Friday, May 2, 2008

PIs and Bug Creators Jailed for Industrial Espionage

An Israeli firm of private investigators has been rapped for using spyware to steal sensitive information.

According to reports, four members of the Israeli Modi'in Ezrahi private investigation company have been sentenced after being found guilty of using a Trojan horse to steal commercial information.

The Trojan, which was designed and marketed by London-based couple Michael and Ruth Haephrati, was said to have been used by a number of different private investigation firms to spy on companies including the HOT cable television group and Rani Rahav PR agency.

Another alleged victim was Champion Motors, which imports Audi and Volkswagen vehicles. (more)

A married couple accused of using computer worms to conduct industrial espionage has received jail terms of four and two years after pleading guilty in an Israeli court.

Ruth Brier-Haephrati, 28, and her husband Michael Haephrati, 44, were also ordered to pay damages of two million shekels (£245,000) to their victims. (more)

The Essential Guide to VoIP Privacy

What you need to know about protecting the privacy and confidentiality of IP phone calls.

People generally assume that their private phone calls are just that: private. VoIP users, however, shouldn't take privacy for granted. (neither group should)

The problem with most VoIP calls is that they travel over the Internet, a very public network. This means that calls are vulnerable to snooping at various points throughout their journey. And even private-network VoIP calls can be tapped if access can be gained to the physical wiring.

As a result, business competitors, employees, criminal gangs, tech hobbyists and just plain snoops can all listen in to a business's outgoing and incoming VoIP calls. All that's needed is a packet-sniffing program, easily downloaded from the Internet, and perhaps a tiny piece of hardware to tap into a physical wire undetectably.

But the news isn't all bad. Methods and systems are available to safeguard VoIP traffic... (more)

CBS 46 Investigates: Cell Phone Spying

New cell phone “spyware” has made it easy for just about anyone to bug your phone and uncover details of your private life, communications experts say.

The “spyware," marketed to suspicious spouses, parents and employers, can turn just about any cell phone into a high-tech spying device.

A quick search on the Internet reveals dozens of "spy phone" programs ranging from $4 to $400. Some “spyware” works on Bluetooth technology, while others require a download onto a "smart" phone, like a Blackberry or Web-based device. CBS 46 Investigative Reporter Wendy Saltzman tested Flexispy, high-end software that experts say allows people to eavesdrop on calls, download e-mails, and even track a person's GPS location at the touch of a button. (more) (video) (similar subject, different source)

Hairdresser Makes Man Harried

Can you solve this mystery?
Police in Germany helped a man solve a mystery that had been bugging him for over two years. The phone would ring and the man did not recognize the number so he had the number blocked.


After paying to have the number blocked for a while he stopped paying for the blocking service and the mystery started all over again. (answer)

Court-Approved Wiretapping Rose 14% in '07

Last year might have been a rough year for U.S. home prices, but growth in government wiretaps remained healthy, with the eavesdropping sector posting a 14% increase in court orders compared to 2006.

In 2007, judges approved 4,578 state and federal wiretaps, as compared to 4,015 in 2006, according to two new reports on criminal and intelligence wiretaps.


State investigators are increasingly turning to wiretaps, according to newly released statistics. State police applied for 27% more wiretaps in 2007 than in 2006, with 94% of them targeting cell phones, according to figures released by the U.S. Courts' administrator.

In 2007, state judges approved 1,751 criminal wiretap applications, without turning any of them down, according to the report (.pdf). That's a near-three fold increase in state wiretaps since 1997. (more)

Thursday, May 1, 2008

Porsche CEO Eavesdropping Case (update)

The well-respected Strafor (a private strategic intelligence analysis service) today characterized the eavesdropping of Porsche CEO, Wendelin Wiedeking, this way...
"The aggressor’s tactics were amateur."


Given the target – Mr. Wiedeking – and business climate around Porsche, it is unlikely amateurs would be involved. This is a high-stakes assignment. Professionals only.

Think like a professional eavesdropper. "I know they are going to look. I'll plant something they can find fairly easily; a trophy for the sweepers, a little confusing, with no clear culprit, amateurish, but plausible.

Result...
Triumphant, the TSCM team waves their 'find' and goes for a beer.
The real bugs/taps are planted deeper – much deeper.


But wait... This half-baked story should never have hit the press. Something smells.

Porsche went from 0 to 60 in filing their police complaint.

Normally, corporate eavesdropping finds are kept quiet and investigated further. When enough evidence is gathered to actually prove something, the police might be called. Publicity undermines stockholder confidence.

Amateur? Yes. But, is it the eavesdropper who should wear that moniker? If what appeared in the press is really the truth, characterize the handling of the case as amateur.


Other possibilities...
• Porsche planted the eavesdropping device themselves. A PR stunt – thinking it would somehow enhance their business bargaining position.

• The baby monitor bug was planted by the TSCM technicians to make themselves look good. (When a TSCM team presents evidence of bugs they should also volunteer for polygraph testing. My guess is they won't.)

The rest of Strafor's Porsche bugging analysis is accurate...
"The use of a security contractor to employ technical security countermeasures (TSCMs)* was not only a smart move by Wiederking in 2007 (a previous eavesdropping problem), but a wise decision for other players in today’s corporate environment. Industrial espionage is a common occurrence in the modern business world."

Espionage is foreseeable.
When was the last time you checked for bugs? ~Kevin
* This should read, "technical surveillance countermeasures (TSCM)"

Wednesday, April 30, 2008

Wanted: Surveillance Camera Monitors

Washington - The D.C. government plans to begin centralized monitoring of about 5,000 security cameras it maintains throughout the city, giving emergency-management officials a broad look into schools, public housing and other sites.

The city says the system will save money and provide 24-hour monitoring, rather than the sporadic attention in the current patchwork of camera systems. But civil liberties advocates expressed alarm.

"Having it all together in one place brings us one step closer to the kind of scary movie scenario where they can track somebody moving across the city," said Art Spitzer, legal director of the American Civil Liberties Union for the Washington area.

D.C. police will continue to watch their 73 surveillance cameras in high-crime neighborhoods, Darrell Darnell, head of the D.C. Homeland Security and Emergency Management Agency, said yesterday. But his agency will set up a center to monitor an array of other closed-circuit TV cameras, including nearly 3,500 inside D.C. public schools, 131 used by the Department of Transportation and 720 used by the D.C. Housing Authority. (more)

The Headline Evil Word You Can Prevent

April 22, 2008 - "Sanford Hospital tightens security after baby taken"

The good news...
The child was rescued a short time later by a police officer who stopped a Chevy Blazer on Interstate 4 (more)

The bad news...
Most corporations are hedging their bets that the word "after" will not appear in a headline about their security efforts.

In the corporate world, stealing intellectual property is the real-life equivalent of a baby – the corporation's baby. The baby who is to be nurtured into the company's future.

Now is the time to tighten security;
• while it is inexpensive to do,
• while your stockholder good-will is high,
• while you still have a job.

1. Work with your Legal Department to upgrade and keep current: non-disclosure agreements, non-compete contracts, and pro-active programs to detect and deter eavesdropping and espionage.

2. Work with your IT department on: password protection, encryption, wireless LAN security audit and compliance surveys, and employee education.

3. Keep current with intellectual property threats.
Read the news.
Offer the boss proof!
You need funding to prevent eavesdropping and espionage problems.

P.S. Problems do happen...
Recent Problem #1
Recent Problem #2
Recent Problem #3
Recent Problem #4
Recent Problem #5
Recent Problem #6
Recent Problem #7
Recent Problem #8
Recent Problem #9
Recent Problem #10
And all this was just April's news!

Is it any wonder that this Hot Boardroom Topic was also in April's news?
~Kevin

Wiretap Laws Morph With Technology

Excellent article detailing how legal wiretapping in the United States was forced to grow with technology.

In the old days, everyone was linked to a lug nut... (everyone's telephone) ended up in the basement of the telephone company's switching station. There, the wire emerged, pegged to a rack by a single copper lug nut. Acres of racks lined the walls, each holding rows and columns of lug nuts and their wires, neatly stacked atop each other...

And then it all went sideways.

At the same time that the phone companies were preparing for the transition to digital, the use of cellphones -- which were inherently harder to tap because they used phone lines differently than analog devices -- mushroomed. ...Electronic surveillance, once such a dependable, relatively easy craft, was becoming inordinately difficult. (more)

Tuesday, April 29, 2008

"...thus proving they could keep a secret, for decades."

Japan - The Ministry of Internal Affairs and Communications' regional information policy office has decided to warn local governments about using analog cordless phones after it was learned that people could listen in on calls with commercially available receivers. (more)

Industrial Espionage - Battle Bot Boy Bolts

Who Stole the Plans for iRobot's Battle Bots?

Jameel Ahed was 20 years old when he joined iRobot in May 1999, a biomedical engineering student at the University of Illinois on a summer internship. In those days, the company was just 80 or so geeks in the Boston exurbs designing toys for Hasbro and doing research for Darpa. Ahed stood out. He was hardworking, flirtatious, and outgoing...

In December 2001, he bought the domain name roboticfx.com, planning to launch his own startup...

Before he left, a company staffer demanded that he sign a final confidentiality agreement. Ahed complained but signed. The next day, an email was sent at 10:18 pm from his still-active iRobot account to his new Robotic FX address detailing how the PackBot's batteries were made. Shortly thereafter, Ahed packed up and returned to Chicago...

By 2004, Ahed had a bare-bones prototype he called the Negotiator. It weighed just 20 pounds and cost less than $30,000 — half what iRobot was charging for a comparable early version of the PackBot...

...the Army announced its biggest ground robot contract ever. The so-called xBot deal would be worth up to $300 million and cover as many as 3,000 units...

In February 2007, iRobot's lawyers sent a cease-and-desist letter to Ahed, demanding that he stop making and marketing the Negotiator...

On September 14, 2007, the Army awarded the five-year xBot contract to Ahed for $279.9 million. iRobot went into battle mode.
(more) (coda)

Lessons:
• Keep all confidentiality / nondisclosure agreements current.
• Create an environment which discourages intellectual theft.
• Don't delay. If you suspect something is wrong, trust your instincts.
• Implementing a defense after loosing a $279m contract is expensive.
• Implementing a defense at the outset is cheap insurance.

"36 billion channels; still nothing worth watching!"

New anti-terrorism rules 'allow US to spy on British motorists'

UK - Routine journeys carried out by millions of British motorists can be monitored by authorities in the United States and other enforcement agencies across the world under anti-terrorism rules introduced discreetly by Jacqui Smith.

The discovery that images of cars captured on road-side cameras, and "personal data" derived from them, including number plates, can be sent overseas, has angered MPs and civil liberties groups concerned by the increasing use of "Big Brother" surveillance tactics. (more)

Sunday, April 27, 2008

"Relations... have always been based on true friendship and mutual values and interests."

Germany's foreign minister has apologized to his Afghan counterpart for officials' snooping on correspondence between a German reporter and an Afghan government minister, the Foreign Ministry said Saturday.

A spokesman at the ministry, speaking on customary condition of anonymity, said Frank-Walter Steinmeier telephoned Afghan Foreign Minister Rangeen Dadfar Spanta about the wiretapping incident and said those involved had been disciplined and three officials transferred to other duties.


Afghan Foreign Ministry spokesman Sultan Ahmad Baheen confirmed the call had taken place. He said Spanta accepted Steinmeier's apology "and both foreign ministers emphasized the good relations of both countries and both mentioned that this will not affect bilateral relations." (more)

“A half-truth is a whole lie” - Yiddish Proverb

Israel on Wednesday assured the United States that it had not spied on its key ally since 1985, after the arrest in New York of an US Army veteran (Ben-Ami Kadish) charged with passing defense secrets to the Jewish state nearly 30 years ago...

The case has been linked to the 1980s Jonathan Pollard spy scandal which rocked US-Israeli relations... The government publicly admitted in 1998 that Pollard had been an agent acting on its behalf and awarded him Israeli citizenship.

"Relations between the United States and Israel have always been based on true friendship and mutual values and interests," foreign ministry spokesman Arye Mekel said. (more)

Answer: "Mission Creep"

Question: What happens when tiny towns are given big £'s to watch for terrorists who never come?

UK - Campaigners have called for a "root and branch review" of spy laws after it emerged local councils were using them to track dog-foulers and litter bugs.

The Press Association contacted 97 councils to find out how they were using the powers, originally designed to combat crime and terrorism. It followed the controversy surrounding the case of a family in Poole, Dorset, who were tracked covertly for nearly three weeks to check they lived in a school catchment area...

...the research found the law was also used to find out about people who let their dog foul, a breach of planning law, an animal welfare case and an instance of littering.

Surveillance was also used to investigate alleged misuse of a disabled parking badge. (more)
Once surveillance is part of the civil infrastructure justifying usage moves from difficult to easy.