Monday, August 23, 2010

Business Espionage - Walt Disney Co.

The boyfriend of a former Walt Disney Co. administrative assistant admitted to engaging in a scheme to sell early access to the company's earnings report in U.S. district court in Manhattan Monday.

Yonni Sebbag, 30 years old, and his girlfriend Bonnie Hoxie, the former assistant to Disney's head of communications, allegedly contacted more than a dozen hedge funds and investment companies anonymously in March, offering to provide an early look at Disney's earnings.
"I disclosed material and nonpublic information about the Walt Disney Co. to outside investors," Mr. Sebbag said. (more)

Sunday, August 22, 2010

Business Espionage - The Counterfeiters

A shopkeeper in Italy placed an order with a Chinese sneaker factory in Putian for 3,000 pairs of white Nike Tiempo indoor soccer shoes. It was early February, and the shopkeeper wanted the Tiempos pronto. Neither he nor Lin, the factory manager, were authorized to make Nikes. They would have no blueprints or instructions to follow. But Lin didn’t mind. He was used to working from scratch. A week later, Lin, who asked that I only use his first name, received a pair of authentic Tiempos, took them apart, studied their stitching and molding, drew up his own design and oversaw the production of 3,000 Nike clones. A month later, he shipped the shoes to Italy. “He’ll order more when there’s none left,” Lin told me recently, with confidence...

Counterfeiters played a low-budget game of industrial espionage, bribing employees at the licensed factories to lift samples or copy blueprints. Shoes were even chucked over a factory wall, according to a worker at one of Nike’s Putian factories. It wasn’t unusual for counterfeit models to show up in stores before the real ones did. (more)

Mandela's house 'was bugged'

It has been revealed that former president Nelson Mandela's Houghton house was bugged ahead the African National Congress's 2007 national conference. ...the listening device bug was discovered in the old Statesman's house by the police's VIP protection unit during a sweeping exercise. (more)

Oo-ee, oo-ee baby. Won't ya let me take you on a spy cruise?

Old man Panetta is runnin' my shoes
No use t'sittin' and a'singin' the blues
So be my snitch, you got nothin' to lose
Won't ya let me take you on a spy cruise? 

Hope aboard the S.S. Surreal below and sing-a-long.

Michael Hayden, the former CIA Director, has always asserted that “the war on terrorism is inherently an intelligence war.” This November, the “SPY CRUISE” will be sailing. On the cruise everything you wanted to know about intelligence but could not ask will be discussed, that is except classified information. NewsReal Blog interviewed four of the speakers to get their take on what will be discussed. (more)
SpyCruise® is a private group aboard a cruise ship where members attend exclusive lectures and talks on espionage, spies, intelligence, counterterrorism and more. Speakers are intelligence experts, leaders, officers, operatives, analysts, authors and historians, many of whom served in the US Intelligence Community. Each cruise we choose a different ship, a different destination and a different agenda.

SpyCruise® is a unique opportunity for anyone interested in the topic of intelligence to meet and learn from real experts in the intelligence field as well as others who share the same interest in this topic and history, world affairs, intelligence, military, books, etc. Lectures are normally once a day and the rest of the time is yours to enjoy the cruise ship and its excursions at different destinations. (more)

NEXT SPYCRUISE: November 13-20, 2010 in the Caribbean


Extra credit: Intellectual property transfer, or not? 
You decide.
Sea Cruise & Rockin' Pneumonia 
Sweet Little Sixteen & Surfin' USA

Saturday, August 21, 2010

Business Espionage - Bratz v. Barbie

The maker of Bratz dolls accused Mattel Inc. of spying on its rivals and stealing trade secrets for at least 15 years, as the ongoing legal battle between the two toymakers turns nastier.

Bratz maker MGA Entertainment Inc. alleges employees for Mattel, maker of the rival Barbie doll, used fake name badges to gain entry to private showrooms of MGA, Hasbro Inc., and other toy manufacturers, according to a federal filing late Monday.

In the court papers, MGA also alleges Mattel secretly photographed new toy product designs at toy fairs held in different countries.

The allegations are part of the dirty doll laundry that will be aired in the retrial of the Bratz doll copyright infringement case, set for Jan. 11 in Santa Ana, Calif. (more)

M-I-Cee (see you real soon) K-E-Y (why...)

Walt Disney’s Internet subsidiary, along with several partners, are being sued for allegedly spying on minors. (Complaint) (coffee cup) Have a nice read.

"Tap'em Dano!"

Don't have a voice recorder handy?
Clumsy with tech gear?
No problem. MyPhoneTap.com to the rescue.

from the website...
Record Your Business Calls
Don't miss a single important detail! Now you can pull up that call from three months ago within seconds. Is a team member going to miss an important conference call? Record it for them!

Record Your Friends
Can't remember when or where the party is going to be? You could listen to the call again if you had a recording of it.

Record Your Enemies
Do you feel threatened? Is someone harassing you? Record the call for the proof you need. (more)

Nice touch...

FAQ
Is recording my phone calls legal?

Yes! There are currently twelve states in the USA that require both parties involved to know that the conversation is being recorded. If the person you are calling is in one of those states we will prompt you to notify them that the call is being recorded. For international calls we will always prompt you to notify the person you are calling.

Why do I mention it?
So you will know what you are up against!

And you though every country already wiretapped.

St Kitts and Nevis’ Attorney General and Minister of Justice and Legal Affairs, Patrice Nisbett, has expressed confidence that the proposed Interception of Communication Bill that will allow wiretapping, contains built-in safeguards to prevent abuse and protect political freedoms. (more)

Monday, August 16, 2010

What's in Your Boardroom?

"Wouldn't it be nice if all boardrooms were equipped like this. So that when the teleconference microphone was ON, a sign lights." ...via my esteemed colleague from the North.

Wash Your Hands Before Leaking

A study by Department of Computer and Information Science at the University of Pennsylvania has found that it can be possible to uncover passwords by analyzing the smudges left on touchscreen phones. Touch screens are touched, so oily residues, or smudges, remain on the screen as a side effect. Latent smudges may be usable to infer recently and frequently touched areas of the screen - a form of information leakage.

The researchers said that they believe smudge attacks are a threat for three reasons. First, smudges are surprisingly persistent in time. Second, it is surprisingly difficult to incidentally obscure or delete smudges through wiping or pocketing the device. Third and finally, collecting and analyzing oily residue smudges can be done with readily-available equipment such as a camera and a computer.

The analysis requires a photograph of the screen to be uploaded to a computer. However, the presumption that lighting conditions would affect the quality of the photo, and hence the ability to extract passwords was shown to be false. In one experiment, the pattern was partially identifiable in 92% and fully in 68% of the tested lighting and camera setups. Even in our worst performing experiment, under less than ideal pattern entry conditions, the pattern can be partially extracted in 37% of the setups and fully in 14% of them.

By enhancing the photo of the screen in the computer, the smudge patterns could be seen. Critically, the requirement of the password structure as used in Android phones resulted in distinctive patterns, which lead to the ability to work out which "buttons" were pressed. (more) (presentation paper)

Saturday, August 14, 2010

Spy Phone Numbers

"When the joint is jumpin' and spies are thumpin' it ain't the time to share your number pumpkin." (c. 1942. Some jerk who thought they sounded like Bogart.)

• Need to protect your real cell or home phone number?
• Not sure about that new guy who asked you out?
• Worried your informant will be caught with your number?
• Need a safe number your spies can call in on?
You need TossableDigits! Expendable phone numbers that contact your private line and evaporate when your caller needs to be hung out to dry.

• Need to connect two adversaries through the web? 
• Need to connect your spies to each other over the phone without revealing their phone numbers to each other?
You need Click to Call! The anonymous phone connection.

• Did "M" not sound quite right during your morning briefing?
• Not sure your tipsters are calling from where they say they are?
• Need proof the real Home Office is requesting the microdot?
• Is the Lady Spy Caller ID spoofing the White and Black spies?
You need Phone Number Verification! Make them prove they are calling from the number they say they are calling from.

As Fats used to say, 
"One never know, do one?"

Friday, August 13, 2010

The Eavesdropping Palm Pre Cell Phone

A British internet security company has demonstrated how to turn the Palm Pre into a secret bugging device, ideal for corporate espionage, and issued a warning that many other popular smartphones are also vulnerable to hackers.

In-house hackers at Basingstoke-based MWR InfoSecurity have created a bug hidden in an electronic business card, or vcard, which enabled them to use the Pre to record conversations and send the audio file back to them, whenever it is connected to a WiFi or 3G network – all without the user being aware anything at all is happening.

The company's 26-year-old principal security researcher – who gives his name only as Nils, and who was hired by MWR last year after having been a freelance hacker since his teens – demonstrated the security flaw in the Pre to journalists and IT specialists this week, saying the phone was "easy" to break into. (more)

Wednesday, August 11, 2010

The Farewell Dossier

Movie Synopsis...
Engaging, emotional and riveting, FAREWELL is an intricate and highly intelligent thriller pulled from the pages of history about an ordinary man thrust into the biggest theft of soviet information of the Cold War. A piece of history largely unknown until now, which Ronald Reagan called "one of the most important espionage cases of the 20th century." Directed by Christian Carion. (Trailer)

Review...
The movie does reflect the reality of the “Farewell” material: that it revealed to Western intelligence the extent to which Soviet economic development in the 1960s and ’70s was almost entirely the result of industrial espionage... The obsession in the early 1980s with the problem of “technology transfer” arose as a direct result of the Farewell dossier, and in a 1983 National Security Decision Directive, preventing technology loss became a key element of American foreign policy. (more)

Vcard Pops Privacy on Palm Pre. Android Cookies Eaten.

Major vulnerabilities in the Palm Pre and Android smartphones have been detected that could allow data to be stolen.

Research by MWR Labs has revealed a major flaw in the Palm Pre that would allow conversations to be intercepted, while a flaw in the Android operating system from 2.0 onwards exists in the browser and allows login credentials and cookies to be harvested.

A spokesperson demonstrated that sending a Vcard to the Palm Pre allows an attacker to compromise the phone and intercept all audio close to the phone. They said that this is a completely focussed attack that targets a specific user. Alex Fidgen, director at MWR Labs told SC Magazine that this represents industrial espionage and if this was done over a carrier network it would be breaking the law. (more)

Tire Pressure Sensor Surveillance - A Re-Tread

Researchers from Rutgers University and University of South Carolina have found that wireless communications between new cars and their tires can be intercepted or even forged...

The researchers will present their findings at the Usenix Security Symposium, being held this week in Washington D.C.

 The tire pressure monitoring systems (TPMS) consist of battery-powered radio frequency identification (RFID) tags on each tire, which can respond with the air pressure readings of the tire when wirelessly queried by an electronic control unit (ECU).

The researchers had found that each sensor has a unique 32-bit ID and that communication between the tag and the control unit was unencrypted, meaning it could be intercepted by third parties from as far away as forty meters. (more)

Readers of Kevin's Security Scrapbook were advised of this back in 2008. See Track My Treads - TPMS Privacy Blowout.