Before you snicker, review your spy service's history

The recent revelations by the whistleblower Edward Snowden were fascinating. But they - and all the reactions to them - had one enormous assumption at their heart. 

That the spies know what they are doing. 

It is a belief that has been central to much of the journalism about spying and spies over the past fifty years. That the anonymous figures in the intelligence world have a dark omniscience. That they know what's going on in ways that we don't.

It doesn't matter whether you hate the spies and believe they are corroding democracy, or if you think they are the noble guardians of the state. In both cases the assumption is that the secret agents know more than we do. 

But the strange fact is that often when you look into the history of spies what you discover is something very different... (more)

The Latest Holiday Season Spy Toy Rolls Out... and records!

...from the seller...
"The I Spy Tank uses all of the latest technology so that you are able to see what the I Spy Tank sees. 

With the Wi-Fi transmitter you are able to control the I Spy Tank with your iPhone, iPad or iPod.

Because of the built in Live Streaming Video Camera you are able to have battles with other I Spy Tanks. Why not see what your friends and neighbors are up to from your very own arm chair while your I Spy Tank goes and finds out. Why not use several I Spy Tanks to arrange war games with your friends? The possibilities are limitless!"

SPECIFICATIONS
WiFi Controlled
4 Channel
Use With Your iPhone / iPad / Android device to control vehicle
Records Video and Sound Up To 20 Metres Away
Records Straight To Your Device
Play Time : 60 Minutes
Charge Time : 120 Minutes
Distance Control : 30 Metres
Batteries Required : 6 x AA (not included)
Dimensions : L230 x W190 x H115mm
For ages 8 and up - Warning! Choking hazard due to small parts. 
iPad, iPhone, and iPod not included

"Paranoia is our friend."

The quote is from a legend in the corporate counterespionage business.  

The movie Paranoia - which opens today - is from a terrific novel written by Joe Finder. Joe is a stickler for accuracy and detail; part of the reason he is a New York Times bestselling author. 

If you want a peek under the skirt of business espionage see Paranoia this weekend.


Sign up here to win an autographed copy of the book. Movie times.

"Privacy is a myth."
#CHANGETHEGAME

FutureWatch: Powerless Bugs or Teslabestiola

Ambient Backscatter research is in its infancy. 
Imagine the possibilities.
Technical espionage could see its biggest advancement since the transistor.

Man Bugs his Ex's Home for Over Three Years

UK - A woman has been left terrified in her home and was turned against her closest friends after her ex-partner bugged her house for three and a half years, a court has heard.

The victim said she suspected her ex had planted a listening device in her Darlington home after he started talking about things which she did not believe he should know...

The man, who cannot be identified for legal reasons, said he installed the device to check on his young daughter.

As near as we can tell from the report, the bug looked like this one.

The device, which the man bought in London for £180 ($280.00), was installed behind a plug socket in the living room in November 2009, and could be accessed through his mobile phone...

In a statement read to the court by Ms Milson, the victim said she had nearly suffered a mental breakdown after finding out she had been bugged.

She said: “I feel sick to the pit of my stomach that he has been listening to me for over three years, he has always known too much about my life.

“He made me question myself and used what he heard against me. I am scared every single day, I am totally distraught and it has left me feeling differently about my home.” (more)

The price on these has dropped since 2009. 
The one shown above is now $79.95. 
The economy of scale, perhaps?

Baby Cam Hackers Can See You, Hear You, and Talk to You... and Your Kids

A hacker was able to shout abuse at a two-year-old child by exploiting a vulnerability in a camera advertised as an ideal "baby monitor".

ABC News revealed how a couple in Houston, Texas, heard a voice saying lewd comments coming from the camera, made by manufacturer Foscam.

Vulnerabilities in Foscam products were exposed in April, and the company issued an emergency fix.

Foscam said it was unable to provide a statement at this time.

However, a UK-based reseller told the BBC it would contact its entire customer database to remind them "the importance in setting a password to their cameras".

The spokesman added that it would be urging Foscam's head office - based in Shenzhen, China - to send out a memo to all its resellers suggesting they too contact their customers.

The BBC has found evidence of hackers sharing information on how to access insecure Foscam cameras via several widely-used forums. Using specialist search engines, people can narrow their results by location...
 
Foscam is not the only company to find itself the target of hackers. Last year, camera company Trendnet had to rush out an update to fix a security hole that left thousands of cameras exposed. (more) 

This is not a new problem. Manufacturers have been slow to respond. (Security Scrapbook warnings from 2/12 and 7/13). Why?

Espionage Idea: Imagine your country is the top manufacturer of surveillance cameras. You build in a back-door capability to monitor each one, and hope no one notices. Salt the Earth with your product. Target the units placed in sensitive areas. Wow, what power! And, then some hackers blow it for you. Damn hackers.

Example

Spy Cameras, Secret Audio Help Fight Movie Piracy

If all the sounds of the summer blockbuster "Man of Steel" were stripped away ...a light humming would still be heard. The barely audible noise is an audio watermark...

Designed by engineers at San Diego company Verance Corp., the watermark is a unique signal to Blu-ray disc players that the movie being watched was illegally recorded at a movie theater. After 20 minutes of playtime, the disc player shuts the movie down and offers the viewer the chance to continue watching—by paying for the movie through legitimate sources like Amazon.com Inc. and Netflix Inc.

...a San Diego startup, PirateEye, believes they can combat piracy using a vastly different technology.

The PirateEve camera, in theaters, can spot people recording a movie.
 
It installs cameras above theater screens that can detect recording devices in the audience and then send pictures of offenders to theater security.

PirateEye's camera-spotting technology was adapted from a military application that placed sensors under combat helicopters to scan the ground below for reflections from scopes on sniper rifles. 

Hollywood studios provided several million dollars in investment for the company, which has also been funded by private investors. (more)

Former Director's Wiretapping Conviction Could Spoil MGM's Licensing Bids

On Tuesday, the Wall Street Journal’s Alexandra Berzon reported that MGM is getting a hard look from regulators regarding former board member Terry Christensen, who resigned after being indicted in 2006 (and convicted in 2008) for his involvement in the illegal wiretapping of the ex-wife of billionaire Kirk Kerkorian, who currently holds 18.6% of MGM’s stock via his investment firm Tracinda Corp.

...sources said the Christensen matter could be a “potentially significant issue” for regulators pondering MGM’s pending licensing efforts not only in New Jersey, but also in Massachusetts and Maryland. (more)

Spy Malware Buried on Official Tibetan Website

Chinese-speaking individuals visiting the website for the Central Tibetan Administration are being targeted with a Java exploit that installs advanced malware on their machines.

According to researchers at security firm Kaspersky Lab, the official site for the Tibetan government-in-exile, led by the Dalai Lama, was seeded with a backdoor that takes advantage of a vulnerability in Java, CVE-2012-4681, which was fixed by Oracle roughly a year ago.

The incident bears the signature of a watering hole attack, in which espionage malware is planted on a legitimate site, and then the attackers wait for their desired victims to visit and take the bait. (more)

Clap On - Clap Off... Some Applaud

Clapper won't lead NSA review, White House says...

Intelligence Director James Clapper will not lead a National Security Agency review President Obama vowed would be autonomous, a spokeswoman said.

An Obama memorandum Monday directing Clapper, the nation's top intelligence figure, to "establish" the review group and report its findings to the president did not mean Clapper would head the panel or be involved with the panel members' selection, White House National Security Council spokeswoman Caitlin Hayden said Tuesday.

"The panel members are being selected by the White House, in consultation with the intelligence community," she said in a statement. (more)

Britain’s Fraud Agency Admits to Loss of Data and Audio Tapes

The Serious Fraud Office has admitted accidentally sending a huge cache of confidential documents from an investigation into Britain's biggest arms firm, BAE, to the wrong person.
It did not realise for up to a year that it had misplaced the material which comprised 32,000 pages of documents, 81 audio tapes and computer files.

The material had originally been given to the SFO by 59 sources that helped the agency during one of its most high-profile investigations.

The SFO is not identifying at the moment the individual who inadvertently received the documents, nor did it spell out what they contained. (more)

If someone dumped 32,000 pages of documents, 81 audio tapes and computer files on you - "by accident" - wouldn't you immediately call the sender and say, "What do I look like, a freakin' warehouse?!?!"

Time to call in the Monty Python Very Very Serious Fraud Office to investigate.

Not a joke. Click to enlarge.

Silent Circle Silenced

...as predicted here and here and here...
Two major secure e-mail service providers on Thursday took the extraordinary step of shutting down service.

A Texas-based company called Lavabit, which was reportedly used by Edward J. Snowden, announced its suspension Thursday afternoon, citing concerns about secret government court orders.

By evening, Silent Circle, a Maryland-based firm that counts heads of state among its customers, said it was following Lavabit’s lead and shutting its e-mail service as a protective measure.

Taken together, the closures signal that e-mails, even if they are encrypted, can be accessed by government authorities and that the only way to prevent turning over the data is to obliterate the servers that the data sits on.

Mike Janke, Silent Circle’s chief executive, said in a telephone interview late Thursday that his company had destroyed its server. “Gone. Can’t get it back. Nobody can,” he said. “We thought it was better to take flak from customers than be forced to turn it over.”

The company, in a blog post dated Friday, Aug. 9, said it had taken the extreme measure even though it had not received a search order from the government. (more)

Espionage Battlebots - China v. USA - Guess Who Wins

...by Brian Dodson, gizmag.com...

 For the past 23 years, the IARC has challenged college teams with missions requiring complex autonomous robotic behaviors that are often beyond the capabilities of even the most sophisticated military robots. This year's competition, which was held in China and the United States over the past week, saw the team from Tsinghua University in Beijing successfully complete the current mission – an elaborate espionage operation known as Mission Six.

First proposed in 2010, the Mission Six scenario is that an enemy has plans for taking control of the Eurasian banking system, a move that could throw the entire world into chaos. This plan is contained in a USB flash drive located in a remote security office of the enemy's intelligence organization.

The target building has a broken window on the same floor as the security office...and is equipped with laser intrusion detectors, floor sensors, video surveillance, and periodic patrols. Mission Six calls for covertly capturing the flash drive, and replacing it with another of the same make to postpone discovery of the theft... The mission must be carried out within ten minutes to avoid security patrols.

The vehicles are required to be completely autonomous, with no external commands accepted during the mission. The vehicles can be of any type (as long as they fly)...

(Play Mission Impossible theme while watching.)

All vehicles must contain their own power supplies. The vehicle is required to sense its immediate surroundings, and decide on its own actions, but need not contain its control computer – it can instead be linked to an external computer by radio. While external navigation aids are allowed, GPS locating is not.

...the Michigan Autonomous Aerial Vehicles team, associated with the University of Michigan, had been touted as the most likely entry at the American venue to succeed with Mission Six. Unfortunately, they encountered a perfect storm of equipment malfunctions, and were unable to complete the mission. (more)

FutureWatch - Just as piloted fighter planes are being replaced by unmanned drones, spies keep themselves out of harm's way using technology too. Bugs, wiretaps, spyware, and now robots will also be doing the dirty work in the future. Imagine, armies of robo-roaches scanning all the paperwork left out overnight, and perhaps planting themselves as audio / visual bugs.

Today in Eavesdropping History

On Aug. 8, 1974, President Richard Nixon announced he would resign following damaging revelations in the Watergate scandal. (more)
 

He submitted his official resignation the following day...

How to Protect Your Company Against Corporate Espionage

An abridged overview by Jim Lindell, President, Thorsten Consulting Group Inc.... 
First, the company must establish values and principles that define appropriate behavior regarding confidential information such as personnel, technologies, customers and suppliers. Once values and policies have been established, management must support, review and enforce them.

Second, make sure the hiring process emphasizes how employees must handle confidential information. Determine the candidate's ability to maintain confidentiality. How? By asking tough questions during the interview and doing thorough background checks.  

After the employee is hired, continue training and explaining your policies and procedures regarding confidential information. The role of the CEO and senior management can't be overstated.  

The CEO, on a regular basis, should highlight unacceptable public behavior and emphasize that it won't be tolerated. The Snowden/Manning incidents provide excellent examples that illustrate confidentiality expectations for all employees. At a minimum, these messages must come from the CEO at last once a year. 

The best policies and procedures
To be effective, policies and procedures must:
• Reinforce acceptable behavior.
• Create a monitoring process to detect breaches in confidential information. (An integral part of a TSCM bug sweep.)
• Create an audit process to determine whether existing rules are being followed. (An integral part of a TSCM bug sweep.)
 
You must assess the nature of confidential information that is maintained and the potential for abuse. Both Snowden and Manning required technological tools and technological skills. You must understand the devices your employees are using, and how they can use them to access confidential information...  

In addition to electronic access to your systems, you also must be aware of people who have physical access. The ability to take pictures of processes, documents and employees has changed dramatically. You must restrict access to your plant and offices.  

Finally, it's important to establish policies and procedures that address disposal of equipment like computers, tablets, hard disk drives and flash drives. Since we can't see the digital information, it's easy to discard hardware and not realize what we're actually tossing out.  

All businesses are at risk. Some are just more prepared than others. (more)