French technology company Amesys is offloading its business that sells Internet-interception equipment, a move that comes six months after it became public that Moammar Gadhafi's regime had been using the technology to spy on Libyans.
Bull SA, Amesys's parent company, said Thursday it had "signed an exclusivity agreement with a view to negotiating the sale of the activities" related to its Eagle interception product. Bull declined to identify the buyer. (more)
Wednesday, March 14, 2012
From Racoon Twsp. in Beaver County a Bed Bugger's Comedy
PA - A Raccoon Township man was charged after police said he hid a listening device under his wife's bed in an attempt to catch her having an affair.
Suzanne Cripe, contacted police and said she had found a "transmitter device" under her bed... She told police she thought the device had been placed there by her husband, Wayne Comet Cripe.
The Cripes "have been separated for some time," and were still sharing a house, but they had separate bedrooms, the police report said.
Suzanne Cripe, contacted police and said she had found a "transmitter device" under her bed... She told police she thought the device had been placed there by her husband, Wayne Comet Cripe.
The Cripes "have been separated for some time," and were still sharing a house, but they had separate bedrooms, the police report said.
When police made contact with Wayne Cripe he said, "I guess she found the transmitter," before police even asked him any questions.
Cripe told the police he put the transmitter under his wife's bed because he wanted to know whether she and her boyfriend were having sex. He told police he was tired of hearing them and wanted to know "if the coast was clear" before entering his home. (more)
SpyCam Story #657 - This Week in SpyCam News
SpyCam stories have become commonplace and the techniques used, repetitive. We continue to keep lose track of the subject for statistical purposes, but won't bore you with the details. Only links to the stories will be supplied unless there is something useful to be learned.
Monday, March 12, 2012
FutureWatch - Facebook and the Fourth Amendment
Click to enlarge |
"The recent trend toward social readers and other types of frictionless sharing may at first glance seem innocuous, if inane... users may not understand that sharing what they read with friends may mean sharing what they read with the government, as well. That is a whole lot more serious than just annoying your friends with your taste for celebrity gossip. Indeed, it may be another step toward the death of the Fourth Amendment by a thousand cuts." —Margot Kaminski, writing in the Wake Forest Law Review (more)
Surprise! Trade Secret Theft is not automatically Economic Espionage
Corporate espionage used to be rather straight forward as the typical Coke-Pepsi textbook example illustrates. It is a crime when one stole company data/trade secrets and passed it to a business rival.
This was, however, not quite the case of former Goldman Sachs computer programmer Sergey Aleynikov. A US federal appeals court acquitted Aleynikov in mid-February after he had served a year of his eight-year sentence... His acquittal was not only a blow to his former employer but also the Department of Justice.
Most importantly, his case is an acid test of the 16-year old Economic Espionage Act that specifically targets theft of trade secrets.
The Economic Espionage Act makes theft or misappropriation of a trade secret a federal crime, whether it is with the knowledge or intent that the theft will benefit a foreign power or for interstate and/or international commerce with the knowledge or intent that it will hurt the owner of the trade secret.
Coincidentally just a week before Aleynikov was let go, another US court acquitted Chinese-born American software developer Hanjuan Jin for allegedly stealing confidential information from her employer Motorola Inc...
But the judge said while the evidence showed she stole trade secrets...it was not enough to prove she committed economic espionage by selling the information to a foreign government or entity. (more)
Moral: Prevention is more swift and sure than legal protection. Get professional help.
This was, however, not quite the case of former Goldman Sachs computer programmer Sergey Aleynikov. A US federal appeals court acquitted Aleynikov in mid-February after he had served a year of his eight-year sentence... His acquittal was not only a blow to his former employer but also the Department of Justice.
Most importantly, his case is an acid test of the 16-year old Economic Espionage Act that specifically targets theft of trade secrets.
The Economic Espionage Act makes theft or misappropriation of a trade secret a federal crime, whether it is with the knowledge or intent that the theft will benefit a foreign power or for interstate and/or international commerce with the knowledge or intent that it will hurt the owner of the trade secret.
Coincidentally just a week before Aleynikov was let go, another US court acquitted Chinese-born American software developer Hanjuan Jin for allegedly stealing confidential information from her employer Motorola Inc...
But the judge said while the evidence showed she stole trade secrets...it was not enough to prove she committed economic espionage by selling the information to a foreign government or entity. (more)
Moral: Prevention is more swift and sure than legal protection. Get professional help.
Social Media Spy Trick #101 - Know Who Your Friends Are... really.
Spies opened a fake Facebook account under the name of NATO’s supreme allied commander, Adm. James Stavridis, and fooled senior British defense and government officials into accepting friend requests, it was reported yesterday.
The incident allowed the reportedly Chinese spies access to the personal e-mail and contact information of some British officials, but it was unlikely any military secrets were compromised, according to The Sunday Telegraph.
“Discussions/chats/postings on Facebook are of course only about unclassified topics,” a NATO official said of the information that was accessed. (more)
The incident allowed the reportedly Chinese spies access to the personal e-mail and contact information of some British officials, but it was unlikely any military secrets were compromised, according to The Sunday Telegraph.
“Discussions/chats/postings on Facebook are of course only about unclassified topics,” a NATO official said of the information that was accessed. (more)
Is this Web Site Malicious?
Special thanks to Lenny Zeltser...
Several organizations offer free on-line tools for looking up a potentially malicious website. Some of these tools provide historical information; others examine the URL in real time to identify threats:
- AVG LinkScanner Drop Zone: Analyzes the URL in real time for threats
- BrightCloud URL/IP Lookup: Presents historical reputation data about the website
- Cisco IronPort SenderBase Security Network: Presents historical reputation data about the website
- G-Data MonkeyWrench Beta: Analyzes the URL in real time for threats (about)
- F-Secure Browsing Protection: Presents historical reputation data about the website
- Finjan URL Analysis: Analyzes the URL in real time for threats
- KnownSec: Presents historical reputation data about the website; Chinese language only
- Norton Safe Web: Presents historical reputation data about the website
- ParetoLogic URL Clearing House: Looks up malicious sites discovered using a web honeypot; registration required
- PhishTank: Looks up the URL in its database of known phishing websites
- Malware Domain List: Looks up recently-reported malicious websites
- MalwareURL: Looks up the URL in its historical list of malicious websites
- McAfee Site Advisor: Presents historical reputation data about the website
- McAfee TrustedSource: Presents historical reputation data about the website
- Trend Micro Web Reputation: Presents historical reputation data about the website
- Unmask Parasites: Looks up the URL in the Google Safe Browsing database
- URL Blacklist: Looks up the URL in its database of suspicious sites
- URL Query: Looks up the URL in its database of suspicious sites and examines the site's content
- URLVoid: Looks up the URL in several website blacklisting services
- vURL: Retrieves and displays the source code of the page; looks up its status in several blocklists
- Web of Trust: Presents historical reputation data about the website; community-driven
- Wepawet: Analyzes the URL in real time for threats
- Zscaler Zulu URL Risk Analyzer: Examines the URL using real-time and historical techniques
On Corporate Intellectual Fruit ...and how to keep it.
Dodd-Frank related governance issues such as say-on-pay and proxy access have been well known focal points for boardrooms during the 2012 proxy and annual meeting season, but another issue has topped headlines and is of increasing concern to boardrooms: business intelligence gathering activities...
Effective corporate governance principles dictate that those who conduct unethical or, worse, illegal activities on behalf of a company must be brought to heel.
The phrase “traditional intelligence gathering” has its roots corporate espionage.
Popular targets include technology related industries such as software, hardware, aerospace, biotechnology, telecommunications and energy, among others... It is clear, however, that no specific industry or sector is immune to these issues. (more)
Intelligence is the fruit of creativity; the food by which companies grow. Fruit that falls and rolls into the road is picked up by competitive intelligence professionals, legally. But when they come on property and pick fresh, ripe fruit off the trees, it's illegal. With a good fence, you can keep all your fruit.
Friday, March 9, 2012
Pursuit Magazine Book Review - "Is My Cell Phone Bugged?"
By Stephanie Mitchell, CompassPoint Investigations / Pursuit Magazine
"'Nearly everyone carries instant access to phone service, and tapping has become a personal concern.' The well documented comprehensive guide Is My Cell Phone Bugged, by Kevin D. Murray, provides well-documented information and research addressing cell phone privacy issues.
I found the book well written and superbly formatted. Even those who are not technologically savvy will find it to be very user-friendly. At no time during my reading did I feel bogged down with complicated technical language! Mr. Murray’s explanation and thorough direction assists the reader in regaining their privacy and the security of their personal information. Mr. Murray’s guidance ensures the reader that cell phone security and privacy can be achieved even if you are not a counterespionage expert.
I was impressed with the wealth of information and knowledge I gained from this book. Topics include: communications technology, purchasing secure cordless devices, how to avoid pre-bugged cell phones, understanding and identifying spyware, preventing tapping and information leaks, caller-ID technology, and identifying when your phone is under surveillance. As an investigator, I was particularly appreciative of the Legal Issues chapter covering privacy laws in a clear and precise manner." (complete review)
Thank you — Kevin
"'Nearly everyone carries instant access to phone service, and tapping has become a personal concern.' The well documented comprehensive guide Is My Cell Phone Bugged, by Kevin D. Murray, provides well-documented information and research addressing cell phone privacy issues.
I found the book well written and superbly formatted. Even those who are not technologically savvy will find it to be very user-friendly. At no time during my reading did I feel bogged down with complicated technical language! Mr. Murray’s explanation and thorough direction assists the reader in regaining their privacy and the security of their personal information. Mr. Murray’s guidance ensures the reader that cell phone security and privacy can be achieved even if you are not a counterespionage expert.
I was impressed with the wealth of information and knowledge I gained from this book. Topics include: communications technology, purchasing secure cordless devices, how to avoid pre-bugged cell phones, understanding and identifying spyware, preventing tapping and information leaks, caller-ID technology, and identifying when your phone is under surveillance. As an investigator, I was particularly appreciative of the Legal Issues chapter covering privacy laws in a clear and precise manner." (complete review)
Thank you — Kevin
Thursday, March 8, 2012
From that wonderful state that brought you the Hatfield–McCoy feud... The Rat App
“If every West Virginia resident that owns a smart phone (and knows how to use it) gets this app . . . you'll literally have 10 (sic) citizen spy's working for you!” – a review at the Google Android app store
Snitching has eventually entered the digital age thanks to a new smartphone app that lets anyone, anywhere tell the police: “Hey! That’s kind of weird!”
Authorities in the state of West Virginia are encouraging residents to install an Android and iPhone application that lets alerting law enforcement of suspicious activity become as easy as a click of a button — or, for some smartphone owners, the touch of a screen.
The official government website for the state of West Virginia now prominently features a product available for download on select mobile devices. It’s the Suspicious Activity Reporting mobile application and it lets users type up notes about any mundane yet worrisome incident they witness and send it straight over to local law enforcement. The app even allows the user to capture and upload a photo of someone they might consider suspicious, only to then provide the police with a detailed visual description of someone who may — or may not — be up to no good...
The device’s manufacturers add that any tips, such as suspicious vehicles or mysterious packages, can be reported anonymously if the user opts for that choice. (more)
Authorities in the state of West Virginia are encouraging residents to install an Android and iPhone application that lets alerting law enforcement of suspicious activity become as easy as a click of a button — or, for some smartphone owners, the touch of a screen.
The official government website for the state of West Virginia now prominently features a product available for download on select mobile devices. It’s the Suspicious Activity Reporting mobile application and it lets users type up notes about any mundane yet worrisome incident they witness and send it straight over to local law enforcement. The app even allows the user to capture and upload a photo of someone they might consider suspicious, only to then provide the police with a detailed visual description of someone who may — or may not — be up to no good...
The device’s manufacturers add that any tips, such as suspicious vehicles or mysterious packages, can be reported anonymously if the user opts for that choice. (more)
FutureWatch - The actual process of filing a report with a live police official filtered out most casual / grudge / unfounded / harassment complaints in the past. With app-happy ease and the promise of anonymity might not the floodgates of neighborly bile open? And, should we really believe that identifying information (phone number, GPS, etc.) won't get transmitted just because you pressed an app's anonymous button? When you call 911, caller ID blocking doesn't block.
Labels:
amateur,
App,
cell phone,
lawsuit,
mores,
police,
social engineering
Van Eck 2012 - Brain Sucking Cell Phone Spiders
The processors in smart phones and tablets leak radio signals that betray the encryption keys used to protect sensitive data.
At the RSA computer security conference last week, Gary Kenworthy of Cryptography Research held up an iPod Touch on stage and looked over to a TV antenna three meters away. The signal picked up by the antenna, routed through an amplifier and computer software, revealed the secret key being used by an app running on the device to encrypt data. An attacker with access to this key could use it to perfectly impersonate the device he stole it from—to access e-mail on a company server, for example.
The antenna was detecting radio signals "leaking" from the transistors on the chip inside the phone performing the encryption calculations. Transistors leak those signals when they are active, so the pattern of signals from a chip provides an eavesdropper a representation of the work the chip is doing. When Kenworthy tuned his equipment to look in the right place, a clear, regular pattern of peaks and troughs appeared on his computer screen. They could be seen to come in two varieties, large and small, directly corresponding to the string of digital 1s and 0s that make up the encryption key.
"You could build an antenna into the side of a van to increase your gain—well, now you've gone from 10 feet to 300 feet." (more) (creepy computerized audio version) (Van Eck)
At the RSA computer security conference last week, Gary Kenworthy of Cryptography Research held up an iPod Touch on stage and looked over to a TV antenna three meters away. The signal picked up by the antenna, routed through an amplifier and computer software, revealed the secret key being used by an app running on the device to encrypt data. An attacker with access to this key could use it to perfectly impersonate the device he stole it from—to access e-mail on a company server, for example.
The antenna was detecting radio signals "leaking" from the transistors on the chip inside the phone performing the encryption calculations. Transistors leak those signals when they are active, so the pattern of signals from a chip provides an eavesdropper a representation of the work the chip is doing. When Kenworthy tuned his equipment to look in the right place, a clear, regular pattern of peaks and troughs appeared on his computer screen. They could be seen to come in two varieties, large and small, directly corresponding to the string of digital 1s and 0s that make up the encryption key.
"You could build an antenna into the side of a van to increase your gain—well, now you've gone from 10 feet to 300 feet." (more) (creepy computerized audio version) (Van Eck)
Info Security in 2 Steps - Train Your Humans, Have Your Technical Vulnerabilities Checked and Patched
There’s a famous saying that “amateurs hack systems, while professionals hack people.” The point is that security technology designed to stop hackers, spies, phishers and frauds are always compromised by timeless human weaknesses: inattention, incompetence and complacency.
The only thing standing between your company’s information systems and the people who are out to compromise them is employees. Technical security vulnerabilities can be patched but humans are always vulnerable. (more) (need patching?)
Click to enlarge. |
Do Company Execs Know Sensitive Data When They See It? Many in IT Say No
Today’s companies, clearly very good at collecting data, seem “less savvy when it comes to how to classify and manage it.”
That’s the conclusion of a survey among 100 IT executives and others conducted by global consulting firm Protiviti, which finds that there is “limited or no understanding of the difference between sensitive information and other data” at nearly a quarter of the companies participating in its survey.
The report is titled “The Current State of IT Security and Privacy Policies and Practices." Its topics: how organizations classify and manage the data they accumulate; specifically how they ensure customer privacy when they handle sensitive data, and how they comply with federal and state privacy laws and regulations. (more)
That’s the conclusion of a survey among 100 IT executives and others conducted by global consulting firm Protiviti, which finds that there is “limited or no understanding of the difference between sensitive information and other data” at nearly a quarter of the companies participating in its survey.
The report is titled “The Current State of IT Security and Privacy Policies and Practices." Its topics: how organizations classify and manage the data they accumulate; specifically how they ensure customer privacy when they handle sensitive data, and how they comply with federal and state privacy laws and regulations. (more)
Jamming on the Bus, or The Cell Phone Vigilante
PA - A man in Philadelphia decided he'd had enough with listening to his fellow bus passengers blab away on their cellphones. But instead of buying himself some noise-cancelling headphones or politely asking people to pipe down, he chose to fight back with a handheld device that jams their signals.
"I guess I'm taking the law into my own hands," he told NBC10, which caught him red-handed with the illegal jammer, "and quite frankly, I'm proud of it."
Those who ride the bus with the man say he should be ashamed, not proud. (more)
Monday, March 5, 2012
Certified Ethical Hacker (CEH) Course Growing
India - "We started ethical hacking courses in 2009 with five students which has increased to approx 200 students today," said Jyoti Chandolia, assistant manager, corporate education sales at Udyog Vihar-located Mercury Solutions Ltd, the first ethical hacking training centre to come up in the city authorised by the International Council of E-Commerce consultants (EC-Council).
"Hacking is not legal in India and this particular course can distinguish black hat hackers (bad guys) and white hat hackers (good guys) after being certified as a Certified Ethical Hacker (CEH). The main objective behind this is to make people aware that CEH course is not all about how to hack but also to scan and protect IT systems and networks of an organisation," she added.
The EC-Council is a member-based organisation that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous CEH, Computer Hacking Forensics Investigator (CHFI) as well as many others programmes, that are offered in over 60 countries through a training network of more than 450 training partners globally. (more)
"Hacking is not legal in India and this particular course can distinguish black hat hackers (bad guys) and white hat hackers (good guys) after being certified as a Certified Ethical Hacker (CEH). The main objective behind this is to make people aware that CEH course is not all about how to hack but also to scan and protect IT systems and networks of an organisation," she added.
The EC-Council is a member-based organisation that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous CEH, Computer Hacking Forensics Investigator (CHFI) as well as many others programmes, that are offered in over 60 countries through a training network of more than 450 training partners globally. (more)
Subscribe to:
Posts (Atom)