Students seem riveted (yawn)...
TEACHER: You’re gonna look at— The words of the week for week five are wiretapping, source, suspicious, notwithstanding, which is a tough word to use in a sentence, and eliminate, okay? (video)
Too bad. Illegal electronic surveillance is an important topic. Teacher, Chris Buttimer, is raising an issue that was glossed over in schools when Nixon was on the hot seat; thus history repeated.
Thursday, April 23, 2009
Did Corporate Spying Doom Denizen Hotels?
via Deidre Woollard, Luxist.com...
It looks like corporate espionage has sunk the fledgling Denizen Hotels brand. Hilton Hotel Corp. has announced that it has received a federal grand jury subpoena for documents regarding two former employees of Starwood hotels who switched camps and brought their trade secrets with them.
Starwood has sued Hilton saying that Hilton used privileged information in the development of the Denizen brand. The employees, Ross Klein and Amar Lalvani have been placed on paid administrative leave pending review. The Denizen Hotel website is down and Hilton has announced that the development of the brand has been "temporarily suspended." Will the brand be resurrected after the case sorts itself out? My guess is that Hilton will rebrand the hotels as something else. (more)
It looks like corporate espionage has sunk the fledgling Denizen Hotels brand. Hilton Hotel Corp. has announced that it has received a federal grand jury subpoena for documents regarding two former employees of Starwood hotels who switched camps and brought their trade secrets with them.
Starwood has sued Hilton saying that Hilton used privileged information in the development of the Denizen brand. The employees, Ross Klein and Amar Lalvani have been placed on paid administrative leave pending review. The Denizen Hotel website is down and Hilton has announced that the development of the brand has been "temporarily suspended." Will the brand be resurrected after the case sorts itself out? My guess is that Hilton will rebrand the hotels as something else. (more)
Business Espionage - Patent Theft Costs (update)
The Australian Commonwealth Scientific and Industrial Research Organisation (CSIRO) will use the money won from a Wi-Fi technology patent battle to fund further research.
Legal action in the United States between the CSIRO and a number of global computing giants came to an end today, with the last of 14 companies opting for confidential settlements with the scientific agency. (more)
Conclusion: Business espionage is a big BIG gamble. Obtaining justice after the fact is expensive, for all parties. This is a rare case. The good guys won. To add insult to injury, the bad guys are paying for research which will be used against them in the future. Sweet. Most often, however, the spies are allowed to win. Sour. Who "allows" them to win? Corporate victims who never bothered to look for evidence of spies in their midst. Not looking? Get help.
Legal action in the United States between the CSIRO and a number of global computing giants came to an end today, with the last of 14 companies opting for confidential settlements with the scientific agency. (more)
Conclusion: Business espionage is a big BIG gamble. Obtaining justice after the fact is expensive, for all parties. This is a rare case. The good guys won. To add insult to injury, the bad guys are paying for research which will be used against them in the future. Sweet. Most often, however, the spies are allowed to win. Sour. Who "allows" them to win? Corporate victims who never bothered to look for evidence of spies in their midst. Not looking? Get help.
Security Alert - Adobe Acrobat Reader
via Erik Larkin, pcworld.com...
The popular Adobe Reader is a favorite target of online crooks, according to Mikko Hypponen, chief research officer with antivirus company F-Secure. And for better security you should ditch Reader and go with a free alternative...
Poisoned PDFs are also often used as part of a customized, targeted attack, he says, when they're sent to a specifically selected recipient attached to a well-crafted e-mail. (more)
Look for FREE alternate readers at pdfreaders.org
The popular Adobe Reader is a favorite target of online crooks, according to Mikko Hypponen, chief research officer with antivirus company F-Secure. And for better security you should ditch Reader and go with a free alternative...
Poisoned PDFs are also often used as part of a customized, targeted attack, he says, when they're sent to a specifically selected recipient attached to a well-crafted e-mail. (more)
Look for FREE alternate readers at pdfreaders.org
Councilman found guilty in spying case
SC - A former South Carolina county councilman has been found guilty of using spyware to scan another county employee's computer and e-mails.
Attorneys for former Greenville County Councilman Tony Trout said he'll likely appeal the conviction. He faces up to 16 years in prison when he is sentenced later...
Federal prosecutors said Trout used monitoring software to access County Administrator Joe Kernell's computer, took private e-mails and posted them on a Web site.
Trout was convicted of illegally accessing a computer, destroying records and intentionally intercepting and disclosing electronic communications. (more)
Attorneys for former Greenville County Councilman Tony Trout said he'll likely appeal the conviction. He faces up to 16 years in prison when he is sentenced later...
Federal prosecutors said Trout used monitoring software to access County Administrator Joe Kernell's computer, took private e-mails and posted them on a Web site.
Trout was convicted of illegally accessing a computer, destroying records and intentionally intercepting and disclosing electronic communications. (more)
Labels:
amateur,
computer,
data,
employee,
espionage,
government,
Hack,
leaks,
spyware,
wiretapping
‘Squawk Box’ Jury Finds Brokers Guilty
NY - Former Citigroup Inc., Merrill Lynch & Co. and Lehman Brothers Holdings Inc. brokers accused of selling day traders access to internal “squawk boxes” were found guilty of conspiracy in a second trial over the scheme. (more) (background)
Go Green $$$ - Recycle Your Nokia 1100 Phone
Hackers have been offering up to €25,000 (US$32,413) in undergrounds forums for Nokia 1100 phones made in the company's former factory in Bochum, Germany. The phone can allegedly be hacked so as to facilitate illegal online banking transfers, according to the Dutch company Ultrascan Advanced Global Investigations.
Nokia said on Tuesday it is not aware that resale prices for a phone that retailed for less than €100 when it debuted in 2003 have risen so high. Further, Nokia maintains the phone's software isn't flawed.
"We have not identified any phone software problem that would allow alleged use cases," the company said in an e-mailed statement.
The 1100 can apparently be reprogrammed to use someone else's phone number, which would also let the device receive text messages. That capability opens up an opportunity for online banking fraud....
Meanwhile, a Dutch technology site, portablegear.nl, wrote that it placed a fake advertisement for the particular Nokia 1100 on an online marketplace. People offered as much as €500, offering to immediately come pick up the device. (more)
Nokia produced more than 200 million devices in the 1100 model family. The company said it doesn't disclosure figures such as how many 1100s were made in Bochum. (more)
Nokia said on Tuesday it is not aware that resale prices for a phone that retailed for less than €100 when it debuted in 2003 have risen so high. Further, Nokia maintains the phone's software isn't flawed.
"We have not identified any phone software problem that would allow alleged use cases," the company said in an e-mailed statement.
The 1100 can apparently be reprogrammed to use someone else's phone number, which would also let the device receive text messages. That capability opens up an opportunity for online banking fraud....
Meanwhile, a Dutch technology site, portablegear.nl, wrote that it placed a fake advertisement for the particular Nokia 1100 on an online marketplace. People offered as much as €500, offering to immediately come pick up the device. (more)
Nokia produced more than 200 million devices in the 1100 model family. The company said it doesn't disclosure figures such as how many 1100s were made in Bochum. (more)
Cell Phone Encryption for the Enterprise User
from the manufacturer...
Qtalk secure enables highly encrypted telephony. Qtalk secure uses the data channel and was designed for business customers with the highest security demands. Qtalk secure is a software solution for business customers enabling encrypted telephony (dynamic encryption, AES 256 Bit) through the data channel on mobile end devices and Windows PCs. Qtalk offers secure telephony without the need for compromises in usability or voice quality.
All conversations with Qtalk secure are initiated with a key exchange mechanism (Diffie Hellmann, 1024 Bit) and encrypted dynamically with an AES 256 Bit encryption.
Qtalk secure can be deployed independent of the network operator. It is applicable in a multitude of networks (GPRS, EDGE, UMTS, HSPA, Wi-Fi) and combines for the first time encryption with user friendly handling. The integrated user list allows instant viewing of the status of the contacts (closed user group) at all times and instant calling. (more)
(click to enlarge)
Qtalk secure enables highly encrypted telephony. Qtalk secure uses the data channel and was designed for business customers with the highest security demands. Qtalk secure is a software solution for business customers enabling encrypted telephony (dynamic encryption, AES 256 Bit) through the data channel on mobile end devices and Windows PCs. Qtalk offers secure telephony without the need for compromises in usability or voice quality.
All conversations with Qtalk secure are initiated with a key exchange mechanism (Diffie Hellmann, 1024 Bit) and encrypted dynamically with an AES 256 Bit encryption.
Qtalk secure can be deployed independent of the network operator. It is applicable in a multitude of networks (GPRS, EDGE, UMTS, HSPA, Wi-Fi) and combines for the first time encryption with user friendly handling. The integrated user list allows instant viewing of the status of the contacts (closed user group) at all times and instant calling. (more)
(click to enlarge)
WorldView - Eavesdropping Concerns in Malta
Even in the tiny country of Malta electronic espionage is taken seriously by business.
"A simple covert listening device costing the perpetrator a measly €200, may end up costing the victim millions of euro in stolen information." Alberta Director Duncan Barbaro Sant speaks to David Darmanin on the incidence of espionage and how it may be counteracted.
Q. Do you believe there is a high incidence of commercial espionage in Malta? Is there any incidence at all?
A. In today’s highly competitive market, commercial espionage is thriving. Individuals and organisations are now turning to the theft of information as a way of gaining a competitive edge. Radio Frequency Bugs can be concealed in almost anything that can be found in the office, home or car. They can be the ultimate infiltration tool to competitors, discontented or disloyal employees, business partners or private investigators. Typically, low paid employees such as cleaners, service providers or security personnel are entrusted with planting the devices in exchange for gratuities.
Q. Have you been informed or found cases of political or diplomatic espionage in Malta? If so, without the need of mentioning names, can you elaborate on details of how this was done?
A. It is a known fact that Malta hosts several VIPs in Malta. These persons can easily be targeted especially when staying in hotels since access to hotel rooms is a minor inconvenience for the spy who is about to plant eavesdropping devices in the actual room or even one of the adjacent rooms. Just over a month ago a service was carried out for a VIP client who chose to rent out a villa rather than stay in a hotel. The company who the VIP works for lost over €15 million last year after a technology that was developed over several years was lost to their competitors by means of an eavesdropping device. Now they take no chances.
Q. What other reasons could there be for espionage to be done in Malta?
A. With the increasing number of pharmaceutical companies setting up plants here in Malta, as well as online gaming companies, these all have a direct interest in protecting their data. In the case of gaming companies, the infiltration of bugging devices in their computer systems is an obvious danger, especially since they would hold credit card details of thousands of customers. For pharmaceutical companies, with research and development in this field being so cut-throat, any lost data can mean a competitor gaining the multi-million licence for a product costing years and possibly millions in medical research.
Q. Are VIPs visiting the country exposed to the risk of having paparazzi install covert cameras or bugs?
A. As regards covert cameras, these may be installed in all sorts of places, clocks, AC vents, behind mirrors and so on. It is estimated that over US$800 million of spy equipment per year is sold within and outside the US, a concern for all businesses around the world. Such devices are not always installed to gather intelligence from competitors; their use varies from collecting data for bribery, spying on colleagues when competing for promotions, collecting evidence for separation cases and so on.
Q. How easy is it to intrude on people’s conversations or information? What devices are used? Where are they obtained from? Is it expensive to bug an edifice or a telephone?
A. Bugs come in various forms – some as innocent-looking as a pen or calculator left on someone’s desk containing an active microphone, the only drawback being that a battery will only last so long. However, one can easily buy a multiple plug with an active microphone over the internet for as little as €200. Once plugged in, it is automatically powered up and enables the perpetrator to listen in to all conversations.
Furthermore, it is also customary for people to discuss confidential matters while travelling in a vehicle, be it with another passenger or on a mobile phone. These devices may relay information on where or who is travelling in the car or being met, thus posing personal security threats as well as information or commercial losses. (more)
Interestingly, the subject of business espionage is not new in Malta, as this book, published in Malta, reveals...
SO YOU WANT TO BE AN INDUSTRIAL SPY?
By Louis Moreau
Gozo Press, 1977 (Malta)
"A simple covert listening device costing the perpetrator a measly €200, may end up costing the victim millions of euro in stolen information." Alberta Director Duncan Barbaro Sant speaks to David Darmanin on the incidence of espionage and how it may be counteracted.
Q. Do you believe there is a high incidence of commercial espionage in Malta? Is there any incidence at all?
A. In today’s highly competitive market, commercial espionage is thriving. Individuals and organisations are now turning to the theft of information as a way of gaining a competitive edge. Radio Frequency Bugs can be concealed in almost anything that can be found in the office, home or car. They can be the ultimate infiltration tool to competitors, discontented or disloyal employees, business partners or private investigators. Typically, low paid employees such as cleaners, service providers or security personnel are entrusted with planting the devices in exchange for gratuities.
Q. Have you been informed or found cases of political or diplomatic espionage in Malta? If so, without the need of mentioning names, can you elaborate on details of how this was done?
A. It is a known fact that Malta hosts several VIPs in Malta. These persons can easily be targeted especially when staying in hotels since access to hotel rooms is a minor inconvenience for the spy who is about to plant eavesdropping devices in the actual room or even one of the adjacent rooms. Just over a month ago a service was carried out for a VIP client who chose to rent out a villa rather than stay in a hotel. The company who the VIP works for lost over €15 million last year after a technology that was developed over several years was lost to their competitors by means of an eavesdropping device. Now they take no chances.
Q. What other reasons could there be for espionage to be done in Malta?
A. With the increasing number of pharmaceutical companies setting up plants here in Malta, as well as online gaming companies, these all have a direct interest in protecting their data. In the case of gaming companies, the infiltration of bugging devices in their computer systems is an obvious danger, especially since they would hold credit card details of thousands of customers. For pharmaceutical companies, with research and development in this field being so cut-throat, any lost data can mean a competitor gaining the multi-million licence for a product costing years and possibly millions in medical research.
Q. Are VIPs visiting the country exposed to the risk of having paparazzi install covert cameras or bugs?
A. As regards covert cameras, these may be installed in all sorts of places, clocks, AC vents, behind mirrors and so on. It is estimated that over US$800 million of spy equipment per year is sold within and outside the US, a concern for all businesses around the world. Such devices are not always installed to gather intelligence from competitors; their use varies from collecting data for bribery, spying on colleagues when competing for promotions, collecting evidence for separation cases and so on.
Q. How easy is it to intrude on people’s conversations or information? What devices are used? Where are they obtained from? Is it expensive to bug an edifice or a telephone?
A. Bugs come in various forms – some as innocent-looking as a pen or calculator left on someone’s desk containing an active microphone, the only drawback being that a battery will only last so long. However, one can easily buy a multiple plug with an active microphone over the internet for as little as €200. Once plugged in, it is automatically powered up and enables the perpetrator to listen in to all conversations.
Furthermore, it is also customary for people to discuss confidential matters while travelling in a vehicle, be it with another passenger or on a mobile phone. These devices may relay information on where or who is travelling in the car or being met, thus posing personal security threats as well as information or commercial losses. (more)
Interestingly, the subject of business espionage is not new in Malta, as this book, published in Malta, reveals...
SO YOU WANT TO BE AN INDUSTRIAL SPY?
By Louis Moreau
Gozo Press, 1977 (Malta)
Wednesday, April 22, 2009
Business Espionage - Aston Martin v. Rival
NY - The owners of a Long Island, New York, exotic car dealership that sells Bentleys and Aston Martins were charged with corporate espionage against a rival that sells Ferraris and Maseratis.
Giacomo Ciaccia and Leka Vuksanaj, owners of Universal Autosports LLC in Glen Cove, were arrested along with Creative Director Michael Lussos at their homes today, according to a statement by Acting U.S. Attorney Lev Dassin in Manhattan.
They are accused of illegally tapping into the e-mails of Ferrari Maserati of Fort Lauderdale-Long Island in Plainview, New York. The defendants accessed Ferrari Maserati’s e-mail server about 2,500 times between February and September last year from their homes or Universal Autosports, according to the criminal complaint dated April 16 and unsealed today.
“In one instance a dealer associated with Universal Autosports e-mailed a customer who had been negotiating with Ferrari Maserati to buy a rare Ferrari Enzo worth more than $1.3 million,” according to the statement.
“Is there any way I can help or get in the middle,” the dealer wrote, according to the complaint. “Have they found you a car yet?” (more)
Car dealers.
Is anyone out there surprised?
Anyone?
....silence....
Giacomo Ciaccia and Leka Vuksanaj, owners of Universal Autosports LLC in Glen Cove, were arrested along with Creative Director Michael Lussos at their homes today, according to a statement by Acting U.S. Attorney Lev Dassin in Manhattan.
They are accused of illegally tapping into the e-mails of Ferrari Maserati of Fort Lauderdale-Long Island in Plainview, New York. The defendants accessed Ferrari Maserati’s e-mail server about 2,500 times between February and September last year from their homes or Universal Autosports, according to the criminal complaint dated April 16 and unsealed today.
“In one instance a dealer associated with Universal Autosports e-mailed a customer who had been negotiating with Ferrari Maserati to buy a rare Ferrari Enzo worth more than $1.3 million,” according to the statement.
“Is there any way I can help or get in the middle,” the dealer wrote, according to the complaint. “Have they found you a car yet?” (more)
Car dealers.
Is anyone out there surprised?
Anyone?
....silence....
Wireless LAN Security Survey
Note: This article may prompt you to conduct an independent, company-wide WLAN Security Survey and Legal Compliance Vulnerability Assessment.
If so, be sure to read this.
via infosecnews.org...
Deloitte Touche (India) released the results of a survey titled, "Wireless Security Survey." 35860 wireless networks were surveyed.
Key findings...
• 37% appeared to be unprotected i.e. without any encryption.
• 49% were using low level of protection i.e. Wired Equivalent Privacy (WEP) encryption.
• Balance 14% were using the more secure Wi-Fi Protected Access (WPA/WPA2).
• This makes around 86% of the observed wireless networks vulnerable. (more)
Records from Murray Associates on-site WLAN security surveys show IT departments in the U.S. maintain better security.
However...
More costly problems (legal and espionage) are discovered in almost every system we inspect...
PROBLEM 1: Non-compliance with applicable laws:
• Sarbanes-Oxley Act – U.S. Public Companies
• HIPAA – Health Insurance Portability and Accountability Act
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act
• PCI-DSS – Payment Card Industry Data Security Standard
• FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense Global Information Grid
• ISO 27001 – Information Security Management
• Basel II Accord – Banking
• EU - CRD (Cad 3) – EU - Capital Requirements Directive - Banking
I am sure you can remember the name of every person you have loved. Laptop computers remember the names of their past connections, too. Unlike you, however, laptops keep trying to reconnect every time they are turned on.
Unauthorized re-connections are never a good idea, with lovers or computers.
Data hackers pretend to be an old connection. They set up a Wi-Fi station with the old flame’s name (hhonors, starbucks, boingo etc.) Laptop gets turned on; automatically connects. Hacker steals sensitive corporate data on laptop.
Wait! It get’s worse...
Your employee returns to the workplace, jacks the laptop directly to your corporate LAN and logs in. The data hacker is right in there, too! (background)
If so, be sure to read this.
via infosecnews.org...
Deloitte Touche (India) released the results of a survey titled, "Wireless Security Survey." 35860 wireless networks were surveyed.
Key findings...
• 37% appeared to be unprotected i.e. without any encryption.
• 49% were using low level of protection i.e. Wired Equivalent Privacy (WEP) encryption.
• Balance 14% were using the more secure Wi-Fi Protected Access (WPA/WPA2).
• This makes around 86% of the observed wireless networks vulnerable. (more)
Records from Murray Associates on-site WLAN security surveys show IT departments in the U.S. maintain better security.
However...
More costly problems (legal and espionage) are discovered in almost every system we inspect...
PROBLEM 1: Non-compliance with applicable laws:
• Sarbanes-Oxley Act – U.S. Public Companies
• HIPAA – Health Insurance Portability and Accountability Act
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act
• PCI-DSS – Payment Card Industry Data Security Standard
• FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense Global Information Grid
• ISO 27001 – Information Security Management
• Basel II Accord – Banking
• EU - CRD (Cad 3) – EU - Capital Requirements Directive - Banking
Just one loophole... Hackers are in. Data is out. & "You are out of compliance."
and...
I am sure you can remember the name of every person you have loved. Laptop computers remember the names of their past connections, too. Unlike you, however, laptops keep trying to reconnect every time they are turned on.
Unauthorized re-connections are never a good idea, with lovers or computers.
Data hackers pretend to be an old connection. They set up a Wi-Fi station with the old flame’s name (hhonors, starbucks, boingo etc.) Laptop gets turned on; automatically connects. Hacker steals sensitive corporate data on laptop.
Wait! It get’s worse...
Your employee returns to the workplace, jacks the laptop directly to your corporate LAN and logs in. The data hacker is right in there, too! (background)
Tuesday, April 21, 2009
Secret Recording of Confidential Meeting Exposed...
...negotiations sour.
PA - A judge wants bankrupt Philadelphia Newspapers to focus on its financial reorganization while others investigate claims an investor illegally tape-recorded a sensitive financial meeting.
The ruling follows testimony Monday from Brian Tierney, chief executive of Philadelphia Newspapers. Tierney says a representative of New York-based CIT Group Inc. recorded a November meeting in his office. He says the pre-bankruptcy negotiations soured after he raised concerns about the taping. (more) (more) (more)
PA - A judge wants bankrupt Philadelphia Newspapers to focus on its financial reorganization while others investigate claims an investor illegally tape-recorded a sensitive financial meeting.
The ruling follows testimony Monday from Brian Tierney, chief executive of Philadelphia Newspapers. Tierney says a representative of New York-based CIT Group Inc. recorded a November meeting in his office. He says the pre-bankruptcy negotiations soured after he raised concerns about the taping. (more) (more) (more)
Police chief charged in bugging scheme
MN - The police chief of Gaylord... Dale Lee Roiger, 60, is charged with misconduct of a public officer and illegal interception of communications... According to charges: Roiger ordered one of his police officers to secretly place a voice-activated tape recorder in the Chamber of Commerce office... Roiger admitted to two people that he tried "bugging the Chamber office but failed. He said he got the "bugging device" from the city of Glencoe. A Glencoe police detective later confirmed loaning a digital voice-activated tape recorder to Gaylord police officer Tom Webster. (more)
Computer Spies Breach U.S. Electricity Grid
Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.
The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls.
The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war. (more)
The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls.
The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war. (more)
Computer Spies Breach Fighter-Jet Project
Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks.
Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.
The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. (more)
Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.
The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. (more)
Labels:
computer,
data,
espionage,
government,
leaks,
trade secret
Subscribe to:
Posts (Atom)