Tuesday, August 3, 2010

Free CIA / Google App Tells Future

Google and the CIA are both investing in a company that monitors the web in real time.

The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents — both present and still-to-come. In a white paper, the company says its temporal analytics engine "goes beyond search" by "looking at the 'invisible links' between documents that talk about the same, or related, entities and events."

The idea is to figure out for each incident who was involved, where it happened and when it might go down. Recorded Future then plots that chatter, showing online "momentum" for any given event.

"The cool thing is, you can actually predict the curve, in many cases," says company CEO Christopher Ahlberg, a former Swedish Army Ranger with a PhD in computer science. (more

Want to see the future? Recorded Future will let you sign up for a free account ...but they already knew you would.

"Berry discriminating."

The BlackBerry -- renown for the security of its messaging -- doesn't offer 100 percent protection from eavesdropping. At least not in the United States.

U.S. law enforcement officials said they can tap into emails and other conversations made using the device, made by Research in Motion, as long as they have proper court orders.

RIM's willingness to grant authorities access to the messages of its clients is a hot-button issue. The United Arab Emirates claims it does not have the same kind of surveillance rights to BlackBerry messages as officials in the United States. It has threatened to clamp down on some services unless they get more access.

The exact details of the dispute remain unclear, but security experts say that many governments around the world enjoy the ability to monitor BlackBerry conversations as they do communications involving most types of mobile devices. (more)

Monday, August 2, 2010

...and the mouse was turned over to the ASPCA

MS — Two Mississippi men are facing charges after allegedly wrapping blocks of wood in duct tape and bubble wrap, attaching Toshiba labels to them and trying to pass them off as laptops. No one actually bought the fakes, but authorities in Hinds County have charged the men with trademark infringement and selling goods with counterfeit labels. (more)

Bugging, spy scandal rocks Safa leadership

South Africa - World Cup kingpin Danny Jordaan and three other soccer bosses have been having their movements tracked over the last few months without their knowledge.

Jordaan, who is the Local Organising Committee’s CEO; former SA Football Association (Safa) president Molefi Oliphant; vice-president Mandla Mazibuko; and CEO Leslie Sedibe discovered this month that monitoring devices had been secretly fitted to their cars...

Sedibe has commissioned an investigation to be conducted by an independent security expert...

Oliphant revealed to City Press that his phone had been bugged while he was still the Safa president. (more)

Sunday, August 1, 2010

Night of the living CrackBerry's

The United Arab Emirates said Sunday it will suspend some BlackBerry smartphone services from Oct. 11 amid an ongoing dispute with Canada's Research In Motion Ltd., the maker of the device, over the monitoring of data.

"With no solution available and in the public interest, in order to affect resolution of this issue, as of October 11, 2010, BlackBerry Messenger, BlackBerry Email and BlackBerry Web-browsing services will be suspended until an acceptable solution can be developed and applied," said Telecommunications Regulatory Authority Chief Mohamed Al Ghanim, according the emirates news agency, or WAM.

The U.A.E. government last week said Research in Motion's BlackBerry was a potential threat to national security, while an Indian government official said Indian security agencies have raised unspecified concerns about BlackBerry services.

Messages sent to and from a BlackBerry are processed at RIM's network operating center in Canada. They are encrypted on the device before being sent and remain encrypted until they reach their destination. 

A person familiar with the matter said a key problem is that the messenger service on BlackBerry is untraceable. (more)

Friday, July 30, 2010

How Does Business Espionage Work?

By Remy Melina, Life's Little Mysteries Staff Writer, livescience.com
Companies hire corporate spies, also known as industrial spies, to get valuable information from their competitors. Industrial espionage can also include former employees who go on to work for competitors and reveal their previous employer's secrets.

Company secrets can include information regarding flavor formulas (for example, the recipe for Coca-Cola), the kinds of equipment used, the amount of product being made, projected profit estimates and plans for future advertising campaigns.

For example, in 1965, Abbott Laboratories of North Chicago, Ill., filed a lawsuit against two of its former employees, claiming they memorized the formula for its highly successful artificial sweetener, Sucaryl, and duplicated it for a product belonging to Abbott's competition.

While corporate subterfuge is immoral, it's not exactly illegal. The Economic Espionage Act, which passed in 1996 and provides a way to deal with foreign agents stealing trade secrets from American companies, requires that companies prove that the stolen information was, in fact, a secret. For example, the source code for Microsoft Windows is a trade secret, but public filings, patents and annual reports technically are not.

This loophole allows employees to quietly collect information while working for a company and then secretly offer their business rivals corporate secrets for a hefty price. Others may flat out quit and take a better-paying job for the competition, using their prior knowledge as leverage when negotiating a salary.

Some companies even have special "competitive intelligence" (or C.I.) employees on staff. These workers' sole focus is on attaining information about their competitors' projects so that their company can always stay one step ahead of the competition. While not quite conducting C.I.A.-level espionage, these spies still do their fair share of snooping. (more)

Key phrase: "... requires that companies prove that the stolen information was, in fact, a secret."

The courts are tough. Companies must prove they took extra steps to protect their trade secrets before legal protection will be afforded to them.   

"So, how do I prove it?" I hear you say.

By segregating the really important stuff and giving it extra security protection. 

This extra protection comes in many forms. One primary protection are regularly scheduled TSCM inspections, with counterespionage security surveys. 

A well documented history of this elevated security is key evidence of due diligence. Continuity is also very important. Periodic inspection schedules (quarterly is most widely recognized) carry considerable weight in court; occasional sweeps do not. 

Whatever you do, don't start a TSCM program and then cut it for economic reasons. This false economy is viewed by the court that the information you were protecting is no longer a valuable business secret... by your own admission!

Last on the list, is the non-inspection. If you don't think your business secrets are valuable enough to afford some counterespionage security measures, why should the court?

"So, uh, what does TSCM cost?" 

It is the cheapest insurance you can buy. The company programs I run cost them less than $7.50 per hour when amortized annually, usually much less. ~Kevin

This Week in Business Espionage

Plano, TX - There are plenty of questions involving the Plano woman accused of trying to smuggle military grade equipment to Russia...

What was the west Plano "girl next door", who happens to be a Latvian expatriate, doing with the high-tech scopes? Immigration and customs agents seized Fermanova's luggage, and found at least one Raptor Night Vision 4x Scope. The scopes, which are on the federal no-export munitions list, cost about $13,000 each.

Catherine Smit is a security expert with 20 years experience and she agrees that Fermanova's story doesn't add up. "Anyone who has been asked to carry something with removed serial numbers you know that you're not supposed to have them in your possession," she explained. "She [Fermanova] was more likely a patsy for someone who's involved in industrial espionage." (more)

---

MI - Former General Motors (GM) employee Shanshan Du and her husband Yu Qin have been indicted in Michigan for allegedly stealing hybrid car technology information from GM. They have both been charged with conspiracy to possess trade secrets without authorization, unauthorized possession of trade secrets and wire fraud; one of them has also been charged with obstruction of justice. (more)

---

Huawei has denied being involved in a plan by former Motorola staff to steal confidential information and use it to set up their own company in competition with Motorola. Last week, a modified lawsuit by Motorola alleged that former employee Shaowei Pan secretly reported to Ren Zhengfei, Huawei's founder and chairman, while he was working at the US company. Motorola claims that the defendants were developing a microcell base station, and later passed technical details over to Huawei. (more)

---

 Toyota is said to be planning a U.S. production date for the fourth-generation Prius, but it won't arrive here until 2016. And would you be curious to know that the first Prius lost $28,000 per copy? That's what you learn through industrial espionage, says Kinder Essington over on PoliticsAndCars. (more)

Mission Impossible Data Destruction for Computers

from the press release...
UK - From 1st August, Stone http://www.stonegroup.co.uk/, the UK's largest privately-owned computer hardware manufacturer, will only provide its public sector customers with PCs and laptops that include the famous "Mission: Impossible" option to self-destruct the data on the system prior to disposal...  These products will include - at no extra cost - a pre-configured executable programme which will allow the customer to perform a data erasure process in-house, without the presence of an engineer or the need to remove hardware to an off-site facility.

James Bird, CEO at Stone, explains, "It sounds like that great opening sequence in Mission: Impossible when the data self-destructs after 30 seconds! It is, of course, very carefully controlled and managed and there isn't the excitement of flames and smoke, just a simple electronic signal! But with the penalty for data protection breaches now reaching up to 500,000 pounds for organisations which do not properly manage the deletion of their records... (more)

Thursday, July 29, 2010

The Time Has Come for a Transition

The Jetsons predicted that we'd have flying cars by at least 2062, and Back to the Future promised them to us by 2015. It turns out that reality may, for once, outpace fiction.

A small, privately held company called Terrafugia has recently gained FAA approval for its roadable aircraft (i.e., flying car), and new improvements to the vehicle's design bring it only about a year away from being available to customers, according to MSNBC

A company called Terrafugia is expected to start selling ''The Transition'' late next year. Price: $194,000. (more)

iStole iPhone iTracked iCaught iDumb

CA - In perhaps what was one of the unluckiest moves of his career as a petty thief, Horatio Toure stole an iPhone on Monday afternoon. The irony? The iPhone Toure stole was being used to demonstrate a program that tracks GPS location in real-time--it took the police all of ten minutes to pin down his exact location and arrest him. (more)

Wednesday, July 28, 2010

Is your Blackberry a National Security Threat?


Perhaps, if you live in these countries...
According to the BBC, the United Arab Emirates (UAE) has described RIM’s device as a threat posing “serious social, judicial and national security repercussions” due to the country’s inability to successfully eavesdrop on users, and the fact that transmitted data is stored offshore.
The same concerns have also been expressed by India, Kuwait and Saudi Arabia, with market analysts contributing the timing of these comments to yesterday’s decline in RIMM shares...

When discussing UAE’s obsession with RIM’s device, it’s worth emphasizing on the fact that the country unsuccessfully attempted to install spyware application on the devices of Etisalat users in 2009, pitching it as a “performance-enhancement patch. Instead, the SS8 Interceptor drained the batteries of the users who installed to the point where they became suspicious about its true nature...

The bottom line - are BlackBerries a threat to the national security of any country? They are, but only to the country that’s attempting to decrypt the data itself, instead of targeting the weakest link - in this case the user who now more than ever has to be aware that he’s become the primary target, not the encryption protocol itself. (more

"The bottom line" is worth noting. The more you protect one info-conduit, the more your adversary will be forced into attacking your lesser protected conduits. Hence, businesses need a counterespionage consultant on-board who has a holistic view of the espionage possibilities. The days of "they swept, they left" TSCM teams are long gone. 

If you have read this far, you the foresight to see why this story is a valuable cautionary tale. Good consultants are only as far away as the websites which bring you Kevin's Security Scrapbook.

GSM Cell Phone Eavesdropping Alert

US - A security expert said he has devised a simple and relatively inexpensive way to snoop on cellphone conversations, claiming that most wireless networks are incapable of guaranteeing calls won't be intercepted.

Law enforcement has long had access to expensive cell-phone tapping equipment known as IMSI catchers that each cost hundreds of thousands of dollars.

But Chris Paget, who does technology security consulting work, says he has figured out how to build an IMSI catcher using a US$1,500 piece of hardware and free, open-source software. 'It's really not hard to build these things,' he said.

Paget will teach other hackers how to make their own IMSI catchers on Saturday during in a presentation at the annual Defcon security conference in Las Vegas. (more)

Sunday, July 25, 2010

Got a stick? You can spy!

According to Mugil all you need is a USB stick and a FREE program called “USBThief_Modified_by_NEO”. 

USB Thief is a simple program which makes your standard USB stick into a spying USB stick, if you plug it into someone’s PC, it will extract all the passwords from it.

This improved version also steals ALL of the following:
• Visited Links List
• Internet Explorer Cache List
• Internet Explorer Passwords List
• Instant Messengers Accounts List
• Installed Windows Updates List
• Mozilla Cache List
• Cookies List
• Mozilla History List
• Instant Messengers Accounts List
• Search Queries List
• Adapters Report
• Network Passwords List
• TCP/UDP Ports List
• Product Key List
• Protected Storage Passwords List
• PST Passwords List
• Startup Programs List
• Video Cache List

The question is, "Do you trust him?"
Feeling lucky?
His program is here.

As always... 
Why do I mention it?
So you will know what you are up against.
• Never let someone else stick you with their stick.
• Never stick yourself with a dirty stick.

Satellite Spy Photos Reveal History

Spying on the Past: Declassified Satellite Images and Archaeology,’’ runs at Harvard’s Peabody Museum through Jan. 2.

Using declassified U.S. government spy satellite and aerial images, Harvard student archaeologists explore sites in Northern Mesopotamia and South America. These images are both visually arresting and potent archaeological tools. Four case studies in Syria, Iraq, Iran and Peru reveal complex early cities, extensive trackways, intricate irrigation canals and even traces of nomadic journeys. (more)

History's Spy Mysteries - The Profumo Keeler Affair

The KGB planted bugs to eavesdrop on John Profumo’s pillow talk with Christine Keeler, according to newly released top-secret files.

The topless showgirl and model’s KGB lover also persuaded her to question Profumo, Britain’s Minister of War, about Britain’s nuclear arsenal, the files reveal.

The reports claim that the Russians obtained ‘a lot of information’ which threatened to undermine Western security, contradicting the long-term view that the affair did not damage UK security and that no secrets were leaked to Russia. ... The papers also reveal how Hollywood star Douglas Fairbanks Jr. (a former US Naval Intelligence officer) knew many of those involved and gave regular reports to Washington about the scandal.

The affair’s exposure in 1963 led to Profumo’s resignation and rocked Prime Minister Harold Macmillan’s Government. (more)