Security Director Alert - Don't Be a Business Espionage Target While Traveling

via http://seriouslyvc.com
The following list represents the most important procedures you and your colleagues should follow on your next trip abroad:

1. Avoid disclosing your travel details to strangers.
2. Never put electronics in your checked luggage.
3. Consider traveling with a disposable cellphone (they are less susceptible to eavesdropping).
4. Use a separate “throw-away” email to communicate with your family and 
coworkers (this prevents hackers from penetrating your company’s email 
system even after you have completed your trip).
5. Consider installing an asymmetric email encryption program such as “Pretty Good Privacy” (PGP) on your computer, which allows you to encrypt and decrypt your email over the Internet.
6. Put sensitive business documents on password-protected USB drives (such 
as “Iron Key” or “BitLocker”).
7. Never use complimentary WiFi when traveling, unless absolutely necessary, and always use a trusted VPN.
8. Never leave your sensitive business materials and/or electronics unattended 
in your hotel room — and your hotel safe is not safe! Carry all electronics with you at all times (hence, the need for smaller devices).
9. If you spend time in the hotel bar, be cautious of what you say and to whom, 
because they are prime hunting grounds for espionage operatives.
10. Be mindful of sexual entrapment (the Russians are still the masters of “honeypots” and have blackmailed many a business traveler into disclosing sensitive information in exchange for keeping their affairs secret).
11. Use a strong passphrase (instead of password) containing up to 14-18 characters (and change it every 180 days or after every international trip).
12. Make it a habit to power-off your devices when they are not in use. more

Spies Don't Often Complain, But When They Do They Prefer Revolting

It’s being called a ‘revolt’ by intelligence pros who are paid to give their honest assessment of the ISIS war—but are instead seeing their reports turned into happy talk.

More than 50 intelligence analysts working out of the U.S. military's Central Command have formally complained that their reports on ISIS and al Qaeda’s branch in Syria were being inappropriately altered by senior officials...

Some of those CENTCOM analysts described the sizable cadre of protesting analysts as a “revolt” by intelligence professionals who are paid to give their honest assessment, based on facts, and not to be influenced by national-level policy. more

Brazen Snoop Goes to Digital Extremes for Game Scoop

Lousy security, but “great food.”

That was a parting shot from a snoop who slipped into a London digital gaming company, hung out there for the day, ate a free lunch — then spilled details online about a new game the firm is developing.
The security breach last week at Digital Extremes, the city’s largest gaming company, underlines the perils of the open workplace that sets tech companies apart from many businesses, one observer said.

“This case illustrates the risk for any technology company of having an open environment and how vulnerable they can be to corporate espionage,” independent technology analyst Carmi Levy said. “There is a risk, when a stranger walks into an office, of losing trade secrets . . . They have to prevent that.” more

Employee Security Awareness Training: Keeping Your Data Safe

"Human Error is among the most common causes of data loss and security breaches."

Develop a compelling security awareness training that improves employee behavior. Join this FREE webinar and learn about best practices on securing your data from sophisticated attacks. Security experts from Smarttech and Security Innovation will place a great emphasis on:

• Hacker Tools and Types of Attacks
• Why Employees Are the Perfect Target
• How a Breach Can Hurt Your Organization
• Mitigation Strategies and Tools 

Date: Thursday, July 9
Time: 10-11 AM EDT

Presenters:
Ronan Murphy
CEO, Smarttech

Ed Adams
CEO, Security Innovation

Registration 

Four of the Newest (and lowest) Social Engineering Scams

1. Phishing with new lethal-strains of ransomware
Ransomware caught businesses’ attention in 2013 with Cryptolocker, which infects computers running Microsoft Windows and encrypts all of its files, as well as files on a shared server. The extortionists then hold the encryption key for ransom (about $500 USD), to be paid with untraceable Bitcoin. The longer the victim waits to pay, the higher the price, or the data can be erased. Now, copycat CryptoDefense has popped up in 2014 and targets texts, picture, video, PDF and MS Office files and encrypts these with a strong RSA-2048 key, which is hard to undo. It also wipes out Shadow Copies, which are used by many backup programs... 

2. Phishing with funerals 
Perhaps a new low - social engineering gangs have been caught sending people phishing emails that appear to be from a funeral home telling the reader that a close friend of yours is deceased and the burial ceremony is on this date. They have already penetrated and compromised the funeral home’s website, so the moment that the concerned friend clicks on the compromised website they get redirected to a bad guy’s server...

3. IVR and robocalls for credit card information 
Similar Articles group masks Social engineering attacks from the front lines attention. Bad guys steal thousands of phone numbers and use a robocaller to call unsuspecting employees. “It’s fully automated, Sjouwerman says. “The message goes something like – ‘This is your credit card company. We are checking on a potential fraudulent charge on your card. Did you purchase a flat screen TV for $3,295? Press 1 for yes or 2 for no.’” If the person responds no – the script then asks the victim to enter his credit card number, expiration date and security code. In some cases, employees worry that their company credit card has been compromised and they might get into trouble, so they play along...

4. Healthcare records for spear-phishing attacks 
With massive data breaches in 2013, the criminal element has reached a point where they can grab personally identifiable information and start merging records – including healthcare records. For instance, a bogus email looks like it’s coming from your employer and its healthcare provider announcing that they’ve made some changes to your healthcare program. They’re offering preferred insurance rates for customers with your number of children. Then they invite the email reader to check out a link that looks like it goes to the health insurer’s web page. “Because the email is loaded with the reader’s personal information, there’s a high likelihood of one click – and that’s all it takes” to infiltrate company systems...
(more)

Double Check Your Tech

via Bruce Schneier...
This is a creepy story. The FBI wanted access to a hotel guest's room without a warrant. So agents broke his Internet connection, and then posed as Internet technicians to gain access to his hotel room without a warrant.

From the motion to suppress:

The next time you call for assistance because the internet
service in your home is not working, the "technician" who comes
to your door may actually be an undercover government agent.
He will have secretly disconnected the service, knowing that
you will naturally call for help and -- when he shows up at
your door, impersonating a technician -- let him in. He will
walk through each room of your house, claiming to diagnose the
problem. Actually, he will be videotaping everything (and
everyone) inside. He will have no reason to suspect you have
broken the law, much less probable cause to obtain a search
warrant. But that makes no difference, because by letting him
in, you will have "consented" to an intrusive search of your
home.

Basically, the agents snooped around the hotel room, and gathered evidence that they submitted to a magistrate to get a warrant. Of course, they never told the judge that they had engineered the whole outage and planted the fake technicians. (more)

Guess Who's Making the Next Secure Cell Phones

The Scientific and Technological Research Council of Turkey (TÃœBITAK) intends to start producing mobile phones that are protected from wiretapping, Turkish Minister of Science, Industry and Technology Fikri Isik was quoted by Al Jazeera Turk TV channel as saying.

"Turkey also intends to establish production and export smartphones protected from wiretapping to neighboring countries."

The minister did not mention the specific date of the production and the cost of the project. (more)

Not surprising. Turkey has had some serious cell phone eavesdropping problems over the past few years. Many at high levels of government.

Chinese Espionage Now Rampant in Taiwan

As relations improve between Beijing and Taipei, military morale still continues to fall as fewer Taiwan military officers see a future in an ever-shrinking armed forces. Many are beginning to cash in on their intimate knowledge of military secrets, including classified information on US military equipment. 

Over the past several years, Taiwan military officers have sold China information on the E-2K Hawkeye airborne early warning aircraft, Patriot Advanced Capability-3 and PAC-2 anti-ballistic missile systems, Hawk air defense missile system, and the Raytheon Palm IR-500 radiometric infrared camera.

China uses retired Taiwan military officers to help recruit spies in the armed forces. Retired officers receive all-expense paid trips to China by the United Front Work Department, said a Taiwan security specialist. While there, they are lionized for returning to the “homeland” and given tours of their ancestral homes. Before they return, money is offered to help the “motherland” in the future, and “unfortunately many take it,” he said. (more)

Taylor Swift - Worried About Wiretaps

In a wide-ranging interview with Rolling Stone, Taylor Swift gets candid about her love life, her professional feuds and being very cautious about janitors and wiretapping.

1. She's pretty much always worried about privacy
Swift is acutely aware that people are out to invade her privacy. “There's someone whose entire job it is to figure out things that I don't want the world to see,” she told Rolling Stone. She's also paranoid about basically anyone she lets get too close... I have to stop myself from thinking about how many aspects of technology I don't understand.” (more)

Taylor, there are some nice professional privacy consultants who can help you.

Broker, Trader, Lawyer, Spy: The Secret World of Corporate Espionage

In this penetrating work of investigative and historical journalism, Eamon Javers explores the dangerous and combustible power spies hold over international business.

Today's global economy has a dark underbelly: the world of corporate espionage. Using cutting-edge technology, age-old techniques of deceit and manipulation, and sheer talent, spies act as the hidden puppeteers of globalized businesses... Readers meet the spies who conduct surveillance operations, satellite analysts who peer down on corporate targets from the skies, veteran CIA officers who work for hedge funds, and even a Soviet military intelligence officer who now sells his services to American companies.

Intelligence companies and the spies they employ are setting up fake Web sites to elicit information, trailing individuals and mirroring travel itineraries, dumpster-diving in household and corporate trash, using ultrasophisticated satellite surveillance to spy on facilities, acting as impostors to take jobs within companies or to gain access to corporations, concocting elaborate schemes of fraud and deceit, and hacking e-mail and secure computer networks.

This globalized industry is not a recent phenomenon, but rather a continuation of a fascinating history. The story begins with Allan Pinkerton, the nation's first true "private eye," and extends through the annals of a rich history that includes tycoons and playboys, presidents and FBI operatives, CEOs and accountants, Cold War veterans and military personnel. (more)

How Anyone Can Turn Your Computer Into a Bugging Device

by Null Byte...
Now that nearly everyone and everyplace has a computer, you can use those remote computers for some good old "cloak and dagger" spying. No longer is spying something that only the CIA, NSA, KGB, and other intelligence agencies can do—you can learn to spy, too.

In this brand new series, we will explore how we can use the ubiquity of the computer to peek in on just about anyone and anyplace. Unlike the spy movies of yesteryear where the spy had to place a listening device in the lamp or in a houseplant, as long as there is a computer in the room, it can be used as a "bug."

We will examine how to turn that commonplace computer into our own bug to listen in on conversations, use as a spy camera, track Internet searches, and more. James Bond and Q have nothing on us!

In this first part, I will show you how to convert any computer, anywhere, into a listening device. As nearly every room now has a computer in it, you can put a bug in nearly every room, unnoticed and undetected. (more)

Tips: 
• Don't open any Word or Excel files from anyone who might want to bug you. 
• Reboot your computer often.

The 1-Click Conference Call Trick - Ease or Espionage?

from the website...

"We made CCALL because it’s a pain in the axx to enter conference codes from a mobile phone. If you've ever had a calendar invite with a long conference ID and scribbled it on the back of your hand to avoid jumping between the email, your calendar and your phone app then you understand why we did this."

Question: Do you think this a clever public service, or a clever social engineering eavesdropping / espionage trick? Doesn't matter. I know what I am telling my clients.

China, Sex, Spycams and PIs... A Cautionary Tale

(June) A covert sex tape involving a senior executive and his Chinese lover was the trigger for a major investigation into corruption at British drugs giant GlaxoSmith-Kline...

The video of married Mark Reilly and his girlfriend was filmed by secret camera and emailed anonymously to board members of the pharmaceutical firm.

It led to an investigation that has rocked the £76billion company... (more)

(Yesterday) A British private investigator (PI) has been sentenced to two and a half years in jail by a Chinese court after becoming embroiled in a sex and whistleblowing scandal at the drug firm GlaxoSmithKline.

Peter Humphrey, 58, was also fined 200,000 yuan (£19,300), and his wife, Yu Yingzeng – a naturalised American citizen – was sentenced to two years and fined 150,000 yuan in the first case of its kind involving foreigners in China...

GSK had hired them to investigate why the company's then head of China operations, Mark Reilly, had been filmed surreptitiously having sex with his Chinese girlfriend in his guarded luxury home. (more)

Money Saving Spy Tips
1. No area you think is private is private until a competent TSCM team says so.
2. The "girlfriend" spy is an old trick.
3. Bugs, taps and spycams are old spy tricks. #3 used with #2 will cost you.
4. Executives: beware of #2, check for #3 frequently.
5. PIs, working in China has its risks.
6. Blackmail works, especially when state sponsored.
7. Proactive TSCM is far cheaper than a mess like this.

FBI Citizens Academy - Hey, corporate America, turn around and pay attention.

“The top secret, government, political secrets, all that top secret stuff that you kind of think about spies, probably less than 10% of what they are trying to go after.” 

FBI experts say that 90% of what they go after, is industrial and trade secret espionage, and the target: students and executives from companies traveling abroad carrying trade secrets from their research and development at universities and companies.. And it's highly sought after.

“Every company, your research and development, it’s your next product down the road, and if I can steal that information and beat you to the market it's going to be devastating for you as a company.” (more) (video)

Business Espionage: Rival CEO Posed as Exec to Get Secrets

The CEO of a sporting goods chain who once appeared on the TV show "Undercover Boss" pretended to be an executive from a rival company in an effort to get confidential information, according to a lawsuit.

Artist's conception. Not a real executive spying.

Dick's Sporting Goods claims in a lawsuit filed Feb. 20 in Mercer County Court that Mitchell Modell, CEO of Modell's Sporting Goods, showed up at a Dick's store in Princeton in February saying he was a Dick's senior vice president.

Dick's alleges Modell told employees he was to meet the Dick's CEO there and persuaded workers to show him the backroom of the store and to answer questions about the business. Modell gathered information about online sales, including a "ship from store" program that gets products to customers' doors quickly, the lawsuit said. (more)

Security Director Alert: Like electronic eavesdropping, business espionage via social engineering is one of the more common spy tricks. In addition to TSCM, make employee awareness about social engineering part of your counterespionage strategy. This story makes an excellent talking point.

Today's Chinese Espionage Revenge Had Roots in Tea (among other rip-offs)

Darjeeling tea, the Champaigne among teas, owes its genesis to an industrial espionage of epic proportions. Planned by the East India Co and executed by a daring Scot, the early 19th century operation gave the world the thin-bodied, light-colored infusion with a floral aroma that is revered by tea connoisseurs the world over. 

British tea expert Malcolm Ferris-Lay said...

"For nearly 200 years, the East India Co sold opium (derived from Papaver Soniferum) to China and bought tea with the proceeds... in May 1848, Robert Fortune (born in Eldrom village in Berwickshire, Scotland) was approached by East India Co to collect valuable information on tea industry in China.

"Fortune learned Mandarin, shaved his head, adopted a pigtail as worn by Manchus, dressed in local clothes and disguised himself as a Chinese from a distant province. He sneaked into remote areas of Fujian and Jiangsu province, forbidden parts of China. Fortune managed to collect 20,000 plants and seedlings and had then transported it to Kolkata in Wardian cases, small greenhouses which kept the plants healthy due to condensation within the case," Ferris-Lay explained.

These seedlings were planted in Darjeeling and grew into bushes that over the time produced the unique tea. "Many of the teas that Fortune brought back perished. But the knowledge that he brought back from China together with plants were instrumental in what is today a huge flourishing tea industry in India," he said. (more)

Business Espionage: Bratz Bitch Slaps Barbie Over Spying to the Tune of $1 Billion

MGA Entertainment Inc. (MGA) filed a major trade secret theft lawsuit against Mattel Inc. on over reportedly stealing information at industry trade shows, and is seeking damages of at least $1 billion. This is the latest in a long-running battle between the two competing doll makers.

MGA claims that throughout a period of years, Mattel instructed its employees to engage in acts of "espionage and fraud" to steal MGA's trade secrets...
The Bratz doll makers claim that for a number of years, Mattel employees used a "Market Intelligence Department" to steal MGA's trade secrets under the aspices of an 11-page "How-to-Steal" manual. Mattel also reportedly set up "spies," who created false identities by printing fake business cards and used Mattel's accounting department to create mocked-up invoices to back up their fictional businesses in to better gain access to MGA's private showrooms. 

MGA also claims that Mattel employees purchased small video recorders (paid for by Mattel) and cameras to photograph and videotape what they saw in private showrooms and industry trade shows. As a result, Mattel obtained highly confidential information about MGA's designs, price lists and marketing plans for unannounced future products in the highly popular Bratz line, according to MGA. (more)

Husband's Intimate Tweets to Other Woman Posted on Net by Wife... and then...

One of India's most prominent politicians, Shashi Tharoor, has been caught in an excruciating cross-border Twitter scandal after his wife posted allegedly intimate text messages between the government minister and a Pakistani journalist on his social media account. 

The latest Twitter tempest for Dr Tharoor, Minister for Human Resources, author and former senior UN official once mooted as a candidate for secretary-general, threatens not only to scuttle a promising political career and a three-year marriage but also expose the politician to further legal scrutiny over a 2010 Indian Premier League cricket bidding scandal that cost him his then job as a junior minister. (more) (background)

This just in... 
Shashi Tharoor's wife was found dead in a luxury hotel room in Delhi after she went public on Twitter... (more)

10 Most Audacious Eavesdropping Plots

Operation Ivy Bells
At the height of the cold war, the National Security Agency, CIA and the US Navy collaborated to tap into underwater communication lines used by the Soviet Union. 

Operation Stopwatch
This joint operation between the CIA and the British Secret Intelligence Service was again an attempt to tap into communications by the Soviet Military.

The Cambridge Spies
Rather than relying on modern eavesdropping, this operation used old fashioned infiltration.

Click to enlarge.

The Gunman Project
During 1976, the KGB managed to install miniaturized eavesdropping equipment and transmitters inside 16 IBM Selectric Typewriters used by staff at the US embassy in Moscow and consulate in Leningrad. 

The Bundesnachrichtendienst Trojan Horse Affair
Germany may have been the victim off NSA eavesdropping, but its own Federal Intelligence Service, the Bundesnachrichtendienst, has also engaged in such activities.

The MI6 Spy Rock
In a modern version of the dead letter drop, British spies working out of the embassy in Russia used a transmitter concealed in an artificial rock to pass classified data. 

Acoustic Kitty
Acoustic Kitty was a top secret 1960s CIA project attempting to use cats in spy missions, intended to spy on the Kremlin and Soviet embassies. (more)

Moles in Berlin

In 1956, American and British agents tunneled into East German territory in order to tap a telephone line. This allowed them to eavesdrop on important conversations between Red Army leaders and the KGB. A segment of the tunnel can now be visited. (more)

U2
An international diplomatic crisis erupted in May 1960 when the Union of Soviet Socialist Republics (USSR) shot down an American U-2 spy plane in Soviet air space and captured its pilot, Francis Gary Powers. Confronted with the evidence of his nation's espionage, President Dwight D. Eisenhower was forced to admit to the Soviets that the U.S. Central Intelligence Agency (CIA) had been flying spy missions over the USSR for several years. (more)

Animal Spies
A former CIA trainer reveals, the U.S. government deployed nonhuman operatives—ravens, pigeons, even cats—to spy on cold war adversaries. “We never found an animal we could not train.” (more)

Industrialists Hit by Cyber Espionage

India - Cyber espionage, the practice of spying to obtain secret information like proprietary or classified details, confidential sales data, turnover, clients' contacts, diplomatic reports and records of military or political nature, have hit city industrialists.

"Cyber espionage is the new trend of cyber crime that is threatening mid-scale and small-scale industries in Ludhiana. Here one could target his business competitors or simply steal other company's details to sell it further in the market. Ludhiana offers them a ready-made market as many start-ups and small scale companies are operational here," said Tanmay Sinha, a cyber expert and an entrepreneur based in Ludhiana.

"In most of the instances, cyber espionage attempts benefit the attacker as these attacks are not random but are well-planned and targeted towards one group. Moreover, these are done by the criminals after studying the history of the target," he added.

Ludhiana police cyber cell has received more than 10 complaints of cyber espionage in the last two months. (more)