Thursday, December 23, 2010

Santa Claus Is Tapping Your Phone

Sung to the tune of... 
"Santa Claus is Coming to Town"

You better watch out,
You better not cry,
You better not pout,
I'm telling you why,
Santa Claus is tapping
Your phone.

He's bugging your room,
And reading your mail,
He's keeping a file
And running a tail
Santa Claus is tapping
Your phone.

He hears you in the bedroom
Surveills you out of doors
And if that doesn't get the goods
Then he'll use provocateurs.

So you mustn't assume
That you are secure
On Christmas Eve
He'll kick in your door
Santa Claus is tapping
Your phone.

Wednesday, December 22, 2010

Business Espionage: If you're not a client, you will remain bugged.

UK - From the top of the Gherkin building in London, Crispin Sturrock points out an anonymous-looking office block in the swirling snow below. “There’s a device in there,” says the chief executive of WhiteRock Defence Systems, an information security consultancy that helps companies protect themselves against spies. “They’re not clients of ours, but whenever we scan for transmissions in nearby buildings, we pick it up. It’s been there for ages, just streaming information out.” The building in question is bugged with an electronic device transmitting information about one of its tenants. In the era of WikiLeaks, it is tempting to view all leaks as news headlines. But in general, corporate leaks tend to be of interest only to a very small group of people – an organisation’s competitors or potential buyer. “The reasons people engage in competitive information gathering are usually financial gain and leverage,” says Mr Sturrock. (more) (free business espionage newsletter)

Workplace Bugging - If it works, don't call it primitive.

Officials in the Vermont town of Charlotte say they found listening devices in the Town Hall that would have allowed someone to eavesdrop on both public and private town business sessions.

Town Planner and Selectboard assistant Dean Bloch says the bugs were discovered in October during a retrofit of a dropped ceiling.

A small dynamic speaker, which may also be used as a microphone.

Shelburne Police, who serve Charlotte, say the devices weren't working and they could have been up to 10 years old.

Officer Chris Morrell tells the Burlington Free Press the spying device were "primitive." He says the two microphones were connected to battery-powered, wireless transmitters that might have carried a signal into the parking lot. (more) (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

"Now do you believe in Santa Claus?"

Nine months after declaring the Bush administration's warrantless surveillance program illegal, a federal judge ordered the government on Tuesday to pay for wiretapping an Islamic charity without a warrant.

Issuing his final ruling in the lawsuit of the Al-Haramain Islamic Foundation, U.S. District Court Judge Vaughn Walker said the government should pay $2.5 million in attorneys fees and more than $20,000 for each of the two officials of the charity who were wiretapped. (more)

Workplace Bugging - The Amorous Rhinelander

WI - A Rhinelander man accused of stalking a former co-worker is scheduled to go on trial March 14.

According to online court records, Stanley F. Pecor, 57, will be tried on 69 felony counts including stalking, intercepting wire communications, misappropriation of personal identification information and bail jumping...

Pecor is accused of closely monitoring the activities of a former co-worker, bugging her office, recording some of her phone calls and gathering personal information about her.

Police searched Pecor’s residence and found, among other things, several minute-by-minute logs of the alleged victim’s activities, phone-tapping and voice-altering equipment, the alleged victim’s personal financial records and audio recordings of her at work.

Pecor remains in the Oneida County jail on $200,000 cash bail. If convicted of all charges, he could spend the rest of his life in prison. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Sunday, December 19, 2010

Business Espionage: "at Apple you can get fired for saying K48."

In their most significant move yet in a sweeping insider-trading investigation, federal prosecutors charged four corporate managers with peddling financial details about prominent technology companies and with leaking secrets about popular consumer products such as Apple Inc.'s iPhone in exchange for cash. (more)

...according to a criminal complaint unsealed Thursday, a Flextronics director named Walter Shimoon had a telephone conversation with an an unnamed "cooperating witness" (CW-2) employed by a hedge fund. During this conversation, secretly taped...he dropped his two bombshells:

..."coming out next year" with a new iPhone that's "gonna have two cameras"...

..."they [Apple] have a code name for something new ... It's ... It's totally ... It's a new category altogether... It doesn't have a camera, what I figured out. So I speculated that it's probably a reader. ... Something like that. Um, let me tell you, it's a very secretive program ... It's called K, K48. That's the internal name. So, you can get, at Apple you can get fired for saying K48." 

The iPad -- code named K48 -- was unveiled four months later. (more)

If the company with one of the best counterespionage strategies around has these problems, imagine what is happening at your company. Kick off 2011 with a counterespionage strategy. Call us.

Friday, December 17, 2010

SpyCam Story #595 - Brazos Taping

TX - A former manager of the Brazos Valley Bombers is behind bars, accused of secretly video taping several of his female employees while they were changing.


Kfir Jackson, 32, was arrested Friday. He is charged with five counts of improper photography or visual recording.

According to Bryan police, Jackson asked several female employees to change into some uniforms he was considering them wearing for their job. The victims became suspicious they were being videotaped and called police 


Bryan police say on Wednesday, the Criminal Investigation Division executed a search warrant at 405 Mitchell St. in Bryan. That's listed as the Brazos Valley Bombers' office. Several electronic items including computers were seized. These items were forensically analyzed at the Bryan Police Department. Images found on the hard drive of one of Jackson's computers were consistent with the victims account. (more)

Thursday, December 16, 2010

Ultimate TSCM Smackdown

The explosion heard in Lebanon late Wednesday was an Israel Air Force operation aimed at destroying an espionage device it had installed off the coast of the city of Sidon, the Voice of Lebanon radio station reported on Thursday.

The report comes a day after the Lebanese Army said it had uncovered two Israeli spy installations in mountainous areas near Beirut and the Bekaa Valley, The installations included photographic equipment as well as laser and broadcast equipment...

On December 3, Hezbollah activists found Israeli wiretapping equipment near the southern Lebanese town of Tyre. After it was discovered, the equipment was destroyed by remote control in a blast that injured two Lebanese civilians...

Hezbollah said the installations were used to tap into the independent fiber-optic communications network that the Islamic organization set up throughout Lebanon in 2008.

In October of last year, Hezbollah operatives uncovered another wiretapping installation near the southern Lebanese village of Houlah. According to Lebanese security officials, the facility had tapped into Hezbollah's independent landline telephone system. ...the equipment consisted of underground Israeli wiretapping installations that Israel blew up by remote control out of concern that they were about to be discovered. 

Israel has neither confirmed nor denied that the equipment served as a surveillance installation... (more)

"Bug-in-a-Book" project at the Spy Museum

via David Simpson
We all love spy gear, from the wacky Maxwell Smart rotary-dial shoephone to the grab bag of goodies Bond always so nonchalantly snares from Q. Thank you, MAKE, for Volume 16, the "Spy Tech" issue, which featured Mad Magazine's iconic Spy vs. Spy on the cover. In that issue, you can find my wireless "Bug-in-a-Book" project. The guts come from readily available Radio Shack components (a mini FM transmitter for listening to your iPod through the car stereo and a grandpa-tech amplified listener). 

Fast forward: I'll be leading that workshop at the Spy Museum at the end of January.
The session will open with an "NCIS-like" briefing, laying out an impeding threat and mission, but I can't divulge the full details here. Let's just say that this whole thing was triggered by an encrypted message intercepted by an allied listening post off the coast of Algeria on one of the long wave frequencies known to be used by a US-based black market arms dealer and certain intermediaries representing a radical militant religious group targeting pro-western nations. Maybe by now it's becoming clearer; the well-being of the free world lies in the hands of the young makers that attend this workshop and the intelligence they're able to gather during surveillance using their field-made Bug-in-a-Book. (more)

Attic'ed to Love

Authorities apprehended a man who camped out in his ex-girlfriend's attic to spy on her every move.

Merced County Sheriff's Department was called when the girlfriend feared her ex had been in her home.

"One of our deputies actually crawled up into the attic and found him there hiding under some insulation," Merced County Sheriff's Department Deputy Tom MacKenzie said, "and evidence appeared that he had been there for some time."

The girlfriend first thought something was out of place when she noticed her cell phone was missing.

"The scary part is he came down sometime at night to steal her cell phone while it was charging to see if she had been calling any new guys or new boyfriends," MacKenzie said. (more) (creepy, but sing-a-long anyway)

Why You Shouldn't Use Outlook Rules to Intercept Your Boss's E-mails

Big surprise! Turns out that forwarding your boss's e-mail to yourself with Outlook rules is quite illegal. Ars Technica reports that David Szymuszkiewicz, now a former IRS worker, learned this the hard way after being convicted on wiretapping charges under the U.S. Wiretap Act.

Already in hot water for driving drunk with a suspended license, Szymuszkiewic's job required he drive to the homes of delinquent tax payers. Out of fear for his job, Szymuszkiewicz set up a rule on his supervisor Nella Infusino's Outlook application that forwarded any e-mails sent to her...

Despite the rather serious charges, Szymuszkiewicz was sentenced to a relatively lenient 18 months probation. (more)

...we are hemorrhaging trade secrets, patents, trademarks, confidential consumer data...

"...Our leadership in the development of creative and innovative products and services also makes us a global target for theft... (intellectual property) thieves impose substantial costs. They depress investment in technologies needed to meet global challenges. They put consumers, families and communities at risk. They unfairly devalue America's contribution, hinder our ability to grow our economy, compromise good, high-wage jobs for Americans and endanger strong and prosperous communities."
-- From the 2010 Joint Strategic Plan On Intellectual Property Enforcement, published earlier this year by the newly established Office Of The U.S. Intellectual Property Enforcement Coordinator (IPEC), which is part of the U.S. Office of Management and Budget (OMB)

This grim assessment and the publication in which it appears is very much in line with President Obama's campaign promise to crack down on intellectual property theft. The unfortunate reality is that the President is responding to a crisis that has worsened despite the enactment over several decades of numerous federal and state laws aimed at deterring the theft of intellectual property.

Prominent among these laws is the Uniform Trade Secrets Acts (UTSA). Enacted in 1970, UTSA makes it illegal to use protected information gathered from others, or that is deliberately stolen or obtained through blackmail. Under UTSA such theft is punishable by civil law, but it is also criminal behavior as defined by the Economic Espionage Act of 1996.

Sadly, these (and other) well-intentioned pieces of legislation have not stanched the bleeding of the U.S.'s estimable trove of intellectual wealth. If anything, we are hemorrhaging trade secrets, patents, trademarks, confidential consumer data and classified government files (consider "WikiLeaks"). 
Fraud Examiner Newsletter Article, by Peter Goldmann, CFE (more)

Tuesday, December 14, 2010

What part of this story is stupid?

CA - Despite PG&E's earlier claims that he acted alone, a former executive who monitored online discussion groups by activists opposed to SmartMeters widely shared what he gleaned with other PG&E employees.

Internal PG&E documents turned over to state regulators and made available to the Mercury News on Monday also reveal that PG&E went beyond mere online monitoring. A series of e-mail exchanges show that PG&E sent an employee to monitor a SmartMeter demonstration in Rohnert Park in October. The employee, whose name was redacted, took at least four photographs of protesters, writing in an e-mail, "This is fun, no one said 'espionage' in the job description."

"It's quite creepy to know that we were actually being spied on by PG&E," Sebastopol resident Sandi Maurer said. "They were at our protest, watching, taking photographs and sending notes back to PG&E." (more)

What part of this story is stupid?
A. That PG&E spied on an activist group?
B. The PG&E employee's comment?
C. That one of the protesters thought spying was "quite creepy?"
D. None of the above.
E. All of the above?

Answers...
A. It is not uncommon for businesses to infiltrate / monitor the activities of activist groups. In many cases it is justifiable.
B. The PG&E employee was not hired for their investigative skills. Unprofessional comments and a blown cover should be expected.
C. Typical knee-jerk reaction. A lawsuit will be the next thought.
E. Logic flaw, trick answer.
D. None of the above is the correct answer. The stupid part was PG&E not handling their business investigation in a professional manner. DIY investigations (like DIY TSCM) is like DIY laser eye surgery – blindingly stupid.

Who knows why they did it: too cheap to hire a professional investigator, a rogue operation by some mid-level manager, etc.??? The story is still unfolding down the Stairs of Fiasco like a drunken slinky. Stay tuned.

What we do know...
This is costing PG&E (and ultimately) their consumers a ton of money and bad publicity. The worst may yet be headed toward the fan... "It is of serious concern to the CPUC that a senior PG&E official may have been involved in unethical behavior," commission representative Terrie Prosper said Monday. "The allegations of misconduct, if proven to be true, could warrant possibly severe sanctions by the CPUC." 

Moral: Always hire the best professional you can for the job.

...followed by an evening sojourn to Cafe de la Paix to obtain their secret croissant recipe!

Budding secret agents will be given a license to thrill when the first ever Spy Camp at Disneyland Paris is staged on 8th October 2011.

In the most exciting event of its kind ever staged in Europe, Spy Camp at Disneyland Paris will offer youngsters aged 8 to 16 an exclusive chance to emulate their movie heroes by taking part in a spy-themed adventure at the resort.

Spy Camp is divided into two phases, starting with induction training in the morning and moving up to more advanced training in the afternoon. (more)

Monday, December 13, 2010

Chemical Company is Catalyst for Activists Lawsuit

LA - The U.S. division of South Africa’s Sasol chemical plant is facing a lawsuit for industrial espionage and sabotage, filed by environmental activists Greenpeace.

The case, which also involves the Dow Chemical Co. and two public relations firms, was filed in Federal Court in Washington, DC.

Greenpeace claims the two companies hired private investigators to steal its documents, tap its phones, and hack into its computers. Central to the complaint is a community's battle against the pollution of Lake Charles, in Louisiana, near the Sasol plant. (more)