Thursday, July 15, 2010

Lady Gaga meets Mr. Data

The soldier accused of downloading a huge trove of secret data from military computers in Iraq appears to have exploited a loophole in Defense Department security to copy thousands of files onto compact discs over a six-month period. In at least one instance, according to those familiar with the inquiry, the soldier smuggled highly classified data out of his intelligence unit on a disc disguised as a music CD by Lady Gaga. (more)
Posted by at
Labels: , , , , , ,

Spyware on Infected USB Sticks

via Krebsonsecurity.com
Researchers have discovered a sophisticated new strain of malicious software that piggybacks on USB storage devices and leverages what appears to be a previously unknown security vulnerability in the way Microsoft Windows processes shortcut files...

Independent security researcher Frank Boldewin said he had an opportunity to dissect the malware samples, and observed that they appeared to be looking for Siemens WinCC SCADA systems, or machines responsible for controlling the operations of large, distributed systems, such as manufacturing and power plants.

Looks like this malware was made for espionage,” Boldewin said. (more)

Posted by at
Labels: , ,

The under surveillance comics...

Posted by at
Labels: , , , ,

Wednesday, July 14, 2010

Special-Ops vs. Special-Ops

FL - The thieves hit on a weekend when no one was around. The target: a military contractor for the super secret Special Operations Command, the elite commandos who help coordinate the war on terror. The intruders entered through the roof, gaining access to iGov Technologies, which occupies suite 110 in the beige corporate center at 9211 Palm River Road. For the next nine hours, they loaded up more than 3,000 laptop computers and other equipment into two waiting semitrailer trucks. (more

Think your company could withstand an info-theft like this? If not, contact the counterespionage consultant who hosts this Security Scrapbook on their Web site.
Posted by at
Labels: , , ,

Two Polls

This poll reflects the opinions of our Security Scrapbook readers.  

Which privacy invasions concern you the most? 
(Pick three.)

26% - Mobile Phone Spyware
18% - Computer Spyware
14% - Bugging
12% - GPS Tracking
11% - Covert Video (SpyCams)
6% - Wiretapping
6% - Covert Voice Recording
5% - Physical Eavesdropping
1% - Other (unspecified)

The following poll asked about smartphone security concerns. It was independently conducted by one of our Security Scrapbook readers. 

They placed their poll on two very different Web sites; one sports oriented, one more military oriented.

What's your approach to smartphone security? 
(Poll allowed users to check more than one.)
29.3% - I just don't do financial stuff with it.
15.5% - Whatever came with it is good enough. I hope.
13.7% - I added a special security program.
13.7% - OK, but who'd want to hack/eavesdrop on me?
12% - Haven't even thought about it.
10.3% - I double-check all apps before downloading.
5.0% - Not worried - Apple's got my back.

Granted, neither poll is scientifically sound or statistically significant, but the answers are interesting on an informal level. 

Thanks to all who participated. 

If you have any ideas for future Security Scrapbook polls please let me know. ~Kevin

Posted by at
Labels: , , , , , ,

Monday, July 12, 2010

Inception - An Industrial Espionage Dream Job

Inception opens July 16th in theaters and IMAX
Dom Cobb is a skilled thief, the absolute best in the dangerous art of extraction, stealing valuable secrets from deep within the subconscious during the dream state, when the mind is at its most vulnerable. Cobb's rare ability has made him a coveted player in this treacherous new world of corporate espionage... (more) (more)

As we've been saying all along, the final frontier of eavesdropping is mind reading. Think of the movie Inception the same way you think of _this one_ ...just with a shorter flash to bang.
Posted by at
Labels: , , , ,

Bluetooth Bites Again

UK - A British woman's lawsuit against her ex-husband claims he bugged her car to record her private conversations during the final months of their marriage.

Baksho Devi Gora of Walsall, England, filed a High Court lawsuit seeking "substantial damages" from ex-husband Harvinder Singh Gora for allegedly violating her privacy by recording private telephone conversations from her car and playing them for family and friends, The Daily Telegraph reported Friday.
They were probably made via a small device secretly attached to the Bluetooth system in Mrs Gora's car in May 2008, said her barrister, Mr Eardley. (more) (how they do it)
Posted by at
Labels: , , , , ,

Spies Demise

Moscow - The 14 alleged spies deported from Russia and the U.S. remained out of public view over the weekend amid uncertainty over where they had been taken and how they would restart their lives...

Nuclear scientist Igor Sutyagin phoned his family from an unidentified hotel near London, where he is apparently confined by British authorities until a decision is made about whether he will remain in the U.K., his mother said.

The whereabouts of the others, including the 10 Russian agents expelled from the U.S. to Moscow, were unknown. (more)
Posted by at
Labels: , ,

Quis custodiet ipsos custodes?

via Wired.com...
We’re not sure what’s more humorous: That California Rep. Jane Harman, the ranking member of the House Intelligence Committee, maintains two unencrypted Wi-Fi networks at her residence, or that a consumer group sniffed her unsecured traffic in a bid to convince lawmakers to hold hearings about Google.

A representative for Consumer Watchdog — a group largely funded by legal fees, the Rose Foundation, Streisand Foundation, Tides Foundation and others — parked outside Harman’s and other lawmakers’ Washington-area residences to determine whether they had unsecured Wi-Fi networks that might have been sniffed by Google as part of the internet giant’s Street View and Google Maps program.

The group wants the House Energy and Commerce Committee, of which Harman is also a member, to haul Google executives before it, so they can publicly explain why, for three years, Google was downloading data packets from unencrypted Wi-Fi networks in neighborhoods in dozens of countries.(more)
Posted by at
Labels: , , , , ,

Bad Guys Bug Back

Pakistan - The Farozabad Police have arrested three suspected persons and recovered bugging devices and cameras, which could have been used for terrorism. (more)
Posted by at
Labels: , , , ,

Friday, July 9, 2010

"What to do?" The First Responder Blues

The Cell Phone
dum-di-dum-dum (makes a great ringtone)
...he’s looking at a homicide. For one thing, there’s that bullet in her head. He immediately realizes that another sort of witness to this crime might be on the other end of that phone connection. He reaches through the open car window to grab the phone and thumb through its recent call history. Then he stops himself...

...He knows better than to disturb a crime scene. And he’s never seen that particular model of phone—he could potentially push the wrong buttons and destroy evidence. He needs to get that device to a forensic lab, where the information can be extracted properly, in a way that preserves not only the contacts, call histories, text messages, e-mail, images, and videos but also their admissibility in court. (more)
"What would you do?" (click here)

The Bug in the Boardroom
It's a hot summer Monday morning. In the offices of Mongo Industries a secretary readies the Boardroom for the weekly strategy meeting. The air conditioning has been off all weekend, and just kicked in. Then...THUNK! 

Startled, she stares under the massive table. Her eyes adjust to the dark. A small dark object with gooey strips of masking tape near the Director's chair stares back.
"What would you do?" (click here)
Posted by at
Labels: , , , ,

Thursday, July 8, 2010

The employees are picking your pockets...

Thirty-five percent of companies believe that their organisation's sensitive information has been given to competitors, according to a new survey. 

Cyber-Ark Software's "Trust, Security and Passwords" global survey also found that 37 percent of IT professionals surveyed cited former employees as the mostly likely source of this loss. 

The IT security company questioned more than 400 senior IT administrators in the UK and US in the spring of 2010 for the fourth annual survey.

The survey found that the most popular sensitive information to be shared with competitors was the customer database (26 percent) and R&D plans (13 percent). (more)
Posted by at
Labels: , , , ,

"Who's your DB daddy? Say it. Say IT."

TX - A former IT senior database administrator at a Houston electricity provider was sentenced Tuesday to one year in prison for hacking into his former employer's computer network, the US Department of Justice said...

On April 30, 2008, after he was fired, Steven Jinwoo Kim, 40, of Houston, used his home computer to connect to Gexa's computer network and to a database containing information on about 150,000 Gexa customers, the DOJ said. Kim damaged the computer network and the database in the process, the DOJ said. 

Kim also copied and saved to his home computer a database file containing personal information on the Gexa customers, including their names, billing addresses, Social Security numbers, dates of birth and drivers license numbers. Kim's actions caused a $100,000 loss to Gexa, the DOJ said. (more)

Posted by at
Labels: , , , , , ,

Wednesday, July 7, 2010

USB coffee-cup warmer could be stealing your data

via New Scientist...
Are you sure that the keyboard or mouse you are using today is the one that was attached to your computer yesterday? It might have been swapped for a compromised device that could transmit data to a snooper.

The problem stems from a shortcoming in the way the Universal Serial Bus (USB) works. This allows almost all USB-connected devices, such as mice and printers, to be turned into tools for data theft, says a team that has exploited the flaw.

Welcome to the murky world of the "hardware trojan". Until now, hardware trojans were considered to be modified circuits. For example, if hackers manage to get hold of a microchip when it is still in the factory, they could introduce subtle changes allowing them to crash the device that the chip gets built into. (more)

Security Directors - You already know about the dangers of plugging in dirty USB memory sticks. Now, you need to consider the possibility that foreign governments are loading other "legitimate" USB devices with spyware at the chip level. (Hey, they did it with hard drives.) Alert the employees. Convince them to resist the "Oh, isn't it cute. Let's plug it in," temptation.
Posted by at
Labels: , , , ,

Indians Put Squeeze on BlackBerrys... again

India - Security concerns associated with the services of BlackBerry, the smartphone used by nearly a million customers in India, have come to the fore again, raising the possibility of a fresh standoff between the Canadian service provider and the government.

The government plans to give BlackBerry maker Research in Motion (RIM) 15 days to ensure that its email and other data services comply with ‘formats that can be read by security and intelligence agencies’ after its spooks recently raised a red flag against the popular handset, said department of telecom (DoT) officials familiar with the matter. (more)
Posted by at
Labels: , , , , , , , ,
Subscribe to: Comments (Atom)