11:27 AM - Dharun Ravi could face 10 years in prison and be deported to his native India when he is sentenced Monday for spying on and intimidating his gay Rutgers University roommate, who then killed himself by jumping off New York's George Washington Bridge.
12:49 PM - Ex-Rutgers student Dharun Ravi gets 30 days in jail for using webcam to spy on roommate who later killed himself. (more)
Monday, May 21, 2012
Android Malware ...using real apps as disguise 'wrappers'
The ominous trend is that quarter-on-quarter malware is not only getting more common but more sophisticated.
An important technique is the use app ‘wrappers’ to allay the suspicion of users that rogue software might have been installed. These work by bundling legitimate apps with malware in order to gain permissions without the user understanding what it is being granted for. (more) (sing-a-long)
An important technique is the use app ‘wrappers’ to allay the suspicion of users that rogue software might have been installed. These work by bundling legitimate apps with malware in order to gain permissions without the user understanding what it is being granted for. (more) (sing-a-long)
Trend Spotting - Chief Spies Become Political Leaders
Croatia's main opposition party HDZ elected former spy chief Tomislav Karamarko as its leader on Monday... (more)
George H.W. Bush, ex-CIA; former American President
Heydar Aliyev, Former head of Azerbaijan SSR KGB; former Azerbaijani President
George H.W. Bush, ex-CIA; former American President
Heydar Aliyev, Former head of Azerbaijan SSR KGB; former Azerbaijani President
Vladimir Putin, Lieutenant colonel KGB, FSB director; Russian President (again)
Industrial Espionage Charges - A Public Relations Nightmare
John Donovan says, "Shell is notorious for its predatory appetite for the intellectual property of other organizations, its business partners, contractors, etc. Industrial espionage is a way of life at Shell. Shell management has apparently even targeted the US defense establishment," and then he goes on to post: Another alleged case of IP theft hits Royal Dutch Shell
How can you protect your organization against accusations of industrial espionage?
Step 1. Start by writing business ethics into your corporate Credo. This codifies your standards for all the world to see. It is an especially good anchor for employees.
Step 1. Start by writing business ethics into your corporate Credo. This codifies your standards for all the world to see. It is an especially good anchor for employees.
Don't have a Credo?
Don't know where it fits into the picture?
"The Credo ties the company’s Vision to the company’s Mission and Values Statements. The Vision could be seen as the way the entrepreneur sees his company in the future general business environment. The Mission is what he intends to create to secure his place in the Vision. The Values statement indicates what the parameters of operation look like while attempting to achieve these goals. The Credo tells the reader how the company intends to execute these goals. It could be seen as the way the objectives can be reached to realize the Mission inside of the Vision while adhering to certain Values."
Step 2. Post your Credo where it can be see and read by all employees, often. Johnson & Johnson is one company which does this very well.
Step 3. Aggressively investigate all alleged deviations. Make corrections swiftly if the allegations are true.
Step 4. Institute a regular schedule of intellectual property (IP) security surveys, coupled with Technical Surveillance Countermeasures (TSCM) audits.
Don't be covert about it. The benefits are many...
• The impression that IP theft is bad, as opposed to being an unspoken business practice, is reinforced.
• Employees see you caring about their privacy. They appreciate that.
• They see that you value the IP assets which makes your company strong, and assures their continued employment.
• Caring is contagious. If you care, employees will care, and they will assist and support your security initiatives with more enthusiasm. Apple is an excellent example of Step 4.
• You create a safe environment where ideas and strategies can be discussed and developed without fear or compromise.
• And, maybe most important of all, you will thwart IP theft, thus making your company more profitable. Stockholders love that.
Cell Phone SpyWare App is Vulnerable to... being spied upon!
The irony is too significant to ignore: A smartphone app that enables customers to spy on others' phones may itself be vulnerable to attackers looking to spy on them.
The surveillance app, called "Mobile Spy," is designed to let its customers monitor the information, including text messages, GPS location and call logs, of other phones installed with the app. That private info is then uploaded to the app user's account and can be viewed in any Web browser, either on a computer or phone.
Unfortunately for those doing the watching, Mobile Spy contains several security vulnerabilities that allow an attacker to inject malicious code into the target's phone, via SMS message, and hijack their spy session, according to researchers at Vulnerability Lab, who disclosed the flaws. (more)
The surveillance app, called "Mobile Spy," is designed to let its customers monitor the information, including text messages, GPS location and call logs, of other phones installed with the app. That private info is then uploaded to the app user's account and can be viewed in any Web browser, either on a computer or phone.
Unfortunately for those doing the watching, Mobile Spy contains several security vulnerabilities that allow an attacker to inject malicious code into the target's phone, via SMS message, and hijack their spy session, according to researchers at Vulnerability Lab, who disclosed the flaws. (more)
Sunday, May 20, 2012
UK - A recording device that looks like a small piece of cardboard was planted at the home of a Premiership footballer to record details about his private life, MPs were told yesterday during an inquiry into the murky world of private investigators.
The transmitter was picked up during a security sweep of the player's house after he became suspicious about stories in the media, said Gerry Hall, managing director of security company IPS. He declined to name the footballer, who is still playing in the league.
RFID tags look similar and are often mistaken for bugs. |
Mr Hall said the small square of cardboard had a transmitter embedded in it that worked at a range of up to 100 yards. "It could easily be dropped into a wastepaper basket and transmit for 30 hours," he told MPs on the Home Affairs Select Committee...
Mr Hall said an investigator could easily persuade a company receptionist to let them in and would need just seconds to plant the device. He said his company had just found one in a chairman's office. (more)
Mr Hall said an investigator could easily persuade a company receptionist to let them in and would need just seconds to plant the device. He said his company had just found one in a chairman's office. (more)
Meet Your New Back Door Friend...
Will Congress require social networks, online voice over IP (VoIP) services, and Webmail providers to build in backdoors that could be used for electronic surveillance purposes by the FBI?
According to one news report, FBI officials have been meeting with Facebook, Google, Microsoft (which owns Skype and Hotmail), and Yahoo, among other companies. The goal apparently isn't to promote the bureau's push for expanded wiretapping capabilities, but rather to ask how that be implemented while causing minimal disruption for the companies with networks that would be directly accessed...
Six Key Points to Consider
1. Bureau Warns About Going Dark. The bureau has already been asking Congress for broader surveillance powers to help it keep up with new technologies....
Six Key Points to Consider
1. Bureau Warns About Going Dark. The bureau has already been asking Congress for broader surveillance powers to help it keep up with new technologies....
2. Proposed CALEA Revisions Would Update 1994 Law. Accordingly, the FBI wants Congress to expand the Communications Assistance for Law Enforcement Act (CALEA)...
3. Questions Remain Over Wiretapping Scope. Just how often does the FBI need to use wiretapping during an investigation? That's not clear. According to an FBI website about CALEA, wiretapping "is used infrequently and then only to combat the most serious crimes and terrorism."...
4. Civil Liberties Groups See Slippery Slope. Civil rights groups have warned that granting law enforcement agencies new surveillance powers could lead to a decrease in the privacy protections that people currently enjoy...
5. Will Technology Companies Back CALEA Expansion?...
6. Backdoors May Facilitate Unauthorized Access. Wiretapping backdoors could also make online services more vulnerable to attackers.... (more)
Labels:
CALEA,
computer,
eavesdropping,
email,
FBI,
FutureWatch,
government,
Internet,
law,
privacy,
surveillance,
wiretapping
Bustin' A Move Could Get One Busted
TX - Galveston police are on the lookout for the “dancing burglar” who was captured on video busting some moves during the break-in of a Duck Tours amphibious vehicle.
The 38-second video released by Galveston police Capt. Jeff Heyse on Wednesday shows a man apparently chatting with someone before he busts the dance moves.
The dancer (later identified as a juvenile) is one of three people sought in connection with the March 27 burglary of a Duck Tours amphibious automobile, which takes sightseers along Galveston streets and the bay. (more)
The 38-second video released by Galveston police Capt. Jeff Heyse on Wednesday shows a man apparently chatting with someone before he busts the dance moves.
The dancer (later identified as a juvenile) is one of three people sought in connection with the March 27 burglary of a Duck Tours amphibious automobile, which takes sightseers along Galveston streets and the bay. (more)
"One can never be too far away, or too thin. Besides, what's in a name?"
NJ - An appeals court has ruled that police in New Jersey can wiretap a suspect in another state without obtaining a warrant from the judge of that state.
Thursday’s ruling also confirms the murder conviction of Edward Ates, a Florida man who was sentenced to life in prison after failing to persuade a jury of the argument that he was too fat to have committed the 2006 murder of his son-in-law.
Ates was convicted in 2009 of fatally shooting his former son-in-law. An investigation by Bergen County prosecutors included wiretapping calls Ates made from Florida to his mother and sister in Louisiana. (more)
Thursday’s ruling also confirms the murder conviction of Edward Ates, a Florida man who was sentenced to life in prison after failing to persuade a jury of the argument that he was too fat to have committed the 2006 murder of his son-in-law.
Ates was convicted in 2009 of fatally shooting his former son-in-law. An investigation by Bergen County prosecutors included wiretapping calls Ates made from Florida to his mother and sister in Louisiana. (more)
Saturday, May 19, 2012
Security Tops Boardroom Agendas
via the Financial Times...
Securing corporate intellectual property assets, customer data and other information in the face of an onslaught of attacks from cyber thieves, spies and “hactivists” is now a top priority for most chief information officers and – increasingly – for the corporate boardroom.
“It is definitely something I think about all the time,” says the chief information officer of a US-based consumer goods multinational that, like many other companies, particularly those in the financial services sector, now has an IT security team led by a chief information security officer (CISO.)...
“Our companies are targeted for insider information and our universities and national laboratories are targeted for their research and development,” Robert Mueller, Federal Bureau of Investigations director told a US congressional panel last year...
Meanwhile companies and other organizations have begun to spend more on identifying and protecting their key data using multiple layers of defense and, perhaps most importantly, monitoring and detection systems that can identify security breaches quickly and efficiently. (one example) (more)
Securing corporate intellectual property assets, customer data and other information in the face of an onslaught of attacks from cyber thieves, spies and “hactivists” is now a top priority for most chief information officers and – increasingly – for the corporate boardroom.
“It is definitely something I think about all the time,” says the chief information officer of a US-based consumer goods multinational that, like many other companies, particularly those in the financial services sector, now has an IT security team led by a chief information security officer (CISO.)...
“Our companies are targeted for insider information and our universities and national laboratories are targeted for their research and development,” Robert Mueller, Federal Bureau of Investigations director told a US congressional panel last year...
Meanwhile companies and other organizations have begun to spend more on identifying and protecting their key data using multiple layers of defense and, perhaps most importantly, monitoring and detection systems that can identify security breaches quickly and efficiently. (one example) (more)
This Time the Janitor is Spied Upon
AK - Educators at Gilson Junior High were shocked and outraged to learn
janitorial supervisors had planted a hidden camera in the ceiling tiles
of the teacher lounge above a computer workplace, ostensibly in hopes of
catching janitors goofing off on the computer rather than working.
Outrage spread when a second camera hidden in a clock was discovered in a
custodial closet at Valdez High School. It was later learned the same
camera had been located in the teacher lounge at the junior high days
before it was found at the high school. (more)
Possible Surveillance Drone Strike? In Colorado?!?!
CO - A mystery object, thought to be a military or law enforcement drone, flying in controlled airspace over Denver almost caused a catastrophic mid air crash with a commercial jet Monday.
The pilot of the Cessna jet radioed air traffic controllers to warn them that “A remote controlled aircraft” had flown past his plane far too close for comfort.
“Something just went by the other way … About 20 to 30 seconds ago. It was like a large remote-controlled aircraft.” the pilot said in the transmission that was captured on the live air traffic audio website liveatc.net (Look for 2012-05-16 15:00:51 in the archive section. Free registration required.) (more)
The pilot of the Cessna jet radioed air traffic controllers to warn them that “A remote controlled aircraft” had flown past his plane far too close for comfort.
“Something just went by the other way … About 20 to 30 seconds ago. It was like a large remote-controlled aircraft.” the pilot said in the transmission that was captured on the live air traffic audio website liveatc.net (Look for 2012-05-16 15:00:51 in the archive section. Free registration required.) (more)
"Spy, the Secret World of Espionage" Now open in NYC
The mysterious cloak and dagger world of international espionage and its real-life heros and villains are exposed in a new exhibition, the first to be sanctioned by U.S. intelligence agencies.
"Spy, the Secret World of Espionage," which opens at the Discovery Times Square on Friday, includes hundreds of artifacts, some from the vaults of the CIA and FBI and the National Reconnaissance Office (NRO).
They range from a World War Two-era collapsible motorbike that could be dropped by parachute and deployed in 10 seconds and a German ENIGMA machine to create secret messages to a camel saddle used by one of the first CIA agents in Afghanistan after the 9/11 attacks to bugging devices, microdots and surveillance equipment.
"This is the first and only time these items will ever travel. It is kind of an unparalleled cooperation and collaboration with the CIA and FBI," said H. Keith Melton, author, intelligence historian and expert on spy technology who contributed items from his own collection. (more)
"Spy, the Secret World of Espionage," which opens at the Discovery Times Square on Friday, includes hundreds of artifacts, some from the vaults of the CIA and FBI and the National Reconnaissance Office (NRO).
They range from a World War Two-era collapsible motorbike that could be dropped by parachute and deployed in 10 seconds and a German ENIGMA machine to create secret messages to a camel saddle used by one of the first CIA agents in Afghanistan after the 9/11 attacks to bugging devices, microdots and surveillance equipment.
"This is the first and only time these items will ever travel. It is kind of an unparalleled cooperation and collaboration with the CIA and FBI," said H. Keith Melton, author, intelligence historian and expert on spy technology who contributed items from his own collection. (more)
Friday, May 18, 2012
Facebook's Trading Day Begins with... a Wiretap Lawsuit
Facebook is being sued for $15 billion for tracking users, even after they have logged out of the social network, and violating federal wiretap laws.
Today’s lawsuit, filed in Federal Court in San Jose, California, combines 21 separate cases across the U.S. in 2011 and early 2012... If the claimants are successful in their case against Facebook, they could prevent Menlo Park from collecting the huge amount of data it collects about its users to serve ads back to them.
Like the previous lawsuits, Facebook is once again being accused of violating the Federal Wiretap Act, which provides statutory damages per user of $100 per day per violation, up to a maximum per user of $10,000. The complaint also asserts claims under the Computer Fraud and Abuse Act, the Stored Communications Act, various California Statutes, and California common law. It’s worth noting that similar cases against Facebook and others filed under the wiretap law have been thrown out because browser cookies are simply not considered wiretaps and plaintiffs have difficulty proving any harm. (more)
Today’s lawsuit, filed in Federal Court in San Jose, California, combines 21 separate cases across the U.S. in 2011 and early 2012... If the claimants are successful in their case against Facebook, they could prevent Menlo Park from collecting the huge amount of data it collects about its users to serve ads back to them.
Like the previous lawsuits, Facebook is once again being accused of violating the Federal Wiretap Act, which provides statutory damages per user of $100 per day per violation, up to a maximum per user of $10,000. The complaint also asserts claims under the Computer Fraud and Abuse Act, the Stored Communications Act, various California Statutes, and California common law. It’s worth noting that similar cases against Facebook and others filed under the wiretap law have been thrown out because browser cookies are simply not considered wiretaps and plaintiffs have difficulty proving any harm. (more)
Android Cell Phone Users Security Alert
Malware targeting Android users has nearly quadrupled since 2011. As you can see in the graph, 10 Android malware families were detected in Q1 2011. This number increased for two quarters in a row, then dipped for one, and then finally settled at 37 in Q1 2012. That means a year-over-year growth of 270 percent.
The data comes from security firm F-Secure. The trend was revealed today in the company’s 47-page Mobile Threat Report Q1 2012 (PDF).
It makes sense that both the number of malware families and malicious Android APKs is increasing, but it’s still staggering to see that the latter number is now over 3,000, whereas last year it was just above 100.
The increase in malware numbers is indicative of a wider increase in mobile threats, according to F-Secure. Even more worrying, however, is that the Finnish security firm warned many of the apps are targeting Android users’ financial data, noting that 34 of the current malware families are designed to steal money from infected smartphones. (more)
Tip: Do not download, open or install anything unless you absolutely need it and are 100% confident it is coming to you from a trusted source. ~Kevin
The data comes from security firm F-Secure. The trend was revealed today in the company’s 47-page Mobile Threat Report Q1 2012 (PDF).
It makes sense that both the number of malware families and malicious Android APKs is increasing, but it’s still staggering to see that the latter number is now over 3,000, whereas last year it was just above 100.
The increase in malware numbers is indicative of a wider increase in mobile threats, according to F-Secure. Even more worrying, however, is that the Finnish security firm warned many of the apps are targeting Android users’ financial data, noting that 34 of the current malware families are designed to steal money from infected smartphones. (more)
Tip: Do not download, open or install anything unless you absolutely need it and are 100% confident it is coming to you from a trusted source. ~Kevin
Subscribe to:
Posts (Atom)