Thursday, June 17, 2010

So, who's minding your intellectual property store?

More than half of Fortune 1000 companies lack a full-time chief information security officer, only 38% have a chief security officer, and just 20% have a chief privacy officer. As a result, a majority of companies are failing to adequately assess and manage the risks that information security and privacy issues pose to their business. 

Those findings come from "Governance of Enterprise Security," a new study released yesterday by Carnegie Mellon University's CyLab. The report is based on a survey of 66 board directors or senior executives who work at Fortune 1000 companies. Nearly half of respondents work at critical infrastructure companies. CyLab conducted a similar survey in 2008. (more)

If you business does not have a C-level IP warden in the watchtower, at least engage a good counterespionage consultant. You can find one here, or at one of the several URLs which hosts Kevin's Security Scrapbook.

Wednesday, June 16, 2010

Employee monitoring: When IT is asked to spy

With staff surveillance on the rise, high-tech types can be put in the awkward position of having to squeal on their fellow workers.

As corporate functions, including voice and video, converge onto IP-based networks, more corporate infractions are happening online. Employees leak intellectual property or trade secrets, either on purpose or inadvertently; violate laws against sexual harassment or child pornography; and waste time while looking like they are hard at work.

In response -- spurred in part by stricter regulatory, legal and compliance requirements -- organizations are not only filtering and blocking Web sites and scanning e-mail. Many are also watching what employees post on social networks and blogs, even if it's done from home using noncompany equipment.

They are collecting and retaining mobile phone calls and text messages. They can even track employees' physical locations using the GPS feature on smartphones. 

 Long story, but here is the bottom line...
It's more common that the IT manager doesn't know how to correctly preserve evidence, and probably doesn't even know what information might be legally relevant, says Jason M. Shinn, an attorney with Lipson, Neilson, Cole, Seltzer & Garin PC who specializes in electronic discovery and technology issues in employment law. (more)

SpyCams Gone Wild

OH - A 24-year veteran of the Mayfield Heights Fire Department could face dozens of charges after police accused him of placing hidden cameras in a Geauga County YMCA and his home in Chardon, where he secretly taped at least two teenage boys, investigators said.

Daniel J. Serge, 51, was charged Monday morning with pandering sexually oriented matter involving a minor...

Geauga County Sheriff Dan McClelland said he expects more charges to come after his deputies and state investigators finish combing through 60 videotapes, which average eight hours, and analyzing Serge's computer...

The investigation into Serge began last Tuesday when a worker at the Munson YMCA found an air freshener with a blinking light in a men's bathroom stall. The worker discovered the freshener contained a camera. Investigators think it had been there less than a day...

They found pinhole cameras, about an ⅛-inch in diameter, hidden in three of the four walls in Serge's bathroom. Wires hidden in the walls connected the cameras to recording equipment in a closet, McClelland said...

Serge worked for about three years with the nonprofit Hunt of a Lifetime Foundation, which organizes hunting trips for children and teenagers who have life-threatening illnesses. (more)

Eavesdropping Gone Wild

MA - The Middlesex District Attorney's office has announced that Shirley Town Administrator Kyle Keady was arrested yesterday in connection with an illegal wire tapping and videotaping scheme.

Keady was charged with illegal recording, illegal possession of a recording device, and video recording a person in a state of nudity...
 
State police went to town hall yesterday and talked to 46-year-old Keady where he allegedly admitted to using a baby monitor to record conversations of town employees.

Keady told police he did it because he didn't trust anyone and first started recording his secretary using a recorder he put in a plant on her desk without her knowledge.

During their interview with Keady, police asked him to empty the contents of his pockets where he had 9 zip drives with recordings and two camera pens wrapped in tape. (Yes, it gets worse.)

Update - Police Chief Bugging Case

MN - The former Gaylord police chief will serve one year probation after he was sentenced in Sibley County yesterday. 61 year old Dale Roiger was found guilty back in April of misconduct of a public officer - a gross misdemeanor - after having a "bug" planted in the Gaylord Chamber of Commerce office. (more)

Tuesday, June 15, 2010

Secret Agent Jobs - Full-time / Summer-time

The Clandestine Life  
Operations Officers and Collection Management Officers spend a significant portion of their time abroad. Typically, Operations Officers will serve 60% to 70% of their careers overseas, while Collection Management Officers will be overseas for 30% to 40% of their careers. Staff Operations Officers, although based in the Washington, D.C. area, travel overseas on a temporary basis. Language Officers also are primarily based in Washington, though short-term and some long-term foreign travel opportunities are available.

Officers in each of these careers are under cover. By the very nature of this clandestine business, officers can expect limited external recognition for themselves and their families. Instead, the Agency has its own internal promotions, awards and medals, and makes every effort to recognize the accomplishments of its personnel.

In addition to competitive pay, Officers are provided housing and receive overseas allowances and schooling benefits for their children when serving abroad. There are also other benefits, such as language pay incentives, that Officers can receive depending on their skills set and position duties. Collectively, the benefits enable Officers to make significant contributions that impact our national security, and experience a high level of job satisfaction and camaraderie throughout their career. (more) (full-time job openings) (summer jobs)

Smart Phones Smart

...via The Wall Street Journal 
In 2009, security experts identified 30 security flaws in the software and operating systems of smartphones made by companies like Apple, Nokia Corp. and BlackBerry maker Research In Motion Ltd., up from 16 the previous year, according to a review of records in the National Vulnerability Database, a repository created in 2005 by an agency of the U.S. Department of Commerce. Submissions are vetted and rated according to their severity... 

None of the companies contacted would discuss specific vulnerabilities, but all said they take security seriously. (more)

Monday, June 14, 2010

Muffin Maker Miffed as Secrets Walk

Chris Botticella knows the secret to those "nooks and crannies" in Thomas' English Muffins — the way they cradle butter and jam, and after a good toasting, produce just the right crunch.

It's a secret that the muffins' makers have gone to great lengths to protect over 75 years, allowing it to rack up $500 million in sales annually of the toaster treats.

The company says only seven executives know all three parts of its winning formula for making the muffins — including how much dough to use, the right amount of moisture and the proper way to bake them.

So it became alarmed and sued in January when Botticella, one of the trusted seven, decided to bolt and join rival Hostess, maker of Wonder Bread and Twinkies.

...lawyers say Botticella hid his new employment deal for months while attending high-level Bimbo meetings and debating strategies for competing with Hostess. They also accuse him of copying a dozen files onto a USB thumb drive in his final days, a charge he denies. (more)

Saturday, June 12, 2010

CIA Report Helps You Spot Espionage Before it Happens

Project Slammer, now partially declassified, was based on extensive prison interviews with some 30 former military and intelligence personnel who had been convicted of spying for Russia, China and other hostile powers during the Cold War, from the lowest enlisted men to senior CIA officers like Aldrich Ames. It sought to answer why they had violated the trust their agencies had bestowed on them.

Two of the most important factors in a mole’s decision to steal secrets... emotional distress, and lax security...

...the authors of the highly classified Project Slammer report, delivered to CIA management on April 12, 1990, emphasized that behavioral changes were often associated with acts of espionage. 

“Heavy drinking, drug dependence, signs of depression or stress, extramarital affairs and divorce could be warning signs of a security problem...” (more)

What type of person is pre-disposed to becoming a spy? 

Mobile Phone Spyware Crackdown

Romanian authorities arrested 50 individuals for using a special mobile-phone program to spy on their spouses, business partners or the competition. The spyware was able to steal call logs, e-mails, SMS messages or GPS data from smartphones and allowed attackers to eavesdrop on active phone calls and private discussions held in the vicinity of the device...

Police also arrested Dan Nicolae Oproiu, 30, of Deva, Hunedoara, an IT specialist who sold the surveillance program through a variety of websites. ...the spyware application was available for Symbian, Windows Mobile, iPhone OS and BlackBerry OS and came in three versions - Light, Pro and ProXRecorder, which differed in features.

Most of Oproiu's clients who were arrested two days ago did not have a criminal background and many were members of the so-called upper class. The list includes several businessmen, doctors, engineers, as well as a government official, a former member of the Parliament, a police officer, a prosecutor and even a judge. There are also strong indications that the software was also unlawfully used by several detective agencies and private investigators. (more)

Phone Eavesdropping in Vogue Again

The huge rise in physical data security measures has inadvertently triggered a new line of attack for criminals: phone correspondence.  

With traditional identity theft channels now closing, fraudsters are increasingly targeting unprotected voice conversations to obtain confidential insider information, passwords and PIN codes without detection. Voice correspondence is almost always uncharted territory for business security armour under the false assumption that phone hacking is a highly sophisticated and expensive means of attack.

The days of phone fraud involving thousands of pounds of equipment and an extensive army of technology experts are long gone. Only in December it was revealed that a computer engineer had broken the algorithm used to encrypt the majority of the world’s digital mobile phone calls online, and published his method...

...when assessing the threat posed by phone fraudsters and criminals, we need look no further than the regular examples of celebrity phone eavesdropping that is becoming commonplace. Even high profile national newspapers like the News of the World have become embroiled in the scandal, resulting in one of their reporters being jailed for listening in on calls between members of the royal family. Liberal Democrat Lembit Opik recently went public saying he was concerned his phone calls were being intercepted and PR guru Max Clifford settled a hacking dispute out of court for a six-figure sum. And who can forget the case of Tiger Woods, who found himself in hot water after several voicemail and text messages fell in the lap of numerous national newspapers and celebrity magazines.

These celebrity incidents are serious enough, but business leaders and public sector chiefs now need to readdress their approach to voice and message security, to protect themselves against this growing threat. 

Increasingly, phone fraudsters are being hired or trained by rival businesses, getting insider information and critical data without ever being suspected. (more)

Information about Cell Phone Privacy is available with a google search. Businesses, however, require additional assistance with making sure their phones (analog, digital and VoIP digital) remain untapped. Quarterly inspections by a TSCM security specialist are the norm. For additional information about these services click here, or contact the company who provided this link to Kevin's Security Scrapbook.

Friday, June 11, 2010

Twenty Minutes into the Future

Australia - Companies who provide customers with a connection to the internet may soon have to retain subscriber's private web browsing history for law enforcement to examine when requested, a move which has been widely criticised by industry insiders.

Currently, companies that provide customers with a connection to the internet don't retain or log subscriber's private web browsing history unless they are given an interception warrant by law enforcement, usually approved by a judge. It is only then that companies can legally begin tapping a customer's internet connection. (more)

FutureWatch - Ask Blank Reg over at Max Headroom. Watch out for Murray, he's clueless. Bilp-def... "Blanks, a counter-culture group of people who lived without any official numbers or documentation for the sake of privacy."

Hackers plant viruses in Windows smartphone games

3D Anti-Terrorist and PDA Poker Art -- are available on sites that provide legitimate software for mobile devices, according to John Hering, CEO of San Francisco-based security firm Lookout.

Those games are bundled with malicious software that automatically dials premium-rate telephone services in Somalia, Italy and other countries, sometimes ringing up hundreds of dollars in charges in a single month.

Victims generally do not realize they have been infected until they get their phone bill and see hundreds of dollars of unexpected charges for those premium-rate services, he said. (more

FutureWatch - Expect this trend to continue. Un-vetted software apps (unlike Apple apps) are currently the easiest targets.

Nineteen Minutes into the Future


Italy - Italian Prime Minister Silvio Berlusconi advanced a draft law through the senate that restricts the use of wiretaps by prosecutors and introduces fines and prison sentences for journalists who issue reports on tapped conversations.

The draft law's passage on Thursday by the senate prompted a torrent of criticism from Italian prosecutors, newspapers and opposition lawmakers. Mr. Berlusconi, a media magnate, says the bill aims to protect the privacy of Italians. Critics say the draft legislation, which still faces a vote in the lower house of Parliament, is an attempt by Mr. Berlusconi to weaken the judiciary branch's investigative powers and muzzle criticism of the prime minister in Italian media.

"The massacre of freedom has begun," said Anna Finocchiaro, a senator in the center-left Democratic Party. (more)

No pun intended?
Headline: "Italy's daily runs blank page"
Italy's left-leaning La Repubblica daily on Friday ran an all-white front page to protest a bill curbing police wiretaps and setting hefty fines on media for publishing transcripts of them. 'The muzzling law denies citizens the right to be informed,' reads a message, styled as a yellow Post-It note, on the otherwise blank space under the La Repubblica banner. (more)

Eighteen Minutes into the Future - Teleportation and the end of wiretapping?

A group of Chinese scientists has successfully achieved teleportation up to 9.9 miles, using quantum entanglement of photons...

"This is the longest reported distance over which photonic teleportation has been achieved to date, more than 20 times longer than the previous implementation," Discovery News quoted Cheng-Zhi Peng, one of the co-authors of the study and a scientist at University of Science and Technology of China and Tsinghua University in Beijing, as saying.

In science fiction, teleportation usually describes the transfer of matter from one point to another, more or less instantaneously - a spooky aspect of quantum mechanics.

According to the theory, bits of light and matter can become entangled with one another and anything that happens to one particle will happen to the other, regardless of the distance or intervening matter...

A teleported telephone call, although no faster than a regular one, would however, be impenetrable and eavesdropping on a teleported telephone call would be impossible. (more)

The research is published in the current issue of the journal Nature Photonics.

FutureWatch: Teleportation's integration with communications. Then, teleportation as it relates to synchronicity... and a possible explanation to "it's a small world" and other coincidences.