Friday, November 18, 2011

Zimbabwe Spy Caper Mysteriously Dropped

A spy caper involving an Ontario telecommunications firm fizzled when authorities in Zimbabwe suddenly dropped espionage charges.

Three Zimbabwean businessmen were accused of using a satellite system supplied by Juch-Tech Inc. of Hamilton to transmit state secrets to Canada, the United States and Afghanistan.

They were charged with running afoul of the country's Official Secrets Act, which prohibits the communication of information useful to an enemy.

However, reports from the African country say the attorney general's office in Harare has decided to withdraw the spying charges. (more)

Hummm, Zimbabwe?!?! 
Might be time to connect the dots.

We're Smiley. Spying Is Sexy Again!

You know what movie profession is in need of serious comeback? The spy. Not the "all flash and explosions of James Bond" spy, but the "shadowy guy on the street corner" spy. It's been too long since we've celebrated the clandestine charm of old-fashioned intelligence agents. It's time we bring them back.

Thankfully, we're in luck. "Tinker Tailor Soldier Spy" is just the movie to do it. The film, which touts an all-British cast of ridiculously high caliber led by Gary Oldman, doesn't hit theaters until December 9, but we have exclusive clips from the movie. (more)

Thursday, November 17, 2011

US - Congress is launching an investigation into whether Huawei Technologies Co. and other Chinese telecommunications firms pose a potential national-security threat as they expand in the U.S... 

The probe by the House intelligence committee marks an intensification of U.S. scrutiny of the potential threat, in particular from Chinese firms like Huawei and ZTE Corp. Intelligence officials have shared with lawmakers concerns that such expansion could give China a foothold for electronic spying in the U.S., according to a congressional aide...

U.S. officials worry the Chinese government could access that equipment and track phone calls or emails, or disrupt or destroy a communications system. It's also possible that such access could provide an avenue for eavesdropping on phone calls or intercepting emails in combination with other technologies, according to an industry specialist. (more)

"Cheaping out on security can cost a lot more than it saves."

via By J.F. Rice, Computerworld...
Cadillac or Kia? 
How much security is enough, and how much is too much?

...I was criticized for proposing "Cadillac" solutions to security challenges -- "Cadillac" being code for "too expensive." ...Our CIO told me that I should start thinking about partial solutions instead of more comprehensive approaches to improving our security. "Instead of trying to solve the whole problem, which is too much for us to handle, just solve a part of it," he told me.
...I've had a lot of time to think about excellence and how it applies to security. Unlike other IT specializations, where partial solutions can be effective, security has a lot more of an all-or-nothing aspect. There are some things we just have to do, or else we risk heavy consequences, up to and including complete failure of the company itself. Security is important to the continuing operation of the company. 

If we try to save a few bucks by cutting our security budget, we might end up with a breach that could have been prevented, leading to loss of customer confidence, bad publicity, lack of compliance with legal regulations, theft of our confidential data by a competitor or worse.
...a successful security program requires excellence. Otherwise, the gaps and holes we don't close will be the ones that ultimately cause our downfall. ...Cheaping out on security can cost a lot more than it saves. ...we really do need the Cadillac. (more)

Mr. Rice is a brave man to stand by his principles under economic pressure. The fact that 'right' is on his side helps, of course. Having been called a Cadillac by a budget-bleeding client once, I feel his pain. I have also seen "complete failure of the company itself" for lack of a Cadillac-level business espionage countermeasures security program.

BTW, I own a Cadillac (five of them, over the past 15 years). Why? Basically, for its rock solid dependability. I have never lost a dime due to a breakdown keeping me from an appointment. Cadillacs are cost-effective assurance against failure. A long time ago, I had an Olds Cutlass (gurrr). Don't get me started. I learned my lesson.

Encrypted Spyware Foils Antivirus Programs

Attackers in Brazil have found a way to sneak around antivirus programs by using cryptography.... the virus writers behind this particular attack publishes new mirrors and new variants of the malware about every 2 days, though the encryption code has remained the same so far. This is certainly scary for anyone out there that values their private information, and I just hope that the antivirus software companies can keep up. (more)


Today in Eavesdropping History...

On Nov. 17, 1973, President Nixon told an Associated Press managing editors meeting in Orlando, Fla., that "people have got to know whether or not their president is a crook. Well, I'm not a crook.''


Kennedy "I have never had Addison’s disease."
Johnson "We still seek no wider war"
Nixon SEE ABOVE
Carter "I would not use military force to free the hostages"
Reagan "We did not -- repeat did not -- trade weapons or anything else for hostages nor will we."
GHW Bush "Congress will push me to raise taxes...and I'll say read my lips, no new taxes!"
Clinton "I did not have sexual relations with that woman Miss Lewinsky"
GW Bush "We have found Weapons of Mass Destruction in Iraq"

Security Alert: Check Your Computer for Ghost Click DNS Settings (FREE)

Trend Micro and the FBI announced the dismantling of a criminal botnet, in what is the biggest cybercriminal takedown in history. 

This concerted action against an entrenched criminal gang is highly significant and represents the biggest cybercriminal takedown in history. Six people have been arrested through multinational law enforcement cooperation based on solid intelligence supplied by Trend Micro and other industry partners. more than 4 million victims in over 100 countries have been rescued from the malign influence of this botnet and an infrastructure of over 100 criminal servers has been dismantled with minimal disruption to the innocent victims.

If you are worried that you might have been a victim of this criminal activity, the FBI have made an online tool available which will allow you to check if your DNS server settings have been tampered with.

First you will need to discover what your current DNS server settings are:

On a PC, open the Start menu by clicking the Start button or the Windows icon in the lower left of your screen, in the Search box type “cmd” and hit return (for Windows 95 users, select “Start“, then “Run“).This should open a black window with white text. In this window type “ipconfig /all” and hit return. Look for the entry that reads “DNS Servers” and note down the numeric addresses that are listed there.

On a Mac (yes they can be victims too), click on the Apple icon in the top left of your screen and select “System Preferences“, from the Preferences panel select the “Network” icon. Once this window opens, select the currently active network connection on the left column and over on the right select the DNS tab. note down the addresses of the DNS servers that your computer is configured to use.

FREE: You can check to see if these addresses correspond to servers used by the criminals behind Operation Ghost Click by using this online tool provided by the FBI, simply enter the IP addreses, one by one and click the “check ip” button. (more)

Worth checking. I did. Fortunately, no problems. ~Kevin

How to Control Wireless Devices in a Corporate Environment

Wireless poses a persistent threat to corporations today and all devices (laptops, smart phones, tablets, etc) must be integrated within a consistent enterprise security policy framework. In addition, an enterprise mobility solution must continuously monitor all mobile devices and dynamically adapt their capabilities for every situation. 

McAfee and AirPatrol are hosting a FREE webinar showing how-to protect your mobile assets and enhance employee productivity.

(An education if you are trying to solve this problem.)

Date: Tuesday, Nov 29, 2011 
Time: 1:00 pm US Eastern Time 
Sign up for the FREE webcast.

21st Century Black Adders (Do You Trust Your IT People?)

NJ - A former Hoboken municipal employee is accused of breaking into Mayor Dawn Zimmer's e-mail account and forwarding them to other city officials.

Patrick Ricciardi is scheduled to be arraigned in federal court in Newark this afternoon.

Ricciardi was employed by Hoboken as an IT specialist. Prosecutors allege Ricciardi used his position and administrative privileges to break into Zimmer's e-mail account and forward e-mails to at least three city officials. (more)

It is not like I haven't warned you...
(from 2008) A new survey released this week shows nearly all company computer gurus say they wouldn’t hesitate to screw over their place of employment if they lost their jobs. A whopping 88 percent of IT professionals admit they’d happily hack everything from high-ranking passwords to customer info and sensitive R&D plans on their way out the door. A third of them say they already look through corporate data and know how much everyone’s making — and that’s just an average afternoon activity. (more)

Wednesday, November 16, 2011

Norway Suffers Largest Case of Industrial Espionage in its History

National security officers in Norway have uncovered what they say is the most wide-ranging theft of industrial data in the country’s history.

Ten serious cases of industrial espionage are being investigated, say officers of the Police Security Service, or PST, and the National Security Authority. 

...The Local has received suggests some industrial data has been stolen by simply inserting malicious memory sticks into the laptops of travelling company representatives.

“Whenever we go abroad, the whole hard disc has to be cleansed of spyware,” an IT worker in one of the industries targeted told The Local.

...The ten instances of computer espionage are just the tip of the iceberg, said Eiliv Ofigsbø of Norwegian Computer Emergency Response Team, or NorCERT, who also leads the NSM’s industrial espionage department. 

...The attacks were said to occur at the point in contract negotiations when email exchanges reached fever pitch. Key people were then identified and their computer links to company databases hacked, in some cases for months.

“We have to assume they have taken large amounts of information,” Ofigsbøe told The Local. “Anything else would be naïve.” (more)

Hiding Secret Data in VoIP Phone Calls

Researchers have devised a new scheme for hiding secret data within VoIP packets, making it possible to carry on legitimate voice conversations while stolen data piggybacks on the call undetected, making its way to thieves on the outside.

Click to enlarge.
Called transcoding steganography or TranSteg, the method calls for setting a larger-than-necessary payload space in VoIP packets and using the extra room to carry covert messages. In their experiment the researchers could send 2.2MB of covert data in each direction during an average seven-minute phone call.

As with all steganography, the objective is to deliver covert data without raising suspicions that a secret message even exists. (more)

Monday, November 14, 2011

NZ PM Discovers News Reporter's Bug

New Zealand prime minister John Key has filed a complaint with the police about an alleged secret recording made during the country's national election campaign.

Mr Key was having a cup of tea on Friday with a candidate for the ACT Party which is part of the governing coalition.

The event was organised as a picture opportunity, but after recording inside the cafe media were told to shoot from outside.

A radio microphone was left on the table in a pouch and discovered later by Mr Key.

A freelance cameraman says he left it there by mistake but handed a copy of the recording to the Herald On Sunday newspaper. (more)

Most free Android anti-malware scanners 'near to useless'

Summary: Most products achieved 0% detection rate.

http://tinyurl.com/BuyTheShirt
Free anti-malware apps for the Android operating system are ‘near to useless’ according to anti-malware testing specialists AV-Test.org.

The results of the testing [PDF download] were quite shocking, with most products achieving 0% detection rate. The best product, Zoner Antivirus Free, scored a miserable 32% in a manual scan and a more respectable 80% when it came to a real-time scan. And remember, this is the best of the free apps! (more)

Sunday, November 13, 2011

AAA Rolls Out Free Program to Spy on Teen Drivers

Erica Solum, a senior at Garces Memorial High School, didn't know she was being tracked. When she drove, her every movement was recorded, from her speed to location.

It wasn't until the 17-year-old was driving home from school Thursday that she noticed a small device, about the size of the palm of her hand, plugged into the Cadillac DeVille she drives.

When her father, Eric Solum, sat her down in front of the computer Thursday night, Erica connected the dots.

"He showed me the website page that said AAA Onboard," Erica Solum said. "(I said) 'Dad, is this a tracking device for teenagers?'" (more)

Wow, a 17-year old with a Cadillac De Ville?!?! All I ever got was my mom's dorky Rambler station wagon with a leaky head gasket (and was happy to get to borrow it). Hope she doesn't complain about the monitoring. I would have agreed to a 24/7 alien anal probe to monitor my "every movement" in a Cadillac De Ville! 
/rant ~ Kevin

"Yes, we have no Bananaman. We have no Bananaman, today."

A young Russian woman at the centre of a sex and spying scandal in Britain asked her German diplomat lover to pass on Nato secrets, intelligence sources have claimed.

It is believed Katia Zatuliveter made several attempts to get him to divulge information, including details of a top-secret Nato paper.

Miss Zatuliveter, 26, is facing deportation over claims she was working for Russian intelligence while having an affair with Liberal Democrat MP Mike Hancock. (more)

Tune in next week for the exciting conclusion...