Click to enlarge. |
Wednesday, November 20, 2013
Mass Surveillance Is Big Business: Corporations Are as Good at Spying as Governments
Data is the currency of surveillance, and it's not just the NSA and GCHQ looking to cash in. As a newly released cache of documents and presentation materials highlights, the private surveillance industry is booming. More shocking is that many firms claim in their own corporate PowerPoints that they've got capabilities that rival that of the government giants.
The document trove, called the Surveillance Industry Index (SII) and released by Privacy International, and contains 1,203 documents from 338 companies in 36 countries, all of which detail surveillance technologies...
Of course, that world isn't open to average consumers, which is why SII—and previously, Wikileaks' Spy Files, among others—is eye-opening. What's even more concerning than systems that guarantee "complete data inflow from all networks" is who's buying it. And while all the brochures I've read so far are careful to specify that surveillance tech is only for legal data collection, "legal" is a very fluid term worldwide...
There's a very good reason that the UN High Commissioner called privacy a human right earlier this year: The vast tools available to people with enough money and network access are more capable of accessing private information than ever before...
"There is a culture of impunity permeating across the private surveillance market, given that there are no strict export controls on the sale of this technology, as there on the sale of conventional weapons," Matthew Rice, a research consultant with Privacy International, told The Guardian. (more)
The document trove, called the Surveillance Industry Index (SII) and released by Privacy International, and contains 1,203 documents from 338 companies in 36 countries, all of which detail surveillance technologies...
Of course, that world isn't open to average consumers, which is why SII—and previously, Wikileaks' Spy Files, among others—is eye-opening. What's even more concerning than systems that guarantee "complete data inflow from all networks" is who's buying it. And while all the brochures I've read so far are careful to specify that surveillance tech is only for legal data collection, "legal" is a very fluid term worldwide...
There's a very good reason that the UN High Commissioner called privacy a human right earlier this year: The vast tools available to people with enough money and network access are more capable of accessing private information than ever before...
"There is a culture of impunity permeating across the private surveillance market, given that there are no strict export controls on the sale of this technology, as there on the sale of conventional weapons," Matthew Rice, a research consultant with Privacy International, told The Guardian. (more)
Tuesday, November 19, 2013
Business Espionage - IKEA Snooping Investigation Continues
French police are questioning top executives of the Swedish furniture chain IKEA after allegations that the company illegally used police files to spy on staff and customers.
The arrests of the chief executive officer of IKEA France, Stefan Vanoverbeke, his predecessor, and the chief financial officer, come after more than a year and a half of investigations.
Police searched the company’s head office outside Paris 11 days ago. (more)
The arrests of the chief executive officer of IKEA France, Stefan Vanoverbeke, his predecessor, and the chief financial officer, come after more than a year and a half of investigations.
Police searched the company’s head office outside Paris 11 days ago. (more)
Monday, November 18, 2013
Snooping on Credit Cards with Shopping Carts
Researchers at the University of Surrey, UK have successfully used readily available and inexpensive electronic components, combined with a shopping cart antenna, to eavesdrop on NFC and HF RFID contactless communication.
The shopping cart did not perform as well as a small inductive loop antenna (that could be concealed with the electronics in a backpack) but neither are likely to arouse suspicion.
The researchers say that the eavesdropping distance can be as much as 100cm but is dependant on the strength of the magnetic field generated by the victims device.
Companies like VISA, Mastercard and Google who have already developed platforms for contactless payments can now add eavesdropping to the existing security threats of skimming and relay attacks. Original paper here (PDF).
The shopping cart did not perform as well as a small inductive loop antenna (that could be concealed with the electronics in a backpack) but neither are likely to arouse suspicion.
The researchers say that the eavesdropping distance can be as much as 100cm but is dependant on the strength of the magnetic field generated by the victims device.
Companies like VISA, Mastercard and Google who have already developed platforms for contactless payments can now add eavesdropping to the existing security threats of skimming and relay attacks. Original paper here (PDF).
Labels:
cautionary tale,
data,
eavesdropping,
FutureWatch,
Hack,
RFID,
spybot,
weird
Sunday, November 10, 2013
Seattle, where a java junkie hanging on a light pole won't be alone.
If you're walking around downtown Seattle, look up: You'll see off-white boxes, each one about a foot tall with vertical antennae, attached to utility poles. If you're walking around downtown while looking at a smartphone, you will probably see at least one—and more likely two or three—Wi-Fi networks named after intersections: "4th&Seneca," "4th&Union," "4th&University," and so on.
That is how you can see the Seattle Police Department's new wireless mesh network, bought from a California-based company called Aruba Networks, whose clients include the Department of Defense, school districts in Canada, oil-mining interests in China, and telecommunications companies in Saudi Arabia.
The question is: How well can this mesh network see you? (more)
That is how you can see the Seattle Police Department's new wireless mesh network, bought from a California-based company called Aruba Networks, whose clients include the Department of Defense, school districts in Canada, oil-mining interests in China, and telecommunications companies in Saudi Arabia.
The question is: How well can this mesh network see you? (more)
Vegas, where a drunk hanging on a light pole won't be alone.
What happens in Vegas stays... with the authorities?
Las Vegas is installing Intellistreets, which are street lights that have many talents -- including the ability to record sound and shoot video. (video report)
Las Vegas is installing Intellistreets, which are street lights that have many talents -- including the ability to record sound and shoot video. (video report)
Economic Espionage: Competing For Trade By Stealing Industrial Secrets
In September 2012 FBI agents in Kansas City, Missouri, arrested two Chinese nationals, Huang Ji Li and Qi Xiao Guang, after they paid $25,000 in cash for stolen trade secrets pertaining to an American company’s manufacture of cellular-glass insulation, or foam glass.
Huang trespassed onto the company’s flagship plant in Sedalia, Missouri, 3 months prior and asked suspiciously detailed questions about the facility’s manufacturing process for the insulation. It also is believed he approached an employee at the company’s corporate headquarters in Pittsburgh, Pennsylvania, just days before seeking to build a foam-glass factory in China.
A judge sentenced Huang to 18 months in prison and a $250,000 fine in January 2013 and Qi, Huang’s interpreter, to time served, a $20,000 fine, and deportation. During sentencing, company officials estimated the value of the targeted trade secrets at $272 million.
The threat of economic espionage and theft of trade secrets to U.S.-based companies is persistent and requires constant vigilance. Even after Huang was arrested, pled guilty, and was sentenced, investigators believed the company’s trade secrets still were at risk for targeting by would-be competitors. (more)
Huang trespassed onto the company’s flagship plant in Sedalia, Missouri, 3 months prior and asked suspiciously detailed questions about the facility’s manufacturing process for the insulation. It also is believed he approached an employee at the company’s corporate headquarters in Pittsburgh, Pennsylvania, just days before seeking to build a foam-glass factory in China.
A judge sentenced Huang to 18 months in prison and a $250,000 fine in January 2013 and Qi, Huang’s interpreter, to time served, a $20,000 fine, and deportation. During sentencing, company officials estimated the value of the targeted trade secrets at $272 million.
The threat of economic espionage and theft of trade secrets to U.S.-based companies is persistent and requires constant vigilance. Even after Huang was arrested, pled guilty, and was sentenced, investigators believed the company’s trade secrets still were at risk for targeting by would-be competitors. (more)
Corporate espionage: The spy in your cubicle
Corporate espionage from a German perspective...
At a trade fair, the head of a company discovers a machine developed by his own employees - but at the stand of a competitor, where the new item is proudly displayed. Looking through his company's inventory, he sees four new printers, even though he in fact ordered five. And to top things off, he's having problems with the state prosecutors, who say his firm is implicated in a bribery charge. His company, in short, has fallen victim to industrial espionage - three times over.
Since 2001, some 61 percent of German companies have fallen prey to these or similar crimes. In 2013, by comparison, just 45 percent of German firms were entangled in such an affair. Those were the conclusions of a study conducted by business consulting giant PricewaterhouseCoopers (PCW) together with Martin Luther University in Halle-Wittenberg (MLU). For the study, more than 600 German companies, each with at least 500 employees, were examined every two years...
...in the areas of "industrial espionage, economic espionage and the leaking of work and business secrets," there have been frighteningly high numbers of suspected cases. And there could be far more, the analyst added, since being spied upon doesn't necessarily mean that you know it's happening. Corruption ends with prosecutors knocking at the door; an inventory check usually clears up theft. But with spying, "Nothing is gone." (more)
Part of the Security Scrapbook's reason for being is that last sentence. Tracking some of the business espionage stories per year indicates the size of the problem.
Example: If 1% of business espionage is discovered, and 1% of discovered business espionage becomes news, then 50 business espionage news stories equals 500,000 business espionage attacks — 499,950 of which were successful. Adjust the percentages to suit yourself, but you get the idea.
The point is, you won't know when your intellectual and strategic pockets are being picked. Especially, if you are not checking regularly.
Call me. I can help.
At a trade fair, the head of a company discovers a machine developed by his own employees - but at the stand of a competitor, where the new item is proudly displayed. Looking through his company's inventory, he sees four new printers, even though he in fact ordered five. And to top things off, he's having problems with the state prosecutors, who say his firm is implicated in a bribery charge. His company, in short, has fallen victim to industrial espionage - three times over.
Since 2001, some 61 percent of German companies have fallen prey to these or similar crimes. In 2013, by comparison, just 45 percent of German firms were entangled in such an affair. Those were the conclusions of a study conducted by business consulting giant PricewaterhouseCoopers (PCW) together with Martin Luther University in Halle-Wittenberg (MLU). For the study, more than 600 German companies, each with at least 500 employees, were examined every two years...
...in the areas of "industrial espionage, economic espionage and the leaking of work and business secrets," there have been frighteningly high numbers of suspected cases. And there could be far more, the analyst added, since being spied upon doesn't necessarily mean that you know it's happening. Corruption ends with prosecutors knocking at the door; an inventory check usually clears up theft. But with spying, "Nothing is gone." (more)
Part of the Security Scrapbook's reason for being is that last sentence. Tracking some of the business espionage stories per year indicates the size of the problem.
Example: If 1% of business espionage is discovered, and 1% of discovered business espionage becomes news, then 50 business espionage news stories equals 500,000 business espionage attacks — 499,950 of which were successful. Adjust the percentages to suit yourself, but you get the idea.
The point is, you won't know when your intellectual and strategic pockets are being picked. Especially, if you are not checking regularly.
Call me. I can help.
Friday, November 8, 2013
Private Investigator + Software Firm = Cell Phone Spyware Arrest
India - The Central Crime Branch (CCB) police arrested two persons, who allegedly used a software to collect confidential and personal data of cellphone users, for detective purposes...
The preliminary investigation has revealed that several mobile numbers of clients all over India have been snooped upon over the past year, the police said.
[The] firm was allegedly involved in using snooping software on Android and Blackberry based mobile phones. The firm was allegedly monitoring phone calls and messages of people, on behalf of their clients for detective purposes...
Once the software is installed and whenever user starts using the mobile, all data pertaining to his calls including conversation recordings / messages / e-mails, chats, picture and videos on the mobile phone would be automatically uploaded to a server hosted somewhere else using the target mobile phone’s GPRS data.
Even the exact geographical movements of the target in terms of latitude and longitude would be recorded and sent to the server in real time. The clients of detective agencies would be provided with a login username and password to view the data and movements of target’s mobile phone on a web browser and Google maps. (more)
The preliminary investigation has revealed that several mobile numbers of clients all over India have been snooped upon over the past year, the police said.
[The] firm was allegedly involved in using snooping software on Android and Blackberry based mobile phones. The firm was allegedly monitoring phone calls and messages of people, on behalf of their clients for detective purposes...
Once the software is installed and whenever user starts using the mobile, all data pertaining to his calls including conversation recordings / messages / e-mails, chats, picture and videos on the mobile phone would be automatically uploaded to a server hosted somewhere else using the target mobile phone’s GPRS data.
Even the exact geographical movements of the target in terms of latitude and longitude would be recorded and sent to the server in real time. The clients of detective agencies would be provided with a login username and password to view the data and movements of target’s mobile phone on a web browser and Google maps. (more)
Labels:
amateur,
cell phone,
eavesdropping,
PI,
spyware,
tracking
Thursday, November 7, 2013
More Kinds of Corporate Spies Target More Kinds of Trade Secrets
Efforts to steal trade secrets from U.S. companies continue at a high level and are hitting new targets, in spite of major efforts to stop such industrial espionage. Losing trade secrets hurts the economy by discouraging investments in the research critical to growth. Some new players are getting into the fray, and the attacks hit a huge variety of businesses from high tech to high fashion.
Plans for a fighter jet are an obvious target for corporate and other kinds of spies, but experts say industrial espionage also has been aimed at high fashion designers and toymakers, innovative steel makers, food and beverage companies, clean energy research and wind turbine makers. Corporate spies also are seeking information about the management practices that guide successful businesses. (think boardroom bugging) (more)
Plans for a fighter jet are an obvious target for corporate and other kinds of spies, but experts say industrial espionage also has been aimed at high fashion designers and toymakers, innovative steel makers, food and beverage companies, clean energy research and wind turbine makers. Corporate spies also are seeking information about the management practices that guide successful businesses. (think boardroom bugging) (more)
Secret Agent Suits - Odds Are You Live to See Tomorrow
"We offer our clients a bullet-proof suit to keep them safe during their travels to dangerous places for work. We wanted to create a lightweight garment that not only looks professional, but can also act as reliable body armor. The idea was to create a stylish and discreet alternative to wearing a bulky bullet proof vest underneath a suit. This way, our clients, wouldn’t have to worry about looking awkward during meetings, and they can travel to work feeling comfortable, safe, and confident.
This past year, Garrison Bespoke worked alongside suppliers for the US 19th Special Forces in developing the custom bulletproof suit. Using nanotechnology, it’s comprised of the same carbon nanotubes designed for the US troops’ uniforms in Iraq. Yet, the patented suit material is a lot thinner and flexible; fifty percent lighter than Kevlar (the material commonly used in bullet-proof gear). The entire suit acts like a shield, with nanotubes in the fabric hardening to block force from penetrating through.
The Garrison Bespoke bullet proof suit was made to fulfill three important expectations: First, to be modern and stylish. Second, to be light and comfortable. And, third, to be reliable and safe. After putting the suit to test, we can proudly say that all expectations have been met." (more)
Prices start around $20,000.00.
This past year, Garrison Bespoke worked alongside suppliers for the US 19th Special Forces in developing the custom bulletproof suit. Using nanotechnology, it’s comprised of the same carbon nanotubes designed for the US troops’ uniforms in Iraq. Yet, the patented suit material is a lot thinner and flexible; fifty percent lighter than Kevlar (the material commonly used in bullet-proof gear). The entire suit acts like a shield, with nanotubes in the fabric hardening to block force from penetrating through.
The Garrison Bespoke bullet proof suit was made to fulfill three important expectations: First, to be modern and stylish. Second, to be light and comfortable. And, third, to be reliable and safe. After putting the suit to test, we can proudly say that all expectations have been met." (more)
Prices start around $20,000.00.
Hacker Who Helped Catch Cheating Lovers in FBI's Sights
Among the five people added this week to the FBI's list of "most wanted" cyber criminals is a former San Diego college student who developed an $89 program called "Loverspy" or "Email PI." Sold online from his apartment, the program was advertised as a way to "catch a cheating lover" by sending the person an electronic greeting card that, if opened, would install malicious software to capture emails and instant messages, even spy on someone using the victim's own webcam.
The case of Carlos Enrique Perez-Melara, 33, is noteworthy because he appears to have made relatively little money on the scheme, unlike others on the FBI list who were accused of bilking millions of dollars from businesses and Internet users worldwide. But Perez-Melara, a native of El Salvador who was in the United States on a student visa in 2003 when he sold the spyware, allegedly helped turn average computer users into sophisticated hackers who could stalk their victims...
In addition to hacking-for-hire services, there is an established commercial market for snooping software that domestic violence advocates warn can also be used to stalk victims. Software such as ePhoneTracker and WebWatcher, for example, are advertised as ways to monitor kids' online messages and track their location. For $349 a year, Flexispy of Wilmington, Del., promises to capture every Facebook message, email, text and photo sent from a phone, as well as record phone calls. These services generally would be legal only if the person installing the software also owned the device or were given consent by the owner. (more)
Click to enlarge. |
In addition to hacking-for-hire services, there is an established commercial market for snooping software that domestic violence advocates warn can also be used to stalk victims. Software such as ePhoneTracker and WebWatcher, for example, are advertised as ways to monitor kids' online messages and track their location. For $349 a year, Flexispy of Wilmington, Del., promises to capture every Facebook message, email, text and photo sent from a phone, as well as record phone calls. These services generally would be legal only if the person installing the software also owned the device or were given consent by the owner. (more)
The Current State of Cyber Security in Latin America
Latin America is experiencing tremendous growth—unfortunately the growth in question relates to cyberattacks. “If you look at Peru, you see 28 times as much malware in 2012 as in 2011; Mexico about 16 times; Brazil about 12 times; Chile about 10; and Argentina about seven times,” said Andrew Lee, CEO of ESET. These tremendous growth rates are expected to continue in the coming years, Lee noted.
Tom Kellermann, vice president of cybersecurity at Trend Micro, a network security solutions company. He discussed a report that Trend Micro released jointly with OAS called Latin American and Caribbean Cybersecurity Trends and Government Responses.
Kellermann noted that while organized crime groups, such as narco-traffickers, have embraced cybercrime, the governments of Latin American countries haven’t been able to keep up in terms of defending against this type of crime. “Only two out of five countries have an effective cybercrime law, let alone effective law enforcement to hunt [cyberattackers],” he said. (more)
Tom Kellermann, vice president of cybersecurity at Trend Micro, a network security solutions company. He discussed a report that Trend Micro released jointly with OAS called Latin American and Caribbean Cybersecurity Trends and Government Responses.
Kellermann noted that while organized crime groups, such as narco-traffickers, have embraced cybercrime, the governments of Latin American countries haven’t been able to keep up in terms of defending against this type of crime. “Only two out of five countries have an effective cybercrime law, let alone effective law enforcement to hunt [cyberattackers],” he said. (more)
Labels:
business,
cell phone,
computer,
FutureWatch,
Internet,
IT,
law,
malware,
spyware,
statistics
NSA Spy Scandal - The Final Word?
Get Over It: America and Its Friends Spy on Each Other
"All history teaches us that today's allies are tomorrow's rivals." John le Carré
With the French saying they are shocked—shocked!—to discover that America is spying on them, and the long-monitored German chancellor, Angela Merkel, reportedly in a state of outrage, this may be a good time to explain why it is considered so necessary. Why monitoring "foreign-leadership intentions" is a "hardy perennial" in U.S. espionage practice, as National Intelligence Director James Clapper put it during congressional hearings this week. And why most of what is done today, one way or another, is likely to go on.
...the NSA may be reined in. But one way or another, the spying will go on. (more)
This story was written by, Michael Hirsh, chief correspondent for National Journal. Alternate ends to the NSA story don't seem plausible. Think back to the Church Committee hearings and Secretary of War, Henry L. Stimson... "Gentlemen do not read each other's mail."
Stimson's views on the worth of cryptanalysis had changed by the time he became Secretary of War during World War II, before and during which he, and the entire US command structure, relied heavily on decrypted enemy communications. (wikipedia)
"All history teaches us that today's allies are tomorrow's rivals." John le Carré
With the French saying they are shocked—shocked!—to discover that America is spying on them, and the long-monitored German chancellor, Angela Merkel, reportedly in a state of outrage, this may be a good time to explain why it is considered so necessary. Why monitoring "foreign-leadership intentions" is a "hardy perennial" in U.S. espionage practice, as National Intelligence Director James Clapper put it during congressional hearings this week. And why most of what is done today, one way or another, is likely to go on.
...the NSA may be reined in. But one way or another, the spying will go on. (more)
This story was written by, Michael Hirsh, chief correspondent for National Journal. Alternate ends to the NSA story don't seem plausible. Think back to the Church Committee hearings and Secretary of War, Henry L. Stimson... "Gentlemen do not read each other's mail."
Stimson's views on the worth of cryptanalysis had changed by the time he became Secretary of War during World War II, before and during which he, and the entire US command structure, relied heavily on decrypted enemy communications. (wikipedia)
Wednesday, November 6, 2013
Security Director Alert - Draft a 'No Recording' Policy for Your Company
IMPORTANT
Here's why...
by Philip L. Gordon, Littler Mendelson P.C.
With audio recording applications (“apps”) often standard issue on ubiquitous smart phones, employees are now armed with a relatively inconspicuous way to capture their supervisor’s every gaffe.
In September, a $280,000 jury verdict in favor of an employee on race and sex discrimination claims demonstrated just how damaging an audio recording can be in employment litigation. In that case, the plaintiff, who is African American, caught her supervisor, who is Hispanic, using the “N” word on tape, and the judge admitted the recording into evidence. Putting aside the risk of employees collecting damaging evidence for anticipated litigation, the ever-present specter of audio recording can undermine the type of corporate culture that so many employers are trying to encourage nowadays, one that thrives on collaboration and candid discussion among colleagues.
In 13 states — California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania and Washington — anti-wiretap laws generally prohibit the recording of face-to-face communications without the consent of all parties to the communication. However, in the remaining 37 states and under federal law, audio recordings, whether surreptitious or not, are legal so long as the person making the recording participates in the recorded conversation. In these states, secret recordings by one of the participants not only are legal, but the former Acting General Counsel (“Acting GC”) of the National Labor Relations Board (NLRB) recently took the position that workers have a legally protected right to record their co-workers and managers. In a decision published on October 30, 2013, an administrative law judge (ALJ) flatly rejected the Acting GC’s position and upheld the employer’s general prohibition on all audio recordings in the workplace without prior management approval.
The employer in that case, Whole Food Markets, promulgated the prohibition to thwart the “chilling effect” of workplace audio recording. More specifically, Whole Foods’ policy explains that concern about audio recording “can inhibit spontaneous and honest dialogue especially when sensitive or confidential matters are being discussed.” Although not stated in the policy, Whole Foods’ head of human resources testified that the policy applied to all employees, whether management or non-management; to all devices that captured voice; and in all areas of the store, including the store’s parking lot and entrance area; but only during working time. (more)
Ask Philip Gordon about drafting a "no recording in the workplace" policy for you.
Be sure to add video, too.
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Here's why...
by Philip L. Gordon, Littler Mendelson P.C.
With audio recording applications (“apps”) often standard issue on ubiquitous smart phones, employees are now armed with a relatively inconspicuous way to capture their supervisor’s every gaffe.
Signs available here. |
In 13 states — California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania and Washington — anti-wiretap laws generally prohibit the recording of face-to-face communications without the consent of all parties to the communication. However, in the remaining 37 states and under federal law, audio recordings, whether surreptitious or not, are legal so long as the person making the recording participates in the recorded conversation. In these states, secret recordings by one of the participants not only are legal, but the former Acting General Counsel (“Acting GC”) of the National Labor Relations Board (NLRB) recently took the position that workers have a legally protected right to record their co-workers and managers. In a decision published on October 30, 2013, an administrative law judge (ALJ) flatly rejected the Acting GC’s position and upheld the employer’s general prohibition on all audio recordings in the workplace without prior management approval.
The employer in that case, Whole Food Markets, promulgated the prohibition to thwart the “chilling effect” of workplace audio recording. More specifically, Whole Foods’ policy explains that concern about audio recording “can inhibit spontaneous and honest dialogue especially when sensitive or confidential matters are being discussed.” Although not stated in the policy, Whole Foods’ head of human resources testified that the policy applied to all employees, whether management or non-management; to all devices that captured voice; and in all areas of the store, including the store’s parking lot and entrance area; but only during working time. (more)
Ask Philip Gordon about drafting a "no recording in the workplace" policy for you.
Be sure to add video, too.
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Labels:
App,
blackmail,
business,
cell phone,
eavesdropping,
employee,
law,
lawsuit,
privacy,
recording
Subscribe to:
Posts (Atom)