Bad Day for Spies Worldwide

France - A former senior spy accused of revealing French state secrets and the identities of fellow operatives in his recently-released memoir was being questioned by French police today. Defence Minister Herve Morin filed a complaint against Pierre Siramy, whose real name is Maurice Dufresne, author of "25 Years in the Secret Services," released in April. (more)

S. Korea - South Korea's military on Wednesday sought an arrest warrant for a two-star army general accused of leaking the country's war plan and other secrets to North Korea, a news report said. The Defence Security Command asked military prosecutors to arrest the major-general identified only as Kim for leaking classified information, Yonhap news agency said. (more)

India - The army has started probing the charges of espionage against an army officer posted in Andaman and Nicobar. He is being suspected of spying for Pakistan. About a month ago, when reports emerged that a major in Port Blair was caught spying for Pakistan, the army had dismissed it saying that his computer had been hacked by an external agency. But the government is now expecting to unearth a much larger spy network embedded in the military. (more)

Afghanistan - Suspected Taliban militants executed a seven-year-old boy in southern Afghanistan after accusing him of spying for the government, a provincial official said Wednesday. The child was captured by the militants in Sangin district of southern province of Helmand Tuesday, Daoud Ahmadi, a spokesman for the provincial governor, said. "The militants killed the seven-year-old boy in Heratiyan village of the district, on charges of espionage for Afghan government," Ahmadi said, citing information provided to police by relatives. (more)

Beware the Attack of the Killer Apps

Security researchers and government officials are growing increasingly concerned about the security of smartphone applications. Those concerns have been prompted by the discovery of a number of potentially dangerous apps in the app stores run by smartphone makers...

The Federal Bureau of Investigation's Cyber Division, meanwhile, is investigating a number of malicious programs that have appeared in app stores, including apps designed to compromise mobile banking services and programs designed to be used by foreign countries to conduct espionage. (more)

"Just don't let the birds see them." ~Hitchcock

The way light hits a tropical butterfly's wings could make your bank card safer, according to a new U.K. study.

That's because scientists are now able to mimic the cell structure of butterfly scales to encrypt information on banknotes and other secure cards, researchers at Britain's Cambridge University say.

"We have unlocked one of nature's secrets and combined this knowledge with state-of-the-art nanofabrication to mimic the intricate optical designs found in nature," said lead researcher Mathias Kolle on the university's website. (more)

Run a shadow OS on your computer for super secrecy...

via lifehacker.com

...if you're really serious about protecting your data, you can actually hide your entire operating system. Here's how to do it.

To accomplish this task, we'll be using TrueCrypt, our favorite free and open-source disk encryption software that runs on all platforms, supports hidden volumes, and can even encrypt your entire hard drive.


Once we've completed the setup, you'll have two Windows installations and two passwords. One password will activate a hidden Windows installation as your real operating system, and the other, a decoy install to throw intruders off the trail. (more)

Mobile Smart Phone Spying... There are apps for that!

 As smartphones and the applications that run on them take off, businesses and consumers are beginning to confront a budding dark side of the wireless Web....

"Mobile phones are a huge source of vulnerability," said Gordon Snow, assistant director of the Federal Bureau of Investigation's Cyber Division. "We are definitely seeing an increase in criminal activity."

The FBI's Cyber Division recently began working on a number of cases based on tips about malicious programs in app stores, Mr. Snow said. The cases involve apps designed to compromise banking on cellphones, as well as mobile "malware" used for espionage by foreign nations, said a person familiar with the matter. To protect its own operations, the FBI bars its employees from downloading apps on FBI-issued smartphones. (more)

Buy, buy anonymous pre-paid cell phones...

A bipartisan pair of Senate leaders have introduced a first-of-its-kind bill aimed at stopping terrorist suspects such as the would-be Times Square bomber from hiding their identities by using prepaid cellphones to plot their attacks.

The legislation sponsored by Sen. Charles E. Schumer (D-N.Y.) and Sen. John Cornyn (R-Tex.) would require buyers to present identification when purchasing a prepaid cellphone and require phone companies to keep the information on file, as they do with users of landline phones and subscription-based cellphones. The proposal would require the carriers to retain the data for 18 months after the phone's deactivation. (more) 
...while you can.

"Y" ??? Because I liked you.

A former assistant to a top Disney executive was arrested for allegedly trying to sell the company's quarterly earnings to buyers who wanted to trade on inside information.
    

Prosecutors say Bonnie Hoxie, 33, who has worked as a secretary for Disney's PR chief since 2007, passed along inside information such as quarterly earnings statements to her boyfriend, Yonnie Sebbag aka Jonathan Cyrus, who was also arrested for his alleged role in the crime.
    

Sebbag, 29, then tried to sell the inside information to investors by sending anonymous letters to hedge funds and investment companies, according to the complaint in Federal Court. (more)

iPhone PIN Prick

Basically, plugging an up-to-date, non jail-broken, PIN-protected iPhone (powered off) into a computer running Ubuntu Lucid Lynx will allow the people to see practically all of the user's data--including music, photos, videos, podcasts, voice recordings, Google safe browsing databases, and game contents. The "hacker" has read/write access to the iPhone, and the hack leaves no trace. (more)

Poll: Is '21st Century Living' worth the privacy tradeoffs?

Kevin's Security Scrapbook Poll Results

"Is '21st Century Living' worth the privacy tradeoffs?"
56.25%  No, not at all!
31.25%  Yes, definitely!
12.5%  The tradeoffs balance it all out.

A Data Loss Statistics Repository

DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The effort is now a community one.  

Help keep this Museum of Bitten Bytes going.
Open Security Foundation is the non-profit organization which runs the project. Their Web site, DataLossDB.org, asks for contributions of new incidents and new data for existing incidents. You can also contribute money.

Here is how some of their information is used...
The world's coolest data breach map!
Guaranteed to scare the dollars out of any tight-fisted CFO.

3 Graphic Arts Spy Techniques

If you use Photoshop or Illustrator you can send secret messages...
"You’re mission, if you choose to accept, is to learn how to smuggle secret information out of a building using Illustrator, encrypt a simple message using Photoshop and send a yes/no type of answer to a network of spies using a picture without any direct interaction. Enjoy!" (more)

Another Formula One Spy Scandal?

Formula One seems to thrive on scandal. Hardly a year goes by without some kind of dispute putting the sport on the front pages rather than the sports pages.

In recent years we have had Tyregate, Spygate, Liegate, Crashgate and even Spankgate. What next?

Well, according to a report in the Express by Pitpass' business editor Chris Sylt, it looks like a Spygate sequel is on the horizon.

Records at the UK's High Court show that Force India has launched a damages claim against the companies which run Lotus Racing alleging that they copied the windtunnel model which its car is based on.

The claim has echoes of the row which erupted in 2007 when the FIA fined McLaren $100m for possessing blueprints from Ferrari. (more)

"Place of the gods" gets CCTV

Hotels in the Tibetan capital, Lhasa, are being forced to install electronic surveillance equipment amid an ongoing security clampdown in the city, industry sources said... The hotel security measures come hard on the heels of tighter curbs on the cultural lives of Tibetans, including the use of print shops to replicate Tibetan-language material. (more)

Guess who runs CCTV.com.

Client Alert - FM Wireless Microphones - Illegal

FM Wireless Microphones capable of operations in the 700 MHz frequency range become illegal to use, in the United States, in just less than two weeks. 

For years, I have been advising clients to stop using FM wireless microphones in their Boardrooms and at off-site meetings. Eavesdropping on their transmissions is just too easy. 

A new generation of digital and encrypted wireless microphones are available to replace them. "Now" is an excellent time to justify the switch.

The FCC says... "To see if your wireless microphone operates on the 700 MHz band, simply click on the name of the manufacturer and see if your model is listed. (chart)

• If your model is listed on the table, it is a 700 MHz wireless microphone and can not be used after June 12, 2010. 
  
  
• If you can find your manufacturer’s name and your equipment is not listed, then you may continue using your wireless microphone because it does not operate in the 700 MHz Band. (Due to the eavesdropping risk, Murray Associates does not recommend this option.)

If your manufacturer is not listed, please contact the FCC for additional assistance to determine if your wireless microphone operates on the 700 MHz Band."

Need a source for digital wireless microphones?  

• Revolabs

• Audio-Technica - SpectraPulse™ Ultra Wideband (UWB) (white paper)

• Lectrosonics (...and an Encryption White Paper)

• Zaxcom 

• Mipro ACT-82 

• Telex SAFE-1000

The Geek Chorus on USB Sticks

Background... The Unsolicited "Gift" USB Stick

The latest proof...

Australia - IBM has been left with egg on its face after it distributed virus-laden USB keys to attendees at Australia's biggest computer security conference.

Delegates of the AusCERT conference, held over the past week at the Royal Pines Resort on the Gold Coast, were told about the malware problem in a warning email this afternoon by IBM Australia chief technologist Glenn Wightwick.

The incident is ironic because conference attendees include the who's who of the computer security world and IBM was there to show off its security credentials. (more)