Monday, January 18, 2010

Burglar Leaves Present... that keeps on giving.

Australia ...police are investigating a computer crime they is the first of its type in the state. A man broke into a recruitment company's premises recently and stole cash and equipment. (nothing new so far) Police say security vision revealed he was in the office for several hours and installed software on a computer. They say the software could have allowed him remote access to sensitive information. (more)
Moral: Treat all security alarm calls (even if "false" and "nothing taken") as espionage events. ~Kevin

Close Your Windows... and they still see in.

A widespread but highly targeted cyber-attack shows that all versions of Windows can be compromised by a determined hacker - right now.

The consensus is that the attack came from Chinese-sponsored agents, using every trick they could to hack specific, profiled targets. These weren't your usual criminals aiming the daily blind scattergun at a huge swathe of Windows users, hoping to find those without anti-virus software, or running unpatched and outdated versions of Windows.

No, they pointed their laser sights at selected Western technology company staff, who were more likely running fully-patched versions of Windows and Internet Explorer. And, it's fair to suggest, with their corporate PCs fully equipped with modern anti-virus software.

And yet still they got in...

The hackers used a combination of social engineering - for example, spoofing an email to appear to come from a trusted colleague - along with zero-day vulnerabilities in all versions of Microsoft's swiss-cheese browsing device, otherwise known as Internet Explorer.

‘Zero-day vulnerability' is of course a euphemism for ‘a barn-sized security hole in the software to which the maker is entirely oblivious'. The software maker's screw-up is discovered by a would-be intruder, who uses it to walk in and effectively own the computer.

The suggestion is that this particular attack was industrial espionage, with the aim of stealing corporate technology secrets - all without the target ever aware that their PC was leaking its juicy contents to a distant spy.
(more)


Social Networking - Another Tenticle of Corporate Espionage

Social networks have become a goldmine of information for companies skilled in the art of connecting the dots - a little-noticed development that is beginning to concern companies.

Main Points...
• (Some companies) have an all too clear understanding of the impact social media data has - and are mining it for competitive purposes.

...unlike corporate espionage and hack attacks, it is legal, according to Bob Fox, head of a competitive intelligence program for Canadian entrepreneurs." he says (via the Globe and Mail).

• ...advises firms to monitor competitors' comments in the media, on industry blogs, at conferences and, yes, on social networks like Twitter and Facebook... These sites are potential gold mines for competitors that want to better understand client and partner relationships.

• A key question in most investigations is relationships - who knows who, who is transacting business with whom, she said. Connecting these dots becomes much easier when people link to their friends for all the world to see. Twitter especially can be valuable in this way.

People aren't using nearly as much discretion as they should - they will mention a project they are working on on Twitter. If a competitor is watching, it could pick up valuable nuggets of information.

New hires can also be telling - information that is readily found on LinkedIn.

Corporate 'spying' has never been easier - companies and organizations have little or no control over the information their employees share on social networks, and individuals generally make no distinction between public or confidential corporate data that they disseminate.
(more)


Safety Tips for Parents / Children with Internet-Enabled Portable Communications Devices

...via Australia / globally useful...
Police are warning parents and teenagers to consider the possible dangers associated with the use of mobile internet technology. The warning extends to so-called social locator applications. These are programs which issue alerts to the user via mobile phone when someone with the same activated application and similar interests enters their proximity.  

You don’t know with whom you are really communicating,” Detective Superintendent Kerlatec said, “It may not be who you really think it is. There’s also the possibility that someone, using the same applications, is electronically intercepting or eavesdropping on conversations between you and your friends,” he added.

Tips for parents:
• Be aware of how much time your child spends on the internet.
• Spend time talking to your child about the dangers associated with online conversations.
• Spend time exploring the internet with your children and let them teach you about their favourite websites.
• Keep the computer in a room the whole family can access; not in your child's bedroom.
• Consider installing filtering and/or computer blocking software provided by your Internet Service Provider. The Netalert web page provides information on a number of commercially-available products at www.netalert.net.au
• Ensure you are able to access your child's emails and randomly check the contents.
• Check your phone bill for unusual outgoing calls or consider using a "caller ID" device to identify incoming calls.
• Consult your telephone company for options designed to ensure privacy and security.
• Inquire with your child's school, public library and places they frequent to ascertain what internet safety measures they have in place.
• Information relating to internet safety is available on the NSW Police website at: http://www.police.nsw.gov.au/community_issues/children/child_exploitation

Tips for children:
• Do not send a picture of yourself to anyone you don't know and never place a full profile and picture anywhere on the internet.
• Never give out your personal information including name, home address, phone number or school, over the internet.
• Never arrange a face-to-face meeting with a stranger you have chatted with on the internet.
• Tell your parents or another adult of any contact that makes you feel uncomfortable.
(more)

Saturday, January 16, 2010

"Psssst... Wanabuy a primo bug, cheap?"

Broadway theaters, sports franchises and other public entertainment forums must change the radio frequency they use for their wireless microphones under an order issued Friday by the Federal Communications Commission.

Under the order, the groups have until June 12 to find other radio frequencies, something the theaters said could cost thousands of dollars per institution but that they can do.

The F.C.C.’s ruling relates to a broader shift in the way the nation allocates precious spectrum used to transmit signals for mobile phones, TVs and other devices. The commission said the transition was necessary to make spectrum in the 700-megahertz band available for use by next-generation wireless services for consumers and public safety agencies. (more)

FutureWatch
• NOW is the time for all good corporations and A/V companies to upgrade to encrypted wireless microphones for Boardrooms and hotel conference centers.
• Look for a spike in very inexpensive wireless microphones on Ebay. Some of them will find a second life as very high quality bugs.

Friday, January 15, 2010

Business Espionage - Google (more)

Google attack - part of widespread spying effort

U.S. firms face ongoing espionage from China... Google's decision Tuesday to risk walking away from the world's largest Internet market may have come as a shock, but security experts see it as the most public admission of a top IT problem for U.S. companies: ongoing corporate espionage originating from China. (more)

Espionage has many tentacles. Computer Hacking is only one of them. Hack attacks are the new thing and currently has press attention. A few years ago, Competitive Intelligence snatched the headlines. These diversions distract attention from basic every-day spy techniques: electronic surveillance (bugs & taps); physical intrusions, moles, social engineering, etc..

Google, like most large corporations,  should have a holistic counterespionage strategy in place... one which they don't discuss publicly. The counterespionage element of these corporate security programs takes into account all spying techniques.

If your organization does not have a counterespionage strategy, call me. If you think you don't need one, just remember who wrote "The Art of War."

Thursday, January 14, 2010

Another reason to keep my number handy!

Vic Pichette, who is a licensed private detective from Rhode Island for over 21-years, has started teaching individual Private Eye Classes.

"Covert video is now so state of the art, that almost no one can tell a camera from a clock. In this fun and exciting class, I teach people what is out there, why they need them, and how to use them."(more) (his number) (my number)
Thanks, Vic! 
I think this is what my friend John calls a 'self-licking ice cream cone'.

Wednesday, January 13, 2010

The data loss fines are coming. The data loss...

UK - The Information Commissioner's Office will be able to issue fines of up to £500,000 for serious data security breaches.
The new rule is expected to come into force in the UK on 6 April 2010. It has been approved by Jack Straw MP, Secretary of State for Justice. The size of the fine will be determined after an investigation to assess the gravity of the breach. Other factors will include the size and finances of the organisation at fault. (more)

Tuesday, January 12, 2010

Business Espionage - Google


Google Inc. said it is "reviewing the feasibility of our business operations in China" and may back out of China entirely, as it disclosed it had been hit with major cyberattacks it believes to have originated from the country.

Google disclosed its thinking in a blog post Tuesday. In the post, Google said it detected a "highly sophisticated and targeted attack on our corporate infrastructure originating from China" in mid-December and that the attack resulted in "the theft of intellectual property from Google." (more)

"MAV" The Scariest SiFi Movie You'll See this Year


FutureWatch - Air Force Bugbots - Micro Air Vehicle (MAVs). (Trailer)

The term micro air vehicle (MAV) or micro aerial vehicle refers to a type of unmanned air vehicle (UAV) that is remotely controlled. Today's MAVs are significantly smaller than those previously developed, with target dimensions reaching a maximum of approximately 15 centimetres (six inches). Development of insect-size aircraft is reportedly expected in the near future. Potential military use is one of the driving factors of development, although MAVs are also being used commercially and in scientific, police and mapping applications. Another promising area is remote observation of hazardous environments that are inaccessible to ground vehicles. Because these aircraft are often in the same size range as radio-controlled models, they are increasingly within the reach of amateurs, who are making their own MAVs for aerial robotics contests and aerial photography.

Finally, a movie that beats Runaway (released in 1984, of course) for bugbot creepiness. ~Kevin

"You sound like you're in a tin can."


You can insure absolute privacy and secrecy with “SCHER’S IMPROVED TELEPHONE MUFFLER”

You need not leave our desk or go to a private booth to talk freely, and confidentially over the phone. This invention gives the equivalence of a telephone booth.

It is instantly attached and detached on the telephone transmitter. No complicated parts. Occupies 3-1/2 inches of space on the mouth piece of “phone” and is at your elbow when in need. It is unquestionably the most useful telephone accessory of today. Made of Aluminum, lasts a lifetime. Used by U. S. Dept. of Agriculture, First N’tl Bank, Guarantee Trust Co.. and thousands of others over the world. If dealers can’t supply you, we will forward one prepaid on receipt of $3.50.

AGENTS wanted in U. S. and foreign countries. Write for territory.
The Amalgamated Sales Corp., Mfrs., 1478 Broadway, Dept. C.S., New York City
Source: Popular Electricity And Modern Mechanics
Issue: Sep, 1914

Sunday, January 10, 2010

SpyCam Story #566 - Bear in the Den (SFW)

No, no, the title did not say "Bare."

“On Friday the 8th January Doug Hajicek (with the help of Pix Controller and www.bear.org) installed an Infra Red camera system into Lily’s den near Ely, Minnesota. It is believed that Lily (a 2 year old black bear) is pregnant and there is an above average chance that she will give birth in mid January.”
The dark area in this screen shot is her fur. The live feed (with sound and 60Hz hum) can be seen here.

Saturday, January 9, 2010

Poll - Eavesdropping Law

Question: Which theory of eavesdropping law is better?

60% - One Party Consent... If you are part of a conversation, you can record it.

38% - Two Party Consent... Everyone in the conversation must agree to recording it.

1% - Other... (No reason or comment given.)

For more information on U.S. eavesdropping law... more  more

Friday, January 8, 2010

Leaky Laptops to get Eavesdropping Vaccine

Korea - Beware of what you talk about in front of your computer, as recordings of sensitive business deals could go straight to the ears of rivals or even the government.

The Korea Communications Commission and the Korea Internet and Security Agency said Friday it will draw up security recommendations after local Internet experts found that notebook computers with internal microphones are vulnerable to electronic eavesdropping.

Notebook makers will have to install an external on/off switch, while online security firms develop a defense system against software used to mask recording files. (more)

...and you thought this only happened at dealerships.

NC - Federal authorities are investigating whether the former commissioner of the state Division of Motor Vehicles illegally wiretapped the phone calls of agency employees. 

George Tatum, who resigned in 2007 amid a corruption scandal, had a special telephone in his office that allowed him to listen in on the calls of his subordinates without their knowledge, according to current DMV officials. Greg Lockamy, who retired unexpectedly last year after serving as the agency's internal affairs director, also had a phone set up for secret eavesdropping.

State law forbids intercepting phone calls without a warrant unless at least one person in the conversation knows the monitoring is taking place. (more)