Spouse Spying Increase Seen By 92% of Divorce Attorneys

In this new age of technology, spy gadgets are no longer just for actors in James Bond movies. Studies show more spouses are using spy equipment to catch the other red-handed.


The American Academy of Matrimonial Lawyers says in the past three years 92 percent of divorce attorneys saw an increase in evidence from text messages, emails and GPS trackers. In fact in 2011, a Minnesota man was thrown in jail for installing a GPS on his wife's car as he searched for proof she was cheating.

U.S. Government Surveillance Stats - Up 361%, 2009-2011

U.S. law enforcement surveillance of email and other Internet communication has skyrocketed in the last two years, according to data obtained by the American Civil Liberties Union... 

Early Pen Register

The number of so-called pen register and trap-and-trace orders obtained by federal law enforcement agencies has increased 361 percent between 2009 and 2011, the ACLU said. The U.S. Department of Justice released the data to the ACLU after the civil rights group sued the agency under the Freedom of Information Act. (more)

Mobile Phones and Privacy

Mobile phones are a rich source of personal information about individuals. Both private and public sector actors seek to collect this information. 

Facebook, among other companies, recently ignited a controversy by collecting contact lists from users’ mobile phones via its mobile app. A recent Congressional investigation found that law enforcement agencies sought access to wireless phone records over one million times in 2011. As these developments receive greater attention in the media, a public policy debate has started concerning the collection and use of information by private and public actors.

To inform this debate and to better understand Americans’ attitudes towards privacy in data generated by or stored on mobile phones, we commissioned a nationwide, telephonic (both wireline and wireless) survey of 1,200 households focusing upon mobile privacy issues. (more) (download Mobile Phones and Privacy)

U.S. Wiretap Report 2011 (For the Period January 1 Through December 31, 2011)

The vast majority of law enforcement wiretaps in 2011 were for telephones (including mobiles) and only a tiny percentage included encryption, which in no case prevented officials from obtaining the plain text of the communications.

That's according to the latest annual U.S. Courts report on wiretapping by federal and state government-authorized wiretaps.

Of the 2,189 court-ordered intercepts, 95.6 percent of the 2,189 total were for some type of telephone, whether a plain old one, a cell phone or another type of mobile device. Only four were against some type of electronic device, including a digital pager, fax or computer. Another six were for oral communications (intercepted with a microphone) and 87 were for a combination of more than one intercept type. (more)

"How Much Is Your Privacy Worth?"

"How Much Is Your Privacy Worth?" just opened at The Dutch Museum of Communications located in The Hague, Netherlands.

Illustrator and graphic designer Noma Bar designed this and other posters for the museum, which conducted research into the theme of privacy for its latest exhibition.
 

...the museum conducted an official survey, the results of which are now displayed in the museum and on its website. They also conducted a series of street interviews. Bar used some of the findings to create the posters. 

The following is a little cryptic due to Google's translation abilities, but you'll get the idea...

"The Museum for Communication pays special attention to the issue of privacy. Ruigrok research was commissioned by the museum research into the value of privacy among the Dutch public. Following this study, street interviews. The street interviews are presented in the museum, including exhibitions in the WE Blog, the Empire of back and forth Letter Secrets is the theme.

 

Of course, also to the visitor the question "How much is your privacy worth?" Made. In exchange for personal information they receive discounts on admission."

Android Cell Phone Users Security Alert

Malware targeting Android users has nearly quadrupled since 2011. As you can see in the graph, 10 Android malware families were detected in Q1 2011. This number increased for two quarters in a row, then dipped for one, and then finally settled at 37 in Q1 2012. That means a year-over-year growth of 270 percent.

The data comes from security firm F-Secure. The trend was revealed today in the company’s 47-page Mobile Threat Report Q1 2012 (PDF).

It makes sense that both the number of malware families and malicious Android APKs is increasing, but it’s still staggering to see that the latter number is now over 3,000, whereas last year it was just above 100.

The increase in malware numbers is indicative of a wider increase in mobile threats, according to F-Secure. Even more worrying, however, is that the Finnish security firm warned many of the apps are targeting Android users’ financial data, noting that 34 of the current malware families are designed to steal money from infected smartphones. (more)


Tip: Do not download, open or install anything unless you absolutely need it and are 100% confident it is coming to you from a trusted source. ~Kevin

The Cybercrime Wave That Wasn’t

via The New York Times...

In less than 15 years, cybercrime has moved from obscurity to the spotlight of consumer, corporate and national security concerns. Popular accounts suggest that cybercrime is large, rapidly growing, profitable and highly evolved; annual loss estimates range from billions to nearly $1 trillion...

Yet in terms of economics, there’s something very wrong with this picture...

...in numeric surveys, errors are almost always upward: since the amounts of estimated losses must be positive, there’s no limit on the upside, but zero is a hard limit on the downside. As a consequence, respondent errors — or outright lies — cannot be canceled out. Even worse, errors get amplified when researchers scale between the survey group and the overall population...

The cybercrime surveys we have examined exhibit exactly this pattern of enormous, unverified outliers dominating the data. In some, 90 percent of the estimate appears to come from the answers of one or two individuals. In a 2006 survey of identity theft by the Federal Trade Commission, two respondents gave answers that would have added $37 billion to the estimate, dwarfing that of all other respondents combined...

Among dozens of surveys, from security vendors, industry analysts and government agencies, we have not found one that appears free of this upward bias. As a result, we have very little idea of the size of cybercrime losses. (more)

Thus proving once again, fear-mongering is profitable.

• Keep a cool head. 

• View the risk holistically. 

Your valuable information was/is available elsewhere, before it is ever entered into a computer.

• Balance your security budgets appropriately. 

Information risk management isn't solely an IT issue... no matter what the IT security vendors and other vested interests tell you. ~Kevin

Do Company Execs Know Sensitive Data When They See It? Many in IT Say No

Today’s companies, clearly very good at collecting data, seem “less savvy when it comes to how to classify and manage it.”

That’s the conclusion of a survey among 100 IT executives and others conducted by global consulting firm Protiviti, which finds that there is “limited or no understanding of the difference between sensitive information and other data” at nearly a quarter of the companies participating in its survey.

The report is titled “The Current State of IT Security and Privacy Policies and Practices." Its topics: how organizations classify and manage the data they accumulate; specifically how they ensure customer privacy when they handle sensitive data, and how they comply with federal and state privacy laws and regulations. (more)

Electronic chip in bath soap raises huge stink

India - Expatriate Indian consumers have become suspicious of a brand of bath soap manufactured by a multinational company after consumers back home complained about an electronic chip embedded in the soap.

Reports from India suggest that a bathing soap-related survey being conducted for Britain-based organisations in Beemapalli near Thiruvananthapuram, Kerala, was called off after residents, who had earlier agreed to the survey, panicked...

The survey was being conducted for the stated purpose of finding out the health and hygiene habits of the people living in coastal areas, to which the residents of Beemapalli consented. However, once the realization of an embedded chip in the bathing soap dawned upon the locals, they feared that the soap might 'eavesdrop' on them or even film them in the shower. (more)

The chip was a motion sensor. The survey participants agreed to use the soap for five days and return it, at which point they would be paid money for being part of the survey.

Security Alert: Check Your Cell Phone

Bit9 researchers has compiled a list of 12 smartphones that pose the highest security and privacy risks to consumers and corporations.

The phones, all Android models, on the "Dirty Dozen" list compiled by Bit9 of Waltham, Mass. are:
Samsung Galaxy Mini
HTC Desire
Sony Ericsson Xperia X10
HTC Wildfire
Samsung Epic 4G
LG Optimus S
Samsung Galaxy S
Motorola Droid X
LG Optimus One
Motorola Droid 2
HTC Evo 4G 

In compiling the list, Bit9 researchers looked at the market share of the smartphone, what out-of-date and insecure software the model had running on it and how long it took for the phone to receive updates.

Read Bit9's full report at http://www.bit9.com/orphan-android/
(more)

Most free Android anti-malware scanners 'near to useless'

Summary: Most products achieved 0% detection rate.

http://tinyurl.com/BuyTheShirt

Free anti-malware apps for the Android operating system are ‘near to useless’ according to anti-malware testing specialists AV-Test.org.

The results of the testing [PDF download] were quite shocking, with most products achieving 0% detection rate. The best product, Zoner Antivirus Free, scored a miserable 32% in a manual scan and a more respectable 80% when it came to a real-time scan. And remember, this is the best of the free apps! (more)

Foreign Spies Stealing US Economic Secrets Report Released (FREE)

The Office of the National Counterintelligence Executive (ONCIX) Report: "Foreign Spies Stealing US Economic Secrets in Cyberspace - Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011" has been released.
Foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation's prosperity and security. Cyberspace—where most business activity and development of new ideas now takes place—amplifies these threats by making it possible for malicious actors, whether they are corrupted insiders or foreign intelligence services (FIS), to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect.

Pervasive Threat from Adversaries and Partners:
Sensitive US economic information and technology are targeted by the intelligence services, private sector companies, academic and research institutions, and citizens of dozens of countries.

• Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC cannot confirm who was responsible.

• Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.

• Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence (HUMINT) tactics. Some of these states have advanced cyber capabilities.

Outlook:
Because the United States is a leader in the development of new technologies and a central player in global financial and trade networks, foreign attempts to collect US technological and economic information will continue at a high level and will represent a growing and persistent threat to US economic security. The nature of the cyber threat will evolve with continuing technological advances in the global information environment.

A Survey of Mobile Malware in the Wild

via Michael Kassner, techrepublic.com

A group of Berkeley researchers take a long, hard look at mobile malware. What they found should interest you...

William Francis — fellow TechRepublic writer/Android investigative partner — and I research Android permissions and Android malware. Every step of the way, we have the support and guidance of experts — one being Adrienne Porter Felt.

I just learned that Adrienne and fellow U.C. Berkeley researchers Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner coauthored “A Survey of Mobile Malware in the Wild“. Their point: Mobile malware is a clear and present danger.

I normally avoid the dramatic, but a lot of good people are trying to raise awareness about the increased presence of mobile malware, and I want to help. (more)

They are very busy. That's why they're called busybodies.

UK - Millions of adults are self confessed computer hackers with more than one in 10 (13%) admitting they have accessed someone else's online account details without their permission.

According to research by life assistance company CPPGroup Plc (CPP), the most common 'casual' hacking takes place on Facebook and other social network sites. And while this will often be viewed as harmless spying, many admitted to accessing personal and work emails, money transaction portals such as PayPal and online banking sites.

Many people (32%) casually dismissed their hacking as something they did 'just for fun' while others admitted they did it to check up on their other half (29%) or a work colleague (8%). But it wasn't all passive spying - two per cent had very different motives admitting they did it for financial gain. (more)

Hacked Off - Is Your Cell Phone Next?

If the cellphone hacking scandal that caused the downfall of Britain's best-selling tabloid, News of the World, made you wonder about your own vulnerability, consider these statistics.

Globally, telecommunications-fraud losses, which includes cases of mobile-phone fraud, were estimated to hit $72 billion to $80 billion in 2009, up 34 percent from 2005, according to a 2009 survey of security experts from the Roseland, N.J.,-based Communications Fraud Control Association. Hacking alone accounted for $3.2 billion in losses for the telecom industry, says CFCA. What's more, the problems have likely only expanded as smartphone use has escalated. (more)

U.S. Wiretaps Rose 34 Percent Last Year

The sharp wit of Mark Parisi - offthemark.com

U.S. - The number of court-approved wiretaps rose 34 percent last year, though an unspecified amount of the increase was the result of changed reporting procedures.

According to a report by the Administrative Office of the United States Courts, federal wiretaps rose 82 percent in 2010 from the previous year while state applications rose 16 percent. Combined, 3,194 wiretaps were authorized — 1,207 by federal judges, 1,987 by state judges. (more)

Android Malware Jumps 400 Percent as All Mobile Threats Rise

Mobile security is the new malware battlefield as attackers take advantage of users who don’t think their smartphones can get compromised.

Cyber-attackers are gunning for Google’s Android as they take advantage of a user base that is “unaware, disinterested or uneducated” in mobile security, according to a recent research report.

Malware developers are increasingly focusing on mobile devices, and Android malware has surged 400 percent since summer 2010, according to the Malicious Mobile Threats Report 2010/2011 released May 11. The increase in malware is a result of users not being concerned about security, large number of downloads from unknown sources and the lack of mobile security software, according to the Juniper Networks Global Threat Center, which compiled the report. (more)

Security Director's: The IT guys are stealing your lunch...

...and, unless you take control they will also eat your budget and make you irrelevant. 

Their recipe... Take accurate "S&P 500" statistics, add a pinch of "cyber" for a taste of scary, let it cook over "1,000 IT decision makers" with vested interests, serve as "hot news" written by... oh, no one in particular.

Cybercriminals understand there is greater value in selling a corporations’ proprietary information and trade secrets which have little to no protection making intellectual capital their new currency of choice, according to McAfee and SAIC.

The cyber underground economy is making its money on the theft of corporate intellectual capital which includes trade secrets, marketing plans, research and development findings and even source code.

McAfee and SAIC surveyed more than 1,000 senior IT decision makers in the U.S., U.K., Japan, China, India, Brazil and the Middle East. Their study reveals the changes in attitudes and perceptions of intellectual property protection in the last two years. (more)

Fight back...

Tell the boss:

1. All of the information IT claims it needs money to protect (and more) is available elsewhere long before it is ever reduced to computer data.

2. "Cybercriminals" is a self-serving label invented to scare. News and entertainment media glorify this one aspect of criminal behavior. Truth: Criminals don't care how they make a buck. Foreign governments don't have preferential spy techniques. Both want your intellectual property. The fresher, the better. Reality: Cybercriminals get the table scraps.

3. You are the front line of defense. Your job is more important today than every before in history. The proof is in the S&P 500 chart.

4. "I can take the lead in designing the overall company counterespionage strategy." 

Priority One: Realign the security budget.
• Is 80% of the budget being used to protect tangible assets? (20%) If so, change it.
• Is the budget strong enough to protect the intangible assets? (80%) If not, change it.

Need help implementing a counterespionage strategy? Call us.

P.S. Be kind to the IT guys. They have a hard time keeping up with the regular demands of their job, let alone the security issues. They will be happy you took control and can advise you on what they really need to keep their data safe.

"Have you ever been the victim of..." poll results.

Click to enlarge.

Kevin's Security Scrapbook has been running this poll for several months now. It is a follow-up to a similar poll we ran a few years ago. Time to look at the results.

Not much has changed. No one surveillance tactic is more popular than another. People will use any tool or tactic that does the job.

This parallels our corporate counterespionage field experience.

Thanks to all who shared their experience with us. ~Kevin

Security Director Budget Booster - The Value Of Corporate Secrets

Here are the findings from a Forrester Consulting paper on the value of corporate secrets.

• Secrets comprise two-thirds of the value of firms’ information portfolios. Despite the increasing mandates enterprises face, custodial data assets aren’t the most valuable assets in enterprise information portfolios. Proprietary knowledge and company secrets, by contrast, are twice as valuable as the custodial data. And as recent company attacks illustrate, secrets are targets for theft.

• Compliance, not security, drives security budgets. Enterprises devote 80% of their security budgets to two priorities: compliance and securing sensitive corporate information, with the same percentage (about 40%) devoted to each. But secrets comprise 62% of the overall information portfolio’s total value while compliance related custodial data comprises just 38%, a much smaller proportion. This strongly suggests that investments are over-weighed toward compliance.
 

• Firms focus on preventing accidents, but theft is where the money is. Data security incidents related to accidental losses and mistakes are common but cause little quantifiable damage. By contrast, employee theft of sensitive information is 10 times costlier on a per-incident basis than any single incident caused by accidents: hundreds of thousands of dollars versus tens of thousands.
 

• The more valuable a firm’s information, the more incidents it will have. The “portfolio value” of the information managed by the top quartile of enterprises was 20 times higher than the bottom quartile. These high value enterprises had four times as many security incidents as low-value firms. High-value firms are not sufficiently protecting data from theft and abuse by third parties. They had six times more data security incidents due to outside parties than low-value firms, even though the number of third parties they work with is only 60% greater.
 

• CISOs do not know how effective their security controls actually are. Regardless of information asset value, spending, or number of incidents observed, nearly every company rated its security controls to be equally effective — even though the number and cost of incidents varied widely. Even enterprises with a high number of incidents are still likely to imagine that their programs are “very effective.” We concluded that most enterprises do not actually know whether their data security programs work or not. (more)

Need help. Call us.