Monday, April 27, 2009

22 Fired During Illegal Eavesdropping Purge

Colombia’s DAS security service fired 22 detectives, apparently in connection with an investigation into the illegal wiretapping of leading public figures... “When questioned about the reason for the dismissals, spokespeople for the agency said Muñoz affected them making use of the discretionary authority the law gives him, and that there will another purge this Friday.” (more)

UPDATE - Colombia's domestic intelligence agency has fired another 11 people in a scandal over illegal eavesdropping of judges, journalists and politicians.

That brings to 33 the total number of people dismissed from the Department of Administrative Security since the scandal broke in February. (more)

Saturday, April 25, 2009

Staying Safe Abroad - The Blog, Edward L. Lee II

Last year, I gave all my clients a free copy of Edward L. Lee's book: Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World Yes, it was that good!

The feedback I received spanned from: "Thank you so much..." to one security director saying, "I am buying copies for all our key executives who travel."


If you travel, or know someone who does, buy the book and get FREE updates by following Staying Safe Abroad - The Blog.

"What makes Ed Lee the big expert?"
Ed Lee retired from the US State Department in April 2006, after a career as a special agent, Regional Security Officer, director of training, chief investigator of the Cyprus Missing Persons Program, director of security of the U.S. Agency for International Development and as a senior advisor in the Office of Anti-Terrorism Assistance.


Most of his work now is devoted to educating global companies and governmental entities in how to be successful and keep their people safe abroad.

His career also includes 15 years as an international security consultant; for ten years he served as the security advisor to the Inter-American Development Bank. Additionally, Ed served six years in the Marines before joining the US State Department as a special agent.

"Why the plug?"
I hear you say.
Just a film noir PI's cliche,
"Dead clients don't pay."

Top Seven Emerging Threats to VoIP Services

A clear, lucid article on VoIP security (or, bad stuff that can happen to that fancy new phone on your desk that plugs into the network instead of the old phone jack). Written by one of the many vendors who offer solutions.

Summary:
• VoIP DoS attacks
• Spam over Internet Telephony (SPIT)
• VoIP service theft
• SIP registration hijacking
• Eavesdropping
• VoIP directory harvesting
• Voice Phishing, or Vishing
"WatchGuard advices all businesses using VoIP systems to review their perimeter and VoIP security." (more)

Additional solution vendors:
Sipera
Radware
VoIP Security Buyer's Guide

FREE VoIP security information:
Mark Collier's VoIP Security Blog
Blue Box: The VoIP Security Podcast
Security Considerations for Voice Over IP Systems

Man gets prison for recording anger-management classes

...and is he pissed!
PA - An Allentown man who secretly recorded his court-ordered anger management classes and posted them on YouTube was sentenced to state prison Friday.

Richard P. Mason III told Northampton County Judge Paula Roscioli that he wanted his daughter to see the group therapy sessions, which were ordered as part of his sentence on a terroristic threats charge, said Second Deputy District Attorney William Matz Jr.

Instead, the recordings landed Mason, 41, with a probation violation and a new sentence of 18 to 36 months in state prison on the threats case. Prosecutors are also considering bringing new charges against Mason for violating the state's wiretap law, Matz said.

The case is ''unique,'' Matz said. ''First for me; I think the first for our office.'' (more)

Friday, April 24, 2009

Lost Laptop Cost Survey

A single lost or stolen laptop costs a business an average of nearly $50,000. At least, that's the word from an Intel-sponsored study by the Ponemon Institute.

That figure is based on Ponemon's recent voluntary survey of 28 US companies reporting 138 separate cases of missing laptops.

Value of missing kit was mathmagically calculated by factoring laptop replacement, data breach cost, loss of productivity, investigation cost, and other variables.

The value of a lost lappy to a firm cost an average of $49,246, according to Ponemon. Minimum damage calculated in the survey was about $1,200, and the maximum reported value was just short of a cool $1m.

By far, the cost of a data breach was found to be the most expensive part of losing a lappy, eating up about 80 per cent of the total average cost to a company. (more) (survey)

Laser Beam-ers on the loose...

Turkey - Eleven vehicles with laser eavesdropping systems were the sources for the wiretapping records that were recently broadcast by the media, daily Hürriyet reported yesterday.

"Two of these vehicles are at the disposal of a team that is under the authority of the Prime Ministry," said CHP deputy Ahmet Ersin, who is also a member of the Parliamentary Wiretapping Subcommittee.

Laser eavesdropping technology enables conversations to be taped without the need to install bugs on targets’ communication devices.

İzmir deputy Ersin said, "I learned that the vehicles were imported from Canada and Israel in 2005, but could not get the addresses of where these vehicles were delivered." (more)

Thursday, April 23, 2009

Did you learn about wiretapping in 8th Grade?

Students seem riveted (yawn)...

TEACHER: You’re gonna look at— The words of the week for week five are wiretapping, source, suspicious, notwithstanding, which is a tough word to use in a sentence, and eliminate, okay? (
video)

Too bad. Illegal electronic surveillance is an important topic. Teacher,
Chris Buttimer, is raising an issue that was glossed over in schools when Nixon was on the hot seat; thus history repeated.

Did Corporate Spying Doom Denizen Hotels?

via Deidre Woollard, Luxist.com...
It looks like corporate espionage has sunk the fledgling Denizen Hotels brand. Hilton Hotel Corp. has announced that it has received a federal grand jury subpoena for documents regarding two former employees of Starwood hotels who switched camps and brought their trade secrets with them.

Starwood has sued Hilton saying that Hilton used privileged information in the development of the Denizen brand. The employees, Ross Klein and Amar Lalvani have been placed on paid administrative leave pending review. The Denizen Hotel website is down and Hilton has announced that the development of the brand has been "temporarily suspended." Will the brand be resurrected after the case sorts itself out? My guess is that Hilton will rebrand the hotels as something else. (more)

Business Espionage - Patent Theft Costs (update)

The Australian Commonwealth Scientific and Industrial Research Organisation (CSIRO) will use the money won from a Wi-Fi technology patent battle to fund further research.

Legal action in the United States between the CSIRO and a number of global computing giants came to an end today, with the last of 14 companies opting for confidential settlements with the scientific agency. (more)

Conclusion: Business espionage is a big BIG gamble. Obtaining justice after the fact is expensive, for all parties. This is a rare case. The good guys won. To add insult to injury, the bad guys are paying for research which will be used against them in the future. Sweet. Most often, however, the spies are allowed to win. Sour. Who "allows" them to win? Corporate victims who never bothered to look for evidence of spies in their midst. Not looking? Get help.

Security Alert - Adobe Acrobat Reader

via Erik Larkin, pcworld.com...
The popular Adobe Reader is a favorite target of online crooks, according to Mikko Hypponen, chief research officer with antivirus company F-Secure. And for better security you should ditch Reader and go with a free alternative...

Poisoned PDFs are also often used as part of a customized, targeted attack, he says, when they're sent to a specifically selected recipient attached to a well-crafted e-mail. (more)

Look for FREE alternate readers at pdfreaders.org

Councilman found guilty in spying case

SC - A former South Carolina county councilman has been found guilty of using spyware to scan another county employee's computer and e-mails.

Attorneys for former Greenville County Councilman Tony Trout said he'll likely appeal the conviction. He faces up to 16 years in prison when he is sentenced later...

Federal prosecutors said Trout used monitoring software to access County Administrator Joe Kernell's computer, took private e-mails and posted them on a Web site.

Trout was convicted of illegally accessing a computer, destroying records and intentionally intercepting and disclosing electronic communications. (more)

‘Squawk Box’ Jury Finds Brokers Guilty

NY - Former Citigroup Inc., Merrill Lynch & Co. and Lehman Brothers Holdings Inc. brokers accused of selling day traders access to internal “squawk boxes” were found guilty of conspiracy in a second trial over the scheme. (more) (background)

Go Green $$$ - Recycle Your Nokia 1100 Phone

Hackers have been offering up to €25,000 (US$32,413) in undergrounds forums for Nokia 1100 phones made in the company's former factory in Bochum, Germany. The phone can allegedly be hacked so as to facilitate illegal online banking transfers, according to the Dutch company Ultrascan Advanced Global Investigations.

Nokia said on Tuesday it is not aware that resale prices for a phone that retailed for less than €100 when it debuted in 2003 have risen so high. Further, Nokia maintains the phone's software isn't flawed.


"We have not identified any phone software problem that would allow alleged use cases," the company said in an e-mailed statement.

The 1100 can apparently be reprogrammed to use someone else's phone number, which would also let the device receive text messages. That capability opens up an opportunity for online banking fraud....


Meanwhile, a Dutch technology site, portablegear.nl, wrote that it placed a fake advertisement for the particular Nokia 1100 on an online marketplace. People offered as much as €500, offering to immediately come pick up the device.
(more)

Nokia produced more than 200 million devices in the 1100 model family. The company said it doesn't disclosure figures such as how many 1100s were made in Bochum. (
more)

Cell Phone Encryption for the Enterprise User

from the manufacturer...
Qtalk secure enables highly encrypted telephony. Qtalk secure uses the data channel and was designed for business customers with the highest security demands. Qtalk secure is a software solution for business customers enabling encrypted telephony (dynamic encryption, AES 256 Bit) through the data channel on mobile end devices and Windows PCs. Qtalk offers secure telephony without the need for compromises in usability or voice quality.

All conversations with Qtalk secure are initiated with a key exchange mechanism (Diffie Hellmann, 1024 Bit) and encrypted dynamically with an AES 256 Bit encryption.


Qtalk secure can be deployed independent of the network operator. It is applicable in a multitude of networks (GPRS, EDGE, UMTS, HSPA, Wi-Fi) and combines for the first time encryption with user friendly handling. The integrated user list allows instant viewing of the status of the contacts (closed user group) at all times and instant calling. (
more)
(click to enlarge)

WorldView - Eavesdropping Concerns in Malta

Even in the tiny country of Malta electronic espionage is taken seriously by business.

"A simple covert listening device costing the perpetrator a measly €200, may end up costing the victim millions of euro in stolen information."
Alberta Director Duncan Barbaro Sant speaks to David Darmanin on the incidence of espionage and how it may be counteracted.

Q. Do you believe there is a high incidence of commercial espionage in Malta? Is there any incidence at all?

A. In today’s highly competitive market, commercial espionage is thriving. Individuals and organisations are now turning to the theft of information as a way of gaining a competitive edge. Radio Frequency Bugs can be concealed in almost anything that can be found in the office, home or car. They can be the ultimate infiltration tool to competitors, discontented or disloyal employees, business partners or private investigators. Typically, low paid employees such as cleaners, service providers or security personnel are entrusted with planting the devices in exchange for gratuities.

Q. Have you been informed or found cases
of political or diplomatic espionage in Malta? If so, without the need of mentioning names, can you elaborate on details of how this was done?

A. It is a known fact that Malta hosts several VIPs in Malta. These persons can easily be targeted especially when staying in hotels since access to hotel rooms is a minor inconvenience for the spy who is about to plant eavesdropping devices in the actual room or even one of the adjacent rooms. Just over a month ago a service was carried out for a VIP client who chose to rent out a villa rather than stay in a hotel. The company who the VIP works for lost over €15 million last year after a technology that was developed over several years was lost to their competitors by means of an eavesdropping device. Now th
ey take no chances.

Q. What other reasons could there be for espionage to be done in Malta?

A. With the increasing number of pharmaceutical companies setting up plants here in Malta, as well as online gaming companies, these all have a direct interest in protecting their data. In the case of gaming companies, the infiltration of bugging devices in their computer systems is an obvious danger, especially since they would hold credit card details of thousands of customers. For pharmaceutical companies, with research and development in this field being so cut-throat, any lost data can mean a competitor gaining the multi-million licence for a product costing years and possibly millions in medical research.


Q. Are VIPs visiting the country exposed to the risk of having paparazzi install covert cameras or bugs?

A. As regards covert cameras, these may be installed in all sorts of places, clocks, AC vents, behind mirrors and so on. It is estimated that over US$800 million of spy equipment per year is sold within and outside the US, a concern for all businesses around the world. Such devices are not always installed to gather intelligence from competitors; their use varies from collecting data for bribery, spying on colleagues when competing
for promotions, collecting evidence for separation cases and so on.

Q. How easy is it to intrude on people’s conversations or information? What devices are used? Where are they obtained from? Is it expensive to bug an edifice or a telephone?

A. Bugs come in various forms – some as innocent-looking as a pen or calculator left on someone’s desk containing an active microphone, the only drawback being that a battery will only last so long. However, one can easily buy a multiple plug with an active microphone over the internet for as little as €200. Once plugged in, it is automatically powered up and enables the perpetrator to listen in to all conversations.


Furthermore, it is also customary for people to discuss confidential matters while travelling in a vehicle, be it with another passenger or on a mobile phone. These devices may relay information on where or who is travelling in the car or being met, thu
s posing personal security threats as well as information or commercial losses. (more)

Interestingly, the subject of business espionage is not new in Malta, as this book, published in Malta, reveals...
SO YOU WANT TO BE AN INDUSTRIAL SPY?
By Louis Moreau
Gozo Press, 1977
(Malta)