US Federal Wiretap Report 2015

This report covers intercepts concluded between January 1, 2015,

and December 31, 2015, and provides supplementary information on arrests and convictions resulting from intercepts concluded in prior years.

Forty-eight jurisdictions (the federal government, the District of Columbia, the Virgin Islands, Puerto Rico, and 44 states) currently have laws that authorize courts to issue orders permitting wire, oral, or electronic surveillance. Table 1 shows that a total of 28 jurisdictions reported using at least one of these types of surveillance as an investigative tool during 2015. more

Proof Almost 50% of People are Computer Security Morons

In what’s perhaps the most enthralling episode of the hacker drama Mr. Robot, one of F-Society’s hackers drops a bunch of USB sticks in the parking lot of a prison in the hopes somebody will pick one up and plug it into their work computer, giving the hackers a foothold in the network. Of course, eventually, one of the prison employees takes the bait.

Using booby-trapped USB flash drives is a classic hacker technique. But how effective is it really? A group of researchers at the University of Illinois decided to find out, dropping 297 USB sticks on the school’s Urbana-Champaign campus last year.

As it turns out, it really works. In a new study, the researchers estimate that at least 48 percent of people will pick up a random USB stick, plug it into their computers, and open files contained in them. Moreover, practically all of the drives (98 percent) were picked up or moved from their original drop location. Very few people said they were concerned about their security. Sixty-eight percent of people said they took no precautions... more

Scary Password Stats

Market Pulse Survey 

Click to enlarge.

Reveals Growing Security Negligence in the Workplace 
Despite Employees’ Concern Over Risk to Personal Data 
more 

Yes, 1 in 5 would sell their passwords... and it only take one to spring a leak.  ~Kevin

Physical Security a Growing Threat to Organizations

Physical security is seen as growing concern for business continuity professionals, according to the fifth annual Horizon Scan Report published by the Business Continuity Institute, in association with BSI. Among the ranks of potential threats that organizations face, acts of terrorism gained six places from 10th in 2015 to 4th this year, while security incidents moved from 6th place to 5th place. more

A proper TSCM / Information Security inspection can help in all areas of concern.

Cyber Crime Costs Projected To Reach $2 Trillion by 2019

‘Crime wave’ is an understatement when you consider the costs that businesses are suffering as a result of cyber crime. ‘Epidemic’ is more like it. IBM Corp.’s Chairman, CEO and President, Ginni Rometty, recently said that cyber crime may be the greatest threat to every company in the world...

In 2015, the British insurance company Lloyd’s estimated that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts over the past year put the cybercrime figure as high as $500 billion and more...

The World Economic Forum (WEF) says a significant portion of cybercrime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot. [Especially when electronic surveillance and classic corporate espionage techniques are used.] Those crimes would arguably move the needle on the cyber crime numbers much higher.

For anyone who wants to tally their own bill from cyber crime, check out Cyber Tab from Booz Allen. It is an anonymous, free tool that helps information security and other senior executives understand the damage to companies inflicted by cyber crime and attacks. more

Wiretap Costs Drops

How much does a wiretap actually cost?

Last year, the average wiretap cost $41,119, according to the U.S. Courts Wiretaps Report for 2013, down from $57,540 the previous year. The steady decrease in wiretapping price means it's highly likely that wiretapping is cheaper now than it has ever been before. The average length of these wiretaps was 40 days, and the most prominent wiretapping happened in northern Illinois, where narcotics officers intercepted 136,378 text messages. (more)

Coming Soon - The "Pssst. Don't go walking there alone" App

SketchFactor is a navigation app that shows the relative sketchiness of an area. It's focused on improving city exploration on foot. SketchFactor empowers users to report sketchy experiences, read sketchy incidents, and get directions to where they need to go in the least sketchy way possible.

What does sketchy mean?
Sketchy means a number of different things. To you, it may mean dangerous. To someone else, it may mean weird.
 
What can I report?
You can report any sketchy incident you see fit. (more)

FutureWatch: If this gains traction, like Yelp, it will become a whole lot more than just a personal app. Police, criminologists, city planners, security consultants, taxi cab companies and more will find use for the data this generates. Imagine a real-time SketchFactor overlay for Google maps.

Cost of Corporate Espionage in Germany Today

Every year, industrial espionage costs German businesses around 11.8 billion euros ($16 billion), according to a survey released Monday by the German security firm Corporate Trust.

Every second company in Germany has faced attacks - whether successful or not - with more than three-quarters of those surveyed registering financial losses as a result.

Corporate Trust said the survey reflected answers from 6,767 companies, some 40 percent of which estimated the damage from espionage had cost them anywhere from 10,000 euros to 100,000 euros.

Twelve percent said they lost more than 100,000 euros, and 4.5 percent said they lost more than 1 million euros. (more)

Tap Stars of Las Vegas - "...we're damn good!"

"Let me call in a buddy of mine. He's an expert on wiretaps."

Las Vegas authorities use electronic wiretaps more than almost every other police agency in the country, according to a new report. Clark County judges approved 187 wiretaps on phones in 2013, and police executed 178, according to the Administrative Office of U.S. Courts. 

All of the wiretaps were for drug investigations. That’s a lot of wiretapping, especially when you factor the county’s population, compared to metro areas at least four times larger. 

Los Angeles County judges approved 148 wiretaps last year. New York City’s special narcotics bureau had 138 wiretaps approved. 

Pew Research Center analyzed the data and determined — based on population — that the Silver State leads the nation with 38 phone wiretaps per 500,000 people in 2013. 

No other state saw more than 12 wiretaps per 500,000 people, according to the nonpartisan think tank. So why are Nevada’s numbers so high... (more)

Think Tank Thinks Economic Espionage Costs World Economy About $445b

The likely annual cost of cybercrime and economic espionage to the world economy is more than $445 billion — or almost 1 percent of global income, according to estimates from a Washington think tank.

That figure is lower than the eye-popping $1 trillion figure cited by President Obama, but it nonetheless puts cybercrime in the ranks of drug trafficking in terms of worldwide economic harm.

‘‘This is a global problem and we aren’t doing enough to manage risk,’’ said James Lewis, a senior fellow at the think tank, the Center for Strategic and International Studies, and co-writer of the report. (more)

Fun Fact: Taiwan Out-taps USA

Taiwanese courts permitted 504,788 cases of eavesdropping from late 2007 to late 2013, while the United States has had only about 1,000 to 2,000 cases per year in the last decade, according to the investigation report. (more)

Taiwan is just a little larger than Maryland.

Smartphone kill-switch could save consumers $2.6 billion per year...

...and why you will probably never see it.
Technology that remotely makes a stolen smartphone useless could save American consumers up to $2.6 billion per year if it is implemented widely and leads to a reduction in theft of phones, according to a new report...

Americans currently spend around $580 million replacing stolen phones each year and $4.8 billion paying for handset insurance... (more)

Do you really think phone and insurance companies are going to kill this goose?

Over 50% of Android Users Don't Use Passwords, Pins or Meaningful Swipes

An ad hoc survey conducted by Google's anti-abuse research lead Elie Bursztein has shown that over half of Android users don't lock their phones in any meaningful way. 

Click to enlarge.

After polling 1,500 users, he discovered that 52 percent of those users "open" their device with a simple slide or gesture, 25.5 percent have opted to locking their phones with drawing a pattern on a grid, and 15.1 percent are using a PIN.

Only 3.3 percent have opted for using a password, 2.3 percent for the option where the phone can recognize their face, and 1.8 percent are using other, 3rd party forms of authentication...
 
...no security is perfect. Both lock patterns and PIN codes can be vulnerable to smudge attacks, as a 2010 Usenix paper illustrates. So whether you use a PIN or a pattern you should change it from time to time. You might also want to go to your phone’s options screen and disable the display of the pattern so people can’t “shouldersurf” it. (more)

Infographic - The Relative Cost of Surveillance

Ashkan Soltani, a privacy and security researcher who has been working with the Washington Post on the Snowden files, has published a graphic that illustrates how technology has greatly reduced the barriers to performing surveillance. Soltani included the graph in a paper published in the Yale Law Journal...

Click to enlarge.

The cost comparison involves the several location surveillance techniques of physical pursuit by foot and in vehicles, location tracking using a radio beeper, a GPS device, or a cell phone.

A few examples for understanding the chart:
• Tracking a suspect using a GPS device is 28 times cheaper than assigning officers to follow him.
• Tracking a suspect using cell phone data is 53 times cheaper than physical covert pursuit.
• Tracking a cell phone is twice as cheap as using a GPS device. (more)

REPORT: Corporate Espionage Against Nonprofit Organizations

How common is corporate espionage against nonprofits?
Most of the cases of corporate espionage we know about in recent years have been uncovered by accident. There has been no comprehensive, systematic effort by federal or state government to determine how much corporate espionage is actually occurring, and what tactics are being used. It is likely that corporate espionage against nonprofits occurs much more often than is known. 

Get the "T"

Who actually conducts the espionage?
When a nonprofit campaign is so successful that it may impair a company’s profits or reputation, companies may employ their own in house espionage capabilities, or they may retain the services of an intermediary with experience in espionage...

The intermediary may hire a private investigations firm that either has multiple espionage capacities or that specializes in the particular kind of intelligence needed – such as human intelligence and the infiltration of nonprofits, or electronic or physical surveillance. These private investigations firms may subcontract out espionage to experienced operatives, which gives corporations access to specialized talent while further increasing the level of plausible deny-ability...
 
Corporations may also hire the services of experienced nonprofit infiltrators who may pose as volunteers, to scout out workplaces and to steal documents left unattended or unguarded. Corporate spies may also plant bugs to obtain and transmit verbal communication. Both offices and homes may be targeted for the gathering of physical intelligence. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Corporate Espionage Infographic

Infographic via David Schilling, Industry Tap.

Mass Surveillance Is Big Business: Corporations Are as Good at Spying as Governments

Data is the currency of surveillance, and it's not just the NSA and GCHQ looking to cash in. As a newly released cache of documents and presentation materials highlights, the private surveillance industry is booming. More shocking is that many firms claim in their own corporate PowerPoints that they've got capabilities that rival that of the government giants.

The document trove, called the Surveillance Industry Index (SII) and released by Privacy International, and contains 1,203 documents from 338 companies in 36 countries, all of which detail surveillance technologies...
 
Of course, that world isn't open to average consumers, which is why SII—and previously, Wikileaks' Spy Files, among others—is eye-opening. What's even more concerning than systems that guarantee "complete data inflow from all networks" is who's buying it. And while all the brochures I've read so far are careful to specify that surveillance tech is only for legal data collection, "legal" is a very fluid term worldwide...

There's a very good reason that the UN High Commissioner called privacy a human right earlier this year: The vast tools available to people with enough money and network access are more capable of accessing private information than ever before...

"There is a culture of impunity permeating across the private surveillance market, given that there are no strict export controls on the sale of this technology, as there on the sale of conventional weapons," Matthew Rice, a research consultant with Privacy International, told The Guardian. (more)

Corporate espionage: The spy in your cubicle

Corporate espionage from a German perspective...
At a trade fair, the head of a company discovers a machine developed by his own employees - but at the stand of a competitor, where the new item is proudly displayed. Looking through his company's inventory, he sees four new printers, even though he in fact ordered five. And to top things off, he's having problems with the state prosecutors, who say his firm is implicated in a bribery charge. His company, in short, has fallen victim to industrial espionage - three times over. 

Since 2001, some 61 percent of German companies have fallen prey to these or similar crimes. In 2013, by comparison, just 45 percent of German firms were entangled in such an affair. Those were the conclusions of a study conducted by business consulting giant PricewaterhouseCoopers (PCW) together with Martin Luther University in Halle-Wittenberg (MLU). For the study, more than 600 German companies, each with at least 500 employees, were examined every two years...

...in the areas of "industrial espionage, economic espionage and the leaking of work and business secrets," there have been frighteningly high numbers of suspected cases. And there could be far more, the analyst added, since being spied upon doesn't necessarily mean that you know it's happening. Corruption ends with prosecutors knocking at the door; an inventory check usually clears up theft. But with spying, "Nothing is gone." (more)

Part of the Security Scrapbook's reason for being is that last sentence. Tracking some of the business espionage stories per year indicates the size of the problem. 

Example: If 1% of business espionage is discovered, and 1% of discovered business espionage becomes news, then 50 business espionage news stories equals 500,000 business espionage attacks — 499,950 of which were successful. Adjust the percentages to suit yourself, but you get the idea. 

The point is, you won't know when your intellectual and strategic pockets are being picked. Especially, if you are not checking regularly. 

Call me. I can help.

The Current State of Cyber Security in Latin America

Latin America is experiencing tremendous growth—unfortunately the growth in question relates to cyberattacks. “If you look at Peru, you see 28 times as much malware in 2012 as in 2011; Mexico about 16 times; Brazil about 12 times; Chile about 10; and Argentina about seven times,” said Andrew Lee, CEO of ESET. These tremendous growth rates are expected to continue in the coming years, Lee noted.

Tom Kellermann, vice president of cybersecurity at Trend Micro, a network security solutions company. He discussed a report that Trend Micro released jointly with OAS called Latin American and Caribbean Cybersecurity Trends and Government Responses. 

Kellermann noted that while organized crime groups, such as narco-traffickers, have embraced cybercrime, the governments of Latin American countries haven’t been able to keep up in terms of defending against this type of crime. “Only two out of five countries have an effective cybercrime law, let alone effective law enforcement to hunt [cyberattackers],” he said. (more)

Mobile Phone Use a Significant Security Risk for Companies

New research suggests that companies are leaving themselves open to potentially serious security and legal risks by employees’ improper use of corporate mobile devices.

Buy them the Cone of Silence.

Experts from the University of Glasgow looked at a sample of mobile phones returned by the employees from one Fortune 500 company and found that they were able to retrieve large amounts of sensitive corporate and personal information. The loss of data such as this has potential security risks, inviting breaches on both an individual and corporate level.

A University of Glasgow release reports that the data yielded by this study on thirty-two handsets included a number of items that could potentially cause significant security risks and, lead to the leakage of valuable intellectual property or exposed the company to legal conflicts. (more)