A Japanese company that specialises in face recognition technology has claimed the need for security passwords and identity swipe cards may soon become a thing of the past. Omron is working on software that scans faces to help recognise customers and employees. (more)
Saturday, January 23, 2010
Passwords stink... Face It
A Japanese company that specialises in face recognition technology has claimed the need for security passwords and identity swipe cards may soon become a thing of the past. Omron is working on software that scans faces to help recognise customers and employees. (more)
Friday, January 22, 2010
If we are not in your Boardroom...
...keep quiet, and put in a few of these.The best move you can make for any Boardroom which isn't regularly swept for bugs... "Get down, and Boogie."
Improv Electronics has re-invented the old "Magic Slate."
Their version, called Boogie Board, is a pressure-sensitive tablet. It uses a watch battery for power, and only when the erase button is pushed. The secret is a Reflex LCD which doesn't need any power to keep the written secrets on the screen. The watch battery will last for 50,000 erases; cost $29.97. (more)
(Pssst... The Apple iPad will cost a whole lot more and provide less security.)
(Pssst... The Apple iPad will cost a whole lot more and provide less security.)
Limited Time Offer...
Use Murray Associates to clear your Boardroom on a quarterly basis this year and we'll supply a Boogie to Board members - FREE. We are always fun, and get the job done.--------
Did You Know?
• In the early 1920s, R.A. Watkins, the owner of a small printing plant in Illinois, was approached by a man who wanted to sell him the rights to a homemade device made of waxed cardboard and tissue, on which messages could be printed and then easily erased by lifting up the tissue. Watkins wanted to sleep on it, and told the man to return the next day. In the middle of the night, Watkins's phone rang and it was the man calling from jail. The man said that if Watkins would bail him out, he could have the device. Watkins agreed and went on to acquire a U.S. patent and rights, as well as the international rights for the device, which he called MAGIC SLATE. (via DrToy.com)
• (April, 1987) American journalists meeting with Soviet dissidents in Russia have occasionally used Magic Slates as a way of communicating. And last week, even the U.S. government bought the idea. In fact, Rep. Dan Mica (D-Fla.) and Rep. Olympia J. Snowe (R-Maine) received special instructions from the State Department to take the 99-cent toys with them on their recent inspection tour of the U.S. Embassy in Moscow. "An aide ran out to the local Toys 'R Us store and picked up a dozen," said John Gersuk, Mica's press secretary.
Now, not only has the child's toy put an unexpected kink in the multibillion dollar world of espionage, but it also has the $12-billion toy industry taking notice. (more)
"The best defense is a good... no, wait, uhhhh..."
Despite the objections of senior intelligence leaders, the White House National Security Council has instructed U.S. spy agencies to make intelligence gathering for China less of a priority. The move lowers China from "Priority 1" status to "Priority 2."
Intelligence leaders are concerned that the shift will hinder initiatives to acquire secrets about the Chinese government's military and its cyberattacks.
Anonymous administration officials say the policy is part of the White House's overarching effort to cultivate a friendlier, more constructive relationship with Beijing. But critics within the government charge that strategic intelligence on China will be downgraded over time, undoing what officials say are crucially necessary efforts to accrue more knowledge about China's political, economic, military, and intelligence operations. (more)
Thursday, January 21, 2010
GSM Bugs, or Cell Phones Gone Wild
If you are not already familiar with GSM Bugs, I could go over it again, or you could listen to this dangerous-sounding woman...
(These bugs are flooding the market; less than $60. on eBay.)
(These bugs are flooding the market; less than $60. on eBay.)
By the way...
New for 2010 at Murray Associates, is our in-house designed GSM Bug locator.
Our instrument instantly detects and plots the location of GSM Bugs on a computer map. Without this technology, mostly-dormant GSM Bugs range from difficult to impossible to find.
Murray Associates new investigative technique (Digital Surveillance Location Analysis™) is now part of our advanced TSCM inspection audits. Bonus... our new instrumentation also locates rogue Wi-Fi stations on our client's networks.
SpyCam Story #567 - HomerCam
IL - An Elgin man who admitted placing a spy camera in the women's bathroom at his workplace was sentenced Wednesday to two years of nonreporting probation, and no jail time, by a judge who indicated his lack of criminal record spared him a worse punishment.
(He) had faced a maximum three years in prison after pleading guilty in December to a felony charge of unauthorized video recording stemming from the July 31 discovery of the pen-size camera in a washroom at Ridgefield Industries, near Crystal Lake.
(He) had faced a maximum three years in prison after pleading guilty in December to a felony charge of unauthorized video recording stemming from the July 31 discovery of the pen-size camera in a washroom at Ridgefield Industries, near Crystal Lake.
Authorities said (he) recorded one female co-worker, but mostly what was recorded was himself looking into the lens while trying to figure out how to operate the camera ("Doh!"). The camera was discovered by another co-worker and turned over to police. (more)
Wednesday, January 20, 2010
IBM = I Be "M"
Its purchase of an intelligence firm signals boom time in the spy business. 
International Business Machines's move Wednesday to purchase National Interest Security Company (NISC) shows that the technology sector believes it can find growth servicing the government with high-end intelligence services. (more)
The "Why Us?" Question
"My company is regulated, with little to no R & D, no manufacturing, and only a very limited exposure in the competitive wholesale markets. In your professional opinion, what is our exposure or risk in regards to industrial//corporate espionage?"
• Lawsuit Strategy – Inside information from the Legal Department means big $$$ to the opposition.
• Labor / Management Issues – Contract negotiations create periods of very high-risk. Also consider this... Your Personnel Department is involved with a multitude of high-value situations (every day) where meetings, conversations and other 'real-time' decision-making conversations and data hold immense value to outsiders.
I am sure I can come up with a few more examples, but this should get you started.
Recommendation – Identify key physical areas impacted by the above. Provide these areas with quarterly or biannual (or a mixture) counterespionage audits. In addition to providing specific sensitive work environments with heightened privacy protection, you will have shown due diligence; necessary for obtaining 'business secret' status for your side in court.
Your question about espionage exposure is one I hear quite often; "Why us?"
Just as every person has uniqueness — their personality, list of friends, list of enemies, list of things someone might want to steal, etc. — corporations are unique as well. While I don't know much about the characteristics of your particular company, I can hazard a few rough guesses about possible corporate espionage risk areas...
• Media interest – Reporters digging for information to make headlines. A public safety issue, for example, might prompt a full expose on the company's policies, maintenance procedures, employee health epidemiology data, etc..
• Activist Group Interest – Media reports always have the potential to spark activist groups. Catalysts include: safety issues, regulatory issues, price increase hearings, etc.
• Stockholder Interest – When a price increase hearing is not favorable (possibly due in part to activist lobbying) predicted earnings may fall below expected levels, thus sparking stockholder unrest and desire for change. To support their case, collection of internal information becomes a priority for them.
• Construction Interest – Construction contracts usually incorporate a bidding process. The higher the stakes, the more desire for inside information. If espionage is successful, the company pays more than necessary and runs the risk of purchasing inferior products and services. Due diligence on this point alone is especially important if your construction impacts the public, in any way.
• Mergers & Acquisitions – Inside information means big $$$ to many outsiders.
Just as every person has uniqueness — their personality, list of friends, list of enemies, list of things someone might want to steal, etc. — corporations are unique as well. While I don't know much about the characteristics of your particular company, I can hazard a few rough guesses about possible corporate espionage risk areas...
• Media interest – Reporters digging for information to make headlines. A public safety issue, for example, might prompt a full expose on the company's policies, maintenance procedures, employee health epidemiology data, etc..
• Activist Group Interest – Media reports always have the potential to spark activist groups. Catalysts include: safety issues, regulatory issues, price increase hearings, etc.
• Stockholder Interest – When a price increase hearing is not favorable (possibly due in part to activist lobbying) predicted earnings may fall below expected levels, thus sparking stockholder unrest and desire for change. To support their case, collection of internal information becomes a priority for them.
• Construction Interest – Construction contracts usually incorporate a bidding process. The higher the stakes, the more desire for inside information. If espionage is successful, the company pays more than necessary and runs the risk of purchasing inferior products and services. Due diligence on this point alone is especially important if your construction impacts the public, in any way.
• Mergers & Acquisitions – Inside information means big $$$ to many outsiders.
• Intellectual Property Protection – Any unique advantage that makes your business profitable is a target for outsiders. They can make money by stealing it, or even just neutralizing it.
• Lawsuit Strategy – Inside information from the Legal Department means big $$$ to the opposition.
• Labor / Management Issues – Contract negotiations create periods of very high-risk. Also consider this... Your Personnel Department is involved with a multitude of high-value situations (every day) where meetings, conversations and other 'real-time' decision-making conversations and data hold immense value to outsiders.
I am sure I can come up with a few more examples, but this should get you started.
Recommendation – Identify key physical areas impacted by the above. Provide these areas with quarterly or biannual (or a mixture) counterespionage audits. In addition to providing specific sensitive work environments with heightened privacy protection, you will have shown due diligence; necessary for obtaining 'business secret' status for your side in court.
A Counterespionage Strategy is an important element in every corporate security program. Thank you for asking.
~Kevin
Tuesday, January 19, 2010
The Latest Surveillance Video Winners
The winners are in for the top three surveillance videos of the quarter... (videos)
Business Espionage - Starwood vs. Hilton
Starwood Hotels & Resorts Worldwide Inc. Thursday raised new allegations about the role of top Hilton Worldwide executives in an escalating corporate-espionage case.
Starwood sued Hilton and two former Hilton executives last April, alleging that they stole more than 100,000 documents containing "competitively sensitive information" and used it to pursue a rival to Starwood's successful "W" hotel chain.
On Thursday, it filed an amended complaint in U.S. District Court, White Plains, N.Y., claiming that Hilton's misconduct reached the highest levels of the McLean, Va., chain's management, including its chief executive officer, Christopher Nassetta, and its head of global development, Steven Goldman. The complaint says that the alleged theft was known to and condoned by at least five of the ten members of Hilton's executive committee. A Hilton spokeswoman declined all comment. (more)
Monday, January 18, 2010
Burglar Leaves Present... that keeps on giving.
Australia ...police are investigating a computer crime they is the first of its type in the state. A man broke into a recruitment company's premises recently and stole cash and equipment. (nothing new so far) Police say security vision revealed he was in the office for several hours and installed software on a computer. They say the software could have allowed him remote access to sensitive information. (more)
Moral: Treat all security alarm calls (even if "false" and "nothing taken") as espionage events. ~Kevin
Close Your Windows... and they still see in.
A widespread but highly targeted cyber-attack shows that all versions of Windows can be compromised by a determined hacker - right now.
The consensus is that the attack came from Chinese-sponsored agents, using every trick they could to hack specific, profiled targets. These weren't your usual criminals aiming the daily blind scattergun at a huge swathe of Windows users, hoping to find those without anti-virus software, or running unpatched and outdated versions of Windows.
No, they pointed their laser sights at selected Western technology company staff, who were more likely running fully-patched versions of Windows and Internet Explorer. And, it's fair to suggest, with their corporate PCs fully equipped with modern anti-virus software.
And yet still they got in...
The hackers used a combination of social engineering - for example, spoofing an email to appear to come from a trusted colleague - along with zero-day vulnerabilities in all versions of Microsoft's swiss-cheese browsing device, otherwise known as Internet Explorer.
‘Zero-day vulnerability' is of course a euphemism for ‘a barn-sized security hole in the software to which the maker is entirely oblivious'. The software maker's screw-up is discovered by a would-be intruder, who uses it to walk in and effectively own the computer.
The suggestion is that this particular attack was industrial espionage, with the aim of stealing corporate technology secrets - all without the target ever aware that their PC was leaking its juicy contents to a distant spy.
(more)
Social Networking - Another Tenticle of Corporate Espionage
Social networks have become a goldmine of information for companies skilled in the art of connecting the dots - a little-noticed development that is beginning to concern companies.
Main Points...
• (Some companies) have an all too clear understanding of the impact social media data has - and are mining it for competitive purposes.
• ...unlike corporate espionage and hack attacks, it is legal, according to Bob Fox, head of a competitive intelligence program for Canadian entrepreneurs." he says (via the Globe and Mail).
• ...advises firms to monitor competitors' comments in the media, on industry blogs, at conferences and, yes, on social networks like Twitter and Facebook... These sites are potential gold mines for competitors that want to better understand client and partner relationships.
• A key question in most investigations is relationships - who knows who, who is transacting business with whom, she said. Connecting these dots becomes much easier when people link to their friends for all the world to see. Twitter especially can be valuable in this way.
• People aren't using nearly as much discretion as they should - they will mention a project they are working on on Twitter. If a competitor is watching, it could pick up valuable nuggets of information.
• New hires can also be telling - information that is readily found on LinkedIn.
• Corporate 'spying' has never been easier - companies and organizations have little or no control over the information their employees share on social networks, and individuals generally make no distinction between public or confidential corporate data that they disseminate.
(more)
Safety Tips for Parents / Children with Internet-Enabled Portable Communications Devices
...via Australia / globally useful...
Police are warning parents and teenagers to consider the possible dangers associated with the use of mobile internet technology. The warning extends to so-called social locator applications. These are programs which issue alerts to the user via mobile phone when someone with the same activated application and similar interests enters their proximity.
You don’t know with whom you are really communicating,” Detective Superintendent Kerlatec said, “It may not be who you really think it is. There’s also the possibility that someone, using the same applications, is electronically intercepting or eavesdropping on conversations between you and your friends,” he added.
Tips for parents:
• Be aware of how much time your child spends on the internet.
• Spend time talking to your child about the dangers associated with online conversations.
• Spend time exploring the internet with your children and let them teach you about their favourite websites.
• Spend time talking to your child about the dangers associated with online conversations.
• Spend time exploring the internet with your children and let them teach you about their favourite websites.
• Keep the computer in a room the whole family can access; not in your child's bedroom.
• Consider installing filtering and/or computer blocking software
provided by your Internet Service Provider. The Netalert web page provides information on a number of commercially-available products at www.netalert.net.au
• Ensure you are able to access your child's emails and randomly check the contents.
• Check your phone bill for unusual outgoing calls or consider using a "caller ID" device to identify incoming calls.
• Consult your telephone company for options designed to ensure privacy and security.
• Inquire with your child's school, public library and places they frequent to ascertain what internet safety measures they have in place.
• Information relating to internet safety is available on the NSW Police website at: http://www.police.nsw.gov.au/community_issues/children/child_exploitation
• Consider installing filtering and/or computer blocking software
provided by your Internet Service Provider. The Netalert web page provides information on a number of commercially-available products at www.netalert.net.au• Ensure you are able to access your child's emails and randomly check the contents.
• Check your phone bill for unusual outgoing calls or consider using a "caller ID" device to identify incoming calls.
• Consult your telephone company for options designed to ensure privacy and security.
• Inquire with your child's school, public library and places they frequent to ascertain what internet safety measures they have in place.
• Information relating to internet safety is available on the NSW Police website at: http://www.police.nsw.gov.au/community_issues/children/child_exploitation
Tips for children:
• Do not send a picture of yourself to anyone you don't know and never place a full profile and picture anywhere on the internet.
• Never give out your personal information including name, home address, phone number or school, over the internet.
• Never arrange a face-to-face meeting with a stranger you have chatted with on the internet.
• Tell your parents or another adult of any contact that makes you feel uncomfortable.
• Do not send a picture of yourself to anyone you don't know and never place a full profile and picture anywhere on the internet.
• Never give out your personal information including name, home address, phone number or school, over the internet.
• Never arrange a face-to-face meeting with a stranger you have chatted with on the internet.
• Tell your parents or another adult of any contact that makes you feel uncomfortable.
(more)
Saturday, January 16, 2010
"Psssst... Wanabuy a primo bug, cheap?"
Broadway theaters, sports franchises and other public entertainment forums must change the radio frequency they use for their wireless microphones under an order issued Friday by the Federal Communications Commission.
Under the order, the groups have until June 12 to find other radio frequencies, something the theaters said could cost thousands of dollars per institution but that they can do.
The F.C.C.’s ruling relates to a broader shift in the way the nation allocates precious spectrum used to transmit signals for mobile phones, TVs and other devices. The commission said the transition was necessary to make spectrum in the 700-megahertz band available for use by next-generation wireless services for consumers and public safety agencies. (more)
Under the order, the groups have until June 12 to find other radio frequencies, something the theaters said could cost thousands of dollars per institution but that they can do.
The F.C.C.’s ruling relates to a broader shift in the way the nation allocates precious spectrum used to transmit signals for mobile phones, TVs and other devices. The commission said the transition was necessary to make spectrum in the 700-megahertz band available for use by next-generation wireless services for consumers and public safety agencies. (more)
FutureWatch
• NOW is the time for all good corporations and A/V companies to upgrade to encrypted wireless microphones for Boardrooms and hotel conference centers.
• Look for a spike in very inexpensive wireless microphones on Ebay. Some of them will find a second life as very high quality bugs.
Friday, January 15, 2010
Business Espionage - Google (more)
Google attack - part of widespread spying effortU.S. firms face ongoing espionage from China... Google's decision Tuesday to risk walking away from the world's largest Internet market may have come as a shock, but security experts see it as the most public admission of a top IT problem for U.S. companies: ongoing corporate espionage originating from China. (more)
Espionage has many tentacles. Computer Hacking
is only one of them. Hack attacks are the new thing and currently has press attention. A few years ago, Competitive Intelligence
snatched the headlines. These diversions distract attention from basic every-day spy techniques: electronic surveillance (bugs & taps); physical intrusions, moles, social engineering, etc..
is only one of them. Hack attacks are the new thing and currently has press attention. A few years ago, Competitive Intelligence snatched the headlines. These diversions distract attention from basic every-day spy techniques: electronic surveillance (bugs & taps); physical intrusions, moles, social engineering, etc.. Google, like most large corporations, should have a holistic counterespionage strategy in place... one which they don't discuss publicly. The counterespionage element of these corporate security programs takes into account all spying techniques
.
.
."
Subscribe to:
Comments (Atom)