Tuesday, August 11, 2009

Disaster Recovery Plan time...

Hey, how's your disaster recovery plan looking?
Dusty?
Faded?
Incomplete?
Incompetent?
MIA?
Just missing?
Don't have one yet?
I see a lot of raised hands.

Every business, large and small, needs a "what if... what do we do?" plan.

Creating one need not be hard, nor expensive.
There is a lot of expert help out there.

How to Create a Disaster Recovery Plan. (free basic outline)
Disaster Recovery Journal (free magazine)
D-I-Y Template ($)

A smarter way is to enlist the aid of a professional consultant.
International Association of Professional Security Consultants
BAM - "BAM has a crackerjack team of ex-military strategists, FBI trainers, intelligence and security professionals, mathematicians, and 3D creative agents who use the latest technology, including mobile devices and social media networks, to arm their clients with the most appropriate tools for dealing with disaster, as it happens." Kevin Burton is their CEO.

or, you could use the Dilbert Disaster Recovery Plan.

SpyCam Story #544 - Monkey Business

TX - Surveillance video at a Dallas-area store caught the theft of several dozen plants, flowers and small statues on tape. But the culprit turned out to be a very unusual thief, a monkey with serious sticky fingers. (video) (sing-a-long)

Thursday, August 6, 2009

Business Espioange - Goldman Sachs

via The Wall Street Journal...
A Goldman Sachs Group Inc. computer programmer who quit last month was arrested and charged with stealing codes related to a high-speed trading program that he helped develop.

The programmer, Sergey Aleynikov, 39 years old, was arrested Friday by Federal Bureau of Investigation agents as he got off a plane at Newark Liberty International Airport. According to a complaint filed Saturday, Mr. Aleynikov downloaded 32 megabytes of data from Goldman's computer system with "the intent to convert that trade secret to the economic benefit of someone other than the owner."...

According to the FBI, Mr. Aleynikov got a job offer earlier this year at an unnamed Chicago firm that planned to triple the $400,000-a-year salary he was paid at Goldman. The unnamed company is "new" and "intended to engage in high-volume automated trading," the FBI said in the court filing. (more)

"He kicked me around, tried to drown me, burned me, and now he wants to swap me!"

Apple says it has had enough of giving people replacement iPhones and iPods when, in their view, it is the consumer who has abused the gadget and rendered it inoperable.

So today the firm has filed a patent on a kind of spy system that sits inside gadgets to record "consumer abuse events" and reveal them to Apple staff when you ask for a replacement.

"Often, particularly at a point of sale, personnel receiving the returned device may be unqualified or untrained to determine whether or not a device has failed due to manufacturing defects or due to consumer abuse," the company explains in US patent application 20090195394. (more)

SpyCam Story #543 - The Tell-Tale Tape

OR - Last year the woman told police told police she thought her landlord was spying on her through a hidden camera in the shower.

The woman lived in an upstairs apartment inside the home the landlord shared with a second renter.
That landlord - former Kalama City Council member Paul Stickel - has been charged with voyeurism, but he claims he did no such thing.

Police searched Stickel's home last Spring and confiscated videotapes, televisions and cable. They also found a hole in the wall in the woman's bathroom.

In a March 2008 affidavit, police said videotape taken from Stickel's home "shows Stickel simulating taking a shower" to test the camera-equipped shower stall. Detectives also cited a "secret viewing area" - a covered peephole - that looks out through a mirror on the woman's medicine cabinet.

Stickel claims the investigators are bluffing. (more) (video)

Solar Assisted SpyCam from Australia

from the seller's Web site...
Xtern-Cam® is a rugged outdoor standalone surveillance camera
with inbuilt GPRS modem (receive the photos on your cell), digital image recording function, integrated night vision and inbuilt Solar Panel to give extraordinary long battery life.

The camera captures high-resolution black & white images when motion is detected and emails a selection of these to a monitoring station or mobile phone as well as storing all the high resolution images to a removable memory card for easy viewing later, on a computer or PDA. The camera can also be powered by an external 12VDC power source and can be externally triggered from a gate or door opening.

Outdoors in time lapse mode using its inbuilt Solar panel to recharge the battery during the day, Xtern-Cam® can capture and transmit wirelessly, one image every 5 minutes at night time without ever requiring the battery to be re-charged. Similarly, if Motion activated, it can capture and transmit up to 150 images every night without ever having to charge the battery.

In busy environments where the Camera may capture and transmit up to 330 images per night, the battery would still last around one month! The camera can store up to 65,000 VGA images and will optionally overwrite the oldest images when the memory card is full to enable ‘set and forget’ operation.

Xtern-Cam® is also available with a colour camera for daytime operation with optional 16mm or 8mm telephoto lenses. (more)

"So, how long had your phone been tapped?"

Wharton School professor Andrea Matwyshyn has attended Defcon for the past five years. This year, her radar is pointing to corporate disclosure of computer security threats.

Most consumers, she says, find out about them primarily through news reports and after-the-fact data breach notifications. Big business, Matwyshyn says, needs to do a much better job of keeping customers abreast of how they're dealing with big security threats. "Companies need to be aware that their customers are going to start asking questions about their security and what they're doing," she told Forbes. (more)

Having quarterly TSCM inspection logs in your files can help stave off stockholder lawsuits. ~Kevin

The nights were cold and lonely...

IL - A Clinton police officer accused of viewing pornography on his squad car computer is asking that evidence collected from the computer be barred from an upcoming disciplinary hearing because police officials are guilty of eavesdropping.

Patrolman Billy Hurst, 40, of Clinton will face the Clinton Police and Fire Commission on Aug. 13 on charges that he acted improperly by
spending more than 23 hours watching pornography during working hours from Nov. 13, 2008, to Jan. 24...

Hurst's attorney, Shane Voyles, with the Policemen's Benevolent labor committee, filed a civil complaint in May in DeWitt County court
accusing Reidy of eavesdropping by monitoring Hurst's computer activities. Hurst did not consent to the city's installation of software put in place after viruses were detected on city computers, said Voyles. (more)

Wednesday, August 5, 2009

Watergate I & Watergate II

WATERGATE I
The chief of Hungary’s secret services – the National Security Office (NBH) – quit last Monday,
saying his position had become untenable due to the way other authorities handled a scandal over a private security firm allegedly used to spy on politicians.

In his resignation letter, Sándor Laborc spoke of “anomalies” in the way the public prosecution service and the NBH handled the
UD Affair...

The UD scandal, over which Laborc would eventually resign, began last September when the head of the small conservative opposition party, th
e Hungarian Democratic Forum (MDF) received an audio recording of one of UD’s owners talking to the owner and CEO of OTP Bank, Sándor Csányi, about a commission to collect data on her.

Ibolya Dávid claimed that someone was trying to discredit her in the run up to the MDF’s party leadership election...
Dávid last Tuesday said during a television interview that the UD affair had turned into a Hungarian "Watergate." (more)

WATERGATE II
via Gizmodo.com...

Instead of creating the usual steel turnstile, the Watergate's designers used the primordial liquid as a psychological barrier.
Their logic: People won't like to get their clothes wet...

It's a good idea, because most people will actually respect it. Another good thing: If something happens, people can run to the exit without having to go through gates:
Water is only a psychological barrier.

Fleeing, panicking persons can escape through the gate without being hindered by any rigid media. Clever.


An added advantage is that
people in wheelchairs or carrying luggage can easily pass through them. Very clever. (more) (video)

Cablegram: You're Bugged

USB cable UHF transmitter.
When plugged to a USB port the cable works as usual
and the transmitter inside the cable transmits conversations or any sound to a distant receiver.

No batteries needed. The transmitter works as long as it remains plugged to a USB port. Automatic Gain Control lets it pick up a whisper up to 40 feet away – as clearly as loud speech near it. (
more)

Pretty much impossible to discover yourself just by looking. But, hey... that's why you keep our information handy. ~Kevin

Access data by tapping fibre-optic networks

Fibre-optic cable networks are not as secure as believed - with new technology making it easy for hackers to steal data from them, according to an IDC report.

IDC research analyst Romain Fouchereau said that the reputation of a fibre-optic cable network as more secure than copper cables wasn’t justified, and that new and inexpensive technologies have now made data theft easily possible for hackers without detection.

Organisations that carry sensitive information across fibre-optic cables are potentially vulnerable from criminal threats, as much of the cabling is easily accessible and not well protected. Fouchereau said that hacks on optical networks could be achieved simply by extracting light from ultra-thin fibres. (more)

Once a successful tap has been achieved, software that records, monitors and analyses the data (called packet sniffers), can capture the data...

“Hence, capturing or eavesdropping on this data serves not only military purposes. Industrial espionage in these sectors is worth billions of dollars.” (more)

Saturday, August 1, 2009

Corporate Level Videotapping

Two researchers at Defcon on Friday demonstrated tools that allow people to eavesdrop on video conference calls and intercept surveillance camera video.

An attacker needs to be in the same building as the victims to carry out the man-in-the-middle attacks over the network.


The free UCSniff tool, available in Linux and Windows versions, offers a slick graphical user interface for sniffing video, said Jason Ostrom, director of the Viper Lab at Sipera Systems. The tool basically tricks the voice-over-IP network carrying the video into sending the data packets to the attacker's computer, he said.


This could be used to spy on people. For instance, an attacker could listen in on and record confidential conversations between an executive who is on a video conference call with another remote executive, according to Ostrom.

Ostrom and Arjun Sambamoorthy, a research engineer at Viper Lab, also have developed another free tool called VideoJak that can be used to intercept video streams.

Thieves planning to steal from a museum, for example, could use the tool to change live surveillance video being watched by a museum security guard so that it replayed previous video of the art, giving thieves time to steal art without detection. (more)

A Glimpse at Corporate Spying

Paris - The story has the elements of a corporate thriller: a cast of characters that includes former French spies and military men, an American cycling champion, Greenpeace activists and a dogged judge whose investigation takes him from a sports doping laboratory outside Paris to a Moroccan jail and to some of the top corporations in France.

Like installments in a serial novel, new revelations have been dripping out since March. And while the climax is still probably many months away, the story is providing a rare glimpse into the shadowy and potentially lucrative business of gathering what corporations refer to as “strategic intelligence.” (more)

The whole story is as fascinating as it is revealing. Click "more" to read the full story.

High stakes business espionage is very real.

Smart executives have counterespionage
programs. Doubters have their pockets picked. Stories like this represent espionage failures; the tip of the spyberg. Successful spying (by definition) goes unnoticed. ~Kevin

Export, eh?

Canadians vow mass-mooning of US spy-blimp

70+ Canadians in Sarnia, Ontario have committed to dropping their pants and mooning a spy balloon that a US company is launching to surveil the border, including their town. (more)


View Larger Map

Business Espionage - Chow Down

The owner of restaurant chain Mr. Chow alleges a rival restaurateur sent a spy to his soon-to-open Miami eatery to learn Mr. Chow's secrets.

FL - Michael Chow, who started his first Mr. Chow store more than 30 years ago, added "corporate espionage" to the charges in his trademark infringement suit against Philippe Chow, a former employee who owns a restaurant across the street from the new Mr. Chow, the New York Post reported Friday.

The lawsuit claims a 65-year-old man disguised as a chef was present when kitchen staff were being briefed on plans for the restaurant and, when confronted by an executive chef, said he was "incognito" so "your boss will not notice."

Philippe and his partner, Stratis Morfogen, denied the charges.

"This is beyond bizarre and at this point we have no further comment describing Michael Chow's delusional and paranoid state of mind," Morforgen said. (more)
Ouch! That bites.