Monday, October 5, 2015

Scientist Pleads Guilty to Corporate Espionage

Researcher Xiwen Huang pleaded guilty Friday to one count of stealing trade secrets. But the legal battle over the punishment the former Charlotte resident receives already is underway.

Federal prosecutors say the 55-year-old chemical engineer stole proprietary technology and hundreds of pages of documents over the last decade from his government and civilian employers, including a company in Charlotte. Huang’s goal, according to court documents, was to aid both the Chinese government and his own company, which he started in North Carolina to do business in his Asian homeland.

Huang faces a maximum penalty of 10 years in prison and a $250,000 fine. He will be sentenced at a later date. Imprisonment is all but certain. more

Ai Weiwei Discovers Eavesdropping Devices in His Studio

Ai Weiwei has posted a number of pictures of what he says are listening devices found in his Beijing studio.

The Chinese dissident artist captioned one photo of a bug on Instagram with "There will always be surprises".

His friend Liu Xiaoyuan confirmed the bugs were found after the artist returned from a trip to Germany.

Xiaoyuan tweeted that they were found when redecoration started on Ai's home and were found in the office and a living room.

The artist also posted a video clip of firecrackers being set off in a metal bucket next to one of the devices. He wrote "Did you hear it?" next to the video. more


Gang Using Spy Cam, Bluetooth for Exam Paper Leaks Busted

India - Police have busted a New Delhi-based gang involved in assembling spy cameras and bluetooth devices in undergarments and shirts to facilitate question paper leaks in important competitive exams across the country.

...the accused used to assemble spy cams and bluetooth devices in shirts, briefs and vests, mobile hardware kits, and other equipment to get the question papers leaked out from the exam centres...

...the kit included an android smartphone which was connected with a spy cam in cuff of a shirt. The question paper was clicked by some candidate or a staff member through spy camp and smuggled outside the examination centre through drop box application.

The paper was then distributed through e-mails or WhatsApp to a team of six to eight teachers, who solved the paper. The candidates, who paid for the solved paper, were given a bluetooth ear device which did not require mobile handset and acted just as receiver. The accused had assembled a set with 40 mobile phones through which the answers were dictated to the candidates... more

Phone on Drone Hacks Wireless Printer

You might think that working on a secured floor in a 30-story office tower puts you out of reach of Wi-Fi hackers out to steal your confidential documents.

But researchers in Singapore have demonstrated how attackers using a drone plus a mobile phone could easily intercept documents sent to a seemingly inaccessible Wi-Fi printer. The method they devised is actually intended to help organizations determine cheaply and easily if they have vulnerable open Wi-Fi devices that can be accessed from the sky. But the same technique could also be used by corporate spies intent on economic espionage. more

Sunday, October 4, 2015

Operation Armchair - Son of The Thing, or...

...how a small Dutch company, helped the CIA to eavesdrop on the Russians.

"A small company from Noordwijk, Dutch Radar Research Station, worked for the CIA for decades. It built sophisticated listening devices that the Americans used against the Soviet Union. I came across this story when a schoolmate gave me papers of his grandfather. Along with intelligence expert, Cees Wiebes, I reconstructed in eighteen months the never told key role that this Dutch company played during the Cold War." ~ Maurits Martijn
(A long, but interesting story.) 

Friday, October 2, 2015

IP Protection: Don’t Expect Government Help

If actions – or in this case inaction – speak louder than words, the message from the U.S. government to the private sector regarding defense against cyber economic espionage by China is clear: “You’re on your own.”

That remains true, in the view of multiple experts, even after Chinese President Xi Jinping and U.S. President Barack Obama announced an agreement last week that, according to a White House press secretary Fact Sheet, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

...the agreement refers only to the governments of both countries – not their private sectors...

Kevin Murray, director at Murray Associates, said the reality is that, “both leaders know economics comes first. “Waving an ‘agreement’ in the air may mollify some of their constituents,” he said, but the subtext of promising that “governments” won’t do it acknowledges the reality that they, “can't control all the rogue hackers out there. All they can say is that their governments are not behind it, and they don't condone it. Meanwhile, cutouts will manage the "consultants" who make money with their data-vacuums." more

Wednesday, September 30, 2015

In China Counterespionage is Everyone's Job... by law

Counter-espionage Law of the People's Republic of China (interesting highlights)
Adopted at the 11th meeting of the Standing Committee of the Twelfth National People's Congress on November 1, 2014.
  • Chapter I: General Provisions
  • Chapter II: Functions and Powers of State Security Organs in Anti-Espionage Efforts
  • Chapter III: The Duties and Rights of Citizens and Organizations 
Article 19: State organs, groups and other institutions shall educate their units' personnel on the maintenance of State security, and mobilize and organize them to prevent and stop espionage activity.

Article 20: Citizens and organizations shall facilitate and provide other assistance to anti-espionage efforts.

Article 25: Individuals and organizations must not illegally hold or use special-purpose spy equipment needed for espionage activities. Special-purpose spy equipment will by verified by the State Council department responsible for national security in accordance with relevant national provisions.
  • Chapter IV: Legal Liability
Article 31: Where state secrets relating to anti-espionage efforts are disclosed, the state security organs give 15 days of administrative detention; where it constitutes a crime, criminal liability is pursued in accordance with law.

Article 32: For those in unlawful possession of state secret documents, materials and other items, as well as those who unlawfully possess or utilize specialized spying equipment, state security organs may conduct a search of their person, items, residence and other relevant locations in accordance with law; and confiscate the state secrets documents materials and other items they unlawfully possessed, as well as the specialized spying equipment they possessed or utilized. Where the unlawful possession of state secrets documents, materials or other materials constitutes a crime, pursue criminal responsibility in accordance with law; where it does not constitute a crime, state security organs give warnings or administrative detention of up to 15 days.
  • Chapter V: Supplementary Provisions
Article 38: Espionage conduct as used in this law refers to the following conduct... more

Sunday, September 27, 2015

Bugged: Russian Roach Rampage (Warning: Sensationalist Reporting)

The terrifying cockroach robo-SPY that could soon perform reconnaissance missions for the Russian military...

  • Robot is fitted with photosensitive sensors to track its surroundings
  • The 4-inch (10cm) mechanical roach moves like the Blaberus giganteus
  • A sample of the robo-bugs is being planned for Russian armed forces
  • Future models will be able to camouflage themselves, spy on people with portable cameras and carry out reconnaissance missions
Move over James Bond, your job is under threat from an army of robo-spies that look and move like cockroaches.

Researchers have created insect bots, inspired by the Blaberus giganteus species of roach, capable of scanning rooms and tracking their surroundings.

Fitted with sensors, these mechanical bugs can cover 12 inches (31cm) a second and the technology has already piqued the interest of the Russian military.

Researchers have created a robotic cockroach (pictured main), inspired by the Blaberus family of roaches (B. craniifer shown on top of the robot), capable of scanning rooms and tracking its surroundings. The mechanical bug can cover 12 inches a second

The bionic cockroaches were designed by engineers Danil Borchevkin and Aleksey Belousov at Kaliningrad's Kant University.

Each robot is 4-inches (10cm) long and fitted with photosensitive sensors, as well as sensors that detect contact, meaning they can constantly look out for obstacles. more


Man Admits Wiretapping, Harassment of Judge... and DUI

PA - An East Goshen man who secretly recorded telephone conversations with his ex-wife, her attorney’s office, two police officers and others, and who also made profane telephone calls to a Common Pleas Court judge and officials in the Chester County Domestic Relations Office, has admitted his culpability in those crimes.

On Wednesday, William Robert Wheeler pleaded guilty to charges of wiretapping and harassment, as well as driving under the influence, before Judge Patrick Carmody, who deferred formal sentencing to allow Wheeler to apply for the county’s alternative sentencing program for repeat DUI offenders. more

Spying Coffee Cup Lid Worthy of James Bond

This may look like an ordinary coffee cup.

But the innocent-looking container could soon become a potent new weapon in the fight against criminals, fraudsters and enemy spies.

The plastic lid is similar to those handed out by coffee chain giants, such as Starbucks and Costa.

The lid, which looks like it could have been devised by James Bond's gadget guru Q, has been created by Bodmin-based LawMate UK.

Inside, it is fitted with hi-definition filming equipment and an eavesdropping device that can listen in and record conversations, even in a room full of people.

Investigators will be able to use the device to gather crucial evidence, and can activate it by pressing the letter H – which stands for Hot – on the lid.

The firm, based at the Mid-Cornwall town's Callywith industrial estate, has already sold more than 100 of the gadgets, which are designed to fit any takeaway cup in the UK. more

U.S., China Vow Not to Engage in Economic Cyberespionage

President Obama and Chinese leader Xi Jinping pledged Friday...

that neither of their governments would conduct or condone economic espionage in cyberspace in a deal that sought to address a major source of friction in the bilateral relationship.

But U.S. officials and experts said that it was uncertain whether the accord would lead to concrete action against cybercriminals. more

----

Question from a reporter...
Without government assistance, what can private sector organizations do to protect themselves more effectively from China stealing their IP?

Answer...
#1 - Realize that computer hacks are not perpetrated solely by someone sitting at a remote computer exploiting a software glitch they just discovered. A close look at many cases shows other elements of espionage in the path to the hack... social engineering, sloppy security practices, lack of oversight, multiple forms of classic electronic surveillance, blackmail, infiltration of personnel, etc.

The misconception that "this is an IT security problem" has lead to a morphing of corporate information security budgets into a lopsided IT-centric security budget. Thus, pretty much ignoring that most information in their computers was available elsewhere before it was ever converted into data! This situation is like having a building with one bank vault door, while the rest of the entrances are screen doors.

Here is what the private sector can do for themselves...

• View information security holistically. Spread the budget out. Cover all the bases.
   - Provide information security training to all employees.
   - Create stiff internal controls. Enforce them.
   - Conduct independent information security audits quarterly for compliance, discovery of new loopholes. Technical Surveillance Countermeasures (TSCM) is the foundation element of the audit. A TSCM sweep is conducted to discover internal electronic surveillance (audio, video, data), and verify security compliance of wireless LANs (Wi-Fi), etc.
~Kevin

Wednesday, September 16, 2015

Ex-Spies Join Cybersecurity Fight

Firms turn to cloak-and-dagger tactics to infiltrate hacker groups and pre-empt attacks.

Their job: Befriend hackers to find out about attacks before they even happen.

Last year, Black Cube, an Israel-based firm that specializes in gathering intelligence online, asked one of its bank clients for access to some of its internal HR and payroll data—sensitive enough to look like the spoils of a real cyber theft, but not enough to affect operations.

When Black Cube accessed the information, it left a digital trail that made it look like it had broken into the bank’s networks and stolen the data. By dangling this bait, Black Cube operatives posing as hackers infiltrated a group of cyber thieves that had been circling the bank, according to a person familiar with the sting, helping thwart an attack.

With the pace and severity of corporate cyberattacks increasing, a growing number of small cybersecurity and business intelligence firms like Black Cube are deploying the same sort of cloak-and-dagger moves that governments and police have long used to penetrate spy rings or break up terrorist cells. more

Android Apps Get Graded for Privacy - What's App on Your Phone?

A team of researchers from Carnegie Mellon University have assigned privacy grades to Android apps based on some techniques they to analyze to their privacy-related behaviors. Learn more here or browse their analyzed apps.

Grades are assigned using a privacy model that they built. This privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior.

For example, according to studies they conducted, most people don't expect games like Cut the Rope to use location data, but many of them actually do. This kind of surprise is represented in their privacy model as a penalty to an app’s overall privacy grade. In contrast, most people do expect apps like Google Maps to use location data. This lack of surprise is represented in their privacy model as a small or no penalty. more

Concerned about Android spyware, click here.

Tuesday, September 15, 2015

Sports TSCM: Manchester United Searched Hotel for Bugging Devices

UK - Manchester United reportedly organised for their hotel to be searched for bugging devices prior to Saturday's match against arch rivals Liverpool...

According to the Manchester Evening News, security men used devices to check a meeting room at the Lowry Hotel before Van Gaal discussed tactics for the game.

The report adds that the Premier League giants have been checking hotels for more than a year after a bugging device was found in a meeting during the 2013-14 season. more

Police: Fired Officer Used Drone to Spy on Neighbors

GA - A Valdosta police officer was out of a job as of Monday evening after being arrested for reportedly using a drone to eavesdrop on a neighbor.

Officer Howard Kirkland, 53, of Ray City, was fired Monday morning, Valdosta Police Chief Brian Childress confirmed.


He had been on suspension since September 4th. He was arrested at the police department by Lanier County Sheriff's Deputies on September 10th. The sheriff's office had been conducting an investigation for about a week. more