The woman is visible from thousands of miles away on a hacker's computer.
The hacker has infected her machine with a remote administration tool (RAT) that gives him access to the woman's screen, to her webcam, to her files, to her microphone. He watches her and the baby through a small control window open on his Windows PC, then he decides to have a little fun...
Women who have this done to them, especially when the spying escalates into blackmail, report feeling paranoia. One woman targeted by the California "sextortionist" Luis Mijangos wouldn't leave her dorm room for a week after Mijangos turned her laptop into a sophisticated bugging device. Mijangos began taunting her with information gleaned from offline conversations...
For many ratters, though, the spying remains little more than a game. It might be an odd hobby, but it's apparently no big deal to invade someone's machine, rifle through the personal files, and watch them silently from behind their own screens. "Most of my slaves are boring," wrote one aspiring ratter... (more) (sing-a-long)
That's "old news".
The story really begins here...
The hack follows the path of most hacks. It started as a challenge, became video voyeurism, and evolved into blackmail. Hackers eventually smell money in their hacks.
While you read about "ratters" today, today's hacker-criminals are sniffing in deep pockets - businesses. Eavesdropping on corporate meetings and watching executive computer screens makes more sense financially. Next year the media will be printing stories about that. Meanwhile, you have them scooped.
Q. So, why don't we notice?
A. “The more cameras we see in our environment, the less we see them.”
When electronic cameras were new, you noticed them. Now they are everywhere. You pay no attention. The same is true with microphones. The weird logic continues... If one isn't noticing cameras and microphones, one tends to either think they don't exist, or are not being manipulated as surveillance devices.
Many business executives know better. They know the reality of business espionage and electronic surveillance. Their mental Achilles Heel... If you don't see where your stolen conversations, strategies, ideas, etc. are going, well they are probably not going anywhere. Think of that the next time you go car shopping, and they all look like Tesla's... or vice versa. Then, call me.
Former Italian Prime Minister Silvio Berlusconi was convicted in a wiretapping case in Milan Thursday and sentenced to a year in jail.
The wiretapping charge — related to the 2006 battle for control of a major Italian bank — is one of three corruption rulings the hard-partying Berlusconi faces this month.
A Milan court is also set to rule on charges he engaged a minor in prostitution, and an appeals tribunal will decide whether to uphold a four-year sentence for tax fraud. (more)
Or nots...
• Berlusconi is unlikely to serve jail time - Italian law doesn’t require prison sentences to be carried out until the appeals process exhausted, which can take several years.
• Berlusconi could become Prime Minister again.
Enjoy it for the Spycam...
"Employee hid a recording device in supervisor's office. In addition, without authorization, Employee made copies of supervisor's negative comments about Employee that Employee located by conducting an unauthorized search of the supervisor's office and briefcase. Employee provided the notes to lawyer in support of lawsuit against supervisor. Finally, Employee lied to investigators during the course of the administrative inquiry."
Think this can't happen to you?
Think again.
This case comes from the files of the FBI.
Why?
It was their employee. (more)
P.S. This report was labeled "NOT FOR PUBLIC DISSEMINATION" (oops, again)
 |
Click to enlarge.
|
Last Month - An Italian news magazine, Panorama, claimed that Vatican authorities had conducted, and are still conducting, an extensive covert surveillance programme, tapping the phone calls and intercepting the emails of cardinals and bishops in the Curia, the governing body of the Catholic Church. (more)
This Month - The Vatican has gone high tech to prevent leaks like in 2005 when German media outlets were able to report that Joseph Ratzinger was going to be elected as Pope. A Faraday cage is being put in place to jam any signals. A Faraday cage is a mesh structure used to block outside electrical fields. For the Vatican, the usage of the Faraday cage will cause the Sistine Chapel to become a “dead zone,” preventing any cell phones from getting service. (more)
Prior to the vote, Vatican officials will sweep the chapel and the guesthouse that houses the cardinals with anti-bugging scanners to detect any hidden microphones. (more)
...and what are you doing to protect your business secrets? (more)
via Kreb's on Security...
An explosion in malware targeting Android users is being fueled in part by a budding market for mobile malcode creation kits, as well as a brisk market for hijacked or fraudulent developer accounts at Google Play that can be used to disguise malware as legitimate apps for sale...
Unsurprisingly, this particular entrepreneur also sells an Android SMS malware package that targets customers of Citibank, HSBC and ING, as well as 66 other financial institutions in Australia, France, India, Italy, Germany, New Zealand, Singapore, Spain, Switzerland and Turkey (the complete list is here). The targeted banks offer text messages as a form of multi-factor authentication, and this bot is designed to intercept all incoming SMS messages on infected Android phones.
This bot kit — dubbed “Perkele” by a malcoder who goes by the same nickname (‘perkele’ is a Finnish curse word for “devil” or “damn”) — does not appear to be terribly diabolical or sophisticated as modern mobile malware goes. Still, judging from the number and reputation of forum buyers who endorsed Perkele’s malware, it appears quite popular and to perform as advertised. (more)
Tip: Before downloading an app, check out the name of the app developer. If
it's a name you aren't familiar with, do a quick Web search for either
the developer's name or the name of the app. Anything questionable about
the developer or the application should come up. (more)
CryptoPhone 500 is a new configurable secure cell phone. Protection is based on...
 |
| Click to enlarge. |
• End-to-end voice and message encryption: Secure end-to-end encrypted messaging and voice over IP. Works on any network, including 2G GSM, 3G/UMTS, and Wireless LAN.
• Hardened operating system: It is the first mobile phone featuring GSMK's secure Android operating system, built from source code with granular security management. Permission enforcement module controls access to networks, data and sensors (camera, microphone, etc.).
• Baseband firewall: Protection against over-the-air attacks. Constant monitoring of baseband processor activity, baseband attack detection, and automated initiation of countermeasures.
• Encrypted storage system: Protects data at rest against unauthorized access.
The CryptoPhone 500 becomes commercially available by end of April. (more)
Google Glass is the company's upcoming product that puts a computer on your face. Google is about to release the dorky-looking device and most likely it will be snapped up by the techie crowd. It is an innovative product that pushes live-blogging to the next level, and that will unleash a storm of concern never before seen caused by a mobile gadget. ...
Rightly or wrongly there's already a concern about folks taking photos and videos in certain public locations and situations. Pull out a camera in places like public schools, playgrounds, and airports and you might incur the wrath of authorities and parents, especially where public safety of kids are concerned.
When public awareness of Google Glass reaches a critical mass and it's understood that these devices can record photos, video, and audio of the wearer's surroundings, an outbreak of bans is sure to result. Don't be surprised if within weeks of the Google Glasses general release we start seeing bans of it cropping up all over the place.
These bans are not going to be the result of Google Glass wearers actually using them, they are going to be a result over the concern that they can be used discretely. (more)
“This is an absolute tidal wave of criminal activity, and we’re not even scratching the surface. We are literally having our nation systematically stolen out from under us.”
– Brett Kingstone, a one-time victim of trade secret theft and writer of The Real War Against America, a book that details how his start-up company was crippled by the theft of trade secrets related to LED lighting. (more)
A technology called Legal Intercept that Microsoft hopes to patent would allow the company to secretly intercept, monitor and record Skype calls. And it's stoking privacy concerns. (more)
We're shocked. q.v. - Yesterday's story.
Express Scripts Inc. sued the accounting firm Ernst & Young LLP and one of its partners for the alleged theft of trade secrets and misappropriation of the pharmacy benefit manager’s confidential and proprietary data.
The Express Scripts Holding Co. unit said in a complaint filed yesterday in state court in Clayton, Missouri, that it learned last year that accounting firm partner Don Gravlin had been “sneaking” into its St. Louis headquarters and e-mailing documents to a private Google account via the account of an Ernst & Young consultant...
The accountants allegedly took the equivalent of more than 20,000 pages of data, including pricing information, business strategy, projections and “performance metrics” documents, to aid development of Ernst & Young’s own health-care business segment, which includes Express Scripts and Medco Health Solutions Inc., which it acquired last year, as well as some of their competitors. (more)
The White House unveiled a new strategy to exert pressure on China and other countries that engage in corporate espionage against the U.S. as part of a new Obama administration push to counter cyberattacks and commercial spying.
The strategy, released Wednesday in a report that was the subject of a White House meeting, raised the prospect of stepped-up U.S. trade restrictions on products and services derived from stolen trade secrets. Officials also outlined a series of diplomatic actions to reinforce the administration's commitment to curbing such thefts.
The new push comes on the heels of fresh revelations of Chinese cyberspying and represents an effort by Washington to respond to growing complaints about theft of military and corporate secrets, with a number of the allegations focusing on China. (more)
Trade restrictions and diplomatic actions are historically ineffective, not to mention unrealistic and counterproductive when trying to develop a global economy. These hand slaps are likely viewed as a cost of stealing doing business. Reward outweighs punishment.
The missing element in intellectual property protection...
Holding caretakers responsible. If your information would hurt the country if stolen, there should be a legal duty to protect that information. Add that element to trade restrictions and diplomatic actions, and you may just have a workable counterespionage strategy. Hey, it works for the other guys. (more)
P.S. "Promote Voluntary Best Practices by Private Industry to Protect Trade Secrets" (Section 2 of the report) is both vague and voluntary. It will never be adopted. Why? Two words... Risk Analysis. Think HIPAA or Sarbanes-Oxley would work if they were just voluntary best practices?
Don't get me started.
~Kevin
A coalition of activists, privacy organizations, journalists, and others have called upon Microsoft to be more forthright about when, why, and to whom it discloses information about Skype users and their communications.
In an open letter published on Thursday, the group argues that Redmond's statements about the confidentiality of Skype conversations have been "persistently unclear and confusing," casting the security and privacy of the Skype platform in doubt...
The group claims that both Microsoft and Skype have refused to answer questions about what kinds of user data the service retains, whether it discloses such data to governments, and whether Skype conversations can be intercepted. (more)
"more forthright"
"in doubt"
Please.
The original Skype-in-the-wild was viewed as high security privacy tool. Guess who didn't like that. Guess why Skype was "bought" in from the wild and given adult supervision. (Think Spypke.)
Post de facto petitioning is painful to watch. If you want privacy, you need to start much earlier in the game. It begins with self-reliance.
Example: You don't see smart corporations sitting around waiting for 'the government' or some free software to protect their information. No, they take proactive measures like TSCM and IT security. They don't wait and whine later.
Alaska’s largest statewide commercial fishing trade association announced (it will) request Alaska authorities to investigate what they say was unauthorized eavesdropping of their United Fishermen of Alaska private teleconference by the Kenai River Sportfishing Association's office.
According to UFA Interim President Bruce Wallace, on January 17, 2013 the United Fishermen of Alaska, representing 34 member organizations, held a private teleconference.
In addition to 25 UFA Board members, UFA alleges an individual or individuals at the offices of the Kenai River Sportfishing Association (KRSA) was also on the line during the private teleconference.
This allegation was later confirmed by the teleconference vendor, who provided a phone log, which included a phone number registered to the Kenai River Sportfishing Association (KRSA) office. KRSA is not affiliated with UFA in any way. (more) (REAL Spy Fishing)
A reminder to our clients, and a free sample for potential clients...
Murray's Teleconferencing Checklist
Passcodes...
• Change all current passcodes, now.
• Prohibit employees from mass e-mailing or posting passcodes.
Switch to a conference call system with accountability features...
• each participant is given a unique passcode,
• the passcode is changed for each new conference call,
• only the pre-authorized number of callers may be admitted,
• and a record of all call participants is available to the call leader.
The hacker has infected her machine with a remote administration tool (RAT) that gives him access to the woman's screen, to her webcam, to her files, to her microphone. He watches her and the baby through a small control window open on his Windows PC, then he decides to have a little fun...
