Tuesday, January 19, 2016

Estranged Husband Goes Under House to Bug Wife

Australia - A Wilsonton man who suspected his ex-wife was seeing another man "bugged" her home to spy on her, Toowoomba Magistrates Court heard.

The couple had been in a relationship for six years but separated last year, the court heard.

In early October, the woman had started receiving text messages from her 48-year-old estranged husband that she took as threatening and intimidating, police prosecutor Tim Hutton told the court...

...toward the end of the offending period, the victim noticed some of the text messages contained information that only she and a few people close to her knew including the sale of a horse and other private matters, Sergeant Hutton said...

When police spoke with the man on October 24, he readily admitted to having planted a recording device attached to an air-conditioning duct underneath his ex-wife's home which was connected through the floor to a microphone in the woman's bedroom, Sgt Hutton told the court. more

Monday, January 18, 2016

Cyber Crime Costs Projected To Reach $2 Trillion by 2019

‘Crime wave’ is an understatement when you consider the costs that businesses are suffering as a result of cyber crime. ‘Epidemic’ is more like it. IBM Corp.’s Chairman, CEO and President, Ginni Rometty, recently said that cyber crime may be the greatest threat to every company in the world...

In 2015, the British insurance company Lloyd’s estimated that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts over the past year put the cybercrime figure as high as $500 billion and more...

The World Economic Forum (WEF) says a significant portion of cybercrime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot. [Especially when electronic surveillance and classic corporate espionage techniques are used.] Those crimes would arguably move the needle on the cyber crime numbers much higher.

For anyone who wants to tally their own bill from cyber crime, check out Cyber Tab from Booz Allen. It is an anonymous, free tool that helps information security and other senior executives understand the damage to companies inflicted by cyber crime and attacks. more

CBS 60 Minutes - The Great Brain Robbery... and what to do about it.

The following is a script from "The Great Brain Robbery" which aired on Jan. 17, 2016 by CBS. Lesley Stahl is the correspondent. Rich Bonin, producer.

If spying is the world's second oldest profession, the government of China has given it a new, modern-day twist, enlisting an army of spies not to steal military secrets but the trade secrets and intellectual property of American companies. It's being called "the great brain robbery of America."

The Justice Department says that the scale of China's corporate espionage is so vast it constitutes a national security emergency, with China targeting virtually every sector of the U.S. economy, and costing American companies hundreds of billions of dollars in losses -- and more than two million jobs.

John Carlin: They're targeting our private companies. And it's not a fair fight. A private company can't compete against the resources of the second largest economy in the world. more

Part of the problem (worldwide) are the victims themselves. Many companies view taking steps to protect themselves an expensive annoyance. Corporate espionage is truly a national security issue, for many countries. Countering it requires an enhanced response. The old "punish the spy" solution is lopsided and ineffective. Check here for a new solution. Please spread the word.

Illya Kuryakin Writes a Spy Novel - Welcome back to the genre!

David McCallum — yes, actor of “The Man from U.N.C.L.E.” 
and “NCIS” fame — confidently embarks on a second career in his highly entertaining debut that mixes the espionage novel with the mystery thriller, Once a Crooked Man.

McCallum, 82, is no John le Carre, nor does his “Once a Crooked Man” hero, Harry Murphy, resemble George Smiley or Illya Kuryakin, the role that made the Scottish actor famous. But McCallum respects the genres’ tenets, supplying the right amount of intrigue, violence and sex for a well-plotted, action-packed tale. more

Thursday, January 14, 2016

Do You Have an IoT in the Workplace Policy? (you need one)

via Rafal Los 
It’s the beginning of the year, and for many of us that means hauling in some new gear into the office. Santa continues to bring more widgets and gizmos, and some of that stuff comes to the office with you. I think this is as good a time as any to think about the Internet of Things (IoT) and what it means for your CISO.

We’ve had an Amazon Echo at my house for a while now, since I couldn’t help myself but get on the early adopters list long ago. Truth be told, I love it. Alexa tells me the weather, keeps the twins’ Raffi albums close at hand, and reminds me to buy milk. But since my daughter has discovered her inner spider monkey, she likes to climb up on the cabinet where Alexa lives and likes to talk to her… and pull on the power cable. Also, she once turned the volume up all the way so that when I asked Alexa the weather at 6:30 a.m. I woke up the entire house…whoops. So long story short, Alexa has been unplugged, and I thought … why not take it to the office?

The find.
Here’s the issue — Echo is “always listening” so there’s that question of how welcome she would be in my office where confidential and highly sensitive conversations are a-plenty. Furthermore, Echo streams music and would need my credentials to get wireless network access. I suppose I could just use my personal Wi-Fi hotspot, but that seems like a waste. In case you’re wondering, I opted to not test my CISO’s good will, and Alexa will just have to live with my twins’ abuse. more

This is not a theoretical, I found an Echo in a top executive's office last year. He said it was a gift.

Add an IoT policy to your BYOD policy, and have us check for technical surveillance items and information security loopholes periodically. ~Kevin

American Textile Industry - Woven from Espionage

Samuel Slater, who established the United States' first textile mill in 1793, is widely regarded as the father of America's industrial revolution, having received that very accolade from Andrew Jackson. But American industry may owe as much to his fantastic memory and legally questionable sneakiness as his skill as a machinist and manager. This is the story of how the industrial pioneer earned his other title: "Slater the Traitor."

The ninth of 13 children, Samuel Slater was born in Belper, England in 1768. At age 14, he entered a seven-year apprenticeship agreement with mill owner Jedediah Strutt. He proved a clever, talented young man and quickly became Strutt’s “right hand.” During Slater’s apprenticeship, he learned a great deal about cotton manufacturing and management. He had the opportunity to work on the machines, and saw how Richard Arkwright’s spinning frame—the first water-powered textile machine—was used in large mills. Unfortunately for the ambitious Slater, Strutt had several sons of his own. As a result, Slater would not have a path to advance in the business.

In 1790, Slater decided to leave Strutt’s employment after coming across a Philadelphia newspaper that offered a “liberal bounty” (£100) to encourage English textile workers to come to the United States... Once he arrived in Rhode Island, legend has it that it took him just one year to build the complicated Arkwright machines from memory. Soon they had plenty of thread to sell and Slater’s reputation was secure. In 1793, the newly established Almy, Brown, and Slater company built the mill that would usher in the American industrial revolution. The rest is history. more

EU Law - Yes, the boss can spy on you... and what you can do about it. (updated)

The European Court of Human Rights has ruled that your boss has the right to spy on you at work.

Europe’s top human rights court ordered the handover of transcripts of private conversations by a Romanian worker on Yahoo Messenger. In this case, the employer had warned staff in its company policy that their devices were only to be used for work.

They argued: “It proved that he had used the company’s computer for his own private purposes during working hours.”

But lawyers told the Independent that your employer doesn't have to give you warning before monitoring your private correspondence. "Within the UK you can conduct monitoring without employee consent," said Paula Barrett, partner, head of privacy, at Eversheds. more

UPDATE - No, the European Court of Human Rights did NOT just greenlight spying on employees
The press has got itself carried away with a European court ruling on a labour dispute: workers' private communications are safe. more

Read both articles and decide for yourself. ~Kevin 

Your New IoT Ding-Dong Can Open Your Wi-Fi... to hackers

Getting hacked is bad, but there’s something worse than that: getting hacked because of your own smart doorbell. 

Ring is a popular smart doorbell that allows you to unlock your door from your phone, as well as see and hear visitors via a webcam.

Unfortunately for Ring, that same doorbell meant you could have had your Wi-Fi password stolen in a few minutes if someone cracked into the physical doorbell...

According to Pen Test Partners, the attack was relatively trivial... more

Wednesday, January 13, 2016

What Makes a Trade Secret a Trade Secret?

Article 39 of the Trade-Related Aspects of Intellectual Property Rights Agreement (TRIPS) provides general guidance on necessary conditions for trade secrets:
  • The information must be secret (i.e. it is not generally known among, or readily accessible to, circles that normally deal with the kind of information in question);
  • It must have commercial value because it is a secret; and
  • It must have been subject to reasonable steps by the rightful holder of the information to keep it secret (e.g., through confidentiality agreements, non-disclosure agreements, etc.). more
The "etc." part also includes providing extra security for the information, and the areas where it is generated, stored and used. Periodic Technical Surveillance Countermeasures inspections (TSCM) are a very important part of these conditions. Contact me for more information about this.

The Unofficial World's Record for Arresting Wiretappers Goes to...

Turkey - Thirty people alleged to have illegally wiretapped hundreds of Turkish officials, politicians and journalists were detained in simultaneous operations across the country early Tuesday. 

Suspects are accused of illegally wiretapping the communications of 432 people, including businessmen, journalists and politicians from the ruling Justice and Development (AK) Party, Republican People’s Party Party and the Nationalist Movement Party. more

Today in Spying - Bad Day for Spies

Iran Seizes U.S. Sailors Amid Claims of Spying more

Kuwait sentences two to death for 'spying for Iran' more

North Korea holding U.S. citizen for allegedly spying more

Senior officer quizzed on 'police spying' more

Former Skidmore security guard admits spying on woman more

Indian man sentenced to five years in prison for spying in UAE more

Man accused of spying on female neighbor with homemade selfie stick pleads guilty more

From those wonderful people who like back doors...

US - A hacker appears to have broken into personal accounts of the nation’s top spy chief.

The reported teenager is part of the group that hacked into CIA Director John Brennan’s personal emails last year and is using the new access for pro-Palestinian activism. According to Vice Motherboard, which broke the news on Tuesday, the hacker claimed to have broken into a personal email and phone account of Director of National Intelligence James Clapper and his wife. more

Sunday, January 10, 2016

Business Espionage: The Hoverboard Knockoff

The hoverboard hubbub at CES in Las Vegas Thursday was something straight out of a corporate espionage movie...

US marshals raided a booth set up by Chinese company Changzhou First International Trade. It was promoting its Trotter electronic skateboard—what Bloomberg describes as looking "like a seesaw with one big wheel in the middle."

The problem: Silicon Valley startup Future Motion says the product is a knockoff of its own Onewheel skateboard, invented and designed by Kyle Doerksen.

"When we got word that a company was exhibiting a knock-off product, we engaged in the formal process, which involved sending a cease and desist letter and ... getting a restraining order ... then enforced by the US marshals," Doerksen tells the BBC. more

Business Espionage: Employee's Steal Bends Steel Company With Her Bare Hands

Australia - On the day long-serving BlueScope software development manager Chinnari Sridevi "Sri" Somanchi was to be made redundant in June 2015, she was suddenly busy on the phone.

For the next two hours her redundancy meeting was delayed while Ms Somanchi was locked on the lengthy call, as her manager circled her desk trying to get her attention.

What the company did not know at the time, and now alleges, was Ms Somanchi was spending those precious hours downloading a cache of company secrets so financially important to BlueScope it has launched emergency legal action in the Federal Court of Australia and Singapore, where she is now based, to stop the information falling into the hands of its competitors.

The case of alleged international espionage has left the company reeling.

Ms Somanchi has been accused this week of downloading a trove of company documents – about 40 gigabytes – over a four-year period, including the codes she allegedly downloaded just before her redundancy meeting.

BlueScope is now trying desperately to retrieve "highly sensitive and commercially valuable" information allegedly stolen by Ms Somanchi, who it describes as a disgruntled former employee...

The case of alleged international espionage has left the company reeling and urgently seeking a judge's help to find and destroy trade secrets before they fall into the hands of competitors.

Losing its customized software to a rival firm would so badly damage BlueScope that it was not seeking penalties because "it is difficult to see how damages could adequately compensate BlueScope for the loss",
a senior manager's affidavit said. The business unit at risk generates $US45 million in turnover each year. more

Business Espionage: Former Cardinals Executive Pleads Guilty To Hacking Astros

Chris Correa, the former scouting director of the St. Louis Cardinals, has pleaded guilty to five criminal charges in connection with unauthorized access of the Houston Astros' database.

Correa appeared before a U.S. district court judge in Houston on Friday and had his sentencing hearing scheduled for April 11.

The maximum penalty for each of the five counts, The Houston Chronicle reported, is up to five years in prison, a fine of up to $250,000 and restitution. more