...how a small Dutch company, helped the CIA to eavesdrop on the Russians.
"A small company from Noordwijk, Dutch Radar Research Station, worked for the CIA for decades. It built sophisticated listening devices that the Americans used against the Soviet Union. I came across this story when a schoolmate gave me papers of his grandfather. Along with intelligence expert, Cees Wiebes, I reconstructed in eighteen months the never told key role that this Dutch company played during the Cold War." ~ Maurits Martijn
(A long, but interesting story.)
Sunday, October 4, 2015
Friday, October 2, 2015
IP Protection: Don’t Expect Government Help
If actions – or in this case inaction – speak louder than words, the message from the U.S. government to the private sector regarding defense against cyber economic espionage by China is clear: “You’re on your own.”
That remains true, in the view of multiple experts, even after Chinese President Xi Jinping and U.S. President Barack Obama announced an agreement last week that, according to a White House press secretary Fact Sheet, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
...the agreement refers only to the governments of both countries – not their private sectors...
Kevin Murray, director at Murray Associates, said the reality is that, “both leaders know economics comes first. “Waving an ‘agreement’ in the air may mollify some of their constituents,” he said, but the subtext of promising that “governments” won’t do it acknowledges the reality that they, “can't control all the rogue hackers out there. All they can say is that their governments are not behind it, and they don't condone it. Meanwhile, cutouts will manage the "consultants" who make money with their data-vacuums." more
That remains true, in the view of multiple experts, even after Chinese President Xi Jinping and U.S. President Barack Obama announced an agreement last week that, according to a White House press secretary Fact Sheet, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
...the agreement refers only to the governments of both countries – not their private sectors...
Kevin Murray, director at Murray Associates, said the reality is that, “both leaders know economics comes first. “Waving an ‘agreement’ in the air may mollify some of their constituents,” he said, but the subtext of promising that “governments” won’t do it acknowledges the reality that they, “can't control all the rogue hackers out there. All they can say is that their governments are not behind it, and they don't condone it. Meanwhile, cutouts will manage the "consultants" who make money with their data-vacuums." more
Wednesday, September 30, 2015
In China Counterespionage is Everyone's Job... by law
Counter-espionage Law of the People's Republic of China (interesting highlights)
Adopted at the 11th meeting of the Standing Committee of the Twelfth National People's Congress on November 1, 2014.
Article 20: Citizens and organizations shall facilitate and provide other assistance to anti-espionage efforts.
Article 25: Individuals and organizations must not illegally hold or use special-purpose spy equipment needed for espionage activities. Special-purpose spy equipment will by verified by the State Council department responsible for national security in accordance with relevant national provisions.
Article 32: For those in unlawful possession of state secret documents, materials and other items, as well as those who unlawfully possess or utilize specialized spying equipment, state security organs may conduct a search of their person, items, residence and other relevant locations in accordance with law; and confiscate the state secrets documents materials and other items they unlawfully possessed, as well as the specialized spying equipment they possessed or utilized. Where the unlawful possession of state secrets documents, materials or other materials constitutes a crime, pursue criminal responsibility in accordance with law; where it does not constitute a crime, state security organs give warnings or administrative detention of up to 15 days.
Adopted at the 11th meeting of the Standing Committee of the Twelfth National People's Congress on November 1, 2014.
- Chapter I: General Provisions
Article 4: Citizens
of the People's Republic of China have a duty to preserve national
security, honor and interests; and must not endanger national security,
honor or interests. All
State organs, armed forces, political parties and public groups, and
all enterprises and organizations, have the obligation to prevent and
stop espionage activities and maintain national security. State
security organs must rely on the support of the people in
anti-espionage efforts, mobilizing and organizing the people to prevent
and stop espionage conduct threatening state security .
- Chapter II: Functions and Powers of State Security Organs in Anti-Espionage Efforts
Article 12: As
needed for investigation of espionage activities, and on the basis of
national provisions, state security organs may employ technological
investigative measures upon strict formalities for approval.
Article 13: National
security organ counterintelligence work, organizations and individuals
can check electronic communication tools, equipment, and other equipment
and facilities in accordance with the regulations. Where situations
harmful to state security to national security are discovered in the
course of an inspection, the state security organ shall order
rectification; and where rectification is refused or after the
rectification requirements are still not met, they may be sealed or
seized.
Where
situations harmful to state security to national security are
discovered in the course of an inspection, the state security organ
shall order rectification; and where rectification is refused or after
the rectification requirements are still not met, they may be sealed or
seized.
- Chapter III: The Duties and Rights of Citizens and Organizations
Article 20: Citizens and organizations shall facilitate and provide other assistance to anti-espionage efforts.
Article 25: Individuals and organizations must not illegally hold or use special-purpose spy equipment needed for espionage activities. Special-purpose spy equipment will by verified by the State Council department responsible for national security in accordance with relevant national provisions.
- Chapter IV: Legal Liability
Article 32: For those in unlawful possession of state secret documents, materials and other items, as well as those who unlawfully possess or utilize specialized spying equipment, state security organs may conduct a search of their person, items, residence and other relevant locations in accordance with law; and confiscate the state secrets documents materials and other items they unlawfully possessed, as well as the specialized spying equipment they possessed or utilized. Where the unlawful possession of state secrets documents, materials or other materials constitutes a crime, pursue criminal responsibility in accordance with law; where it does not constitute a crime, state security organs give warnings or administrative detention of up to 15 days.
- Chapter V: Supplementary Provisions
Sunday, September 27, 2015
Bugged: Russian Roach Rampage (Warning: Sensationalist Reporting)
The terrifying cockroach robo-SPY that could soon perform reconnaissance missions for the Russian military...
Researchers have created insect bots, inspired by the Blaberus giganteus species of roach, capable of scanning rooms and tracking their surroundings.
Fitted with sensors, these mechanical bugs can cover 12 inches (31cm) a second and the technology has already piqued the interest of the Russian military.
Researchers have created a robotic cockroach (pictured main), inspired by the Blaberus family of roaches (B. craniifer shown on top of the robot), capable of scanning rooms and tracking its surroundings. The mechanical bug can cover 12 inches a second
The bionic cockroaches were designed by engineers Danil Borchevkin and Aleksey Belousov at Kaliningrad's Kant University.
Each robot is 4-inches (10cm) long and fitted with photosensitive sensors, as well as sensors that detect contact, meaning they can constantly look out for obstacles. more
- Robot is fitted with photosensitive sensors to track its surroundings
- The 4-inch (10cm) mechanical roach moves like the Blaberus giganteus
- A sample of the robo-bugs is being planned for Russian armed forces
- Future models will be able to camouflage themselves, spy on people with portable cameras and carry out reconnaissance missions
Researchers have created insect bots, inspired by the Blaberus giganteus species of roach, capable of scanning rooms and tracking their surroundings.
Fitted with sensors, these mechanical bugs can cover 12 inches (31cm) a second and the technology has already piqued the interest of the Russian military.
Researchers have created a robotic cockroach (pictured main), inspired by the Blaberus family of roaches (B. craniifer shown on top of the robot), capable of scanning rooms and tracking its surroundings. The mechanical bug can cover 12 inches a second
The bionic cockroaches were designed by engineers Danil Borchevkin and Aleksey Belousov at Kaliningrad's Kant University.
Each robot is 4-inches (10cm) long and fitted with photosensitive sensors, as well as sensors that detect contact, meaning they can constantly look out for obstacles. more
Man Admits Wiretapping, Harassment of Judge... and DUI
PA - An East Goshen man who secretly recorded telephone conversations with his ex-wife, her attorney’s office, two police officers and others, and who also made profane telephone calls to a Common Pleas Court judge and officials in the Chester County Domestic Relations Office, has admitted his culpability in those crimes.
On Wednesday, William Robert Wheeler pleaded guilty to charges of wiretapping and harassment, as well as driving under the influence, before Judge Patrick Carmody, who deferred formal sentencing to allow Wheeler to apply for the county’s alternative sentencing program for repeat DUI offenders. more
On Wednesday, William Robert Wheeler pleaded guilty to charges of wiretapping and harassment, as well as driving under the influence, before Judge Patrick Carmody, who deferred formal sentencing to allow Wheeler to apply for the county’s alternative sentencing program for repeat DUI offenders. more
Labels:
amateur,
dumb,
government,
harassment,
lawsuit,
wiretapping
Spying Coffee Cup Lid Worthy of James Bond
This may look like an ordinary coffee cup.
But the innocent-looking container could soon become a potent new weapon in the fight against criminals, fraudsters and enemy spies.
The plastic lid is similar to those handed out by coffee chain giants, such as Starbucks and Costa.
The lid, which looks like it could have been devised by James Bond's gadget guru Q, has been created by Bodmin-based LawMate UK.
Inside, it is fitted with hi-definition filming equipment and an eavesdropping device that can listen in and record conversations, even in a room full of people.
Investigators will be able to use the device to gather crucial evidence, and can activate it by pressing the letter H – which stands for Hot – on the lid.
The firm, based at the Mid-Cornwall town's Callywith industrial estate, has already sold more than 100 of the gadgets, which are designed to fit any takeaway cup in the UK. more
But the innocent-looking container could soon become a potent new weapon in the fight against criminals, fraudsters and enemy spies.
The plastic lid is similar to those handed out by coffee chain giants, such as Starbucks and Costa.
The lid, which looks like it could have been devised by James Bond's gadget guru Q, has been created by Bodmin-based LawMate UK.
Inside, it is fitted with hi-definition filming equipment and an eavesdropping device that can listen in and record conversations, even in a room full of people.
Investigators will be able to use the device to gather crucial evidence, and can activate it by pressing the letter H – which stands for Hot – on the lid.
The firm, based at the Mid-Cornwall town's Callywith industrial estate, has already sold more than 100 of the gadgets, which are designed to fit any takeaway cup in the UK. more
U.S., China Vow Not to Engage in Economic Cyberespionage
President Obama and Chinese leader Xi Jinping pledged Friday...
that neither of their governments would conduct or condone economic espionage in cyberspace in a deal that sought to address a major source of friction in the bilateral relationship.
But U.S. officials and experts said that it was uncertain whether the accord would lead to concrete action against cybercriminals. more
----
Question from a reporter...
Without government assistance, what can private sector organizations do to protect themselves more effectively from China stealing their IP?
Answer...
#1 - Realize that computer hacks are not perpetrated solely by someone sitting at a remote computer exploiting a software glitch they just discovered. A close look at many cases shows other elements of espionage in the path to the hack... social engineering, sloppy security practices, lack of oversight, multiple forms of classic electronic surveillance, blackmail, infiltration of personnel, etc.
The misconception that "this is an IT security problem" has lead to a morphing of corporate information security budgets into a lopsided IT-centric security budget. Thus, pretty much ignoring that most information in their computers was available elsewhere before it was ever converted into data! This situation is like having a building with one bank vault door, while the rest of the entrances are screen doors.
Here is what the private sector can do for themselves...
• View information security holistically. Spread the budget out. Cover all the bases.
- Provide information security training to all employees.
- Create stiff internal controls. Enforce them.
- Conduct independent information security audits quarterly for compliance, discovery of new loopholes. Technical Surveillance Countermeasures (TSCM) is the foundation element of the audit. A TSCM sweep is conducted to discover internal electronic surveillance (audio, video, data), and verify security compliance of wireless LANs (Wi-Fi), etc.
~Kevin
that neither of their governments would conduct or condone economic espionage in cyberspace in a deal that sought to address a major source of friction in the bilateral relationship.
But U.S. officials and experts said that it was uncertain whether the accord would lead to concrete action against cybercriminals. more
----
Question from a reporter...
Without government assistance, what can private sector organizations do to protect themselves more effectively from China stealing their IP?
Answer...
#1 - Realize that computer hacks are not perpetrated solely by someone sitting at a remote computer exploiting a software glitch they just discovered. A close look at many cases shows other elements of espionage in the path to the hack... social engineering, sloppy security practices, lack of oversight, multiple forms of classic electronic surveillance, blackmail, infiltration of personnel, etc.
The misconception that "this is an IT security problem" has lead to a morphing of corporate information security budgets into a lopsided IT-centric security budget. Thus, pretty much ignoring that most information in their computers was available elsewhere before it was ever converted into data! This situation is like having a building with one bank vault door, while the rest of the entrances are screen doors.
Here is what the private sector can do for themselves...
• View information security holistically. Spread the budget out. Cover all the bases.
- Provide information security training to all employees.
- Create stiff internal controls. Enforce them.
- Conduct independent information security audits quarterly for compliance, discovery of new loopholes. Technical Surveillance Countermeasures (TSCM) is the foundation element of the audit. A TSCM sweep is conducted to discover internal electronic surveillance (audio, video, data), and verify security compliance of wireless LANs (Wi-Fi), etc.
~Kevin
Wednesday, September 16, 2015
Ex-Spies Join Cybersecurity Fight
Firms turn to cloak-and-dagger tactics to infiltrate hacker groups and pre-empt attacks.
Their job: Befriend hackers to find out about attacks before they even happen.
Last year, Black Cube, an Israel-based firm that specializes in gathering intelligence online, asked one of its bank clients for access to some of its internal HR and payroll data—sensitive enough to look like the spoils of a real cyber theft, but not enough to affect operations.
When Black Cube accessed the information, it left a digital trail that made it look like it had broken into the bank’s networks and stolen the data. By dangling this bait, Black Cube operatives posing as hackers infiltrated a group of cyber thieves that had been circling the bank, according to a person familiar with the sting, helping thwart an attack.
With the pace and severity of corporate cyberattacks increasing, a growing number of small cybersecurity and business intelligence firms like Black Cube are deploying the same sort of cloak-and-dagger moves that governments and police have long used to penetrate spy rings or break up terrorist cells. more
Their job: Befriend hackers to find out about attacks before they even happen.
Last year, Black Cube, an Israel-based firm that specializes in gathering intelligence online, asked one of its bank clients for access to some of its internal HR and payroll data—sensitive enough to look like the spoils of a real cyber theft, but not enough to affect operations.
When Black Cube accessed the information, it left a digital trail that made it look like it had broken into the bank’s networks and stolen the data. By dangling this bait, Black Cube operatives posing as hackers infiltrated a group of cyber thieves that had been circling the bank, according to a person familiar with the sting, helping thwart an attack.
With the pace and severity of corporate cyberattacks increasing, a growing number of small cybersecurity and business intelligence firms like Black Cube are deploying the same sort of cloak-and-dagger moves that governments and police have long used to penetrate spy rings or break up terrorist cells. more
Android Apps Get Graded for Privacy - What's App on Your Phone?
A team of researchers from Carnegie Mellon University have assigned privacy grades to Android apps based on some techniques they to analyze to their privacy-related behaviors. Learn more here or browse their analyzed apps.
Grades are assigned using a privacy model that they built. This privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior.
For example, according to studies they conducted, most people don't expect games like Cut the Rope to use location data, but many of them actually do. This kind of surprise is represented in their privacy model as a penalty to an app’s overall privacy grade. In contrast, most people do expect apps like Google Maps to use location data. This lack of surprise is represented in their privacy model as a small or no penalty. more
Concerned about Android spyware, click here.
Grades are assigned using a privacy model that they built. This privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior.
For example, according to studies they conducted, most people don't expect games like Cut the Rope to use location data, but many of them actually do. This kind of surprise is represented in their privacy model as a penalty to an app’s overall privacy grade. In contrast, most people do expect apps like Google Maps to use location data. This lack of surprise is represented in their privacy model as a small or no penalty. more
Concerned about Android spyware, click here.
Tuesday, September 15, 2015
Sports TSCM: Manchester United Searched Hotel for Bugging Devices
UK - Manchester United reportedly organised for their hotel to be searched for bugging devices prior to Saturday's match against arch rivals Liverpool...
According to the Manchester Evening News, security men used devices to check a meeting room at the Lowry Hotel before Van Gaal discussed tactics for the game.
The report adds that the Premier League giants have been checking hotels for more than a year after a bugging device was found in a meeting during the 2013-14 season. more
According to the Manchester Evening News, security men used devices to check a meeting room at the Lowry Hotel before Van Gaal discussed tactics for the game.
The report adds that the Premier League giants have been checking hotels for more than a year after a bugging device was found in a meeting during the 2013-14 season. more
Police: Fired Officer Used Drone to Spy on Neighbors
GA - A Valdosta police officer was out of a job as of Monday evening after being arrested for reportedly using a drone to eavesdrop on a neighbor.
Officer Howard Kirkland, 53, of Ray City, was fired Monday morning, Valdosta Police Chief Brian Childress confirmed.
He had been on suspension since September 4th. He was arrested at the police department by Lanier County Sheriff's Deputies on September 10th. The sheriff's office had been conducting an investigation for about a week. more
Officer Howard Kirkland, 53, of Ray City, was fired Monday morning, Valdosta Police Chief Brian Childress confirmed.
He had been on suspension since September 4th. He was arrested at the police department by Lanier County Sheriff's Deputies on September 10th. The sheriff's office had been conducting an investigation for about a week. more
Twitter Slapped With Class-Action Lawsuit for Eavesdropping on Direct Messages
Twitter has been slapped with a proposed class action lawsuit, which alleges that the service uses URL shorteners in violation of the Electronic Communications Privacy Act and California’s privacy law.
According to court documents filed Monday, Texas resident Wilford Raney brought the complaint to federal court in San Francisco, citing that although “Twitter represents that its users can ‘talk privately,’ Twitter ‘surreptitiously eavesdrops on its users private direct message communications.”
The complaint alleges that Twitter “intercepts, reads, and at times, even alters the message” as soon as someone sends a direct message. more
According to court documents filed Monday, Texas resident Wilford Raney brought the complaint to federal court in San Francisco, citing that although “Twitter represents that its users can ‘talk privately,’ Twitter ‘surreptitiously eavesdrops on its users private direct message communications.”
The complaint alleges that Twitter “intercepts, reads, and at times, even alters the message” as soon as someone sends a direct message. more
Cicada Drones Will Eavesdrop in Swarms Like Their Creepy Namesake
The U.S. Navy has developed tiny drones that can fly in swarms like cicada bugs, the organisms that give the drones their names.
In this case, "Cicada" is short for Covert Autonomous Disposable Aircraft. They're small yellow devices that can fit in the palm of one's hand and are made of only ten parts. They can fly up to 46 miles per hour almost silently.
The military described the drones as "robotic carrier pigeons," though unlike the birds historically used to send messages, these drones have an array of sensors that monitor things like weather and location data, as well as microphones that or eavesdropping on anyone in the vicinity.
The Cicada drones are meant to be deployed in swarms; they will reportedly be used behind enemy lines to determine things like troop positions, whether or not a car is on a road, and where military forces should be deployed.
For now, the tiny devices cost $1,000, but the government plans to manufacturing them more cheaply: about $250 per drone. The future of surveillance drones is, apparently, a relatively inexpensive one. more
In this case, "Cicada" is short for Covert Autonomous Disposable Aircraft. They're small yellow devices that can fit in the palm of one's hand and are made of only ten parts. They can fly up to 46 miles per hour almost silently.
The military described the drones as "robotic carrier pigeons," though unlike the birds historically used to send messages, these drones have an array of sensors that monitor things like weather and location data, as well as microphones that or eavesdropping on anyone in the vicinity.
The Cicada drones are meant to be deployed in swarms; they will reportedly be used behind enemy lines to determine things like troop positions, whether or not a car is on a road, and where military forces should be deployed.
For now, the tiny devices cost $1,000, but the government plans to manufacturing them more cheaply: about $250 per drone. The future of surveillance drones is, apparently, a relatively inexpensive one. more
Saturday, September 12, 2015
Security Director Alert - Worker Admits to Bathroom Spycam - Think Forseeability
If you don't have a written Recording in the Workplace Policy, and an in-house inspection procedure, right now is the time to get one in place. Contact me. I can help you do this, easily and inexpensively. ~ Kevin
AZ - A worker at a Cottonwood business was arrested on suspicion of voyeurism after police said he hid a cellphone in a women’s restroom.
Oscar Valles, 22, of Rimrock, admitted during police questioning that he placed the cellphone behind a plant in the bathroom to record one of his coworkers, officers said.
Valles said he knew the coworker changed clothes there each at the end of her shift each day. He said he did not mean to record any other person but was not able to retrieve his phone before others used the restroom, according to police. more
AZ - A worker at a Cottonwood business was arrested on suspicion of voyeurism after police said he hid a cellphone in a women’s restroom.
Oscar Valles, 22, of Rimrock, admitted during police questioning that he placed the cellphone behind a plant in the bathroom to record one of his coworkers, officers said.
Valles said he knew the coworker changed clothes there each at the end of her shift each day. He said he did not mean to record any other person but was not able to retrieve his phone before others used the restroom, according to police. more
Subscribe to:
Posts (Atom)