anyone at any time for any reason. I look forward to being in touch! Cheers!

Friday, March 30, 2018

Peeps - The New Fake Surveillance Cameras

via Boing Boing...
As if the Elf on a Shelf wasn't creepy enough, now they've put Peeps in the faux-surveillance game.

A new book and plush Peep sold together as Peep on a Perch is encouraging parents to start a new "Easter family tradition":
The soft plush Easter Peep included in the set can be perched anywhere throughout the home. Children will be proud to have the Easter Peep watch them being good all day as they get ready for bed without making a fuss, help out around the house, and use good manners. And the more kindness the Easter Peep sees, the happier the Easter Peep gets! PEEPS® fans of all ages will love to make this a new Easter family tradition.

One Amazon reviewer (who gave the product five stars) writes, "The book encourages children to help, share and be kind as the Peep reports directly to the Easter Bunny." No, just no. more

Friday, January 5, 2018

Counter-Espionage For Business Travelers Course

The Counter-Espionage for Business Travelers Course is a two-day seminar designed to educate those individuals in your organization who may become targets of espionage, whether knowingly or unknowingly, from an economic competitor or a hostile intelligence service.

Unfortunately, most business travelers are untrained, and thus unprepared, to handle even the most common espionage tactics, such as:
  • Elicitation
  • Bribery
  • Blackmail
  • Extortion
  • Electronic Surveillance
  • Electronic Exploitation
  • Physical Surveillance
  • Hotel/Office Covert Intrusions
A small sample of the topics covered include:
  • Economic vs. Industrial Espionage
  • Foreign Intelligence Collection Methods
  • How to Recognize Elicitation and Recruiting Techniques
  • Operational Security (OPSEC) Awareness
  • Communication Security (COMSEC) Awareness
  • Data Attack and Intrusion Methodologies
  • How to become an "Invisible Traveler"
  • Surveillance Detection Techniques
If you can't go for the course, at least go for some good books on the subject:

Among Enemies: Counter Espionage for the Business Traveler by Luke Bencie.

Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World by Edward L. Lee


Sunday, December 24, 2017

Espionage Backdoor Installs via Printer-Spoofing Campaign

For many large organizations, emails from corporate printers and scanners are commonplace, and cyber-criminals are finding this vector to be a lucrative host to launch cyber-attacks.

Barracuda Networks has tracked an uptick in attacks through Canon, HP and Epson printer and scanner email attachments of late: Since late November, cyber-criminals have made millions of attempts to infect unsuspecting users by sending impersonated or spoofed emails from these common printer and scanner brands, with attachments that contain malware.

Once unpacked, the malware installs a backdoor on the machine that offers unauthorized access to a victim PC and cyber-espionage capabilities...

Further, indicating a ramsomware-ready aspect, attackers also can change the victim’s wallpaper to display a message of their choice.

Workers should use common sense to avoid the threat: 
  • double-check with the sender if one didn’t know a scanned document was coming; 
  • hovering the mouse over every hyperlink to make sure it’s legitimate; 
  • and simply not clicking if there’s any doubt whatsoever.  more
Example of a fake email.

Tuesday, November 21, 2017

Corporate Espionage: Beware the Cupid Spy

Between oversharing about their job and workplace with dating matches and divulging trade secrets, 25% of business leaders using dating apps may be accidentally threatening their workplace's security, according to new research from Kaspersky Lab...

Of those using dating apps, 19% of business leaders have had their device infected via a dating app, including malware, spyware, or ransomware...

The work-related bragging can lead to infected devices and corporate espionage if trade secrets fall into the wrong hands, the report said. If malware allows a match access to a work device, the attacker may have access to work documents stored on that device. more sing-a-long

Wednesday, February 15, 2017

Security Director Alert: Must See Video About Printer Security

My team and I have been giving the IT folks nightmares about this for years. 
Now, you can too!
Watch this... 
~Kevin

At a time when hacking dominates much of the news, HP is turning to Mr. Robot himself to highlight its new security platform designed to protect business printers. The Palo Alto-based company has tapped Christian Slater for a year-long digital series called "The Wolf" in order to draw attention to cybersecurity in the workplace.

"Sheep never realize a wolf's around until it's too late. Then they do exactly what the wolf expects them to do. They run into each other, they fall down—they become dinner. Time to eat," says a spectacled Mr. Slater in the series' 30-second trailer.


The first six-minute episode shows the actor lurking outside offices, sending sheep cartoons to oblivious workers, crashing birthday parties and sending suspicious spa gift certificates via email. At one point, he even howls. more

Wednesday, October 12, 2016

Business Espionage Alert: Spying is the New Hacking

Increasingly cybercriminals are using spying techniques better associated with intelligence agencies 
 
to identify relevant information about you and your life and turn that around to attack you.

"There are no hackers, they're all gone -- there are only spies," says Eric O'Neill, national security strategist for Carbon Black and a former FBI counter-intelligence operative.

"The new hackers are using traditional espionage techniques and they're blending it with advanced cyber penetrations in order to steal information," he says, adding "just ask the DNC". more

As predicted back in 2013. Help is available. ~Kevin

Thursday, April 7, 2016

Proof Almost 50% of People are Computer Security Morons

In what’s perhaps the most enthralling episode of the hacker drama Mr. Robot, one of F-Society’s hackers drops a bunch of USB sticks in the parking lot of a prison in the hopes somebody will pick one up and plug it into their work computer, giving the hackers a foothold in the network. Of course, eventually, one of the prison employees takes the bait.

Using booby-trapped USB flash drives is a classic hacker technique. But how effective is it really? A group of researchers at the University of Illinois decided to find out, dropping 297 USB sticks on the school’s Urbana-Champaign campus last year.

As it turns out, it really works. In a new study, the researchers estimate that at least 48 percent of people will pick up a random USB stick, plug it into their computers, and open files contained in them. Moreover, practically all of the drives (98 percent) were picked up or moved from their original drop location. Very few people said they were concerned about their security. Sixty-eight percent of people said they took no precautions... more

Thursday, March 31, 2016

Security Director Alert: 20,000 Printers Under the Siege

The notorious hacker and troll Andrew Auernheimer, also known as “Weev,” just proved that the Internet of Things can be abused to spread hateful propaganda.

On Thursday, Auernheimer used two lines of code to scan the entire internet for insecure printers and made them automatically spill out a racist and anti-semitic flyer. 

Hours later, several people started reporting the incident on social media, and eventually a few local news outlets picked up on the story when colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer.

Auernheimer detailed this “brief experiment,” as he called it, in a blog post on Friday. Later, in a chat, he said that he made over 20,000 printers put out the flyer, and defended his actions. more

Imagine the chaos if he sent a more realistic version of the coupon shown above, or false documents to internal company printers. Make sure all printers associated with your company operate in a secure manner – internal and home office units. Don't forget to check for insecure Wi-Fi settings as well. Need help? Call me.

Scary Password Stats

Market Pulse Survey 
Click to enlarge.
Reveals Growing Security Negligence in the Workplace 
Despite Employees’ Concern Over Risk to Personal Data 
more 

Yes, 1 in 5 would sell their passwords... and it only take one to spring a leak.  ~Kevin