Thursday, December 16, 2010

...we are hemorrhaging trade secrets, patents, trademarks, confidential consumer data...

"...Our leadership in the development of creative and innovative products and services also makes us a global target for theft... (intellectual property) thieves impose substantial costs. They depress investment in technologies needed to meet global challenges. They put consumers, families and communities at risk. They unfairly devalue America's contribution, hinder our ability to grow our economy, compromise good, high-wage jobs for Americans and endanger strong and prosperous communities."
-- From the 2010 Joint Strategic Plan On Intellectual Property Enforcement, published earlier this year by the newly established Office Of The U.S. Intellectual Property Enforcement Coordinator (IPEC), which is part of the U.S. Office of Management and Budget (OMB)

This grim assessment and the publication in which it appears is very much in line with President Obama's campaign promise to crack down on intellectual property theft. The unfortunate reality is that the President is responding to a crisis that has worsened despite the enactment over several decades of numerous federal and state laws aimed at deterring the theft of intellectual property.

Prominent among these laws is the Uniform Trade Secrets Acts (UTSA). Enacted in 1970, UTSA makes it illegal to use protected information gathered from others, or that is deliberately stolen or obtained through blackmail. Under UTSA such theft is punishable by civil law, but it is also criminal behavior as defined by the Economic Espionage Act of 1996.

Sadly, these (and other) well-intentioned pieces of legislation have not stanched the bleeding of the U.S.'s estimable trove of intellectual wealth. If anything, we are hemorrhaging trade secrets, patents, trademarks, confidential consumer data and classified government files (consider "WikiLeaks"). 
Fraud Examiner Newsletter Article, by Peter Goldmann, CFE (more)

Tuesday, December 14, 2010

What part of this story is stupid?

CA - Despite PG&E's earlier claims that he acted alone, a former executive who monitored online discussion groups by activists opposed to SmartMeters widely shared what he gleaned with other PG&E employees.

Internal PG&E documents turned over to state regulators and made available to the Mercury News on Monday also reveal that PG&E went beyond mere online monitoring. A series of e-mail exchanges show that PG&E sent an employee to monitor a SmartMeter demonstration in Rohnert Park in October. The employee, whose name was redacted, took at least four photographs of protesters, writing in an e-mail, "This is fun, no one said 'espionage' in the job description."

"It's quite creepy to know that we were actually being spied on by PG&E," Sebastopol resident Sandi Maurer said. "They were at our protest, watching, taking photographs and sending notes back to PG&E." (more)

What part of this story is stupid?
A. That PG&E spied on an activist group?
B. The PG&E employee's comment?
C. That one of the protesters thought spying was "quite creepy?"
D. None of the above.
E. All of the above?

Answers...
A. It is not uncommon for businesses to infiltrate / monitor the activities of activist groups. In many cases it is justifiable.
B. The PG&E employee was not hired for their investigative skills. Unprofessional comments and a blown cover should be expected.
C. Typical knee-jerk reaction. A lawsuit will be the next thought.
E. Logic flaw, trick answer.
D. None of the above is the correct answer. The stupid part was PG&E not handling their business investigation in a professional manner. DIY investigations (like DIY TSCM) is like DIY laser eye surgery – blindingly stupid.

Who knows why they did it: too cheap to hire a professional investigator, a rogue operation by some mid-level manager, etc.??? The story is still unfolding down the Stairs of Fiasco like a drunken slinky. Stay tuned.

What we do know...
This is costing PG&E (and ultimately) their consumers a ton of money and bad publicity. The worst may yet be headed toward the fan... "It is of serious concern to the CPUC that a senior PG&E official may have been involved in unethical behavior," commission representative Terrie Prosper said Monday. "The allegations of misconduct, if proven to be true, could warrant possibly severe sanctions by the CPUC." 

Moral: Always hire the best professional you can for the job.

...followed by an evening sojourn to Cafe de la Paix to obtain their secret croissant recipe!

Budding secret agents will be given a license to thrill when the first ever Spy Camp at Disneyland Paris is staged on 8th October 2011.

In the most exciting event of its kind ever staged in Europe, Spy Camp at Disneyland Paris will offer youngsters aged 8 to 16 an exclusive chance to emulate their movie heroes by taking part in a spy-themed adventure at the resort.

Spy Camp is divided into two phases, starting with induction training in the morning and moving up to more advanced training in the afternoon. (more)

Monday, December 13, 2010

Chemical Company is Catalyst for Activists Lawsuit

LA - The U.S. division of South Africa’s Sasol chemical plant is facing a lawsuit for industrial espionage and sabotage, filed by environmental activists Greenpeace.

The case, which also involves the Dow Chemical Co. and two public relations firms, was filed in Federal Court in Washington, DC.

Greenpeace claims the two companies hired private investigators to steal its documents, tap its phones, and hack into its computers. Central to the complaint is a community's battle against the pollution of Lake Charles, in Louisiana, near the Sasol plant. (more)

Business Lobbyist Drowned in Leaked Wiretaps

India - A fresh batch of leaked recordings of wiretapped phone calls between an Indian corporate lobbyist and her high-profile political and media contacts are aggravating the political turmoil that has paralyzed Parliament.

The tapes show how Niira Radia, a lobbyist for two of the nation's largest conglomerates, industrial titan Tata Group and oil-and-petrochemicals company Reliance Industries Ltd., advanced her clients' interests with friendly journalists and sought to use her connections to influence the formation of the Indian government's cabinet after last year's national elections.
 
Associated Press
Lobbyist Niira Radia being questioned in New Delhi.
The recordings have fueled the unfolding controversy in India over the way the government allocated mobile-phone spectrum to companies in 2008—a process critics describe as a multibillion-dollar heist of taxpayers, in which a few favored companies got bargain prices for a valuable public resource. The tapes have given rise to a debate over the extent to which powerful Indian industrial houses have been favored by close government ties in one of the nation's biggest industries, mobile telecommunications.

The tapes are being examined by investigators to see if they shed light on the spectrum-allotment controversy. (more)

Sunday, December 12, 2010

SpyCam Story #594 - Tap Cappy Defender

Turkey - The lawyer of former Eskişehir police chief Hanefi Avcı -- who is suspected to have illegally wiretapped dozens of individuals -- is accused of having installed a hidden camera in the management room of the apartment building where he currently resides.

Lawyer Fidel Okan, who resides in the Baymak Apartment in Ankara’s Eryaman neighborhood, is said to have installed the camera to record building management meetings. The residents of the building noticed the camera during a recent meeting. (more)

SpyCam Story #593 - Cops Play Hardball

OK - A former Oklahoma City high school coach has admitted to police that he secretly videotaped his girls’ softball team while players changed clothes in the locker room, a police detective reported Wednesday...

Police have been investigating him since May, when the new coach found Hestand’s personal Sony video camera and tapes in the softball equipment room...

Police officers also viewed the tapes and found evidence the girls were recorded on different days in the locker room and that the hidden camera was repositioned to capture a better angle, the detective reported. The officers discovered numerous teenage softball players were recorded in various stages of undress.

“After the softball players leave the room … a male voice asks, ‘Is everyone out?’ After receiving no answer, a hand is shown and the video ends,” the detective wrote. (much more)

Doh! Another spycam'er shoots himself.

Cop Bugs Exam Room - Caught, Testing 1-2-3-4

UK - A senior officer in Scotland Yard's anti-terrorist squad has been sacked after trying to cheat in a promotion exam.

The detective inspector bugged an examination room where rival candidates were being interviewed — but the recorder was discovered when the tape holding it to the bottom of a table came unstuck and it fell to the floor...

The senior officer conducting the interview called the Yard's internal investigations unit to launch an inquiry. The detective inspector had tested the machine earlier by using his own voice and was quickly recognised by colleagues. (more)

Doh! Another bugger shoots himself.

A Brief History of U.S. Tap and Bug Law

Congress enacted the first federal wiretap statute as a temporary measure to prevent disclosure of government secrets during World War I. Later, it proscribed intercepting and divulging private radio messages in the Radio Act of 1927, but did not immediately reestablish a federal wiretap prohibition. By the time of the landmark Supreme Court decision in Olmstead v. United States, 277 U.S. 438 (1928), however, at least forty-one of the forty-eight states had banned wiretapping or forbidden telephone and telegraph employees and officers from disclosing the content of telephone or telegraph messages or both. (more

Extra Credit:

Friday, December 10, 2010

...thus giving Santa a run for his money in the spying department.

If the popularity of spy toys as holiday gifts is any indication, the future of our TSCM services to business and government is secure for decades to come. Kids learn through play.

The only thing that has changed since my last big review in December, 2006 is the sophistication of the toys themselves. There are some amazing gadgets out there this year.

Check out this toy... 
"The Spy Net Secret Mission Video Watch is the ultimate infiltration tool and comes packed with high-tech features. The working video camera and microphone record over 20 minutes of video, 2,000 photos or 4 hours of audio. The watch's full color 1.4" TFT screen lets you watch recorded videos and provides live playback. Onboard memory lets you store your secret evidence, which you can then load onto your home computer with the included USB cable. Video missions are available for download on the cool Spy Net website."

 Only one of their many spy tools for kids...
"Spy Net takes high end electronics and interactive gadgets and puts them in the hands - and on the wrists! - of burgeoning young secret agents. For undercover surveillance, detection and communication, Spy Net provides all the technology you'll need to tackle any secret mission!"

Think this is a myth meme? 
Google "spy toys for kids" you will see about 756,000 results in .2 seconds. (sing-a-long)

Third Man Spy Gets First Memorial Plaque

Russia on Thursday unveiled a memorial plaque to British double agent Kim Philby at the headquarters of the Foreign Intelligence Service in Moscow, the Echo of Moscow radio station reported.

Philby, who died in 1988, was a decorated member of British intelligence who worked as a spy for the Soviet Union. He was exposed in 1963 as one of the so-called Cambridge Five spy ring and defected to Moscow. (more) (historical video) (The Third Man)



SpyCam Story #592 - The Eggman, superhero.

Anonymous for Animal Rights, an Israeli nonprofit dedicated to exposing cruelty in factory farms, has done something truly revolutionary. Instead of sending in an undercover volunteer to collect horrific footage at slaughterhouses and Confined Animal Feeding Operations (CAFOs), the group has installed a web camera at an egg farming facility to stream the cruelty live. 
 

And because factory farms are so enormous and indistinguishable, the farmers can’t find the camera.

This ingenious move is part of a larger, ongoing campaign by Anonymous to outlaw battery cages for egg laying hens in Israel. These cages mean that hens spend their entire lifetime in a space smaller than even a page of a trade paperback book—about 550 square centimeters. Click on the link and you’ll see the daily life of egg laying hens, crammed three (or more) to a cage. They can’t spread their wings, bathe in dust, forage, fly, run, or engage in any of their natural behaviors. They don’t even get to stand on solid ground — their feet poke through the gaping wire mesh they’re forced to stand on, twenty four hours a day, seven days a week. (more)

SpyCam Story #591 - The Nappyman, supercreep

Nappie fetish copycat.
Australia - A man who filmed naked boys in a changeroom at a swimming centre with a camera hidden in his bag has been sentenced to at least 18 months' jail.

The Adelaide District Court heard Julius Fabian Ohmer, 31, had been secretly filming children at the Elizabeth Aquadome for some time before he was arrested by police last November.

Ohmer was also found to have more than 200,000 images and films of child pornography at his home and the court heard he had a sexual fetish for nappies.

Judge Rosemary Davey said she was revolted by the offending. (more)

Wednesday, December 8, 2010

Hamlet with Headphones

Canada - A file folder opens to reveal surveillance photos of a young couple embracing. Around the periphery of a government office, blocky security guards stand vigilant, occasionally opening their briefcases to reveal eavesdropping equipment. The forces of paranoia have won.

If each generation gets the Hamlet it deserves, then the National Theatre’s much-lauded version, which will be shown in Canadian movie theatres Thursday, is WikiLeaks set in Denmark. The older generation, desperate to maintain power, feels the world shifting irrevocably beneath its feet. (more) (trailer)

Kevin's advice... "Give thy thoughts no tongue."
- William Shakespeare, Hamlet, 1.3

Security Director Budget Booster - The Value Of Corporate Secrets

Here are the findings from a Forrester Consulting paper on the value of corporate secrets.

Secrets comprise two-thirds of the value of firms’ information portfolios. Despite the increasing mandates enterprises face, custodial data assets aren’t the most valuable assets in enterprise information portfolios. Proprietary knowledge and company secrets, by contrast, are twice as valuable as the custodial data. And as recent company attacks illustrate, secrets are targets for theft.

Compliance, not security, drives security budgets. Enterprises devote 80% of their security budgets to two priorities: compliance and securing sensitive corporate information, with the same percentage (about 40%) devoted to each. But secrets comprise 62% of the overall information portfolio’s total value while compliance related custodial data comprises just 38%, a much smaller proportion. This strongly suggests that investments are over-weighed toward compliance.
 
Firms focus on preventing accidents, but theft is where the money is. Data security incidents related to accidental losses and mistakes are common but cause little quantifiable damage. By contrast, employee theft of sensitive information is 10 times costlier on a per-incident basis than any single incident caused by accidents: hundreds of thousands of dollars versus tens of thousands.
 
The more valuable a firm’s information, the more incidents it will have. The “portfolio value” of the information managed by the top quartile of enterprises was 20 times higher than the bottom quartile. These high value enterprises had four times as many security incidents as low-value firms. High-value firms are not sufficiently protecting data from theft and abuse by third parties. They had six times more data security incidents due to outside parties than low-value firms, even though the number of third parties they work with is only 60% greater.
 
CISOs do not know how effective their security controls actually are. Regardless of information asset value, spending, or number of incidents observed, nearly every company rated its security controls to be equally effective — even though the number and cost of incidents varied widely. Even enterprises with a high number of incidents are still likely to imagine that their programs are “very effective.” We concluded that most enterprises do not actually know whether their data security programs work or not. (more)

Need help. Call us.