Thursday, November 17, 2011

Security Alert: Check Your Computer for Ghost Click DNS Settings (FREE)

Trend Micro and the FBI announced the dismantling of a criminal botnet, in what is the biggest cybercriminal takedown in history. 

This concerted action against an entrenched criminal gang is highly significant and represents the biggest cybercriminal takedown in history. Six people have been arrested through multinational law enforcement cooperation based on solid intelligence supplied by Trend Micro and other industry partners. more than 4 million victims in over 100 countries have been rescued from the malign influence of this botnet and an infrastructure of over 100 criminal servers has been dismantled with minimal disruption to the innocent victims.

If you are worried that you might have been a victim of this criminal activity, the FBI have made an online tool available which will allow you to check if your DNS server settings have been tampered with.

First you will need to discover what your current DNS server settings are:

On a PC, open the Start menu by clicking the Start button or the Windows icon in the lower left of your screen, in the Search box type “cmd” and hit return (for Windows 95 users, select “Start“, then “Run“).This should open a black window with white text. In this window type “ipconfig /all” and hit return. Look for the entry that reads “DNS Servers” and note down the numeric addresses that are listed there.

On a Mac (yes they can be victims too), click on the Apple icon in the top left of your screen and select “System Preferences“, from the Preferences panel select the “Network” icon. Once this window opens, select the currently active network connection on the left column and over on the right select the DNS tab. note down the addresses of the DNS servers that your computer is configured to use.

FREE: You can check to see if these addresses correspond to servers used by the criminals behind Operation Ghost Click by using this online tool provided by the FBI, simply enter the IP addreses, one by one and click the “check ip” button. (more)

Worth checking. I did. Fortunately, no problems. ~Kevin

How to Control Wireless Devices in a Corporate Environment

Wireless poses a persistent threat to corporations today and all devices (laptops, smart phones, tablets, etc) must be integrated within a consistent enterprise security policy framework. In addition, an enterprise mobility solution must continuously monitor all mobile devices and dynamically adapt their capabilities for every situation. 

McAfee and AirPatrol are hosting a FREE webinar showing how-to protect your mobile assets and enhance employee productivity.

(An education if you are trying to solve this problem.)

Date: Tuesday, Nov 29, 2011 
Time: 1:00 pm US Eastern Time 
Sign up for the FREE webcast.

21st Century Black Adders (Do You Trust Your IT People?)

NJ - A former Hoboken municipal employee is accused of breaking into Mayor Dawn Zimmer's e-mail account and forwarding them to other city officials.

Patrick Ricciardi is scheduled to be arraigned in federal court in Newark this afternoon.

Ricciardi was employed by Hoboken as an IT specialist. Prosecutors allege Ricciardi used his position and administrative privileges to break into Zimmer's e-mail account and forward e-mails to at least three city officials. (more)

It is not like I haven't warned you...
(from 2008) A new survey released this week shows nearly all company computer gurus say they wouldn’t hesitate to screw over their place of employment if they lost their jobs. A whopping 88 percent of IT professionals admit they’d happily hack everything from high-ranking passwords to customer info and sensitive R&D plans on their way out the door. A third of them say they already look through corporate data and know how much everyone’s making — and that’s just an average afternoon activity. (more)

Wednesday, November 16, 2011

Norway Suffers Largest Case of Industrial Espionage in its History

National security officers in Norway have uncovered what they say is the most wide-ranging theft of industrial data in the country’s history.

Ten serious cases of industrial espionage are being investigated, say officers of the Police Security Service, or PST, and the National Security Authority. 

...The Local has received suggests some industrial data has been stolen by simply inserting malicious memory sticks into the laptops of travelling company representatives.

“Whenever we go abroad, the whole hard disc has to be cleansed of spyware,” an IT worker in one of the industries targeted told The Local.

...The ten instances of computer espionage are just the tip of the iceberg, said Eiliv Ofigsbø of Norwegian Computer Emergency Response Team, or NorCERT, who also leads the NSM’s industrial espionage department. 

...The attacks were said to occur at the point in contract negotiations when email exchanges reached fever pitch. Key people were then identified and their computer links to company databases hacked, in some cases for months.

“We have to assume they have taken large amounts of information,” Ofigsbøe told The Local. “Anything else would be naïve.” (more)

Hiding Secret Data in VoIP Phone Calls

Researchers have devised a new scheme for hiding secret data within VoIP packets, making it possible to carry on legitimate voice conversations while stolen data piggybacks on the call undetected, making its way to thieves on the outside.

Click to enlarge.
Called transcoding steganography or TranSteg, the method calls for setting a larger-than-necessary payload space in VoIP packets and using the extra room to carry covert messages. In their experiment the researchers could send 2.2MB of covert data in each direction during an average seven-minute phone call.

As with all steganography, the objective is to deliver covert data without raising suspicions that a secret message even exists. (more)

Monday, November 14, 2011

NZ PM Discovers News Reporter's Bug

New Zealand prime minister John Key has filed a complaint with the police about an alleged secret recording made during the country's national election campaign.

Mr Key was having a cup of tea on Friday with a candidate for the ACT Party which is part of the governing coalition.

The event was organised as a picture opportunity, but after recording inside the cafe media were told to shoot from outside.

A radio microphone was left on the table in a pouch and discovered later by Mr Key.

A freelance cameraman says he left it there by mistake but handed a copy of the recording to the Herald On Sunday newspaper. (more)

Most free Android anti-malware scanners 'near to useless'

Summary: Most products achieved 0% detection rate.

http://tinyurl.com/BuyTheShirt
Free anti-malware apps for the Android operating system are ‘near to useless’ according to anti-malware testing specialists AV-Test.org.

The results of the testing [PDF download] were quite shocking, with most products achieving 0% detection rate. The best product, Zoner Antivirus Free, scored a miserable 32% in a manual scan and a more respectable 80% when it came to a real-time scan. And remember, this is the best of the free apps! (more)

Sunday, November 13, 2011

AAA Rolls Out Free Program to Spy on Teen Drivers

Erica Solum, a senior at Garces Memorial High School, didn't know she was being tracked. When she drove, her every movement was recorded, from her speed to location.

It wasn't until the 17-year-old was driving home from school Thursday that she noticed a small device, about the size of the palm of her hand, plugged into the Cadillac DeVille she drives.

When her father, Eric Solum, sat her down in front of the computer Thursday night, Erica connected the dots.

"He showed me the website page that said AAA Onboard," Erica Solum said. "(I said) 'Dad, is this a tracking device for teenagers?'" (more)

Wow, a 17-year old with a Cadillac De Ville?!?! All I ever got was my mom's dorky Rambler station wagon with a leaky head gasket (and was happy to get to borrow it). Hope she doesn't complain about the monitoring. I would have agreed to a 24/7 alien anal probe to monitor my "every movement" in a Cadillac De Ville! 
/rant ~ Kevin

"Yes, we have no Bananaman. We have no Bananaman, today."

A young Russian woman at the centre of a sex and spying scandal in Britain asked her German diplomat lover to pass on Nato secrets, intelligence sources have claimed.

It is believed Katia Zatuliveter made several attempts to get him to divulge information, including details of a top-secret Nato paper.

Miss Zatuliveter, 26, is facing deportation over claims she was working for Russian intelligence while having an affair with Liberal Democrat MP Mike Hancock. (more)

Tune in next week for the exciting conclusion...

WWI mystery spycatcher family discovered

BBC - More has been discovered about the life and curious times of a World War I "unknown heroine", whose spycatching exploits were found in the archives of the Royal Society of Chemistry.

In 1915, Mabel Elliott helped to uncover a German spy plot - but little was known about her background. An appeal for more information has found her surviving family - and a possible link to a German connection. But it also raises more questions about her role in this real-life spy story.

This unsung heroine, who spoke German and Dutch, had worked as a censor during the First World War and in 1915 had found a letter being sent to Holland with secret messages in invisible ink.

The discovery of these messages, written with lemon juice and formalin, detailing military movements, prompted the arrest of a suspected German spy, Anton Kuepferle. But before his trial had been concluded, the accused spy was found hanged in his cell, after apparently using a silk scarf to kill himself. He was said to have left a message admitting that he was a German officer. (Suicide. Silk scarf. Confession?!?! Are you buying this?) (more)

Could Facial Recognition Become the Next Emergency Broadcast System

The Emergency Broadcast System (EBS), a communications system which allows the government to commandeer radio and television broadcasting outlets to distribute emergency messages quickly, was tested this past week. The EBS started in 1963, and was preceded by a similar service called, CONELRAD. Electronic eminent domain has been around a long time. Hold that thought.

Today, The New York Times reports Face Recognition Makes the Leap From Sci-Fi.

"SceneTap, a new app for smart phones, uses cameras with facial detection software to scout bar scenes. Without identifying specific bar patrons, it posts information like the average age of a crowd and the ratio of men to women, helping bar-hoppers decide where to go. More than 50 bars in Chicago participate... The spread of such technology — essentially, the democratization of surveillance — may herald the end of anonymity. 

Those endeavors pale next to the photo-tagging suggestion tool introduced by Facebook this year... “Millions of people are using it to add hundreds of millions of tags,” says Simon Axten, a Facebook spokesman. Other well-known programs like Picasa, the photo editing software from Google, and third-party apps like PhotoTagger, from face.com, work similarly. 

And this technology is spreading. Immersive Labs, a company in Manhattan, has developed software for digital billboards using cameras to gauge the age range, sex and attention level of a passer-by.

Using off-the-shelf facial recognition software, researchers at Carnegie Mellon University were recently able to identify about a third of college students who had volunteered to be photographed for a study — just by comparing photos of those anonymous students to images publicly available on Facebook."
Have you connected the dots yet? 

Here is another clue...  
CALEA, a law passed in 1994, "To amend title 18, United States Code, to make clear a telecommunications carrier's duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes." Telecommunications yet another type of mass communications device which may now be commandeered by government.

Internet connected, facial recognition systems are rapidly becoming mainstream mass communications technology, just like radio, TV and telephones. It only makes sense that this too will be commandeered. The question is, will it be commandeered like EBS to broadcast emergency messages, or will it be commandeered like CALEA to be used for surveillance? Both, perhaps?

So far, the benefits of letting government commandeer mass communications (verses the abuse potential) make the gambit worthwhile. For this, we thank our legal system. It is time for them to walk the high wire again. Please, get us through this technical conundrum with grace and balance one more time.

The noose tightens... "You can run, but you can't hide." 

Should this all come to pass (it will), there may be some interesting social outcomes. Just as mass communications pulls society closer together, mass surveillance capabilities like CALEA, license plate readers, and the multitude of facial recognition surveillance systems may push people apart. Imagine a world where the density of: commercial video billboards and kiosks; business surveillance cameras; and government street/toll booth cameras, in urban areas, squeezes criminals into the suburbs and beyond.

How best to take advantage of the changes in our brave new world? 
I have a career tip for you.

~ Kevin

Saturday, November 12, 2011

This Week in World Spy News

Spy Day Celebrations In Russia - In Russia, every November 5th is "Spy Day," and celebrates a century of Russian espionage. This special day is not a leftover from the Soviet Union. Spy Day was established in 2000, by Vladimir Putin, the recently elected president of Russia, whose professional experience was as a Soviet era spy. But this was not an effort to regain some respect for Soviet era spies (many of whom were out of work after the Soviet Union dissolved in 1991). Rather, Putin was bringing attention to peace time spying. Like China, Russia has been very active in stealing foreign technology, and needs skilled spies to do it. (more)

Murdoch apologises for spying on parliament members - News Corp executive James Murdoch said on Thursday that staff within his company had ordered private investigators to follow and investigate members of the parliamentary committee investigating the phone hacking scandal. (more) 

EDF fined €1.5m for spying on Greenpeace - The energy company's former security chief was sentenced to three years in prison for employing a firm to hack into the energy watchdog's computers. (more) 

Facebook Chief: We're Not the Only Ones Spying On You - The complaint that Facebook prioritizes its own revenue targets above user security is hardly new. However, there is something fresh about Facebook CEO Mark Zuckerberg's recent attempt to distract users by pointing a finger at other tech companies -- most notably Microsoft, Google and Yahoo -- accusing them of being far less privacy conscious than Facebook. (more) 

WIFE SPYING ON HUBBY SPARKS A BOMB SCARE - A JEALOUS wife sparked a bomb scare when she had a tracking device fitted to her husband’s £40,000 sports car. Diletta Bianchini had private investigators install a GPS tracker to William Sachiti’s Lexus SC430. But when he found the gizmo he thought it was a bomb and rushed to the police. (more) 
 
Canada’s top spy watchdog resigns following National Post revelations - Arthur Porter, the chair of Canada’s spy review board, resigned on Thursday amid revelations of his business dealings with a notorious international lobbyist and his own close ties to the president of Sierra Leone. (more) 

Nixon Warned Grand Jury on Pentagon Spy Ring - Newly unsealed grand jury testimony by ex-President Richard Nixon shows he warned prosecutors and grand jurors not to probe an episode from 1971, when he discovered that the Joint Chiefs of Staff had been spying on him and national security adviser Henry Kissinger.  “Don’t open that can of worms,” Nixon told his interrogators in June 1975... (more) 

Nixon Peabody sued by tech firm over spy-ring claims - Nixon Peabody and two of its attorneys have been sued by an Illinois technology firm claiming that the lawyers were part of a scheme to paint company executives as part of a international spy ring. (more)

What did you expect? Spies steal stuff - Debutante plagiarist Q.R. Markham's temporarily-lauded spy thriller, Assassin of Secrets, is in fact a string of passages lifted from other books in the genre. No-one noticed until it was released, at which time readers noticed at once. The book's been recalled by publisher Little, Brown, whose president, Michael Pietsch, apologized in a prepared statement... (more)

Thursday, November 10, 2011

The Sign Said Office - The Guts Said SpyCam

Features
Color video and audio recording
Motion detection mode
Still image mode
Audio detection mode
Audio only recording mode
Time/date stamp

Technical Specs
Audio detection level: 60db
Power supply: Internal Li-Ion
Battery life: 2 hours recording time, up to 150 hours standby
Charging time: 2.5-3 hours
Still image resolution: 1600 x 1200
Video resolution: 640 x 480 @ 25FPS
File size: 40MB per minute
Weight 55g
Dimensions: 180 x 90 x 11mm
Storage: Micro SD Cards up to 16GB

Includes
1 Office sign
1 Software disc
1 Instruction booklet
1 USB Charging/Video out cable

Why do I mention it? So you will know what you're up against.

Wednesday, November 9, 2011

Today, a reporter asked me about corporate espionage...

Protect Your Assets - counterespionage.com
Q. Would you say that in addition to legitimate competitive intelligence gathering, that most major [industry deleted] manufacturers engage in industrial espionage of some kind as well? Or would this be exaggerating things?

A. If you use the term espionage broadly, I would say all. Everyone keeps an eye on the competition to some extent. Many of the tactics are legal, such as 'open source competitive intelligence'.

If you mean unethical espionage, I would say most. But, take into account that "unethical" means different things in different cultures. Eliciting information from a competitor's employee under a pretext may be viewed as unethical by some cultures, other cultures view it as a patriotic act …and, if that competitor has not taken steps to protect their valuables, then it is the competitor's business ethics which are questionable.

If you mean illegal espionage, then I would say probably most, but it is impossible to know for certain. Like all espionage, if conducted correctly, it is not found out. The cases of illegal espionage that we read about in the papers, and wind up in the courts, are the failures. They constitute the tip of the 'spyberg'.  

My feeling from being in the corporate counterespionage business for over three decades is that everyone engages in some form of espionage. And, over time, most of them have stepped into the last two categories (unethical and illegal) to some extent. These transgressions can range from occasionally accepting information without questioning how it was obtained, to the few who ruthlessly plot and snatch from the unsuspecting, like monkeys in a Buddhist temple.

Q. Is there a fine line between legitimate competitive intelligence gathering and spying - or is it very clear cut? (eg. As a journalist I have sometimes posed as someone working in industry when trying to find things out from a company switchboard in order to gain some information when they won't take calls from reporters etc.)

A. We actually call it a grey line. As I mentioned in the last question, there are varying shades of grey. In fact, you may want to interview Andrew Brown, the author of a revealing new book called, The Grey Line: Modern Corporate Espionage and Counter Intelligence. In the book he explains exactly how corporate espionage is conducted.

Q. If a major firm wants to find out what its biggest rival is up to, will it typically employ a third party specialist or attempt to gather the information in-house?  If they do seek out a specialist, are there a handful of key firms/individuals that are well-known in the trade or is it a much more fragmented industry?!

A. Business consultants and their minions (or "cutouts" as we call them) are the prime conduits of business intelligence. Most companies want 'the goods' but don't want to know how they were obtained, or get their hands and reputations dirty if the operation is exposed. That being said, it is known that some companies have dedicated in-house personnel, for better control. 

Also take into consideration that the government intelligence agencies of just about all countries (except the U.S.) actively collect and present business intelligence information to businesses in their homelands.

There are also people who occasionally pop up and try to sell information on a free-lance basis, or on-spec. My feeling is that they are looked upon with suspicion by potential buyers, as we hear about buyers alerting the victimized competitor to their offers. Makes sense. One never knows when one is being set-up.

Auto Speed Cam Tickets Everyone in Real Time

The Cordon multi-target photo radar system can keep tabs on as many as 32 vehicles moving along on a four lane highway using sensors that measure the speed of cars as they come in and out of the frame and recording their license plate numbers. Built-in infrared radar enables the technology to work 24 hours a day and the system can be networked to stream the data continuously to a central database via 3G, WiMAX or Wi-Fi.

There are currently speed enforcement photo cameras operating in some states, though the radar can’t track more than one vehicle at a time. ...it doesn’t only go after speedsters. The system can catch drivers sneaking into bus lanes or driving the wrong way thanks to integrated GPS technology that monitors a car’s coordinates. (FutureWatch - It will also conduct automated look-ups for outstanding warrants and stolen vehicles.) 

The radar camera system isn’t scheduled to debut in North American streets until 2012, so drivers with a heavy foot do have some time to repent and change their reckless ways. (more)