Espionage Outrage Reaches the Boiling Point ...and a solution.

Gen. Keith B. Alexander, (NSA)

...called the continuing, rampant cybertheft “the greatest transfer of wealth in history.” (bio)

---

Shawn Henry, (FBI) 

...current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures too weak to stop them, he said. (bio)

---

Richard A. Clark, (presidential advisor) 

"Yet the same Congress that has heard all of this disturbing testimony is mired in disagreements about a proposed cybersecurity bill that does little to address the problem of Chinese cyberespionage." (bio)

---

Letter to the Editor - The New York Times

Dear Editor,

Richard A. Clarke’s op-ed piece, “How China Steals Our Secrets,” (4/2/12) states the current business espionage problem perfectly, but we need a solution. Consider this...

The Chinese secrets of: silk and tea production; making porcelain, gunpowder and paper, could not survive Western espionage attacks – not even when protected with death penalties. Espionage killed their economy, and the damage lasted for centuries. Obviously, competitive advantages are also National Interest Assets.

The one-sided, punish-the-spy security model, still being used today, never worked. We need to make it two-sided. There must be a proactive legal responsibility to protect.

The solution... Corporate caretakers must be held accountable for protecting their valuables; our national treasures. We need a law creating business counterespionage security standards, with penalties for inadequate protection. We already successfully employ the same concept with medical and financial record privacy.

Kevin D. Murray
Spybusters, LLC

---

A cybersecurity law alone will not stop spying. 

If implemented, it will force an increase in traditional spy techniques, such as: bugging, wiretapping, physical intrusions and social engineering. (Remember, computer data is available elsewhere long before it is computerized.) 

Protecting our competitive advantages requires a holistic approach; a National Interest Assets law which would also...

• Protect the entire intellectual property timeline, from brainstorming and initial discussions, to the final product or business strategy. 

• Impose a responsibility of due care upon the creators and holders competitive advantage information.

• Specify compliance requirements aimed at countering traditional business espionage practices. Technical Surveillance Countermeasures Inspections (TSCM / bug sweeps), information-security audits, and information-security compliance procedures; safeguards which can be easily mandated and monitored.

This is a no-brainer, Congress.

The cost of keeping National Interest Assets safe is infinitesimal compared to current losses (not to mention the long-term effects). Just ask the Chinese.
~Kevin

Ambassador to Russsia Thinks Cell Phone is Monitored (well, duh)

The Obama administration has complained to Russia about harassment of its outspoken ambassador in Moscow, who has confronted television news crews and taken to social media to raise suspicions that his cell phone and email were being hacked.

Michael McFaul, who has been a frequent target of criticism by state media, seemed to have relished the attention, at least at first. And he may have become a bigger target by taking to Twitter to muse about the alleged surveillance, admitting to learning on the job, correcting his "bad Russian" and engaging in exchanges with a person whose Twitter account was "prostitutkamila."

"There's been a number of incidents since his arrival there that have caused us to have some concerns about his security and safety," State Department spokesman Mark Toner said Friday. "So as we would in following normal protocol, we've raised that with the government of Russia." (more)

Pop Quiz: Should government ambassadors be Tweeting?

Mission Creeps - Cop Tickets via Safety CCTV

Australia - A parking inspector ... has been using a network of security cameras to book drivers. The council says more than 150 tickets were issued in just over a fortnight using the CitySafe CCTV system... But Ipswich Mayor Paul Pisasale says as soon as he heard it was happening he acted. He has decided to not only waive the fines but send a letter of apology as well. (more)

Phones & Polls - Time for the Mexican Tap Dance

The frequency in Mexico of wiretapping politicians' telephones and leaking what's said would make even a British tabloid editor envious. The compressed, three-month presidential campaign leading to July 1 doesn't kick off till Friday, yet already a wiretap scandal is unfolding.

Political commentator Raymundo Riva Palacio calls the drumbeat of leaked wiretaps a "perverse factor in Mexican politics."

In the latest case, the ruling party's candidate, allegedly speaking to an aide on the phone, mocks two top functionaries in her party, among them President Felipe Calderon's highly influential security chief, for her suspicion that they listen in on calls.

In this instance, as in nearly every case of apparent illegal eavesdropping, politicians have greeted the leak with condemnations and demands for a criminal probe. But no successful prosecutions for illegal wiretapping have occurred in recent years. (more)

...thus giving new meaning to 'a back door friend'.

According to Richard Clarke—who warned everyone about a 'spectacular' Al Qaeda attack before 9/11—all electronics made in China could contain back doors that would allow Chinese hackers to spy and attack anyone they want.

He claims that these traps may be hidden in every device, from your iPhone and Android phones to every iPad, laptop and computer. Even your TVs or anything else made in China. His claims sound may sound preposterous, but he claims the evidence is strong:

I'm about to say something that people think is an exaggeration, but I think the evidence is pretty strong. Every major company in the United States has already been penetrated by China. 

Clarke also believes that Chinese hackers have sneaked into the mainframes of companies like Microsoft, Cisco or Boeing, stealing their research and development secrets. He claims that Chinese companies are using these secrets to leapfrog over their Western competition. This claim is not that crazy: only two years ago Google experienced and denounced such an attack. (more) (sing-a-long)

Email Bugging Scandal in New Zealand

New Zealand - Online security has been tightened at ACC after some claimants bugged emails to see what case managers were doing.

Bronwyn Pullar, the woman at the centre of the ACC security scandal, has revealed she used email tracking software to get updates of activity with her file - a detail already revealed by Michelle Boag to ACC minister Judith Collins. (more)

North Miami and The Bugs of City Hall

FL - In the past year, North Miami Mayor Andre Pierre had a nagging suspicion he was being followed. He also thought someone had his City Hall office bugged with listening devices.

It turns out Pierre was right; someone was watching and listening.

...Pierre had secret cameras installed in his City Hall office and a private firm swept the space for bugs and wiretaps, costing taxpayers about $8,200.

Audio recordings obtained by The Miami Herald, and the FDLE report, confirm police conducted surveillance on Pierre, who did not return several telephone calls from a Miami Herald reporter on Monday. (more)

How effective is antivirus software on smartphones?

"...my recommendation is to not worry about trying to get antivirus software to run on the phones themselves. Not only is it barely effective, but like any background process, it takes up valuable battery life and resources." Patrick Lambert, TechRepublic (more)

"Next bill. The proposed name change to Oceania."

The British government is set to unveil legislation that will allow it to monitor its citizens' phone calls, emails, text messages and internet use. The UK Home Office says technological advances mean it needs new powers to tackle terrorism and crime. Internet firms will be required to give the intelligence agency, Government Communications Headquarters (GCHQ), access to communications on demand. It will allow officers to monitor who is calling who, and for how long, or what websites they are visiting. The legislation also covers social networking sites. (more)

Think Your Intellectual Property is not Worth a few Bucks to Protect? Think Again.

Australia - The Federal Government has described a multi-million-dollar legal settlement over CSIRO's wi-fi technology as a major boost for the organisation.

The settlement secures more than $220 million for CSIRO, which invented the technology in the 1990s.

Wi-fi technology is used in more than 3 billion electronic devices worldwide, including personal computers, video games and mobile phones.

The settlement is the second successful litigation to be conducted by the CSIRO, which patented the technology and now has licence agreements with 23 telecommunications companies. (more)

FutureWatch: You may not know now what your ideas will be worth further down the road. Hook up with a good counterespionage consultant today. No matter where in the world you are, we can recommend someone we know personally to you.

Is You New Date Lying About Their Age? (There's an app for that.)

One’s age can now be detected through scanning a photo, thanks to Face.com’s new API (application programming interface).

The API considers factors like the shape of one’s face, wrinkles, and smoothness of skin, among others, in checking for one’s age. The age detector might not be always correct, but after it studies your photo, it also gives an age range which might be more accurate. The API’s accuracy is dependent on the image quality of the photo and one’s pose in the snapshot. (more)

One developer has already used the API to build app called Age Meter, which is available in the Apple App Store. (more)

Cell Phone Tracking - A Routine Tool for Police

Law enforcement tracking of cellphones, once the province mainly of federal agents, has become a powerful and widely used surveillance tool for local police officials, with hundreds of departments, large and small, often using it aggressively with little or no court oversight, documents show.

The practice has become big business for cellphone companies, too, with a handful of carriers marketing a catalog of “surveillance fees” to police departments to determine a suspect’s location, trace phone calls and texts or provide other services. Some departments log dozens of traces a month for both emergencies and routine investigations. (more)

Privacy Alert: The Stalking App

Another day, another creepy mobile app. Here is one that allows you to find women in your area. It definitely wins the prize for too creepy.

Girls Around Me uses Foursquare, the location-based mobile service, to determine your location. It then scans for women in the area who have recently checked-in on the service. Once you identify a woman you’d like to talk to, one that inevitably has no idea you’re snooping on her, you can connect to her through Facebook, see her full name, profile photos and send her a message.

P.S. When you sign up for the Girls Around Me application, you are asked to log in to Facebook, giving the service your personal information, too. (more)

FutureWatch: The Creepy Guys Around Me app.

No, wait... This just in...

In direct response to our story from earlier today about Girls Around Me, an iOS app by Russian-based app developer i-Free that tracks and gives personal information about women without their knowledge, Foursquare has released a statement announcing that they have officially killed Girls Around Me’s access to their public API. (more)

Eavesdropper Reveries - Laser Keyboards

My new iPhone has a laser keyboard...

In my dreams :)

But until then, there is always this...

Somewhere, someone (other than me) is musing about how to eavesdrop on this technology.

The Bluetooth connection?
Optical intercept?
Keystroke logging spyware?
Or, maybe an accelerometer embedded in the table to decipher the finger tapping sounds?

Am I allowed to have this much fun at work?

New CCTV Scans 36 Million Faces for a Match... in one second!

There were several news stories late last week about a new surveillance system by Hitachi Kokusai Electric that the company claims is able to capture a person's face and, in one second, scan some 36 million facial images stored in its database to see whether it can find a match. According to this story at Digital Trends:

"Now, here's my plan..."

"Hitachi’s software is able to recognize a face with up to 30 degrees of deviation turned vertically and horizontally away from the camera, and requires faces to fill at least 40 pixels by 40 pixels for accurate recognition. Any image, whether captured on a mobile phone, handheld camera, or a video still, can be uploaded and searched against its database for matches." 

The company states in a video posted at DigInfoTV that it thinks the system is "suitable for customers that have a relatively large-scale surveillance system, such as railways, power companies, law enforcement, and large stores."

Over time, I suspect that the technology will be reduced in price to be "suitable" for just about anyone with a surveillance system. (more)