A Canadian citizen who ran a coffee shop near the sensitive China-North Korea border has been charged with spying by Beijing after being kept in detention for more than a year.
Kevin Garratt... “has been accused of spying and stealing China's state secrets”, state news agency Xinhua said, citing “authorities”.
"During the investigation, Chinese authorities also found evidence which implicates Garratt in accepting tasks from Canadian espionage agencies to gather intelligence in China," Xinhua reported. more
Friday, January 29, 2016
The Defend Trade Secrets Act of 2015
Prepared Statement by Senator Chuck Grassley of Iowa
Chairman, Senate Judiciary Committee
Executive Business Meeting
The next bill on the agenda is S.1890, the Defend Trade Secrets Act of 2015, introduced by Senators Hatch and Coons.
As we learned in a recent Committee hearing, while state trade secret laws provide U.S. companies many protections, at times these laws are inadequate.
The threats trade secret owners face are coming from thieves who are able to quickly travel across state lines and who use technology to aid their misappropriation. In many cases, the existing patch-work of state laws governing trade secret theft presents difficult procedural hurdles for victims who must seek immediate relief.
Further, the pace of trade secret theft is mounting and federal law enforcement authorities don’t have the bandwidth to prosecute but a fraction of cases. This means that victims of trade secret theft cannot rely on criminal enforcement, making a civil cause of action an effective way to go after the perpetrators.
The Defend Trade Secrets Act would amend the Economic Espionage Act of 1996 to create a federal civil remedy for trade secret misappropriation, allowing for a uniform national standard without preempting state law. The bill would provide clear rules and predictability for trade secret cases. Victims will be able to move quickly to federal court, with certainty of the rules, standards, and practices to stop trade secrets from being disseminated and losing their value. By improving trade secret protection, this bill will also help to incentivize future innovation.
Additionally, Ranking Member Leahy and I will be offering an amendment to help protect whistleblowers. more
Chairman, Senate Judiciary Committee
Executive Business Meeting
The next bill on the agenda is S.1890, the Defend Trade Secrets Act of 2015, introduced by Senators Hatch and Coons.
As we learned in a recent Committee hearing, while state trade secret laws provide U.S. companies many protections, at times these laws are inadequate.
The threats trade secret owners face are coming from thieves who are able to quickly travel across state lines and who use technology to aid their misappropriation. In many cases, the existing patch-work of state laws governing trade secret theft presents difficult procedural hurdles for victims who must seek immediate relief.
Further, the pace of trade secret theft is mounting and federal law enforcement authorities don’t have the bandwidth to prosecute but a fraction of cases. This means that victims of trade secret theft cannot rely on criminal enforcement, making a civil cause of action an effective way to go after the perpetrators.
The Defend Trade Secrets Act would amend the Economic Espionage Act of 1996 to create a federal civil remedy for trade secret misappropriation, allowing for a uniform national standard without preempting state law. The bill would provide clear rules and predictability for trade secret cases. Victims will be able to move quickly to federal court, with certainty of the rules, standards, and practices to stop trade secrets from being disseminated and losing their value. By improving trade secret protection, this bill will also help to incentivize future innovation.
Additionally, Ranking Member Leahy and I will be offering an amendment to help protect whistleblowers. more
Tuesday, January 26, 2016
Security Director Alert: Check your board and conference rooms for equipment made by AMX
Lots of companies -- and even the White House -- use a conference calling system that could possibly be tapped by hackers, according to new research.
On Thursday, cybersecurity experts at SEC Consult revealed a secret doorway that's built into a popular conference calling product built by a company called AMX.
AMX makes tablet panels used to control conference calls for businesses, government agencies and universities.
The company hard-coded backdoor access into its system. AMX created a "secret account" with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.
It's a glaring security hole. more
Murray Associates Recommendation
A firmware update is available for products and systems incorporating the NetLinx NX Control platform:
Firmware downloads require a current login and password for the AMX Account Center to access the protected Technical Documentation and Support Materials sections of the AMX by HARMAN website. Technical Support Staff within End User organizations should contact their authorized AMX Dealer or HARMAN Professional representative for assistance.
On Thursday, cybersecurity experts at SEC Consult revealed a secret doorway that's built into a popular conference calling product built by a company called AMX.
AMX makes tablet panels used to control conference calls for businesses, government agencies and universities.
The company hard-coded backdoor access into its system. AMX created a "secret account" with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.
It's a glaring security hole. more
Murray Associates Recommendation
A firmware update is available for products and systems incorporating the NetLinx NX Control platform:
NX Series Controllers
|
Massio® ControlPads
|
||||||||||||
Enova® DVX All-in-One Presentation Switchers
|
Firmware downloads require a current login and password for the AMX Account Center to access the protected Technical Documentation and Support Materials sections of the AMX by HARMAN website. Technical Support Staff within End User organizations should contact their authorized AMX Dealer or HARMAN Professional representative for assistance.
Monday, January 25, 2016
More Banksy Art, from Artsy
I received this email today and thought you might like to know...
Hi - my name is Oliver, and I work at Artsy. While researching Banksy, I found your page: http://spybusters.blogspot.com/2014_06_01_archive.html. I wanted to briefly tell you about Artsy's Banksy page, and about our mission.
We strive to make all of the world’s art accessible to anyone online. Our Banksy page,
for example, provides visitors with Banksy's bio, over 150 of his
works, exclusive articles, as well as up-to-date Banksy exhibition
listings. The page even includes related artist & category tags,
plus suggested contemporary artists, allowing viewers to continue
exploring art beyond our Banksy page.
Glad to help!
Here is another Banksy anti-surveillance piece of art.
Radar Rat, 2004
Spray paint and silkscreen on paper
14 × 14 in
35.6 × 35.6 cm
Gallery Nosco
Sold
£20,000 - 30,000 ($28,500 - $42,800)
Hi - my name is Oliver, and I work at Artsy. While researching Banksy, I found your page: http://spybusters.blogspot.com/2014_06_01_archive.html. I wanted to briefly tell you about Artsy's Banksy page, and about our mission.
Click to enlarge. |
Glad to help!
Here is another Banksy anti-surveillance piece of art.
Radar Rat, 2004
Spray paint and silkscreen on paper
14 × 14 in
35.6 × 35.6 cm
Gallery Nosco
Sold
£20,000 - 30,000 ($28,500 - $42,800)
World's Largest Bugging Device Hears What You Can't... and it may save our butts!
This desolate outpost in remotest Greenland is home to one of the world's most high-tech listening devices, tasked with saving humanity from itself.
Located along the coastline just outside the village of Qaanaaq – which bears the additional distinction of being the world's most northerly palindrome – the sole purpose of Infrasound station IS18 consists of listening to the planet's groans that occur at frequencies too low for the human ear to detect, occurring within the range of 20 Hz down to 0.001 Hz.
Qaaanaaq's eight-element array is divided into two sub-arrays bolstered by wind reduction technology, all of which are linked to a Central Processing Facility (or CPF) that churns out data around-the-clock to a central terminal in Qaanaaq proper. But why put such an extremely space-age device in a village accessible only by helicopter, whose locals subsist largely on narwhal, seals, and polar bears?
In its most practical application, IS18 is part of a network of highly specialized sensors charged with monitoring the globe for atomic blasts, as set forth by the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO). Around the clock, the array monitors the entire world for distinctive blast patterns produced by such explosions, as their unique pattern of ultra-low frequency sound waves persist even when ricocheting through the Earth's surface. more
Located along the coastline just outside the village of Qaanaaq – which bears the additional distinction of being the world's most northerly palindrome – the sole purpose of Infrasound station IS18 consists of listening to the planet's groans that occur at frequencies too low for the human ear to detect, occurring within the range of 20 Hz down to 0.001 Hz.
Click to enlarge. |
In its most practical application, IS18 is part of a network of highly specialized sensors charged with monitoring the globe for atomic blasts, as set forth by the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO). Around the clock, the array monitors the entire world for distinctive blast patterns produced by such explosions, as their unique pattern of ultra-low frequency sound waves persist even when ricocheting through the Earth's surface. more
Saturday, January 23, 2016
Fibre Optic Eavesdropping Tap Alarm
Allied Telesis, announced that it has released an innovative security measure to prevent eavesdropping on fibre communications,
Active Fiber Monitoring. The patent-pending technology can detect when a cable is being tampered with, and will raise an alarm to warn of a possible security breach.
Fibre-optic links are used extensively for long-range data communications and are also a popular choice within the LAN environment. One of the perceived advantages of fiber is that eavesdropping on traffic within the cable is not possible. However, it is now possible to acquire devices that can snoop traffic on fiber cables; and even more disturbing is that these devices are readily available and very easy to use.
Active Fiber Monitoring, a technology that detects small changes in the amount of light received on a fibre link. When an intrusion is attempted, the light level changes because some of the light is redirected by the eavesdropper onto another fibre. As soon as this happens, Active Fiber Monitoring detects the intrusion and raises the alarm. The link can either be shut down automatically, or an operator can be alerted and manually intervene. more
Active Fiber Monitoring. The patent-pending technology can detect when a cable is being tampered with, and will raise an alarm to warn of a possible security breach.
Fibre-optic links are used extensively for long-range data communications and are also a popular choice within the LAN environment. One of the perceived advantages of fiber is that eavesdropping on traffic within the cable is not possible. However, it is now possible to acquire devices that can snoop traffic on fiber cables; and even more disturbing is that these devices are readily available and very easy to use.
Active Fiber Monitoring, a technology that detects small changes in the amount of light received on a fibre link. When an intrusion is attempted, the light level changes because some of the light is redirected by the eavesdropper onto another fibre. As soon as this happens, Active Fiber Monitoring detects the intrusion and raises the alarm. The link can either be shut down automatically, or an operator can be alerted and manually intervene. more
VoIP Software Used to Eavesdrop
The backdoor could allow agents, employers or third parties to listen in on conversations...
The GCHQ has developed VoIP encryption tools with a built-in backdoor, allowing both authorities and third parties to listen in on conversations.
The backdoor is embedded into the MIKEY-SAKKE encryption protocol and has a 'key escrow' built in, allowing those with authority - whether an employer or government agency - to access it if a warrant or request is made.
The backdoor was uncovered by Dr Steven Murdoch, a security researcher from the University of London, who wrote a blog about the potential snooping tool. more
The GCHQ has developed VoIP encryption tools with a built-in backdoor, allowing both authorities and third parties to listen in on conversations.
The backdoor is embedded into the MIKEY-SAKKE encryption protocol and has a 'key escrow' built in, allowing those with authority - whether an employer or government agency - to access it if a warrant or request is made.
The backdoor was uncovered by Dr Steven Murdoch, a security researcher from the University of London, who wrote a blog about the potential snooping tool. more
Ex-San Diego Mayor Bob Filner alleges his office was bugged...
Former San Diego Mayor Bob Filner, in an interview this week, denied having sexually harassed women and claimed that his City Hall office had been bugged...
...later in the interview, he said he had "found a bug" in his office that he claimed was planted there by the city attorney. "We asked the police to look at it and they didn't want to or didn't do it," he said.
Former Police Chief Bill Lansdowne disputed that claim Tuesday, saying Filner's chief of staff approached him with the concern that there might be a recording device in the mayor's office.
Lansdowne worked with the department's intelligence unit, hired an outside company to sweep Filner's office for bugs and came up empty-handed, the former police chief said.
"We had that office checked and we came back negative. They did not find anything," Lansdowne said. more
...later in the interview, he said he had "found a bug" in his office that he claimed was planted there by the city attorney. "We asked the police to look at it and they didn't want to or didn't do it," he said.
Former Police Chief Bill Lansdowne disputed that claim Tuesday, saying Filner's chief of staff approached him with the concern that there might be a recording device in the mayor's office.
Lansdowne worked with the department's intelligence unit, hired an outside company to sweep Filner's office for bugs and came up empty-handed, the former police chief said.
"We had that office checked and we came back negative. They did not find anything," Lansdowne said. more
The Top Private Investigators on Twitter in 2015
via PINow.com...
We are happy to release the Top Private Investigators on Twitter in 2015! We received a lot of nominations and saw plenty of excitement, so thank you for your participation!
Twitter is a great tool for interacting with peers, sharing legislation updates, related news, business tips, promoting associations, and more. We present this list every year to recognize those in the industry who have proved to be valuable resources to their peers, specifically on the topic of investigations. Congratulations to all 2015 list-makers!
The list is ranked based on a variety of criteria, including nominations, scores on social media sites like Retweetrank, Klout, and StatusPeople, and on scores for content, consistent activity, and more.
Thank you!
Kevin
We are happy to release the Top Private Investigators on Twitter in 2015! We received a lot of nominations and saw plenty of excitement, so thank you for your participation!
Twitter is a great tool for interacting with peers, sharing legislation updates, related news, business tips, promoting associations, and more. We present this list every year to recognize those in the industry who have proved to be valuable resources to their peers, specifically on the topic of investigations. Congratulations to all 2015 list-makers!
The list is ranked based on a variety of criteria, including nominations, scores on social media sites like Retweetrank, Klout, and StatusPeople, and on scores for content, consistent activity, and more.
Thank you!
Kevin
Wednesday, January 20, 2016
Why an RFID-blocking Wallet is Something You Don't Need
via Roger A. Grimes
You don't need a tinfoil hat, either. Opportunists have exploited consumer fears to create an industry that doesn't need to exist...
(summary)
First and foremost, does your credit card actually have an RFID transmitter? The vast majority does not. Have you ever been told you can hold up your credit card to a wireless payment terminal, and without inserting your card, pay for something? For most of my friends, and the world in general, the answer is no...
If you look at the number of credit cards with RFID, you can’t even represent it statistically. It’s not 0 percent, but it’s so far below 1 percent that it might as well be 0 percent...
On top of that, most of the world is going to wireless payments using your mobile device...
But did that bad guy ever sit on the corner in the first place? Sure, I’ve seen the demos, but I’ve yet to hear of one criminal who was caught using an RFID sniffer or who admitted to stealing credit card info wirelessly. We know about all sorts of cyber crime. Why not the theft of RFID credit card information if the risk is so high?
Here's why: It would be a lousy use of a criminal mastermind’s time. Today’s smart criminals break into websites and steal hundreds of thousands to tens of millions of credit cards at a time. Why would a criminal go to the effort and expense of stealing credit card info one card at a time when you can steal a million in one shot? more
You don't need a tinfoil hat, either. Opportunists have exploited consumer fears to create an industry that doesn't need to exist...
(summary)
First and foremost, does your credit card actually have an RFID transmitter? The vast majority does not. Have you ever been told you can hold up your credit card to a wireless payment terminal, and without inserting your card, pay for something? For most of my friends, and the world in general, the answer is no...
If you look at the number of credit cards with RFID, you can’t even represent it statistically. It’s not 0 percent, but it’s so far below 1 percent that it might as well be 0 percent...
On top of that, most of the world is going to wireless payments using your mobile device...
But did that bad guy ever sit on the corner in the first place? Sure, I’ve seen the demos, but I’ve yet to hear of one criminal who was caught using an RFID sniffer or who admitted to stealing credit card info wirelessly. We know about all sorts of cyber crime. Why not the theft of RFID credit card information if the risk is so high?
Here's why: It would be a lousy use of a criminal mastermind’s time. Today’s smart criminals break into websites and steal hundreds of thousands to tens of millions of credit cards at a time. Why would a criminal go to the effort and expense of stealing credit card info one card at a time when you can steal a million in one shot? more
Tuesday, January 19, 2016
Did Your Lame Password Make the Top 25 List for 2015?
Here are the most popular passwords found in data leaks during the year, according to SplashData:
- 123456
- password
- 12345678
- qwerty
- 12345
- 123456789
- football
- 1234
- 1234567
- baseball
- welcome
- 1234567890
- abc123
- 111111
- 1qaz2wsx
- dragon
- master
- monkey
- letmein
- login
- princess
- qwertyuiop
- solo
- passw0rd
- starwars
more
Your Old Wi-Fi Router May Be Security Screwed
...starting from the day you bought it.
The reason: A component maker had included the 2002 version of Allegro’s software with its chipset and hadn’t updated it. Router makers used those chips in more than 10 million devices. The router makers said they didn’t know a later version of Allegro’s software fixed the bug.
The router flaw highlights an enduring problem in computer security: Fixing bugs once they have been released into the world is sometimes difficult and often overlooked. The flaw’s creator must develop a fix, or “patch.” Then it often must alert millions of technically unsophisticated users, who have to install the patch.
The chain can break at many points: Patches aren’t distributed. Users aren’t alerted or neglect to apply the patch. Hackers exploit any weak link. more
The reason: A component maker had included the 2002 version of Allegro’s software with its chipset and hadn’t updated it. Router makers used those chips in more than 10 million devices. The router makers said they didn’t know a later version of Allegro’s software fixed the bug.
The router flaw highlights an enduring problem in computer security: Fixing bugs once they have been released into the world is sometimes difficult and often overlooked. The flaw’s creator must develop a fix, or “patch.” Then it often must alert millions of technically unsophisticated users, who have to install the patch.
The chain can break at many points: Patches aren’t distributed. Users aren’t alerted or neglect to apply the patch. Hackers exploit any weak link. more
Four Textbook Business Espionage Case Histories
This past year, the FBI has observed a stark increase (53%!) in the amount of corporate espionage cases within the United States... the FBI has pointed out that a major concern in corporate espionage today are “insider threats” – essentially, employees who are knowledgeable of confidential matters are being recruited by competitor companies, and foreign governments in exchange for large amounts of money at much higher rates than ever before.
Walter Liew vs. DuPont – “titanium dioxide”
In July 2014, Walter Liew, a chemical engineer from California, pleaded guilty to selling DuPont’s super secret pigment formula that makes cars, paper, and a long list of other everyday items whiter to China.
Starwood vs. Hilton
In 2009, Starwood Hotels accused Hilton Hotels of recruiting executives out from under them and stealing confidential materials... Starwood alleged that the ex-employees had stolen more than 10,000 documents and delivered them to Hilton – the worst part being that Starwood didn’t even notice that the documents were missing until after the indictment.
Microsoft vs. Oracle
In June 1999, Oracle hired a detective agency called Investigative Group International (IGI) to spy on Microsoft – it was headed by a former Watergate investigator, if that says anything... IGI, following Oracle’s orders, sifted through Microsoft’s trash (a practice also known as Dumpster Diving)...
The following May, the same happened. This time, IGI focused its investigations on the Association for Competitive Technology, a trade group; IGI arranged for a random woman to bribe ACT’s cleaning crew with $1,200 in exchange for bringing any office trash to an office nearby – of course, the office was a front for IGI.
Steven Louis Davis vs. Gillette
In 1997, Steven Louis Davis, an engineer helping Gillette develop its new shaving system, was caught faxing and emailing technical drawings to four of Gillette’s competitors...
Sadly, these economic espionage cases aren’t shocking to most corporate executives; it’s not uncommon for rivalry companies to dumpster dive, hack, bribe, and hire away key employees. In a rush to push out new products, major corporations will do just about anything to defame their competitors. And, although a few of these cases stem from the 1990s, their spirit still holds today – as the FBI has noted that corporate espionage is no where near slowing down. more
Walter Liew vs. DuPont – “titanium dioxide”
In July 2014, Walter Liew, a chemical engineer from California, pleaded guilty to selling DuPont’s super secret pigment formula that makes cars, paper, and a long list of other everyday items whiter to China.
Starwood vs. Hilton
In 2009, Starwood Hotels accused Hilton Hotels of recruiting executives out from under them and stealing confidential materials... Starwood alleged that the ex-employees had stolen more than 10,000 documents and delivered them to Hilton – the worst part being that Starwood didn’t even notice that the documents were missing until after the indictment.
Microsoft vs. Oracle
In June 1999, Oracle hired a detective agency called Investigative Group International (IGI) to spy on Microsoft – it was headed by a former Watergate investigator, if that says anything... IGI, following Oracle’s orders, sifted through Microsoft’s trash (a practice also known as Dumpster Diving)...
The following May, the same happened. This time, IGI focused its investigations on the Association for Competitive Technology, a trade group; IGI arranged for a random woman to bribe ACT’s cleaning crew with $1,200 in exchange for bringing any office trash to an office nearby – of course, the office was a front for IGI.
Steven Louis Davis vs. Gillette
In 1997, Steven Louis Davis, an engineer helping Gillette develop its new shaving system, was caught faxing and emailing technical drawings to four of Gillette’s competitors...
Sadly, these economic espionage cases aren’t shocking to most corporate executives; it’s not uncommon for rivalry companies to dumpster dive, hack, bribe, and hire away key employees. In a rush to push out new products, major corporations will do just about anything to defame their competitors. And, although a few of these cases stem from the 1990s, their spirit still holds today – as the FBI has noted that corporate espionage is no where near slowing down. more
Workplace Surveillance is Sparking a Cyber Rebellion
GPS jammers in vans, FitBits strapped to dogs — employees are fighting back.
...Worksnaps is a piece of software that takes regular screenshots of a worker’s computer screen (with their full knowledge), counts their mouse and keyboard clicks each minute, and even offers the option of capturing webcam images. The customer testimonials are worth reading. One small business owner enthuses that she was able to “find and weed out” workers who were chatting on Facebook even though she was in the US and they were in the Philippines...
There are the drivers who plug cheap GPS jammers from China into the cigarette lighter slots in their vans to confuse their companies’ tracking systems. Or the workers who strap their employer-provided Fitbits on to their dogs to boost their “activity levels” for the day. Remember the business owner who used Worksnaps to monitor her workers in the Philippines? She found they were using programs to fool the software into thinking they were working. Worksnaps had to design a tool to identify the cheaters. more
...Worksnaps is a piece of software that takes regular screenshots of a worker’s computer screen (with their full knowledge), counts their mouse and keyboard clicks each minute, and even offers the option of capturing webcam images. The customer testimonials are worth reading. One small business owner enthuses that she was able to “find and weed out” workers who were chatting on Facebook even though she was in the US and they were in the Philippines...
There are the drivers who plug cheap GPS jammers from China into the cigarette lighter slots in their vans to confuse their companies’ tracking systems. Or the workers who strap their employer-provided Fitbits on to their dogs to boost their “activity levels” for the day. Remember the business owner who used Worksnaps to monitor her workers in the Philippines? She found they were using programs to fool the software into thinking they were working. Worksnaps had to design a tool to identify the cheaters. more
Estranged Husband Goes Under House to Bug Wife
Australia - A Wilsonton man who suspected his ex-wife was seeing another man "bugged" her home to spy on her, Toowoomba Magistrates Court heard.
The couple had been in a relationship for six years but separated last year, the court heard.
In early October, the woman had started receiving text messages from her 48-year-old estranged husband that she took as threatening and intimidating, police prosecutor Tim Hutton told the court...
...toward the end of the offending period, the victim noticed some of the text messages contained information that only she and a few people close to her knew including the sale of a horse and other private matters, Sergeant Hutton said...
When police spoke with the man on October 24, he readily admitted to having planted a recording device attached to an air-conditioning duct underneath his ex-wife's home which was connected through the floor to a microphone in the woman's bedroom, Sgt Hutton told the court. more
The couple had been in a relationship for six years but separated last year, the court heard.
In early October, the woman had started receiving text messages from her 48-year-old estranged husband that she took as threatening and intimidating, police prosecutor Tim Hutton told the court...
...toward the end of the offending period, the victim noticed some of the text messages contained information that only she and a few people close to her knew including the sale of a horse and other private matters, Sergeant Hutton said...
When police spoke with the man on October 24, he readily admitted to having planted a recording device attached to an air-conditioning duct underneath his ex-wife's home which was connected through the floor to a microphone in the woman's bedroom, Sgt Hutton told the court. more
Subscribe to:
Posts (Atom)