Saturday, July 19, 2008

Security Director Alert - Track Missing Laptops

...for FREE!
A security friend at [a very large] Corporation contacted me this week about laptop losses. His company experienced "a dramatic increase in the past year" - primarily when employees traveled on business.

He was studying the problem. Was this just street crime, or was his company being targeted for industrial espionage reasons?

I pointed him to pertinent Security Scrapbook articles. The trend is clear, but what about a simple solution?

Here it is (assuming you have already done encryption and employee awareness training)...

Researchers at the University of Washington and the University of California, San Diego, have launched a new laptop tracking service, called Adeona that is free and private.

Here's how it works: A user downloads the free client software onto a laptop. That software then starts anonymously sending encrypted notes about the computer's whereabouts to servers on the Internet. If the laptop ever goes missing, the user downloads another program, enters a username and password, and then picks up this information from the servers, specifically a free storage service that has been around for several years, called OpenDHT.

The Mac version of Adeona even uses a freeware program called isightcapture to take a snapshot of whomever is using the computer. (more)

Security Oddballs - Airplane Trap Door and More

Some security inventions are truly useful and will undoubtedly save lives, whereas others are so bizarre that one wonders how in the world they got patented. This list is about the latter...
Behold the Top 10 Strangest Anti-Terrorism Patents! (more)

The New Jersey Ninja
Officials in Barnegat briefly locked down five schools in the township Wednesday because... a librarian said a man dressed as a ninja, carrying a large sword, was running through the woods... the man (a camp counselor) wearing a karate gi, was carrying a plastic sword and was attending a party at a local middle school. (more)

"Don't have a karate gi?
How about a nice tie?"

The Walking Timebomb Tie
"This is our first in a series of 'Concealed Weapons' neckties. They are each double printed - a more subtle graphic is on the front only giving a slight clue to a more "loaded" graphic hidden on the back. The second image is concealed on the reverse until the wearer pulls it out for show and tell - or keeps it a secret to his/her self." (more)

George Carlin on Airport Security (Not safe for work.)

Unbreakable Fighting Umbrella Splits Watermelons, Defends Presidents
The entourage of the Philippine president, Gloria Macapagal-Arroyo, has an unusual secret weapon. Her security team defends the head of the government with umbrellas. Not ordinary umbrellas, but unbreakable fighting umbrellas. Watch the video to see the combat-brolly in action, and marvel as Thomas Kurz ("the world's foremost expert on flexibility training") viciously splits a watermelon in two. (more) (more)

FutureWatch - Coming to a cubicle near you.

Spy News (with Devil Ring Security Alert)

You Could Be An International Spy ...and not know it!
J. Reece Roth, an electrical engineering professor at the University of Tennessee, passed along a research paper to Sirous Nourgostar, a graduate student from Iran working under his supervision. It contained details on refined plasma actuator technology, which uses ionized gas to improve aircraft control. Roth was doing research on flight performance for a U.S. Air Force contractor and had relied on the assistance of Nourgostar and of Xin Dai, a Chinese national also studying under him... bad idea.

Roth, who pleaded not guilty, got entangled in a little-known area of export law that is alarming big business and scientific researchers. It covers transfers of controlled technological information to foreigners on U.S. soil. The transfers are considered exports because they are "deemed" to be going to the country where the recipient is a citizen. (more)


Want to Be A Spy ...and know it!
Britain's secret spy agency, home to the very white and very male 007, is hunting for women and minorities to tackle global terrorism. More than 20,000 people have applied since MI6 began its open recruiting campaign about a year ago... (more)


Spying Has Its Down Side ...know it!
A former Hewlett-Packard Co. vice president faces up to 10 years in federal prison after pleading guilty to stealing trade secrets from his former employer, IBM. (more)

A federal judge sentenced a former Pentagon analyst to 57 months in prison for his role in providing China with classified defense information. (more)

A French journalist was charged with revealing manufacturing secrets after a car magazine published photos of a Renault model three years before it was to be rolled out in dealer showrooms... Renault filed suit for industrial espionage in July last year after photographs of its latest-generation Megane, a small family model and one of Europe's most popular cars, ran in Auto Plus. (more)

Still Wanna Be A Spy? ...no!
"Ok, you're free to go."
...yes!
Then you will probably want a "Ring of the devil" in your kit.
"There has been quite some speculation about this video (YouTube) of a magnetic ring that is used to open some models of Uhlmann & Zacher lock. Now, it is confirmed by the company itself the trick works." (more)

Monday, July 14, 2008

Industrial Espionage - Russia vs. United Kingdom

The British Foreign Office confirmed on Friday that Russia has accused the British Embassy's top trade official in Moscow of espionage.

On Thursday, Russia's Interfax news agency reported that the head of the British Embassy's trade and investment sector, Christopher Bowers, was believed to be a senior British intelligence officer.


The British Foreign Office has confirmed that the accused diplomat was the acting head of the embassy's trade and investment section. (more)

Industrial Espionage - Saab AB

A Swedish court has remanded a 48-year-old man suspected of industrial espionage against Swedish space and defense company Saab AB.

Swedish news agency TT says the suspect is being detained on suspicion of industrial espionage, unauthorized trade with secret information, and attempted extortion. (more)

Saturday, July 12, 2008

The Ultimate in Secure Business Meetings

Historic caves
thwart all eavesdroppers!





About 1000 feet into the white-walled chalk caves is a 40-foot diameter meeting room. Notables who have held their secret meetings here included Benjamin Franklin, Sir Francis Dashwood and their celebrity friends from the 1700's.

They required privacy for their 'Hellfire Club' meetings (rumored to be orgies). These days, corporate privacy needs are based on risk more than risqué.

Located just outside of London, the caves are available for corporate functions and parties.
Capacity...
Receptions: 120 people
Buffet: 100 people
Dinner: 50 people

Whiterock Defence, an international provider of information security services located near The Hellfire Caves, can help you secure this facility for a most memorable meeting. Contact Crispin Sturrock at +44 (0) 1494 538 222, or via email contact@whiterockdefence.com for complete details.

This past week, I visited The Caves for the second time.
You won't be disappointed. ~ Kevin

Friday, July 11, 2008

Did You Know... Court Approves Airport Laptop Searches - No Probable Cause Needed

All of the contents on a laptop can now be searched without wrongdoing or suspicion from U.S. Customs agents according to a recent federal appeals court ruling (PDF).
Expect the same level of privacy when visiting other countries as well.

(more)

Now, what are you going to do about it?
Here are some ideas and products to help you...
• Have a travel laptop. No data on the hard drive.
• Keep only necessary data on a secure USB stick.
• If you must keep sensitive data on your drive, encrypt it...
-- TrueCrypt 6.0 - The latest version of the free drive-encryption tool can shield sensitive data from prying eyes at home and abroad. Bonus - There is no way to prove that a hidden encrypted volume even exists on your drive unless you volunteer that information. TrueCrypt 6.0a is available now for Windows, Mac OS X, and Linux systems, including Windows Vista. (review)

A World Guide to Legal Interception

Need to know if "they" can legally...
bug, tap, or sap your text messages and email?
Check out this new guide to interception laws worldwide.
30+ countries covered.

THE READY GUIDE TO INTERCEPT LEGISLATION 2

Executive Alert - Your Trip to China

from Forbes Magazine...
When traveling to China for the Olympics this summer, leave any expectation of privacy at the border. Instead, prepare for possible eavesdropping and surveillance--from listening devices in hotel rooms to bugged laptops and personal digital assistants to informers posing as friendly strangers.


Those who laugh at the seeming paranoia would be wise to remember that the U.S. recently accused Chinese authorities of allegedly copying data from the laptop of a visiting trade official last year and attempting to hack into the Commerce Department. The Chinese denied the allegations.

The U.S. Department of State advises tourists not to expect privacy in public or private locations, particularly in hotels, but a spokesman declined to comment further.

Wang Baodong, a spokesman for the Chinese embassy in Washington, D.C., was almost as tight-lipped. He declined to address specific allegations of spying on foreigners at the Olympics.

"No special security measures will be arranged beyond universally adopted international practice at public venues, hotels and offices in China," he says. "Privacy in China will be guaranteed according to the law."

But security experts say that Chinese law has few protections for individual privacy...

Bruce McIndoe, president of the security consulting company iJet, routinely warns his corporate clients about threats to their electronic security.

"What business people need to be aware of," he says, "is that the Chinese are very clear about who is coming into the country. You could be a senior level executive or a scientist and they will target you for surveillance."
(more)
How To Safeguard Your Privacy In Beijing - the short list.

Wednesday, July 2, 2008

Did You Know #172 - Credit Card Standards

If you have anything to do with credit cards,
you need to know this...


"Credit card companies want you to charge it
and they know that concerns about identity theft might possibly slow down your card use — so it is in their best interests to make sure that a solid security standard is in place to protect you. The standard has turned into a requirement for everyone who takes a credit card and that turns out to be literally millions of grocers, retailers, online retail outlets, government agencies, convenience stores, utilities — almost everyone. So the PCI-DSS standard may be the most widely applied information (data) security standard in the world.

With such a widespread and critical standard, there is confusion about how to meet the standard because just doing a self-assessment isn’t enoughyou are also required to do penetration tests on your systems that handle and transmit this electronic customer information and ATTEST that you use the standard in your information systems.

This includes having strong firewalls that protect cardholder data and making sure to remove the generic vendor-supplied passwords; using good storage devices for sensitive customer information and encrypting data that flows over your network. In addition, the card manager has to use anti-virus software, and also build secure systems. Once proper controls are in place, these controls need to be monitored and tested..."
Which leads us to the author of this piece.
Get to know her.

Caroline R. Hamilton is the Founder of RiskWatch, Inc. She offers twelve specialized risk assessment software programs which are used by thousands of her clients all over the world and in virtually every type of security assessment, gap analysis, and compliance assessment.

Murray Associates can assist you with the technical end of
Wireless LAN compliance for PCI-DSS and...
• Sarbanes-Oxley Act – U.S. Public Companies
• HIPAA – Health Insurance Portability and Accountability Act
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act
• PCI-DSS – Payment Card Industry Data Security Standard
• FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense Global Information Grid
• ISO 27001 – Information Security Management
• Basel II Accord – Banking
• EU - CRD (Cad 3) – EU - Capital Requirements Directive - Banking

Sunday, June 29, 2008

"Hello, Moto!"

IL - A Chinese spy was caught "red-handed," according to federal authorities, as she was about to board a plane at O'Hare bound for Beijing. Hanjuan Jin says she worked as a computer engineer for Schaumburg-based Motorola, a global leader in communications technology.

Federal agents say Jin was also working as a spy for a Chinese company, and she has been charged in a corporate espionage case that reflects a growing national security problem.

Clues...
• She downloaded hundreds of confidential documents from the company's supposedly secure internal network. Value = $600 million (Motorola estimate.)
Arrived at O'Hare Airport with a one-way ticket to Beijing.
• Declared $10,000.00 cash. She was really carrying $30,000.00.

(more, with video) (red-handed spy catch in Illinois - not the first time)

Kicker...
It was only a routine check of passengers by customs agents that revealed she was carrying the cash and a laptop computer with
more than 30 compact data storage devices containing stolen Motorola files.

Imagine the counterespionage successes you can accomplish in your company with routine checks.
(Mr. Moto is a fictional Japanese spy played by Peter Lorre, a Polish Jew.)

Saturday, June 28, 2008

IMF's aren't known for giving 'comp time'

One unintended consequence of India and Pakistan establishing better relations in the last year, is a bunch of lawsuits by former Indian spies against the Indian government.

The former spies are suing to obtain pay for the years they have spent in Pakistani jails. That's because both countries have freed hundreds of men who had been imprisoned for spying, but the agencies that hired these men, often will still not admit it. (more)

Friday, June 27, 2008

Spybusters Shades - Poop on the Paparazzi

Proof of Concept. Very effective. Murray's Prediction: Look for some sharp sunglass manufacturer to put this into production.
"
Spy", perhaps?!?!


Thursday, June 26, 2008

The Bugs of Margaritaville

Another employee vs. boss illegal bugging story.
But the case gets weirder...
Key West, FL - ...suspended Key West police officer Thomas Neary was fired Wednesday for telling people he was an undercover federal agent investigating corruption in the Police Department and looking into possible terrorist attacks...

The Neary investigation even involved bugging Lt. Kathleen Ream's office to record conversations she had with him. Transcripts from the bugging show some statements that indicate Neary told Ream he and his wife are federal agents...

In a casual conversation before the investigation began, "Officer Neary told [detective Bradley Lariz] that he had [City Commissioner Mark Rossi's] plane and house bugged and that they were watching him. He also told Lariz that he was watching and doing an investigation on Sgt. Robert Allen."

It's not clear what he was inferring with Rossi, but with Allen, he allegedly accused the sergeant of transporting drugs to Cuba in a police boat. (more)