World's Smallest USB Stick, nah... Shtik

Psst... It's the thingy on the right.

Think it's hard to stop USB stick info-espionage now? Just wait. And, wait until they come as promotional give-a-ways. The urge to use them will be uncontrollable. Gee, what if they are pre-loaded with spyware? Losing them will be equally uncontrollable. What more could the spies of 2012 ask for?

The new 19.5 x 14.5 x 2.9 mm USB stick will be available in 4, 8 or 16GB capacity versions when it's launched. (more)

BTW, do you have a program to deal with USB vulnerabilities?

Security Director Alert: Law Enforcement Spied Upon Using Police-Level Surveillance Tactics... The Business Espionage Crowd Does It Too

Canada - Workers with the Canada Border Services Agency and Citizenship and Immigration Canada were spied on during an employee-appreciation event in June, according to a government intelligence alert issued the following month. 

Sample Room Bug

"While the true purpose of the surveillance is unknown," such spy tactics are often used by organized crime groups to "better know their adversaries, as well as to target individuals believed to be susceptible to co-option," according to the memo, issued by a CBSA intelligence officer... "It's not just a bunch of thugs trying to force their way in," he said. "They can employ tactics or equipment that match the level of sophistication that law enforcement can employ."

...The method of surveillance was not specified, nor was it clear how the government came to learn about it. (more)

What does this mean to you?

• Adversarial surveillance is very real. 

• This is a rare case of it being exposed. 

• Expect to be "sized up" before an espionage attack. 

• Expect the attack to use sophisticated techniques; including advanced electronic surveillance eavesdropping. 

• Realize that during this extended intelligence collection phase, you have an opportunity to detect and deflect, before the harm is done... if you conduct regularly scheduled TSCM inspections.

Anatomy of a Chinese Hack Attack

A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter. The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. (more) 

How did they do it?

Click to enlarge.

Security Director Tips: On Checking Your Electronic Privacy Rights at the Border

"Our lives are on our laptops – family photos, medical documents, banking information, details about what websites we visit, and so much more. Thanks to protections enshrined in the U.S. Constitution, the government generally can’t snoop through your laptop for no reason. But those privacy protections don’t safeguard travelers at the U.S. border, where the U.S. government can take an electronic device, search through all the files, and keep it for a while for further scrutiny – without any suspicion of wrongdoing whatsoever."

Thus begins the Electronic Frontier Foundation's new paper, Defending Privacy at the Border - A Guide for Travelers Carrying Digital Devices which is full of good tips for protecting your electronic information while traveling. Keep in mind, although the paper focuses on the United States border crossings, you will also be dealing with the country you are visiting. And, some of them are a whole lot more aggressive.

Random Tip #1 - Before your trip, mail your laptop to a trusted person at your final destination. Password protect your drive. Encrypt the data on the drive. Only have essential information on the drive. Wipe the drive before you return home.

Random Tip #2 - "On the most modern laptops, it’s possible to use an SD card like a hard drive; thus, you can choose to use an SD card in place of a conventional hard drive and keep your entire operating system and all your data on on it. (You should still use disk encryption for the data on the SD card.) Since you can keep the SD card in your pocket or wallet when it’s not in use, it’s considerably harder for someone to take it from you without your knowledge or tamper with it (although, since it’s so tiny, it’s much easier to lose)... it’s easier to send them in the mail or even easily erase or destroy a card when you no longer need it... You can even use the same SD card in a digital camera for taking photos, so that a single card serves both as your camera storage medium and your encrypted hard drive."

Safe travels. ~Kevin

Cautionary Tale: Sabotage by Wiretap - What if it were your phone call?

Russia - Boris Nemtsov, one of Russia's main opposition leaders has accused Kremlin agents of illegally bugging his phone after a newspaper released embarrassing recordings of his private phone calls.

The material was potentially damaging for Mr Nemtsov, one of the principal organisers of a recent spate of anti-Kremlin protests, as he can be heard insulting his fellow opposition leaders in obscene terms and belittling his own supporters as "internet hamsters" and "scared penguins." 

A deputy prime minister in the 1990s and a founder of the opposition Solidarity movement, Mr Nemtsov claimed the release of the recordings was a cynical Kremlin attempt to sabotage a big opposition protest planned for Christmas Eve by triggering internal squabbling among its organisers.

"Parts of these conversations are really genuine," he wrote in his blog. (more)

Tip: Periodically check for bugs and taps. (more)

Surveillance Quote of the Day - By 2020 You Will Be Archived for 25 Cents

"...by 2015 it will cost only two cents to store all phone calls made by the average mobile phone user. Now picture this, a city with a population of 12 million which has about 500,000 video cameras, one video cam for every 24 people. By 2020, the declining costs for digital storage will make it possible to store all of that video acquired, in high resolution, for about a quarter per person. As for other types of digital communication, don't count on encryption not to be cracked." ~ Darlene Storm (more)

FutureWatch: Big Brother's Ubiquitous Surveillance Circus

As the price of digital storage drops and the technology to tap electronic communication improves, authoritarian governments will soon be able to perform retroactive surveillance on anyone within their borders, according to a Brookings Institute report.

These regimes will store every phone call, instant message, email, social media interaction, text message, movements of people and vehicles and public surveillance video and mine it at their leisure, according to "Recording Everything: Digital Storage as an Enabler of Authoritarian Government," written by John Villaseno, a senior fellow at Brookings and a professor of electrical engineering at UCLA.

That will enable shadowing people's movements and communications that took place before the individuals became suspects, he says. (more)

"We all prisoners, Chicky babe. We's all locked in."

'Fake Sheik' appears at UK phone hacking inquiry

UK - The star undercover reporter for the now-defunct News of the World tabloid told Britain's media ethics inquiry Monday that he duped celebrities only to expose criminality, immorality or hypocrisy.

The original "Fake Sheiks"

Mazher Mahmood, who worked for the Rupert Murdoch-owned newspaper for 20 years, said he had not been aware illegal phone hacking was going on until the newspaper's royal reporter, Clive Goodman, was arrested in 2006. Goodman was later jailed for eavesdropping on the mobile phone voice mails of members of the royal family staff.

Mahmood is a controversial figure, nicknamed the "Fake Sheik" after his signature ruse of pretending to be a rich Gulf businessman to trap celebrities, politicians and suspected criminals. (more)

Why Hack a Hotel's Internet Provider?

Google and Intel were logical targets for China-based hackers, given the solid-gold intellectual property data stored in their computers. An attack by cyberspies on iBahn, a provider of Internet services to hotels, takes some explaining.

iBahn provides broadband business and entertainment access to guests of Marriott International and other hotel chains, including multinational companies that hold meetings on site. Breaking into iBahn's networks, according to a senior U.S. intelligence official familiar with the matter, may have let hackers see millions of confidential emails, even encrypted ones, as executives from Dubai to New York reported back on everything from new-product development to merger negotiations.

More worrisome, hackers might have used iBahn's system as a launchpad into corporate networks that are connected to it, using traveling employees to create a backdoor to company secrets, said Nick Percoco, head of Trustwave's SpiderLabs, a security firm...

The networks of at least 760 companies, research universities, Internet service providers and government agencies were hit over the last decade by the same group of China-based cyberspies. (more)

FBI Announces Theft of Trade Secrets Indictment

Tung Pham, 46, formerly of Conshohocken, Pennsylvania, currently residing in California, was charged today by indictment with theft of trade secrets and wire fraud, announced United States Attorney Zane David Memeger. Pham was charged with stealing trade secrets regarding pastes used in the manufacture of solar cells from his former employer. (more)

Here is how it started, back in 2009...
 

The Photovoltaic Materials Business Unit of Heraeus has selected Tung Pham to fill the position of research scientist for the organization. Reporting to Dr. Weiming Zhang, Heraeus' Global PV research and development manager, Pham will work primarily in the North American research and development lab located in West Conshohocken, Pennsylvania.

Pham has an extensive background in developing metallization pastes and thick film conductors for the microelectronics and photovoltaic industries. He has authored numerous technical presentations on materials and the construction of silicon solar cells. Pham earned his bachelor's degree in Engineering from California Polytechnic University.

According to Dr. Zhang, Pham will be working on advancements to Heraeus' current paste platforms and developing the next-generation of PV materials to meet the growing worldwide demand for solar cells. (more)

"Yes, and they have 2-way radios, too!" Dutch parliament gets clued in.

The Netherlands - Eavesdropping software that can be installed from a distance on the computers of suspects is available to the police, justice minister Ivo Opstelten told parliament on Monday evening. (more)

Fun Fact...
The Netherlands sanctions more phone taps per head of population than any other country in the world.

Pizza Mobster Wiretaps... Himself

MA - A city man has been charged with illegally taping two phone conversations he had with a man who wanted to arrange the robbery of a company in Lawrence, police said.

Charles "Dino" Manjounes, 48, of 94 Keeley St., was arrested Friday at 3:45 p.m. at his work place, Riverside Pizza, 181 Groveland St., and charged with extortion by threat or injury and two counts of unlawful wiretapping...

Manjounes had put an employee of Colony Foods in contact with a person identified merely as "Death," according to Schena's report. "Death'' told the employee the robbery would cost $20,000. When the employee protested, Death said the cost would be $30,000 — and that he would drag him out of his work place and kill him if he failed to pay, the report said. (more)

Nelson Mandela 'spy' cameras confiscated by police

South African police have confiscated cameras they say were illegally filming Nelson Mandela's house in his home village of Qunu in the Eastern Cape.

Police spokesman Vishnu Naidoo told the BBC that two media groups were being investigated.

The cameras were found in a neighbour's house and had been constantly filming the ex-president's residence, he said. (more)

Security Quote of the Day

"The Android platform is where the malware action is. I believe that smart phones are going to become the primary platform of attack for cybercriminals in the coming years." ~ Bruce Schneier, author of the best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish, Twofish, Threefish, Helix, Phelix, and Skein algorithms.

Industrial Espionage Gang Sends Malicious Emails

A cybercrime gang that primarily targets companies from the chemical industry has launched a new series of attacks that involve malware-laden emails purporting to be from Symantec, the security vendor responsible for exposing its operation earlier this year.

Dubbed the Nitro attacks, the gang's original industrial espionage efforts began sometime in July and lasted until September. The attackers' modus operandi involved sending emails that carried a variant of the Poison Ivy backdoor and were specifically crafted for each targeted company... 

"The same group is still active, still targeting chemical companies, and still using the same social engineering modus operandi," security researchers from Symantec said in a blog post on Monday. (more)