Tuesday, January 26, 2010

Espionage Flash: Wiretappers Caught in the Act

LA - Alleging a plot to wiretap Democratic Sen. Mary Landrieu's office in the Hale Boggs Federal Building in downtown New Orleans, the FBI arrested four people Monday, including James O'Keefe, a conservative filmmaker whose undercover videos at ACORN field offices severely damaged the advocacy group's credibility.

Also arrested were Joseph Basel, Stan Dai and Robert Flanagan, all 24. Flanagan is the son of William Flanagan, who is the acting U.S. Attorney for the Western District of Louisiana, the office confirmed. All four were charged with entering federal property under false pretenses with the intent of committing a felony.

According to the FBI affidavit, Flanagan and Basel entered the federal building at 500 Poydras Street about 11 a.m. Monday, dressed as telephone company employees, wearing jeans,  fluorescent green vests, tool belts, and hard hats. When they arrived at Landrieu's 10th floor office, O'Keefe was already in the office and had told a staffer he was waiting for someone to arrive.

When Flanagan and Basel entered the office, they told the staffer they were there to fix phone problems. ...the staffer gave Basel access to the main phone at the reception desk. The staffer told investigators that Basel manipulated the handset. He also tried to call the main office phone using his cell phone, and said the main line wasn't working. Flanagan did the same.

They then told the staffer they needed to perform repair work on the main phone system and asked where the telephone closet was located. The staffer showed the men to the main General Services Administration office on the 10th floor, and both went in. There, a GSA employee asked for the men's credentials, after which they stated they left them in their vehicle.

The U.S. Marshal's Service apprehended all four men shortly thereafter. (more) (FBI Press Release) 

Spybusters Tip # 623 - Do not allow service people on your premises until you can verify who in your organization called them, and why. Photocopy their credentials. Conduct your proactive inspections for bugs and wiretaps, quarterly.

SpyCam Story #555 - Along Came Jones (Update)

MI - A former Brighton City Councilman charged with spying on female employees has entered a plea in the case. 54 year old Richard Gienapp, the owner of Mexican Jones restaurant in Brighton, pleaded guilty Friday to one count of surveillance of an un-clothed person. In exchange, prosecutors dropped two separate counts of installing and possessing an eavesdropping device.

The prosecution also agreed to not issue any other charges involving computer images of child sexually abusive material.

State Police say Gienapp placed a camera in an office at the restaurant where he spied on a female employee as she undressed. He faces up to two years in prison when he is sentenced on March 4th.

Gienapp has been in and out of court all month in separate cases. Last week, he pleaded guilty to failing to conspicuously post notice of his alcohol license being suspended at his restaurant. He was also recently convicted of filing a false police report. He was sentenced to 10 days of community service and 12 months of probation but soon filed a motion for a new trial, which was rejected by 53rd District Court Judge Theresa Brennan. (more) (original)

Man Bites Dog Story

China Accuses U.S. of Cyberwarfare
In the wake of a recent speech by U.S. Secretary of State Hillary Clinton condemning countries that censor the internet and engage in hacking, China has lobbed a return volley and accused the United States of hypocrisy and initiating cyberwarfare against Iran. (more)

Thursday is International Data Privacy Day

On January 28, 2010... Search Engine Startpage.com Introduces Free Anonymous Web Browsing

Startpage, the self-proclaimed "world's most private search engine", and its E.U. brand, Ixquick will release a new proxy service that allows users to surf the web with complete privacy. The proxy lets users browse websites safely and anonymously, without passing on any private, personally identifiable information to the websites they view.

The Startpage proxy is a free service that works in conjunction with the Startpage search engine, available at www.startpage.com. When users perform a search, they will find a clickable "proxy" option below each search result. When this option is selected, Startpage acts as an intermediary to retrieve the page and display it in a privacy-protected Startpage window.

The proxy offers complete anonymity, since the user never makes direct contact with the third-party website. The user's IP address is invisible to the viewed website. In addition, the website cannot see or place cookies on the user's browser. (video)

Sunday, January 24, 2010

How Not to Handle a Bug Find

LA - West Feliciana Parish Sheriff J. Austin Daniel said Friday he asked State Police detectives to investigate a report of a listening device being planted in a Police Jury office.


Daniel said determining who planted the device may be difficult because a Police Jury employee took it apart and removed a battery.

The sheriff also said the device was found around Thanksgiving but was not reported to him until after Christmas. (more)

How to handle a bug find... (here)

So, a trusted employee is starting a new company.

Business espionage often begins closer to home than you think.

Over three decades, I have heard this too many times... "I think my employee is stealing business and is planning on competing with me. What should I do?"

This is pretty much a textbook case...
• Employee starts a side business using the employer’s resources, methods, client lists, and often client products.
• Employee plans to leave when business is self-sustaining.
• Employee quietly recruits other employees.
• Employee leaves, or is discovered and is fired.
• Over time, other employees desert to go work for the ringleader, taking even more intellectual property.
• Covert lines of communications remain open between the two businesses: employee chit-chat, room bugs, telephone wiretaps, computer spyware, unauthorized access to email/voicemail, etc.
• The employer takes appropriate investigative/legal steps... or slowly bleeds to death.

Recommendations:
• Act quickly and firmly.
• Secure personnel records and back them up off-site. Especially important: Non-compete agreements, termination agreements, signed copies of company rules, etc.)
• Take any collected evidence to an outside attorney to determine a course of action for investigation, employee termination and possible prosecution.• Document evidence of business diversion. (Talk to customers openly, or indirectly. Consider setting up a sting.)
• Monitor and back-up their business e-mails, if legal in your state.
• Conduct a survey for electronic surveillance devices and other counterespionage vulnerabilities. (Hire the best specialist you can find. You may only get once chance to do this part correctly.)
• As soon as possible, conduct a forensic examination all their company-owned computer devices. (Computers, PDAs, Cell phones, etc..) Hire the best specialist you can find. You may only get once chance to do this part correctly.
• Upon termination of the first rogue employee, conduct interviews with remaining employees (with your attorney). Let them know the full ramifications of intellectual property theft.
• Notify customers of personnel changes.
• Quickly, introduce replacement personnel.
• Notify recently departed customers of the situation, and warn them (nicely) of potential ramifications (if any) from dealing with renegade employees.
• Develop a marketing device to keep remaining customers loyal.
• Monitor competition for future compliance.

Your situation may require additional, or alternate, steps. Partner with a counterespionage specialist for direct advice. ~Kevin

Saturday, January 23, 2010

Passwords stink... Face It

A Japanese company that specialises in face recognition technology has claimed the need for security passwords and identity swipe cards may soon become a thing of the past. Omron is working on software that scans faces to help recognise customers and employees. (more)

Friday, January 22, 2010

If we are not in your Boardroom...

...keep quiet, and put in a few of these.

The best move you can make for any Boardroom which isn't regularly swept for bugs... "Get down, and Boogie."

Improv Electronics has re-invented the old "Magic Slate."

Their version, called Boogie Board, is a pressure-sensitive tablet. It uses a watch battery for power, and only when the erase button is pushed. The secret is a Reflex LCD which doesn't need any power to keep the written secrets on the screen. The watch battery will last for 50,000 erases; cost $29.97. (more)  
(Pssst... The Apple iPad will cost a whole lot more and provide less security.)

Limited Time Offer...
Use Murray Associates to clear your Boardroom on a quarterly basis this year and we'll supply a Boogie to Board members - FREE. We are always fun, and get the job done.

--------

Did You Know?
• In the early 1920s, R.A. Watkins, the owner of a small printing plant in Illinois, was approached by a man who wanted to sell him the rights to a homemade device made of waxed cardboard and tissue, on which messages could be printed and then easily erased by lifting up the tissue. Watkins wanted to sleep on it, and told the man to return the next day. In the middle of the night, Watkins's phone rang and it was the man calling from jail. The man said that if Watkins would bail him out, he could have the device. Watkins agreed and went on to acquire a U.S. patent and rights, as well as the international rights for the device, which he called MAGIC SLATE. (via DrToy.com)

• (April, 1987) American journalists meeting with Soviet dissidents in Russia have occasionally used Magic Slates as a way of communicating. And last week, even the U.S. government bought the idea. In fact, Rep. Dan Mica (D-Fla.) and Rep. Olympia J. Snowe (R-Maine) received special instructions from the State Department to take the 99-cent toys with them on their recent inspection tour of the U.S. Embassy in Moscow. "An aide ran out to the local Toys 'R Us store and picked up a dozen," said John Gersuk, Mica's press secretary.

Now, not only has the child's toy put an unexpected kink in the multibillion dollar world of espionage, but it also has the $12-billion toy industry taking notice. (more)

"The best defense is a good... no, wait, uhhhh..."

Despite the objections of senior intelligence leaders, the White House National Security Council has instructed U.S. spy agencies to make intelligence gathering for China less of a priority. The move lowers China from "Priority 1" status to "Priority 2."

Intelligence leaders are concerned that the shift will hinder initiatives to acquire secrets about the Chinese government's military and its cyberattacks.

Anonymous administration officials say the policy is part of the White House's overarching effort to cultivate a friendlier, more constructive relationship with Beijing. But critics within the government charge that strategic intelligence on China will be downgraded over time, undoing what officials say are crucially necessary efforts to accrue more knowledge about China's political, economic, military, and intelligence operations. (more)

Thursday, January 21, 2010

GSM Bugs, or Cell Phones Gone Wild

If you are not already familiar with GSM Bugs, I could go over it again, or you could listen to this dangerous-sounding woman...
(These bugs are flooding the market; less than $60. on eBay.)



By the way...
New for 2010 at Murray Associates, is our in-house designed GSM Bug locator.

Our instrument instantly detects and plots the location of GSM Bugs on a computer map. Without this technology, mostly-dormant GSM Bugs range from difficult to impossible to find.

Murray Associates new investigative technique (Digital Surveillance Location Analysis™) is now part of our advanced TSCM inspection audits. Bonus... our new instrumentation also locates rogue Wi-Fi stations on our client's networks.

Not a client, yet?
Become one.
You won't find this level of security elsewhere.
Start here.

SpyCam Story #567 - HomerCam


IL - An Elgin man who admitted placing a spy camera in the women's bathroom at his workplace was sentenced Wednesday to two years of nonreporting probation, and no jail time, by a judge who indicated his lack of criminal record spared him a worse punishment. 

(He) had faced a maximum three years in prison after pleading guilty in December to a felony charge of unauthorized video recording stemming from the July 31 discovery of the pen-size camera in a washroom at Ridgefield Industries, near Crystal Lake.

Authorities said (he) recorded one female co-worker, but mostly what was recorded was himself looking into the lens while trying to figure out how to operate the camera ("Doh!"). The camera was discovered by another co-worker and turned over to police. (more)

Wednesday, January 20, 2010

IBM = I Be "M"

Its purchase of an intelligence firm signals boom time in the spy business.
International Business Machines's move Wednesday to purchase National Interest Security Company (NISC) shows that the technology sector believes it can find growth servicing the government with high-end intelligence services. (more)

The "Why Us?" Question

"My company is regulated, with little to no R & D, no manufacturing, and only a very limited exposure in the competitive wholesale markets. In your professional opinion, what is our exposure or risk in regards to industrial//corporate espionage?"

Your question about espionage exposure is one I hear quite often; "Why us?"

Just as every person has uniqueness — their personality, list of friends, list of enemies, list of things someone might want to steal, etc. — corporations are unique as well. While I don't know much about the characteristics of your particular company, I can hazard a few rough guesses about possible corporate espionage risk areas...

• Media interest – Reporters digging for information to make headlines. A public safety issue, for example, might prompt a full expose on the company's policies, maintenance procedures, employee health epidemiology data, etc..

• Activist Group Interest – Media reports always have the potential to spark activist groups. Catalysts include: safety issues, regulatory issues, price increase hearings, etc.

• Stockholder Interest – When a price increase hearing is not favorable (possibly due in part to activist lobbying) predicted earnings may fall below expected levels, thus sparking stockholder unrest and desire for change. To support their case, collection of internal information becomes a priority for them.

• Construction Interest – Construction contracts usually incorporate a bidding process. The higher the stakes, the more desire for inside information. If espionage is successful, the company pays more than necessary and runs the risk of purchasing inferior products and services. Due diligence on this point alone is especially important if your construction impacts the public, in any way.

• Mergers & Acquisitions
– Inside information means big $$$ to many outsiders.

• Intellectual Property Protection – Any unique advantage that makes your business profitable is a target for outsiders. They can make money by stealing it, or even just neutralizing it.

• Lawsuit Strategy – Inside information from the Legal Department means big $$$ to the opposition.

• Labor / Management Issues – Contract negotiations create periods of very high-risk. Also consider this... Your Personnel Department is involved with a multitude of high-value situations (every day) where meetings, conversations and other 'real-time' decision-making conversations and data hold immense value to outsiders.

I am sure I can come up with a few more examples, but this should get you started.

Recommendation – Identify key physical areas impacted by the above. Provide these areas with quarterly or biannual (or a mixture) counterespionage audits. In addition to providing specific sensitive work environments with heightened privacy protection, you will have shown due diligence; necessary for obtaining 'business secret' status for your side in court.

A Counterespionage Strategy is an important element in every corporate security program. Thank you for asking.
~Kevin

Tuesday, January 19, 2010

The Latest Surveillance Video Winners

The winners are in for the top three surveillance videos of the quarter... (videos)

Business Espionage - Starwood vs. Hilton

Starwood Hotels & Resorts Worldwide Inc. Thursday raised new allegations about the role of top Hilton Worldwide executives in an escalating corporate-espionage case.

Starwood sued Hilton and two former Hilton executives last April, alleging that they stole more than 100,000 documents containing "competitively sensitive information" and used it to pursue a rival to Starwood's successful "W" hotel chain.

On Thursday, it filed an amended complaint in U.S. District Court, White Plains, N.Y., claiming that Hilton's misconduct reached the highest levels of the McLean, Va., chain's management, including its chief executive officer, Christopher Nassetta, and its head of global development, Steven Goldman. The complaint says that the alleged theft was known to and condoned by at least five of the ten members of Hilton's executive committee. A Hilton spokeswoman declined all comment. (more)