By Denny Hatch
Julian Assange (Wikileaks), Edward Snowden and Pfc. Chelsea (née Bradley) Manning became household names overnight.
They downloaded U.S. Government secrets. Diplomatic relations,
American politics and military secrets were seriously compromised.
How'd it happen? Up to 4 million people
—including 500,000 government contractors—hold Top Secret clearances.
That's how.
The Lions Gate Film Studios' $100 Million Theft
In late July at Lions Gate film studios, a perfect copy of the upcoming Sylvester Stallone movie, "Expendables 3," was stolen. The film cost an estimated $100 million to produce.
It was immediately offered free all over the Internet on such sites
as KickassTorrents, or KAT, and The Pirate Bay, or TPB, and a slew more.
Millions of co-conspirators downloaded the film for private viewing resulting in a box office catastrophe when it opened in theaters.
Reuters headline
August 11, 2014:
U.S. judge orders websites to stop 'Expendables 3' film piracy
Lotsa luck.
Takeaways to Consider
- In your organization, who has the equivalent of Top Secret clearance?
- Who has keys to your digital vault and access to the most sensitive R&D?
- Does a system exist whereby every time a major asset is in transit-not in its usual place-it can be tracked by user?
- Should you monitor employees' email to see who in your organization may be feeling underpaid or contemplating retribution?
- Two-thirds of companies monitor employees' Internet use and "almost 33 percent of 140 North American businesses nationwide conduct regular audits of outbound email content."
- Your future could depend on it.
Denny Hatch 's new book is "Write Everything Right!"
Drayton Bird writes, "Just had to say again how bloody good this is.
Who else could tell me in one book how to write a resume, which words
irritate people and how to review a film? (Sent from my iPhone)." Click here to download (Opens as a PDF) and read the first three chapters FREE. The title is also available on Kindle. Reach Denny at dennyhatch@yahoo.com.
from the website...
"We made CCALL because it’s a pain in the axx to enter conference codes from a mobile phone. If you've ever had a calendar invite with a long conference ID and scribbled it on the back of your hand to avoid jumping between the email, your calendar and your phone app then you understand why we did this."
Question: Do you think this a clever public service, or a clever social engineering eavesdropping / espionage trick? Doesn't matter. I know what I am telling my clients.
Spies hate iPhones...
The secrets of one of the world’s most prominent surveillance companies, Gamma Group, spilled onto the Internet last week, courtesy of an anonymous leaker who appears to have gained access to sensitive corporate documents. And while they provide illuminating details about the capabilities of Gamma’s many spy tools, perhaps the most surprising revelation is about something the company struggles to do: It can’t easily hack into your typical iPhone. (more)
What do a voice identifier, an automated translator, a "tamper-indicating" document tube, and a supersecure manhole cover have in common? They're all technologies for which the secretive National Security Agency (NSA) has been granted patents by the U.S. government, giving the agency the exclusive rights to its inventions.
The four technologies represent a tiny fraction of the more than 270 sleuthy devices, methods, and designs for which the nation's biggest intelligence agency has been granted a patent since 1979, the earliest year for which public figures are available. As the patent holder, the NSA can license the particular technology -- for a fee -- to anyone who wants to use it, so long as the patent hasn't expired.
The NSA's cryptologists and computer scientists have been busy over the years inventing methods of encrypting data, analyzing voice recordings, transferring digital files, and removing distortion from intercepted communications -- all things you'd expect from the world's largest and most sophisticated eavesdropping agency. And the digital spooks have patented gadgets straight out of a James Bond flick, such as tamper-indicating envelopes and finely tuned radio antennas. (more) (The List)
Cyber-security experts have dramatically called into question the safety and security of using USB to connect devices to computers.
Berlin-based researchers Karsten Nohl and Jakob Lell demonstrated how any USB device could be used to infect a computer without the user's knowledge.
The duo said there is no practical way to defend against the vulnerability.
The body responsible for the USB standard said manufacturers could build in extra security.
But Mr Nohl and Mr Lell said the technology was "critically flawed". (more with videos)
(June) A covert sex tape involving a senior executive and his Chinese lover was the trigger for a major investigation into corruption at British drugs giant GlaxoSmith-Kline...
The video of married Mark Reilly and his girlfriend was filmed by secret camera and emailed anonymously to board members of the pharmaceutical firm.
It led to an investigation that has rocked the £76billion company... (more)
(Yesterday) A British private investigator (PI) has been sentenced to two and a half years in jail by a Chinese court after becoming embroiled in a sex and whistleblowing scandal at the drug firm GlaxoSmithKline.
Peter Humphrey, 58, was also fined 200,000 yuan (£19,300), and his wife, Yu Yingzeng – a naturalised American citizen – was sentenced to two years and fined 150,000 yuan in the first case of its kind involving foreigners in China...
GSK had hired them to investigate why the company's then head of China operations, Mark Reilly, had been filmed surreptitiously having sex with his Chinese girlfriend in his guarded luxury home. (more)
Money Saving Spy Tips
1. No area you think is private is private until a competent TSCM team says so.
2. The "girlfriend" spy is an old trick.
3. Bugs, taps and spycams are old spy tricks. #3 used with #2 will cost you.
4. Executives: beware of #2, check for #3 frequently.
5. PIs, working in China has its risks.
6. Blackmail works, especially when state sponsored.
7. Proactive TSCM is far cheaper than a mess like this.
The FBI has taken a computer disk and internal Ford e-mails in a continuing investigation of a former employee who was fired in June after the company found recording devices she had hidden in a building on its Dearborn, Mich., world headquarters campus.
Ford fired Sharon Leach, 43, a mechanical staff engineer who worked at Ford for 16 years, in late June after company security personnel saw her leave and return to the same conference room on multiple occasions. She told them she was recording conference meetings using the bugs...
According to court records, the FBI seized eight listening devices from Ford headquarters on July 11. It earlier had seized more than two dozen items from Leach's Wyandotte, Mich., home weeks earlier, including bank statements, tax records, a buy.com shipping bag, a Post-It note with numbers and a key chain with keys labeled "do not duplicate." (more)
If your computer files have been (or will be) held for ransom by Cryptolocker, bookmark this site... https://decryptcryptolocker.com/.
FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker.
These folks will analyze one of your locked files and send you the decode key, FREE.
SketchFactor is a navigation app that shows the relative sketchiness of an area. It's focused on improving city exploration on foot. SketchFactor empowers users to report sketchy experiences, read sketchy incidents, and get directions to where they need to go in the least sketchy way possible.
What does sketchy mean?
Sketchy means a number of different things. To you, it may mean dangerous. To someone else, it may mean weird.
What can I report?
You can report any sketchy incident you see fit. (more)
FutureWatch: If this gains traction, like Yelp, it will become a whole lot more than just a personal app. Police, criminologists, city planners, security consultants, taxi cab companies and more will find use for the data this generates. Imagine a real-time SketchFactor overlay for Google maps.
“The top secret, government, political secrets, all that top secret stuff that you kind of think about spies, probably less than 10% of what they are trying to go after.”
FBI experts say that 90% of what they go after, is industrial and trade secret espionage, and the target: students and executives from companies traveling abroad carrying trade secrets from their research and development at universities and companies.. And it's highly sought after.
“Every company, your research and development, it’s your next product down the road, and if I can steal that information and beat you to the market it's going to be devastating for you as a company.” (more) (video)
Forty years ago this Friday, Richard Nixon became the first and only president of the United States to resign from office. He signed his resignation agreement, boarded a helicopter for San Clemente, Calif., and largely retreated into the shadows of history.
A decade later, he sat down with former White House aide Frank Gannon to share his own account of his final days in the Oval Office. Segments culled from those 30 hours of interviews were aired publicly just once, on CBS News. This week, The Richard Nixon Foundation and the Richard Nixon Presidential Library and Museum are releasing a series of clips of those interviews in commemoration of the 40th anniversary of the resignation.
In the first installments of the video series entitled “A President Resigns,” the disgraced president recalls learning that the infamous tape that became known as “the smoking gun” had been released. The tape revealed that Nixon had been aware of the break-in at the Watergate, despite his repeated denials. (more)
Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.
In other experiments, they extracted useful audio signals from videos of aluminum foil, the surface of a glass of water, and even the leaves of a potted plant. The researchers will present their findings in a paper at this year’s Siggraph, the premier computer graphics conference.
“When sound hits an object, it causes the object to vibrate,” says Abe Davis, a graduate student in electrical engineering and computer science at MIT and first author on the new paper. “The motion of this vibration creates a very subtle visual signal that’s usually invisible to the naked eye. People didn’t realize that this information was there.” (more)
Despite the promise of Google's Movidius-equipped Project Tango, there are still no depth-sensing, SLR-stomping smartphones on the market. But Movidius thinks that could change soon, thanks to its brand new chip: the Myriad 2 vision processor unit (VPU).
"The Myriad 2 is going to provide more than 20x the power efficiency of the Myriad 1, and enable camera features that were not possible before in mobile devices," CEO Remi El-Ouazzane tells me. If you'll recall, Tango's original tech brought faster focus, improved depth of field, near-optical zooming and higher light sensitivity to smartphone cameras (and now, tablets).
It also let researchers scan a room in 3D to provide interior navigation, among other cool tricks. (more)
From a Security Scrapbook Blue Blaze Irregular...
So, letting uncleared persons into secure facilities just became even more stupid.
With new processing chips, surreptitious video recording becomes even more dangerous.
Movidius makes the chips. And Matterport makes the 3D modelling software. This is very cool but at the same time very disturbing. How many tradecraft applications will this have? Security managers should see, at least, the Matterport video.
It is well known that USB drives can be dangerous. Companies run strict screening policies and it has long been known that running unknown ‘exe’ files is a bad idea. But what if the threat was undetectable, unfixable and could be planted into any USB device be it a USB drive, keyboard, mouse, web camera, printer, even smartphone or tablet? Well this nightmare scenario just became reality.
The findings will be laid out in a presentation next week from security researchers Karsten Nohl and Jakob Lell who claim the security of USB devices is fundamentally broken. More to the point they said it has always been fundamentally broken, but the holes have only just been discovered.
BadUSB
To demonstrate this the researchers created malware called ‘BadUSB’. It can be installed on any USB device and take complete control over any PC to which it connects. This includes downloading and uploading files, tracking web history, adding infected software into installations and even controlling the keyboard so it can type commands.
“It can do whatever you can do with a keyboard, which is basically everything a computer does,” explains Nohl... (more)
The short-term solution to BadUSB isn’t a
technical patch so much as a fundamental change in how we use USB
gadgets. To avoid the attack, all you have to do is not connect your USB
device to computers you don’t own or don’t have good reason to
trust—and don’t plug untrusted USB devices into your own computer. ...or, treat USB sticks the same way you would hypodermic needles. (more)
A virus known as 'Andr/SlfMite-A' has been recently discovered that is spreading throughout the Android world through text messages (SMS)...
Andr/SlfMite-A virus sends SMSs, which includes a malicious link. If you unknowingly click on the embedded link within the SMS, then the virus easily get installed on your phone. Once the virus is downloaded onto your phone, it secretly sends text messages with malicious link to the first 20 contacts from your contact list.
These self-replicating 'worms' send SMSs to your contact list, thus playing with the trust that the receiver has in you. Just because the person from your contact thinks that the message is from you and hence is a genuine text message, they might just get tricked into clicking the link and unknowingly allow the virus to get installed onto their phone. (more)
