UAE - The battery-sapping "performance patch" that Etisalat sent to its BlackBerry subscribers over the last few days was designed to give the UAE operator the ability to read its customers emails and text messages, a Qatar-based software expert told CommsMEA yesterday.
Last week, Etisalat told its 100,000 BlackBerry subscribers that a "performance enhancement patch" would be sent to them to "provide the best BlackBerry service and ultimate experience". But users who downloaded the software complained of dramatically reduced battery life and slower than usual performance of their devices.
Nigel Gourlay, a Doha-based Sun-certified Java programmer who has been developing open source software for 15 years, analysed the patch after it was posted on BlackBerry’s community support forum and he said that once installed, it potentially gives Etisalat the power to view all emails and text messages sent from the BlackBerry. (more)
FutureWatch - Governments may make the manufacturer or carrier pre-load this capability as a condition of doing business in that country.
Tuesday, July 14, 2009
What CEOs Don't Know About Cybersecurity
A new study hints at how often cyberthreats aren't communicated to the boss.
Being the chief executive has its privileges. And one of them may be a blissful ignorance of your company's data breach risks.
According to a study to be released Tuesday by the privacy-focused Ponemon Institute, companies' chief executives tend to value cybersecurity just as--if not more--highly than their executive colleagues. But compared to lower-level execs, CEOs also tend to underestimate the frequency of cyberthreats their organization faces. (more)
Having observed the scene for over 30 years, these findings may be extended to include any technical threat to information security.
Quote of the Day -- "We don't know how much filtering of bad news happens that keeps CEOs from hearing some of the darker secrets." ~ Dr. Larry Ponemon
Being the chief executive has its privileges. And one of them may be a blissful ignorance of your company's data breach risks.
According to a study to be released Tuesday by the privacy-focused Ponemon Institute, companies' chief executives tend to value cybersecurity just as--if not more--highly than their executive colleagues. But compared to lower-level execs, CEOs also tend to underestimate the frequency of cyberthreats their organization faces. (more)
Having observed the scene for over 30 years, these findings may be extended to include any technical threat to information security.
Quote of the Day -- "We don't know how much filtering of bad news happens that keeps CEOs from hearing some of the darker secrets." ~ Dr. Larry Ponemon
ESC Highlights Growing Espionage Threat
Some items from the latest issue of Employee Security Connection...
Corporate Espionage Rising: All told, U.S. businesses lose up to $250 billion in revenue as well as 750,000 jobs annually. To help your employees do their part to fight spying and insider risks, we explain the basic types of threats-both technical and non-technical.
Security Risks R Us: Think your employees know their stuff when it comes to spying? Here we offer a quick quiz for your employees to assess their security savvy.
Foreign Affairs: You'll want your employees to take note of this recent case in which a contractor lost his security clearance and went to jail for failing to report his relationship with a Chinese national.
Be Safe When Traveling Overseas: Whether your employees are packing for a pleasure trip or just hoping to do some sightseeing in conjunction with business travel, we provide some timely tips to help them prepare. (q.v. Staying Safe Abroad)
Security Directors...
Employee Security Connection is a quarterly awareness newsletter, developed by the National Security Institute to help educate employees to the risks and security responsibilities for protecting classified and proprietary information. Four quarterly issues, 8 pages each, in Adobe PDF format. Customized with your logo. One subscription allows organization-wide distribution rights (e-mail, intranet or print). They do all the work. You get all the credit. Easy!
Corporate Espionage Rising: All told, U.S. businesses lose up to $250 billion in revenue as well as 750,000 jobs annually. To help your employees do their part to fight spying and insider risks, we explain the basic types of threats-both technical and non-technical.
Security Risks R Us: Think your employees know their stuff when it comes to spying? Here we offer a quick quiz for your employees to assess their security savvy.
Foreign Affairs: You'll want your employees to take note of this recent case in which a contractor lost his security clearance and went to jail for failing to report his relationship with a Chinese national.
Be Safe When Traveling Overseas: Whether your employees are packing for a pleasure trip or just hoping to do some sightseeing in conjunction with business travel, we provide some timely tips to help them prepare. (q.v. Staying Safe Abroad)
Security Directors...
Employee Security Connection is a quarterly awareness newsletter, developed by the National Security Institute to help educate employees to the risks and security responsibilities for protecting classified and proprietary information. Four quarterly issues, 8 pages each, in Adobe PDF format. Customized with your logo. One subscription allows organization-wide distribution rights (e-mail, intranet or print). They do all the work. You get all the credit. Easy!
Japanese scientists to build robot insects
Japan - Police release a swarm of robot-moths to sniff out a distant drug stash. Rescue robot-bees dodge through earthquake rubble to find survivors.
These may sound like science-fiction scenarios, but they are the visions of Japanese scientists who hope to understand and then rebuild the brains of insects and program them for specific tasks.
Ryohei Kanzaki, a professor at Tokyo University's Research Centre for Advanced Science and Technology, has studied insect brains for three decades and become a pioneer in the field of insect-machine hybrids. (more)
These may sound like science-fiction scenarios, but they are the visions of Japanese scientists who hope to understand and then rebuild the brains of insects and program them for specific tasks.
Ryohei Kanzaki, a professor at Tokyo University's Research Centre for Advanced Science and Technology, has studied insect brains for three decades and become a pioneer in the field of insect-machine hybrids. (more)
Labels:
cautionary tale,
FutureWatch,
Hack,
historical,
humor,
nature,
weird
Friday, July 10, 2009
Negative feedback, buyer claims he was arrested.
A Chinese national was indicted this week for conspiring to violate U.S. export law, following a nearly three-year investigation into his alleged efforts to acquire sensitive military and NSA-encryption gear from eBay and other internet sources.
Chi Tong Kuok, of Macau, told Defense Department and Customs investigators that he had been “acting at the direction of officials for the People’s Republic of China,” according to a government affidavit in the case. “Kuak indicated he and PRC officials sought the items to figure out ways to listen to or monitor U.S. government and military communications.” (more) (sing-a-long)
Chi Tong Kuok, of Macau, told Defense Department and Customs investigators that he had been “acting at the direction of officials for the People’s Republic of China,” according to a government affidavit in the case. “Kuak indicated he and PRC officials sought the items to figure out ways to listen to or monitor U.S. government and military communications.” (more) (sing-a-long)
You know spying is a major problem when...
Follow-up: Murdock Phone Tap Scandal
via Politics Daily... The Guardian broke a story revealing that Rupert Murdoch's News Group Newspapers has paid out more than 1 million pounds in court costs after its journalists were accused of involvement in phone tapping.
The journalists allegedly hired private investigators to hack into the mobile phones of public figures ranging from former deputy prime minister John Prescott to supermodel Elle McPherson, as well as numerous other politicians, sports stars and actors. The investigators allegedly gained access to all sorts of confidential information about these people, including tax records, bank statements and social security files...
...one of Murdoch's former editors at the News of the World says that this scandal constitutes one of the major media stories of modern times.
First, it suggests that such behavior -- if shown to be true -- was not the result of a few rogue reporters but a systemic policy in the newsroom, opening the paper up to the possibility of a class-action lawsuit.
Second, the scandal also threatens to embroil the Metropolitan police -- who apparently did not alert all those whose phones were targeted -- as well as the Crown Prosecution Service, which did not pursue all possible charges against News Group personnel. Finally, even Conservative party leader David Cameron could be tainted by this one: The party's chief of communications, Andy Coulson, was an editor at the News of the World when the alleged wire-tapping took place. Murdoch, for his part, maintains that he knew nothing about any of this.
This morning, the Commons Culture, Media and Sports Committee of the British Parliament announced it is launching an official investigation into the use of illegal surveillance techniques. (more)
The journalists allegedly hired private investigators to hack into the mobile phones of public figures ranging from former deputy prime minister John Prescott to supermodel Elle McPherson, as well as numerous other politicians, sports stars and actors. The investigators allegedly gained access to all sorts of confidential information about these people, including tax records, bank statements and social security files...
...one of Murdoch's former editors at the News of the World says that this scandal constitutes one of the major media stories of modern times.
First, it suggests that such behavior -- if shown to be true -- was not the result of a few rogue reporters but a systemic policy in the newsroom, opening the paper up to the possibility of a class-action lawsuit.
Second, the scandal also threatens to embroil the Metropolitan police -- who apparently did not alert all those whose phones were targeted -- as well as the Crown Prosecution Service, which did not pursue all possible charges against News Group personnel. Finally, even Conservative party leader David Cameron could be tainted by this one: The party's chief of communications, Andy Coulson, was an editor at the News of the World when the alleged wire-tapping took place. Murdoch, for his part, maintains that he knew nothing about any of this.
This morning, the Commons Culture, Media and Sports Committee of the British Parliament announced it is launching an official investigation into the use of illegal surveillance techniques. (more)
Labels:
business,
eavesdropping,
employee,
espionage,
government,
Hack,
lawsuit,
leaks,
privacy,
wiretapping
Thursday, July 9, 2009
Does your Security Program Include TSCM?
Security Director Alert - "Get me some dirt on..."
Electronic eavesdropping and wiretapping attacks are coming at you from all angles: competitors, disgruntled employees, unions, foreign governments, activists, and the media. Here is a high-profile example of media spying...
Rupert Murdoch's News Group News papers has paid out more than £1m to settle legal cases that threatened to reveal evidence of his journalists' repeated involvement in the use of criminal methods to get stories.
The payments secured secrecy over out-of-court settlements in three cases that threatened to expose evidence of Murdoch journalists using private investigators who illegally hacked into the mobile phone messages of numerous public figures to gain unlawful access to confidential personal data, including tax records, social security files, bank statements and itemised phone bills.
Cabinet ministers, MPs, actors and sports stars were all targets of the private investigators.
How pervasive was this snooping?
...one senior source at the Met told the Guardian that during the Goodman inquiry, officers found evidence of News Group staff using private investigators who hacked into "thousands" of mobile phones. Another source with direct knowledge of the police findings put the figure at "two or three thousand" mobiles. (more) (more)
Rupert Murdoch's News Group News papers has paid out more than £1m to settle legal cases that threatened to reveal evidence of his journalists' repeated involvement in the use of criminal methods to get stories.
The payments secured secrecy over out-of-court settlements in three cases that threatened to expose evidence of Murdoch journalists using private investigators who illegally hacked into the mobile phone messages of numerous public figures to gain unlawful access to confidential personal data, including tax records, social security files, bank statements and itemised phone bills.
Cabinet ministers, MPs, actors and sports stars were all targets of the private investigators.
How pervasive was this snooping?
...one senior source at the Met told the Guardian that during the Goodman inquiry, officers found evidence of News Group staff using private investigators who hacked into "thousands" of mobile phones. Another source with direct knowledge of the police findings put the figure at "two or three thousand" mobiles. (more) (more)
"Passwords? We don't need no stinkin'..."
Kon-Boot for Windows enables logging in to any password protected machine profile without without any knowledge of the password. There is also a version for Linux. Sounds dangerous. Stay tuned. Freeware download.
Security Director Recommendation - One possible corporate environment solution; lock out USB ports and CD drives.
Security Director Recommendation - One possible corporate environment solution; lock out USB ports and CD drives.
Spy Cheap... at The International Spy Museum
The International Spy Museum Store is having a great summer sale! Up to 50% Off + Free Ground Shipping on Orders Over $50.
Very Practical...
Metrosafe Anti-Theft Computer Bag
Product Facts: When you have top-secret data to deliver, there may be spies lurking around the dead drop, waiting to lift your laptop. That’s where the Metrosafe delivers. It looks like a regular laptop case, but its security features elevate it to an effective anti-theft device. It has tamper-proof, lockable zippers and a wire-reinforced, slash-proof shoulder strap with a built-in combination lock. (You can anchor the strap around a secure object like a table leg.) Its front and bottom panels are also slash-proof to protect against knife-wielding spies. Designed with a fully padded laptop compartment with two organizer pockets, a front zippered organizer pocket and two padded pockets to hold a cell phone, PDA, camera, or MP3 player. Fits most 13” laptops. Technical Data: 840-denier ballistic nylon/high-tensile steel wire. Black. 12” x 13-1/2” x 4”. 2 lbs., 3 oz. (33% off)
Very Practical...
Metrosafe Anti-Theft Computer Bag
Product Facts: When you have top-secret data to deliver, there may be spies lurking around the dead drop, waiting to lift your laptop. That’s where the Metrosafe delivers. It looks like a regular laptop case, but its security features elevate it to an effective anti-theft device. It has tamper-proof, lockable zippers and a wire-reinforced, slash-proof shoulder strap with a built-in combination lock. (You can anchor the strap around a secure object like a table leg.) Its front and bottom panels are also slash-proof to protect against knife-wielding spies. Designed with a fully padded laptop compartment with two organizer pockets, a front zippered organizer pocket and two padded pockets to hold a cell phone, PDA, camera, or MP3 player. Fits most 13” laptops. Technical Data: 840-denier ballistic nylon/high-tensile steel wire. Black. 12” x 13-1/2” x 4”. 2 lbs., 3 oz. (33% off)
Tuesday, July 7, 2009
Why Business Espionage is Epidemic
Business espionage has kept me in business for over 30 years now. I help organizations uncover it and stop it - before they suffer expensive losses. Eavesdropping and wiretap detection is a key component to corporate counterespionage efforts because they are the easiest espionage red flags to spot.
This is what I have learned over the years.
Business espionage is rampant due to...
1. Low cost of entry.
2. High rate of return.
3. Low probability of detection.
4. Lower probability of prosecution.
5. Even lower probability of meaningful punishment.
Example...
David A. Goldenberg, ex vice president of AMX, was arrested following a six week investigation and was charged with Unlawful Access of a Computer System/Network, Unlawful Access of Computer Data/Theft of Data and Conducting an Illegal Wiretap. On May 11 he entered a plea of guilty to felony wiretapping.
The investigation revealed that, while an employee of AMX, Goldenberg had infiltrated the email accounts of Sapphire Marketing, a sales representative for Crestron. He was intercepting emails related to potential contracts, which afforded him advanced knowledge of Sapphire's customers and bid prices affording him an opportunity to underbid them. He then established a free email account and created an automatic forward of the victim's email to that address.
He has been sentenced to three years probation, including psychological counseling, and will have to pay an undisclosed fine. The maximum sentence for the crime is five years in prison but Goldenberg has managed to avoid any jail time. (more)
In this case, damage was done. Their information and strategies were taken and used against them. The loss was expensive.
Call me if your company would like to know how to detect espionage problems before they get to this stage. ~ Kevin
This is what I have learned over the years.
Business espionage is rampant due to...
1. Low cost of entry.
2. High rate of return.
3. Low probability of detection.
4. Lower probability of prosecution.
5. Even lower probability of meaningful punishment.
Example...
David A. Goldenberg, ex vice president of AMX, was arrested following a six week investigation and was charged with Unlawful Access of a Computer System/Network, Unlawful Access of Computer Data/Theft of Data and Conducting an Illegal Wiretap. On May 11 he entered a plea of guilty to felony wiretapping.
The investigation revealed that, while an employee of AMX, Goldenberg had infiltrated the email accounts of Sapphire Marketing, a sales representative for Crestron. He was intercepting emails related to potential contracts, which afforded him advanced knowledge of Sapphire's customers and bid prices affording him an opportunity to underbid them. He then established a free email account and created an automatic forward of the victim's email to that address.
He has been sentenced to three years probation, including psychological counseling, and will have to pay an undisclosed fine. The maximum sentence for the crime is five years in prison but Goldenberg has managed to avoid any jail time. (more)
In this case, damage was done. Their information and strategies were taken and used against them. The loss was expensive.
Call me if your company would like to know how to detect espionage problems before they get to this stage. ~ Kevin
Monday, July 6, 2009
Spy Trick #325 - Lost Laptops from Airports
A new study sponsored by the Dell computer company estimates that more than 12,000 laptop computers are lost or stolen each week at U.S. airports, and only 33% of those that turn up in "lost and found" are reclaimed.
The other 67% remain in the airport awhile before being disposed of, meaning there are "potentially millions of files containing sensitive or confidential data that may be accessible to a large number of airport employees and contractors," the study reports.
More than 53% of business travelers say their laptops contain confidential or sensitive information, but 65% of these people admit they don't take steps to protect it. Yet the average business cost when confidential personal information is lost or stolen is $197 per record, according to another Ponemon study. (more)
A full copy of the report can be found here. (pdf)
What do you think happens to laptops left at the airport?
Could they fall into the hands of professional snoops?
"The TSA turns it over to state surplus property agencies, which tend to sell it online or at retail stores."
Let's dig further. We'll pick Texas, a big state with several major airports (7 to be exact). They have several method of disposal...
• Online auctions at www.lonestarauctioneers.com and www.bandiauctions.com
• 3 live on-line auctions a year.
• eBay under seller name texasstatesurplus.
• At their walk-in stores.
(Texas Surplus Brochure)
It would not be difficult for business spies to track property disposal auctions from every airport.
Solutions... Crypt your disk. Install theft reporting software. Engrave "Reward if found and returned..." on the bottom.
The other 67% remain in the airport awhile before being disposed of, meaning there are "potentially millions of files containing sensitive or confidential data that may be accessible to a large number of airport employees and contractors," the study reports.
More than 53% of business travelers say their laptops contain confidential or sensitive information, but 65% of these people admit they don't take steps to protect it. Yet the average business cost when confidential personal information is lost or stolen is $197 per record, according to another Ponemon study. (more)
A full copy of the report can be found here. (pdf)
What do you think happens to laptops left at the airport?
Could they fall into the hands of professional snoops?
"The TSA turns it over to state surplus property agencies, which tend to sell it online or at retail stores."
Let's dig further. We'll pick Texas, a big state with several major airports (7 to be exact). They have several method of disposal...
• Online auctions at www.lonestarauctioneers.com and www.bandiauctions.com
• 3 live on-line auctions a year.
• eBay under seller name texasstatesurplus.
• At their walk-in stores.
(Texas Surplus Brochure)
It would not be difficult for business spies to track property disposal auctions from every airport.
Solutions... Crypt your disk. Install theft reporting software. Engrave "Reward if found and returned..." on the bottom.
The Case of the Tattle-Tell Cell
NY - Mikhail Mallayev, who was convicted in March of murdering an orthodontist whose wife wanted him killed during a bitter custody battle, stayed off his cellphone the morning of the shooting in Queens. But afterward, he chatted away, unaware that his phone was acting like a tracking device and would disprove his alibi — that he was not in New York the day of the killing.
Darryl Littlejohn, a nightclub bouncer, made call after call on his cellphone as he drove from his home in Queens to a desolate Brooklyn street to dump the body of Imette St. Guillen, the graduate student he was convicted this month of murdering.
The pivotal role that cellphone records played in these two prominent New York murder trials this year highlights the surge in law enforcement’s use of increasingly sophisticated cellular tracking techniques to keep tabs on suspects before they are arrested and build criminal cases against them by mapping their past movements. (more)
Darryl Littlejohn, a nightclub bouncer, made call after call on his cellphone as he drove from his home in Queens to a desolate Brooklyn street to dump the body of Imette St. Guillen, the graduate student he was convicted this month of murdering.
The pivotal role that cellphone records played in these two prominent New York murder trials this year highlights the surge in law enforcement’s use of increasingly sophisticated cellular tracking techniques to keep tabs on suspects before they are arrested and build criminal cases against them by mapping their past movements. (more)
Subscribe to:
Posts (Atom)