Friday, May 1, 2009

Used Laptops - Hidden Costs

OH - Susan Jeffrey needed a computer, so she decided to buy a used laptop. She hooked up her Webcam and started chatting online with a childhood sweetheart in Boston. After a few weeks of sending messages and what she called private pictures to him, police showed up at her Springfield home.

"They shook a little paper and they said, 'We have a warrant for your arrest,'" Jeffrey said. "I said, 'What?'"

It turned out that the laptop Jeffrey bought was stolen... The computer was equipped with Absolute Software's Computrance LoJack for Laptops.

Jeffrey noticed officers holding a picture of her friend from Boston. She recognized the picture from one of their Web chats. "I was totally stunned," Jeffrey said. "I said, 'How did you get that?'"

Absolute Software's LoJack technology goes beyond tracking. It allows the company to tap into a computer and access files, pictures and essentially anything on the laptop.

"I was just totally stunned," Jeffrey said. "I could barely talk. I just couldn't believe that you could sit in America and be tapped into your own (computer), in the privacy of your own living room." (more, with video)

While LoJack is a good product, it can produce unexpected consequences.

Worse, your new "used" laptop could also be deliberately outfitted with criminal spyware. Blackmail, business secret loss, identity theft and credit card fraud are the unexpected consequences here. These costs can't be pre-calculated.

Expect the unexpected. Be sure to add the cost of having your new "used" laptop - professionally - sanitized to the final purchase price. ~ Kevin

"Chineeesee spy museum. Now, you go away!"

China - A new Chinese spy museum exhibits guns disguised as lipstick, hollowed-out coins used to conceal documents and maps hidden as a deck of cards.

What you won't find there, however, are foreigners.


A sign outside the Jiangsu National Security Education Museum in a park in the eastern city of Nanjing states that
only Chinese citizens are allowed inside, a policy designed to keep the communist regime's cloak and dagger methods secret — no matter how timeworn they may be.

"
We don't want such sensitive spy information to be exposed to foreigners, so they are not allowed to enter," a spokeswoman for the museum, who would only give her surname as Qian, told The Associated Press by telephone. (more)

SpyCam Story #526 - Up-see Daisy

GA - Police say a Loganville man was caught filming up the skirt of a female shopper Sunday at a Home Depot - and that it doesn't appear to be the first time he's done so.

Police have charged Joseph Davidson, 35, with felony eavesdropping for allegedly recording the lewd footage via a palm-size, home video camera concealed in a flower pot. (more)

Thursday, April 30, 2009

Reflect on this... Visual Eavesdropping

I began warning my city clients about visual eavesdropping back in the 1970's. I still do today. My concern then was not computer screens; clients didn't have them.

My concern was lip reading, and it wasn't theoretical. We had a case where this was the method of eavesdropping. The president had a corner office on Park Avenue. Big glass windows. Scores of vantage point offices across the street. We caught them in the act.


The visual eavesdropping info-target is bigger these days. Lip reading concerns have expanded to concerns about: whiteboard / projection / computer screen reading and now... reading the reflections off of shiny objects in the room. ~ Kevin

via Scientific American...
"Through the eyepiece of Michael Backes’s small Celestron telescope, the 18-point letters on the laptop screen at the end of the hall look nearly as clear as if the notebook computer were on my lap.

I do a double take.

Not only is the laptop 10 meters (33 feet) down the corridor, it faces away from the telescope. The image that seems so legible is a reflection off a glass teapot on a nearby table.

In experiments here at his laboratory at Saarland University in Germany, Backes has discovered that an alarmingly wide range of objects can bounce secrets right off our screens and into an eavesdropper’s camera. Spectacles work just fine, as do coffee cups, plastic bottles, metal jewelry—even, in his most recent work, the eyeballs of the computer user. The mere act of viewing information can give it away." (
more)

Monday, April 27, 2009

"Dude, let's go for a drive!"

"There are going to be thousands of victims." Anthony Muzichenko, the owner of L.A. Management, who lost 25 computers.

CA - In a bold, systematic hit on a landmark Ventura Boulevard office building,
burglars stole scores of computers from at least 60 of the 80 businesses there, taking machines containing sensitive legal documents, credit card numbers and the tax information of thousands of people, police said Saturday.

The overnight theft at the Chateau Office Building in Woodland Hills
left accountants, a talent agent, property management companies, attorneys and other businesses in the three-story structure scrambling to assess their losses as police scoured the premises... Several concluded that the thieves' target must have been the information contained on their hard drives, not property.

In one office, a pile of hard drives had been stacked in a corner, ready to be hauled out... thieves left a backup drive, positioned atop the server, leading him to believe that the theft was aimed at "the information, definitely. The computers by themselves are not worth much."

One businessman said the credit card numbers of 7,000 clients were stolen. Accountant Richard Levy said his stolen computer held the tax documents of 800 clients. Attorney Marshall Bitkower said only three computers were taken from his office, but "they had all kinds of stuff. Everything: people's names, credit cards, clients, e-mails back and forth -- who knows what."

Muzichenko, a talent manager, said that when he heard the news he was "very hysterical. I was crying. I have to restore my business." (
more)

Moral: Backup and Encrypt.

History of U.S. Privacy - Ben Franklin's Web Site

via amazon.com...
Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet
This book explores the hidden niches of American history to discover the tug between Americans' yearning for privacy and their insatiable curiosity.

The book describes
Puritan monitoring in Colonial New England, then shows how the attitudes of the founders placed the concept of privacy in the Constitution. This panoramic view continues with the coming of tabloid journalism in the Nineteenth Century, and the reaction to it in the form of a new right - the right to privacy.

The book includes
histories of wiretapping, of credit reporting, of sexual practices, of Social Security numbers and ID cards, of modern principles of privacy protection, and of the coming of the Internet and the new challenges to personal privacy it brings. (more)

22 Fired During Illegal Eavesdropping Purge

Colombia’s DAS security service fired 22 detectives, apparently in connection with an investigation into the illegal wiretapping of leading public figures... “When questioned about the reason for the dismissals, spokespeople for the agency said Muñoz affected them making use of the discretionary authority the law gives him, and that there will another purge this Friday.” (more)

UPDATE - Colombia's domestic intelligence agency has fired another 11 people in a scandal over illegal eavesdropping of judges, journalists and politicians.

That brings to 33 the total number of people dismissed from the Department of Administrative Security since the scandal broke in February. (more)

Saturday, April 25, 2009

Staying Safe Abroad - The Blog, Edward L. Lee II

Last year, I gave all my clients a free copy of Edward L. Lee's book: Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World Yes, it was that good!

The feedback I received spanned from: "Thank you so much..." to one security director saying, "I am buying copies for all our key executives who travel."


If you travel, or know someone who does, buy the book and get FREE updates by following Staying Safe Abroad - The Blog.

"What makes Ed Lee the big expert?"
Ed Lee retired from the US State Department in April 2006, after a career as a special agent, Regional Security Officer, director of training, chief investigator of the Cyprus Missing Persons Program, director of security of the U.S. Agency for International Development and as a senior advisor in the Office of Anti-Terrorism Assistance.


Most of his work now is devoted to educating global companies and governmental entities in how to be successful and keep their people safe abroad.

His career also includes 15 years as an international security consultant; for ten years he served as the security advisor to the Inter-American Development Bank. Additionally, Ed served six years in the Marines before joining the US State Department as a special agent.

"Why the plug?"
I hear you say.
Just a film noir PI's cliche,
"Dead clients don't pay."

Top Seven Emerging Threats to VoIP Services

A clear, lucid article on VoIP security (or, bad stuff that can happen to that fancy new phone on your desk that plugs into the network instead of the old phone jack). Written by one of the many vendors who offer solutions.

Summary:
• VoIP DoS attacks
• Spam over Internet Telephony (SPIT)
• VoIP service theft
• SIP registration hijacking
• Eavesdropping
• VoIP directory harvesting
• Voice Phishing, or Vishing
"WatchGuard advices all businesses using VoIP systems to review their perimeter and VoIP security." (more)

Additional solution vendors:
Sipera
Radware
VoIP Security Buyer's Guide

FREE VoIP security information:
Mark Collier's VoIP Security Blog
Blue Box: The VoIP Security Podcast
Security Considerations for Voice Over IP Systems

Man gets prison for recording anger-management classes

...and is he pissed!
PA - An Allentown man who secretly recorded his court-ordered anger management classes and posted them on YouTube was sentenced to state prison Friday.

Richard P. Mason III told Northampton County Judge Paula Roscioli that he wanted his daughter to see the group therapy sessions, which were ordered as part of his sentence on a terroristic threats charge, said Second Deputy District Attorney William Matz Jr.

Instead, the recordings landed Mason, 41, with a probation violation and a new sentence of 18 to 36 months in state prison on the threats case. Prosecutors are also considering bringing new charges against Mason for violating the state's wiretap law, Matz said.

The case is ''unique,'' Matz said. ''First for me; I think the first for our office.'' (more)

Friday, April 24, 2009

Lost Laptop Cost Survey

A single lost or stolen laptop costs a business an average of nearly $50,000. At least, that's the word from an Intel-sponsored study by the Ponemon Institute.

That figure is based on Ponemon's recent voluntary survey of 28 US companies reporting 138 separate cases of missing laptops.

Value of missing kit was mathmagically calculated by factoring laptop replacement, data breach cost, loss of productivity, investigation cost, and other variables.

The value of a lost lappy to a firm cost an average of $49,246, according to Ponemon. Minimum damage calculated in the survey was about $1,200, and the maximum reported value was just short of a cool $1m.

By far, the cost of a data breach was found to be the most expensive part of losing a lappy, eating up about 80 per cent of the total average cost to a company. (more) (survey)

Laser Beam-ers on the loose...

Turkey - Eleven vehicles with laser eavesdropping systems were the sources for the wiretapping records that were recently broadcast by the media, daily Hürriyet reported yesterday.

"Two of these vehicles are at the disposal of a team that is under the authority of the Prime Ministry," said CHP deputy Ahmet Ersin, who is also a member of the Parliamentary Wiretapping Subcommittee.

Laser eavesdropping technology enables conversations to be taped without the need to install bugs on targets’ communication devices.

Ä°zmir deputy Ersin said, "I learned that the vehicles were imported from Canada and Israel in 2005, but could not get the addresses of where these vehicles were delivered." (more)

Thursday, April 23, 2009

Did you learn about wiretapping in 8th Grade?

Students seem riveted (yawn)...

TEACHER: You’re gonna look at— The words of the week for week five are wiretapping, source, suspicious, notwithstanding, which is a tough word to use in a sentence, and eliminate, okay? (
video)

Too bad. Illegal electronic surveillance is an important topic. Teacher,
Chris Buttimer, is raising an issue that was glossed over in schools when Nixon was on the hot seat; thus history repeated.

Did Corporate Spying Doom Denizen Hotels?

via Deidre Woollard, Luxist.com...
It looks like corporate espionage has sunk the fledgling Denizen Hotels brand. Hilton Hotel Corp. has announced that it has received a federal grand jury subpoena for documents regarding two former employees of Starwood hotels who switched camps and brought their trade secrets with them.

Starwood has sued Hilton saying that Hilton used privileged information in the development of the Denizen brand. The employees, Ross Klein and Amar Lalvani have been placed on paid administrative leave pending review. The Denizen Hotel website is down and Hilton has announced that the development of the brand has been "temporarily suspended." Will the brand be resurrected after the case sorts itself out? My guess is that Hilton will rebrand the hotels as something else. (more)

Business Espionage - Patent Theft Costs (update)

The Australian Commonwealth Scientific and Industrial Research Organisation (CSIRO) will use the money won from a Wi-Fi technology patent battle to fund further research.

Legal action in the United States between the CSIRO and a number of global computing giants came to an end today, with the last of 14 companies opting for confidential settlements with the scientific agency. (more)

Conclusion: Business espionage is a big BIG gamble. Obtaining justice after the fact is expensive, for all parties. This is a rare case. The good guys won. To add insult to injury, the bad guys are paying for research which will be used against them in the future. Sweet. Most often, however, the spies are allowed to win. Sour. Who "allows" them to win? Corporate victims who never bothered to look for evidence of spies in their midst. Not looking? Get help.