Monday, October 24, 2011

FBI Business Espionage Warning - "If you haven't been a victim yet, it's because you have been and you don't know it, or you will be."

Kexue Huang, a scientist and native of China, pleaded guilty last week in a federal court to swiping millions of dollars worth of trade secrets from Dow Chemical Co. and Cargill Inc. for other people doing research in Germany and China.

A federal jury last month ordered South Korea's Kolon Industries to pay DuPont Co. $920 million for stealing trade secrets regarding synthetic fibers used in such products as Kevlar body armor. A former DuPont engineer hired by Kolon, Michael Mitchell of Virginia, was sentenced in March last year to 18 months in prison for theft of trade secrets for passing on key DuPont data to Kolon.

And area technology companies are likely fooling themselves if they think they're not in the cross-hairs of such spy efforts, according to the Federal Bureau of Investigation."If you haven't been a victim yet, it's because you have been and you don't know it, or you will be," Barry W. Couch, a special agent with FBI's Buffalo division, told a conference room full of area optics industry executives last week. "Don't be blindsided."

The FBI has designated espionage, including economic espionage, its second-highest priority, behind only terrorism. (more)

Bug in the Boardroom - Nasdaq

New details have come out from the ongoing investigation into last year's attack on the Nasdaq stock exchange. 

It appears that when attackers breached the Director's Desk Web application, they not only gained access to data stored in the system, but they managed to install a monitoring software that was able to eavesdrop on "scores" of directors' communications

The application was used by board directors to discuss information relating to the company's financial performance and other intellectual property. (more)

Saturday, October 22, 2011

Security Director Alert: Occupy Wall Street would love to have A Bug in Your Boardroom

The Occupy Wall Street movement is expanding. 

Your company is the target. 

Just like animal rights and other business protest movements, intelligence helps fuel their cause. A bug in your boardroom is the ideal intelligence pipeline. (Don't think they haven't thought of doing it. All they need is a sympathetic insider who believes the boss makes too much.)

I addition to your normal preparations (perimeter security, monitoring social media, etc.) electronic countermeasures inspections (TSCM) must be part of your protection mix. Covert electronic eavesdropping, video voyeurism, data thefts and business espionage attacks are vulnerabilities you can not afford to overlook.

If you have a trusted TSCM provider, great, call them in.
If not, please stop by our web site. Learn all about our economical TSCM security solutions.

But, what if you find a bug?
Imagine... 
It's Monday morning. 
In the offices of Mongo Industries a secretary readies the Boardroom for the weekly strategy meeting. The air conditioning has been off all weekend, and just kicked in. Then...THUNK! 

Startled, she stares under the massive table. Her eyes adjust to the dark. A small dark object with gooey strips of masking tape near the Director's chair stares back.


"What should you do?" (click here)

Friday, October 21, 2011

Flash - Adobe Flash Spy Personality Disorder Fixed

Engineers on Thursday patched a hole in Adobe's ubiquitous Flash Player that allowed website operators to silently eavesdrop on visitors' webcam and microphone feeds without permission.  

To be attacked, visitors needed to do no more than visit a malicious website and click on a handful of buttons like the ones in this live demonstration. Without warning, the visitor's camera and microphone were activated and the video and audio intercepted. (more)

Adobe: "We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website. No user action or Flash Player product update are required." (more)

Calling all cars: OTL DIY CSI Taps Over Possible Alibi Die Lie - Be on the Louk-out.

PA - State police are looking for a Washington man who is one of four accused of placing a wiretap in the home of a relative because they did not believe his alibi for the murder of a Buffalo Township woman.

Douglas Edward Louk, 42, whose last known address was 843 Broad St., is wanted on wiretapping and conspiracy charges. He is 5 feet 10 inches tall, weighs 210 pounds and has brown hair and blue eyes.

Anyone with information on Louk's whereabouts is asked to call state police at 724-223-5200. (more) (more)

"Dude, werz my dikshunary?" or... My lawyer can spell illegally, can yours?



CA - Billboards along Southern California freeways are urging motorists to contact lawyer Jeffrey Krinsk if they believe they were “Illegaly [sic] wire-tapped by the LA Times” or to “Report LA Times Fraud.” The San Diego attorney represents a man who is suing Times staffer Michael Hiltzik and claims the columnist secretly recorded telephone conversations. (Hiltzik’s accuser is Robert Silverman, an attorney who represents 1-800-GET-THIN, a company that markets Lap-Band weight-loss surgery.) The Times has published a series of articles and columns detailing the deaths of five patients after having Lap-Band surgery at centers affiliated with 1-800-GET-THIN. On Thursday, the paper told staffers in a memo that “we do not engage in wiretapping and fraud as the billboards allege” and that it’s confident that the lawsuit will be tossed. (more)

Cell Phone SpyWare Goes Legit

Realizing that the huge demand for parental monitoring programs for computers could also apply to phones, Dublin-based mobile web service company Associate Mobile has developed MobileMinder - a smartphone application running on a secure and encrypted network that allows parents to monitor their child's location, contacts, call history, photos, and web use. (more)

Edison Remembered

The real Edison lighthouse.
On Oct. 21, 1879, Thomas Edison invented a workable electric light at his laboratory in Menlo Park, N.J. (more) (The other Edison Lighthouse)

Thursday, October 20, 2011

TSCM - Get the Whole Picture of Your Information Security Health

A security program without TSCM is like a photo that only tells part of the story. 

Seen on the USS Midway this week.
• You might misinterpret, 
• you might be left wondering, 
• or maybe you'll just shrug it off with a laugh. 
All leave you weak and vulnerable.

Get the whole picture. Conduct TSCM inspections in your business. Make sure they incorporate a counterespionage survey. Get the whole picture. Know the truth. Feel confident.

Fun Stuff: Release Your Inner Muse, with Animoog

Alert: This app is available at 99 cents for about 25 more days. Then it goes to $29.99... and it's still a bargain.
This week work took me from New York to San Diego and back; about 10 hours on a plane. Animoog kept me captivated for most of my time in the air. The depth of musical creativity that I pulled from this was astounding. Not musically inclined? No problem, neither am I. I barely know a quarter note from a quarterhorse, yet after the first ten minutes I was making music. Beautiful sounds. Hey, the thing even records your songs for you. 

Bonus... The trips seemed like minutes instead of hours.

Have some fun this weekend. Relax. Make music. Regain your soul. You'll be surprised how good you'll feel afterward.

"Animoog is the first professional synthesizer designed for the iPad. Powered by Moog's new Anisotropic Synthesis Engine, Animoog captures the vast sonic vocabulary of Moog synthesizers and applies it to the modern touch surface paradigm, enabling any user to quickly sculpt incredibly fluid and dynamic sounds that live, breathe, and evolve as you play them." (more)

A Survey of Mobile Malware in the Wild

via Michael Kassner, techrepublic.com
A group of Berkeley researchers take a long, hard look at mobile malware. What they found should interest you...

William Francis — fellow TechRepublic writer/Android investigative partner — and I research Android permissions and Android malware. Every step of the way, we have the support and guidance of experts — one being Adrienne Porter Felt.

I just learned that Adrienne and fellow U.C. Berkeley researchers Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner coauthored “A Survey of Mobile Malware in the Wild“. Their point: Mobile malware is a clear and present danger.

I normally avoid the dramatic, but a lot of good people are trying to raise awareness about the increased presence of mobile malware, and I want to help. (more)

Wednesday, October 19, 2011

MIT researchers have developed a new radar technology that gives real-time video of what’s going on behind solid walls from up to 60 feet away.

While existing through-wall systems have delivered images at a snail's pace, the new device offers video at 10.8 frames per second. (more)

Just don't put your phone on your girlfriend's nightstand...

People sit down, turn on their computers, set their mobile phones on their desks and begin to work. What if a hacker could use that phone to track what the person was typing on the keyboard just inches away?

A research team at Georgia Tech has discovered how to do exactly that, using a smartphone accelerometer ­the internal device that detects when and how the phone is tilted ­to sense keyboard vibrations and decipher complete sentences with up to 80 percent accuracy. The procedure is not easy, they say, but is definitely possible with the latest generations of smartphones. 

“We first tried our experiments with an iPhone 3GS, and the results were difficult to read,” said Patrick Traynor, assistant professor in Georgia Tech’s School of Computer Science. “But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.” (more)

Sunday, October 16, 2011

Security Director Tip: Show & Tell with a Smile

Make this button part of your executive information security briefings.
Click to enlarge.
When you get to the part of your spiel about how business espionage surveillance gear is so effective, covert and easily available, take the button off, plug the SD card into your laptop and show them the movies of themselves. They will get the idea. And, you will get funding for eavesdropping detection sweeps (TSCM) of their offices, conference rooms and boardroom more easily. (Of course, abide by your state law if you record video and audio.)

Features

  • Ease of use
  • Clip on style pin
  • Looks just like the iconic smile face pin
  • Record modes include: audio and video, still images, and audio only



Technical Specs

  • Resolution: 720 x 480 @ 29FPS
  • Still image resolution: 2048 x 1536
  • Storage: Micro SD Cards up to 16GB  (eBay)

Security Tip: Verizon will soon begin spying on your web habits, here's how to opt out...

If you're a Verizon wireless customer, your online identity is about to take another privacy hit.  
The company just revealed that its new service agreement will include language that allows the monitoring of your web habits, including websites you visit and even the location data of when and where you use your wireless browser...

Simply head to Verizon's privacy center, sign into your account using your phone number and password, and review the new policy. On this page there are two places where you can specify that your information not be used for marketing or any other purposes. Simply check these boxes and save your changes. This simple step will prevent your wireless carrier from tracking your location and web habits, and while it might not help advertisers present the best deals on items or services that interest you, your online identity will remain as secure as possible. (more)