...companies make when securing sensitive data.
FACTS
• All pre-computer era information theft tactics still work, and are still used.
• Most “computerized” information is available long before it is put into a computer.
• Data theft is the low hanging fruit of the business espionage world. The real pros use ladders.
Murray's Holistic Approach to Information Security
1. Protect information while it is being generated (discussions, audio and video communications, strategy development). Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices and conference rooms on a scheduled basis. Example: Ford Motors found voice recorders hidden in seven of their conference rooms this summer.
2. Protect information while it is in transit (phone, teleconference, Board meetings, off-site conferences). Wiretapping and Wi-Fi are still very effective spy tools. Check for wiretaps on a scheduled basis, and/or encrypt the transmissions. Conduct pre-meeting TSCM inspections. Tip: Never let presenters use old technology FM wireless microphones. The signal travels further than you think, and is easily intercepted.
3. Protect how information is stored. Unlocked offices, desk and file cabinets are a treasure trove of the freshest information. Print centers store a copy of all print jobs. Limit written distribution of sensitive information. Crosscut shred sensitive waste paper. All these vulnerabilities and more should be covered during the security survey portion of your TSCM inspection.
4. Educate the people to whom sensitive information is entrusted. Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Explain the importance of information security in terms they can understand, e.g. “Information is business blood. If it stays healthy and in the system, your job, and chances for advancement, stay healthy.”
Effective
information security requires a holistic protection plan. IT security is
an important part of this plan, but it is only one door to your house
of information.
There is more you need to know. Contact a TSCM specialist for further assistance. (counterespionage.com)
Scientists have invented a new method to encrypt telephone conversations that makes it very difficult to 'eavesdrop'.
Professor Lars Ramkilde Knudsen from Technical University of Denmark (DTU) has invented a new method called dynamic encryption to ensure that all telephone calls are encrypted and eavesdroppers are unable to decrypt information in order to obtain secrets...
The new method expands the AES algorithm with several layers which are never the same... The new system can prove hugely effective in combating industrial espionage, said Knudsen.
Industrial espionage occurs when different players discover and steal trade secrets such as business plans from companies, technical know-how and research results, budgets and secret plans using phone tapping. (more)
Concerned about potential security risks, the U.S. government is taking a close look at last week's sale of New York's iconic Waldorf Astoria hotel to a Chinese insurance company.
U.S. officials said Monday they are reviewing the Oct. 6 purchase of the Waldorf by the Beijing-based Anbang Insurance Group, which bought the hotel from Hilton Worldwide for $1.95 billion. Terms of the sale allow Hilton to run the hotel for the next 100 years and call for "a major renovation" that officials say has raised eyebrows in Washington, where fears of Chinese eavesdropping and cyber espionage run high. (more)
The accusations read like a pulp thriller: Citigroup employees in Mexico are suspected of pocketing millions of dollars in kickbacks from vendors. And bodyguards for bank executives bought audio recordings of personal phone calls and created shell companies to disguise their fraud...
The security unit’s primary purpose was to protect the Banamex leadership, but at some point, the unit started operating beyond its approved duties, according to the person briefed on the matter who was not authorized to speak publicly because of the criminal investigation. The security unit was also providing protection and security consulting services for people outside the bank, sometimes as a courtesy and at other times for money, the internal investigation found. The conduct spanned more than a decade, the investigation found, extending into last year...
Citigroup’s outside lawyers have turned over information to law enforcement officials in Mexico and the United States, but there are many things the bank doesn’t know about the rogue security unit. For example, the security team had purchased audio surveillance files from “third parties” that included cellphone and landline conversations of dozens of people — some of a highly personal nature, the person said. The Banamex unit then transcribed many of these files. It was unclear why the security team was amassing records of the personal conversations. The bank’s investigators are still working to determine why the security unit gathered the conversations, involving dozens of people, many of whom had nothing to do with the bank. (more)
Aaron's Inc., the nation's second-largest chain of rent-to-own appliance and furniture stores,
agreed to pay $28.4 million to settle allegations that it violated California consumer privacy and protection laws by allowing software that secretly monitored consumers to be installed on rental computers, according to regulators.
The Atlanta-based retailer allegedly overcharged customers, left out important contract disclosures and installed software that could track the keystrokes of people who rented computers and even activate webcams or microphones to record users. (more)
...from an anonymous blog entry...
I am a regular renter from Hertz (President's Circle)... I got into a rental car at O'Hare airport.
I immediately noticed the new NeverLost and I was completely shocked to see a camera built into the device looking at me. The system can't be turned off from what could tell...
I know rental car companies have been tracking the speed and movements of their vehicles for years but putting a camera inside the cabin of the vehicle is taking their need for information a little TOO FAR. I find this to be completely UNACCEPTABLE. In fact, if I get another car from Hertz with a camera in it, I will move our business from Hertz completely.
I influence car rentals of many others and I don't think anyone would want to be on camera while they are driving around or sitting at a red light.
Given what Hertz has invested in this system, I wonder how much consumer pressure will make them to pull the plug on this. Business is built one customer at a time and they will no longer have me as a customer. What are your thoughts? (more)
Further investigations revealed...
...the Hertz NeverLost 6 platform will include an ARM Cortex-A9 architecture with quad cores running at 1GHz, a high-res TFT display, Bluetooth and Wi-Fi connectivity and a GPS module that engineers built around SiRFstarIV architecture. Also included are a keypad, camera module, accelerometers and a Gyros sensor board...
If a person accidentally calls someone from their cell phone, do they have a right to privacy protecting any conversation heard on the other end? The courts don’t think so.
Jim Huff, then chairman of the Kenton County (Kentucky) Airport Board, which manages Cincinnati’s international airport, was at a conference in Italy on October 24, 2013, when he unintentionally dialed airport offices while his phone was in his pocket and reached Carol Spaw. Spaw listened to Huff’s conversation for 90 minutes, even writing down some of his remarks and passing them along to a third party.
Huff claimed Spaw’s actions violated his right to privacy, since he never intended to “pocket dial” her in the first place.
But a federal judge didn’t agree, ruling individuals don’t have a reasonable expectation of privacy due to the common problem of pocket dialing and “butt calls.” (more) (sing-a-long)
The disclosure that Nixon offered to wiretap Lindsay comes via the detailed diaries of Dr. W. Kenneth Riland, who was Rockefeller’s osteopath and confidante.
He also treated Nixon and gained his confidence, too. (more)
As relations improve between Beijing and Taipei, military morale still continues to fall as fewer Taiwan military officers see a future in an ever-shrinking armed forces. Many are beginning to cash in on their intimate knowledge of military secrets, including classified information on US military equipment.
Over the past several years, Taiwan military officers have sold China information on the E-2K Hawkeye airborne early warning aircraft, Patriot Advanced Capability-3 and PAC-2 anti-ballistic missile systems, Hawk air defense missile system, and the Raytheon Palm IR-500 radiometric infrared camera.
China uses retired Taiwan military officers to help recruit spies in the
armed forces. Retired officers receive all-expense paid trips to China
by the United Front Work Department, said a Taiwan security specialist.
While there, they are lionized for returning to the “homeland” and given
tours of their ancestral homes. Before they return, money is offered to
help the “motherland” in the future, and “unfortunately many take it,”
he said. (more)
General Motors may have to take the sting out of its new Stingray.
The 2015 Corvette offers a personal video recording option that lets owners surreptitiously record video and audio when the car is in the hands of other drivers — like parking attendants. But now the automaker is concerned that the so-called valet mode may run afoul of eavesdropping laws in some states.
The laws in question involve audio recording only, and require that both parties give consent to be recorded. The Corvette’s recorder not only stores video shot through the windshield, but also data on speed and acceleration as well as audio recordings from inside the car. (more)
Numbers on corporate espionage are hard to come by. The Germans recently estimated that they lose around $69 billion to foreign business spies every year, but—at best—that’s basically just a piece of well-informed speculation.
The main problem with getting an exact fix on these figures is that they’re impossible to prove, because the nature of espionage generally relies on keeping stuff secret. It’s difficult to track the exchange of information, for instance, when it involves murmuring something at the sauna, or handing over a USB stick in a multi-level parking garage. And like a rigged sports game or steroid usage, it’s not something we’re in the mood to wake up to until it’s 100 percent, incontrovertibly there—an arsenal of smoking guns right under our noses.
“[Worrying about corporate espionage] very quickly becomes a matter of paranoia,” says Crispin Sturrock, who’s been running WhiteRock—a firm of anti-espionage specialists—for more than 20 years. “There’s a very British tendency to want to shake it off. To say, ‘Oh, I must be being paranoid.’ And, of course, just to be paranoid doesn’t necessarily make you wrong.” (more)
ISM Bugging Out
The revelation this week that the International Spy Museum would be once again hitting the pavement in search of a new home got us thinking: Where else in the District might work for the popular museum? (more)
ISIS Changing Name
During the premiere episode of the sixth season of Archer,
FX’s outrageously funny animated spy series, spy matriarch Malory
Archer is seen speaking on the phone with her juvenile,
coddled son. In the background, you can see two movers rolling out a
large, circular blue ISIS sign... for the past five seasons,
ISIS (International Secret Intelligence Service) has been the name for
the underground, non-government approved, New York City-based spy
organization at the heart of the show. In light of recent events,
however, creator Adam
Reed along with executive producers Matt Thompson and Casey Willis—made
a decision to quietly eliminate the acronym from their show. (more)
HHSC Wants Blimpies
Rep. Michael McCaul,
chairman of the House Homeland Security Committee, said Friday that he
wants to redeploy U.S. military spy blimps in Afghanistan to America’s
southern border. (more) Poop on them if they don't know about this. (more)
Former NSA Head Said
“Our data’s in there (NSA databases), my data’s in there. If I talk to an Al Qaeda operative, the chances of my data being looked at is really good, so I try not to do that. If you don’t want to you shouldn’t either,” he told MIRcon delegates. (more)
Phone and internet users should be worried about big commercial companies, rather than intelligence agencies obtaining and sharing their private data, Government Communications Headquarters (GCHQ) Director Sir Iain Lobban said in an interview with the Telegraph.
"Look, who has the info on you? It's the commercial companies, not us, who know everything – a massive sharing of data," Lobban was quoted as saying by the newspaper on Friday.
"The other day I bought a watch for my wife. Soon there were lots of pop-up watches advertising themselves on our computer, and she complained," the GCHQ director added. (more)
via Lauren Weinstein...
"Microsoft collects information about you, your devices, applications
and networks, and your use of those devices, applications and
networks. Examples of data we collect include your name, email
address, preferences and interests; browsing, search and file history;
phone call and SMS data; device configuration and sensor data; and
application usage."
"If you open a file, we may collect information about the file, the
application used to open the file, and how long it takes any use
[of]it for purposes such as improving performance, or [if you]enter
text, we may collect typed characters, we may collect typed characters
and use them for purposes such as improving autocomplete and spell
check features." (more)
"Such as" implies more than just two examples.