Monday, November 16, 2009

Compliance departments on red alert for insider trading

In the wake of the alleged insider-trading ring involving hedge fund manager Galleon Group, compliance departments at asset management firms and broker-dealers are stepping up their vigilance.

As regulators increase their scrutiny of insider trading, firms are actively reviewing their compliance policies, making sure that employees understand them and conducting more audits of their trading patterns to make certain that nothing is potentially amiss...

The main worry at firms is that employees could be sharing information and unwittingly contributing to an insider-trading scheme...

Compliance departments also are making sure employees are careful with how they use other forms of media, such as voice-over-Internet, social-networking websites such as Twitter, and blogs.

“People need to understand that the law is the law, no matter what communication medium they are using,” said Ralph “Chip” MacDonald, a partner at Jones Day. (more)

An unpublicized element of this due diligence are Eavesdropping Detection Audits (TSCM).

Mobile Phone Bug Allows Wiretapping

Fact or Netmyth?
You decide.
Report back.

Summary
Erricson's WAP, Wireless Application Protocol, suffers from a security flaw that allows attackers to listen into other WAP sessions traveling on the cellular carrier wave.

Details
Erricson Mobile Phone allows attackers to wiretap other lines. This attack is limited, since you cannot choose which number to wiretap on, and you cannot talk at the same time that you are wiretapping a line. This vulnerability shows the lack of security of WAP as it is offered in today's cellular networks.

IMPORTANT NOTE: Wiretapping is illegal. The following information is just a proof of concept that shows a potential vulnerability in Erricson's WAP implementation.

How to wiretap from an Erricson Cell Phone:
1) Type 904059
2) Menu
3) Yes
4) 1
5) RCL
6) Yes
7) 8300**
8) Yes
9) 86
(Instead of the ** you can write any number you wish, except for the number 00)

To stop the wiretapping:
1) Type RCL
2) 3
3) Yes
(via)

Our spies report back...
"I am with cellular operator and today I asked my technical staff about this method. They replied
this is very old news, about year 2001. This bug was on very old Ericsson (before Sony Ericsson) phones and modern phones do not respond to this code sequence."
Thank you!

Eat Like a Spy

Next time your mission brings you to The Big Apple (aka New York City), and you need a little comfort food, come in from the cold.

Shake your tail (a quick double-back through Stuyvesant Town should do it) and head to The Village (you can leave this one). Duck into the
Northern Spy Food Co.

They know spies need to stay fit. Northern Spy co-owner Chris Ronis calls his seasonal menu, "very homey but not heavy—not the fat-fried explosion that gets all the attention."


Psst... Chris, ixnay onway ethay explosionway alktay. It makes the patrons nervous.

Friday, November 13, 2009

New - GSM Audio Video Bug

from the manufacturer's advertising...
Specifications
• See your monitoring place anywhere, anytime by your mobile phone

• Wire tap your monitoring place by your mobile
• Know the urgent things in first time by your mobile
• Wireless installation, can move freely
Can control the camera with your mobile to get the monitoring place image by MMS anywhere
Successfully combine moving detect technology and GSM wireless network transmission technology apply in defense and security area, it break the distance and electrical wire restriction compare with normal defense and security products
Any changes or dangerous in the monitoring place, camera will notify you by calling, SMS, or MMS
Can dial the preset emergency number once the sensor active
With cute appearance, practical functions, and bright design
Applicable in family, office, factory, store etc place, especially for garage, stock house, and more where fixed lines are hard to reach
With monitor, can see your home any time, know your child arrive home in first time, and know your office is safe during holiday

Functions:

Mobile alarm: capture images and send to your mobile phone by MMS
SMS remote control: control the camera by sending SMS commands
Real time audio: call the camera and listen in
Motion detection: detect any motion within the monitoring area and send alarm
External connection: connect wireless sensors (maximum of 15), such as door magnet, PIR sensor, smoke sensor, gas sensor, and more
Camera can report alarm from all sensors connected
Infrared light: built-in IR light enables the camera to capture images in dark environment
Resolution: 300 pixels CMOS camera
Watch images directly
(more)

Why do I mention it?
So you will know what you are up against.

Warning: industrial espionage on the rise

Denmark - Companies are being warned by both an industry organisation and the national intelligence agency that industrial spies are ever present.

Jakob Scharf, head of the Danish Security and Intelligence Service (PET), recently warned that industrial espionage has been growing steadily in the last number of years and Danish companies are not impervious to it. (more)

UK - Universal Knowledge?

UK - The British government has decided to go ahead with its plans under what it calls the Intercept Modernisation Programme to force every telecommunication company and Internet service provider to keep a record of all of its customers' personal communications, showing who they have contacted, when and where, as well as the web sites they have visited, according to the London Telegraph and various other British papers.

The information gathered, the Telegraph says, will be able to be accessed by 653 public bodies, "including police, local councils, the Financial Services Authority, the ambulance service, fire authorities and even prison governors."

"They will not require the permission of a judge or a magistrate to obtain the information, but simply the authorisation of a senior police officer or the equivalent of a deputy head of department at a local authority," the Telegraph says. (more)

Thursday, November 12, 2009

Number Six, Number Two & Rover are back

The 1960s sci-fi phenomenon, The Prisoner TV series, is back. AMC and British network ITV re-made the cult show into a six-part mini-series that will begin airing this Sunday.

Patrick McGoohan co-created the original Prisoner series, directed it, and starred in it as well. The show centers on the imprisonment of a resigned British secret agent (McGoohan) in a seemingly serene and beautiful village of unknown location.

The captive agent, renamed Number Six (all prisoners in the village are numbered), is constantly interrogated, manipulated and tormented by sinister figures known only as Number Two.

In addition to being a psychological thriller that was way ahead of its time, The Prisoner demonstrated a number of political metaphors for the corruption of power, struggl
es for freedom, and the enslavement of the masses by commercial/political interests.

Sir Ian McKellen will take on the role of the evil Number Two and James Caviezel will play persecuted Number Six. It’s rumored that McGoohan (who died January 13, 2009) may have a cameo in the remake as well. (AMC)

Tuesday, November 10, 2009

Charity President Fired for Bugging

Feed The Children President Larry Jones was fired Friday from the charity he founded 30 years ago. ... He and his wife, Frances, were the main fundraisers, making repeated, often heart-wrenching televised pleas for money to help starving children in Africa and elsewhere.

The firing came after Jones admitted to the charity’s investigator and to police that he authorized the installation of hidden microphones in three executives’ offices last April. "I did nothing wrong there. … I knew what the law was… They used wiretapping as the excuse,” Jones said Friday.

Jones in April had hidden microphones installed in the offices of his daughter, the chief financial officer and the chief operating officer before they returned to their jobs, according to two of his attorneys.

Oklahoma City police became involved Aug. 19 after a private investigator found "remnants of wiretapping devices” in the ceilings of the three offices. The owner of the company that installed the microphones told police his employees never could get a recorder to work.

Jones has been the face of the Oklahoma City-based Christian relief organization. It reports collecting more than $1 billion in donations a year. (more)

PTL deja vu.

iPhone Bug Directions Published on Net

As if we didn't have enough evesdropping and wiretap problems to worry about, now this headline...

Turn your iPhone into a bugging device!

7 Steps to turn your iPhone into a bugging device and then listen in over Wi-Fi.

Step 1) Open the free
Blue FiRe iPhone app...
...
Step 6) Set your iPhone down and leave the area to start gathering intel.


Step 7) Via any computer on the same Wi-Fi network as your iPhone go to the url you noted from the Browser Access window and download the audio file! TA DA!

For extra credit use your iPhone to record in STEREO with Mikey. (more)

Tech gadgets help corporate spying surge in tough times

via USA Today...
Corporate espionage using very simple tactics — much of it carried out by trusted insiders, familiar business acquaintances, even janitors — is surging. That's because businesses large and small are collecting and storing more data than ever before. What's more, companies are blithely allowing broad access to this data via nifty Internet services and cool digital devices. (more)

Monday, November 9, 2009

New Pocket Eavesdropping Device

Product Notes...
"Works on wooden walls, doors, windows, steel plates, etc. Highly Sensitive, carefully adjust audio slowly, as not to cause discomfort to your ear-buds. This product is being sold as an investigative tools for law enforcement or licensed investigators. Anyone else ordering this device should only be ordering it as a simple toy since MANY COUNTRIES STRICTLY PROHIBIT OWNERSHIP OF SPY DEVICES." (more)
Why do I mention it?
So you will know what you are up against.

Want to build one yourself? (start here)

Saturday, November 7, 2009

Hedge fund insider-trading scandal expands

One man snapped his cellphone in half and bit the memory card to conceal his actions, complaints allege. Fourteen more are charged in the continuing investigation.

Reporting from New York - As an eavesdropping-detection specialist, Kevin D. Murray normally works for companies concerned about possible spying by competitors.

But since a blockbuster insider-trading prosecution built on wiretaps and microphone-wearing informants became public last month, frantic hedge fund managers have raced to hire him.

"The nature of the question is 'Can you tell me if the government's bugging me?' " Murray said, adding that he turned down the three firms that approached him. (more)

All businesses need a counterespionage strategy and should inspect their premises periodically for illegal electronic surveillance. Illegal eavesdropping is a serious problem with costly consequences.

If you are the target of a government investigation, however, you are on your own. There isn't anybody who can tell you if your phones are tapped (even if they are willing to take your money to do so). Modern government electronic surveillance methods do not change the electrical characteristics of your phone. There is nothing to detect.

USB Sticks that Stick it to You

Short Story: Beware the "free" USB memory stick.
Long Geeky Story:
From: David Lesher
Subject: AMEX sends USB trojan keyboards in ads

A fellow user group member reported getting a USB-fob from American Express. When he plugged in to a port, it attempted to send his xterm command line to {the dots were hex digits, it appears.... [and PGN changed x to dot to avoid filtering]} but didn't succeed. [It may be Windows and Mac compatible, but not Linux...]

That address redirects to an Amex URL:

It identified itself on the USB chain as: Bus 003 Device 003: ID 05ac:020b Apple, Inc. Pro Keyboard [Mitsumi, A1048/US layout]

Since it's clearly NOT an Apple Pro Keyboard; one wonders why the manufacturer chose that false identity. The masquerade as a keyboard might also have been to penetrate those machines that do not blindly mount USB storage devices.

Risks: While we now look for incoming malware on the TCP/IP connections, clearly we need to similarly monitor the other ports as well; you can do just as much damage (or more) with a insider keyboard attack, given some social engineering. Is the power line next?

Thursday, November 5, 2009

Cautionary Tale: The administrator who didn't administrate.

Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer.

Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39, of Williamstown, Kentucky, both worked as managers for Indiana-based Stens Corporation until taking jobs with a competing company in Ohio, according to an indictment filed in federal court. On at least 12 occasions, they used old passwords to access their former employer's computer and access proprietary information, prosecutors allege.

Although the men left their jobs in 2004 and early 2005, they were able to use the outdated passwords successfully as late as September of 2006. On at least two occasions, administrators at Stens grew suspicious and terminated old passwords. The men simply tried different login credentials - and succeeded several times. (more)

Details of an Attorney's Tactics Revealed

"For years, Broward County's socially and politically connected marveled at the astonishing success of Fort Lauderdale lawyer Scott Rothstein and wondered: How does he do it?...

...Sakowitz said Rothstein boasted of having sophisticated eavesdropping equipment and that former cops would sift through potential defendants' garbage. With compromising evidence in hand, the firm urged the targets of the claims to pay a settlement without a public lawsuit." (more)