Friday, February 12, 2016

Physical Security a Growing Threat to Organizations

Physical security is seen as growing concern for business continuity professionals, according to the fifth annual Horizon Scan Report published by the Business Continuity Institute, in association with BSI. Among the ranks of potential threats that organizations face, acts of terrorism gained six places from 10th in 2015 to 4th this year, while security incidents moved from 6th place to 5th place. more
A proper TSCM / Information Security inspection can help in all areas of concern.

What if Sacha Baron Cohen was the brother of James Bond?

That is essentially the plot of The Brothers Grimsby. Seems harmless enough. But, if we've learned anything from past Cohen comedies (Ali G, Borat, Bruno), it will be anything but wholesome.

The Brothers Grimsby will be in theaters March 11.

Thursday, February 11, 2016

Tests Reveal Windows 10 Spying Is Out Of Control

Back in November Microsoft confirmed Windows 10’s worst kept secret: its extensive telemetry (or ‘spying’ as it has been labelled) cannot be stopped. What no-one realized until now, however, is just how staggering the extent of this tracking really is…

Blowing the lid on it this week is Voat user CheesusCrust whose extensive investigation claims Windows 10 contacts Microsoft to report data thousands of times per day. And the kicker? This happens after choosing a custom Windows 10 installation and disabling all three pages of tracking options which are all enabled by default.

The raw numbers come out as follows: in an eight hour period Windows 10 tried to send data back to 51 different Microsoft IP addresses over 5500 times. After 30 hours of use, Windows 10 expanded that data reporting to 113 non-private IP addresses. Being non-private means there is the potential for hackers to intercept this data.

Taking this a step further, the testing was then repeated on another Windows 10 clean installation again with all data tracking options disabled and third party tool DisableWinTracking was also installed which tries to shut down all hidden Windows 10 data reporting attempts. At the end of the 30 hour period Windows 10 had still managed to phone home with data 2758 times to 30 different IP addresses. more

UPDATE 2/12/16 (Another opinion.) - Windows 10 users who might be in a state of panic after reading an alarmist report claiming the OS is "spying" on PCs with thousands of data transfers a day can rest easy. The report was based on comments from a so-called security expert's comments that have since been deleted. more

Spy Shop Sales Soaring Ahead of Valentine’s Day

Valentine's Day is the time of the year when couples all over the country profess their love.

That is, unless you suspect your significant other of cheating. But you don’t have to go on a reality show to find an unfaithful spouse.

You can actually buy the equipment out right and do it yourself and have that equipment forever,” Spy Guy Allen Walton told NewsFix.

Walton's been selling spy gear for the last seven years, and he says when it comes to this hallmark holiday, his store sees a spike in business. more

"Isil help desk. Have you tried turning it off and on again?"

The Islamic State of Iraq and the Levant (Isil) is telling members how to avoid internet surveillance by Western authorities with an online "help desk".

The advice is offered through a channel on encrypted messaging app Telegram, and has about 2,200 members.

The channel is operated by Isil cyber security experts that call themselves the Electronic Horizon Foundation (EHF)... more

Business Espionage Alert - Bribing for Passwords

Ireland has a new problem to throw at Apple: hackers are trying to buy company logins from employees. In some cases, employees are being offered upwards of €20,000 (about US$22,245) in efforts to coax out user names and passwords.

An Apple employee told Business Insider, "You'd be surprised how many people get on to us, just random Apple employees. You get emails offering you thousands [of euros] to get a password to get access to Apple."

Hackers are reportedly also targeting Apple employees for company information.

Exactly what hackers expect to accomplish once they have logins isn't clear. They may be trying to conduct industrial espionage (well, duh), dig up personal information, disrupt company plans, or something else entirely. more

You can bet this isn't just happening at Apple. Warn your employees you are on to this, watching for it, and will prosecute disloyal employees. ~Kevin

Bugging & Wiretapping History - "The Eavesdroppers"

In July 1956, the Pennsylvania Bar Association Endowment (PBAE) commissioned a comprehensive study of "wiretapping practices, laws, devices, and techniques" in the United States... The man appointed to direct the study was Samuel Dash... The result of Dash's efforts was The Eavesdroppers, a 483-page report co-authored with Knowlton and Schwartz. Rutgers University Press published it as a standalone volume in 1959. The book uncovered a wide range of privacy infringements on the part of state authorities and private citizens, a much bigger story than the PBAE had anticipated...

The eavesdropping threat loomed large during the 1950s and 1960s: in the work of state and local law enforcement agencies, who wiretapped extensively in criminal investigations; in the exploits of private investigators and eavesdropping specialists, who capitalized on technological innovations to expand their industry's reach; and, perhaps most importantly, in the contradictions of state and federal lawmakers, who sent conflicting messages about the legitimacy of eavesdropping practices that had dogged the nation's communications infrastructure for more than a century...

Wiretapping is as old as wired communication. Civil War generals traveled with professional telegraph tappers in the 1860s, law enforcement agencies began planting telephone taps in the 1890s, and corporate communications giants tacitly sanctioned state and federal eavesdropping programs of various sorts for most of the twentieth century. Somewhat surprisingly, this wasn't a drama that played out in the shadows of American life. Police eavesdropping garnered front-page headlines during the 1920s, when the telephone tap emerged as an effective tool in the enforcement of Prohibition laws...

Eavesdropping technologies of various sorts have been around for centuries. Prior to the invention of recorded sound, the vast majority of listening devices were extensions of the built environment. Perhaps nodding to the origins of the practice (listening under the eaves of someone else's home, where rain drops from the roof to the ground), early modern architects designed buildings with structural features that amplified private speech. The Jesuit polymath Athanasius Kircher (1601-1680) devised cone-shaped ventilation ducts for palaces and courts that allowed eavesdroppers to listen to other people's conversations. Catherine de' Medici (1519-1589) is said to have installed similar structures in the Louvre to keep tabs on individuals who might have plotted against her. Architectural listening systems weren't always a product of intentional design. Domes in St. Paul's Cathedral in London and the U.S. Capitol building still serve as inadvertent "whispering galleries," enabling prying ears to hear conversations held on the other side of the room. Archaeologists have discovered acoustical arrangements like these dating back to 3000 B.C.E. Many were used for eavesdropping...

Click to enlarge.
The earliest electronic eavesdropping technologies functioned much like architectural listening systems. When installed in fixed locations—under floorboards and rugs, on walls and windows, inside desks and bookcases—early-twentieth-century devices like the Detectifone, a technological cousin to the more common Dictaphone, proved surprisingly effective...

The devices that we now think of as "bugs" emerged much later. During the late 1940s, electronic innovations made it possible for eavesdroppers to miniaturize listening technologies like the Detectifone. This made them easier to hide. It also freed them from the strictures of the built environment, dramatically expanding their reach. Reports of an American bugging epidemic began circulating in the early 1950s—first, as glimpses of the man-made miracle of electronics miniaturization began to appear in national newspapers, popular magazines, and Hollywood films, and later as congressional subcommittees revealed scandalous tools of the eavesdropping trade on the floor of the United States Senate. more

Tuesday, February 9, 2016

More Eavesdropping Resistant than a Brick S-House

By replacing the limestone and sand
typically used in concrete with a mineral called magnetite, Tuan has shown that the mixture can also shield against electromagnetic waves.

The electromagnetic spectrum includes the radio-frequency waves transmitted and received by cellphones, which Tuan said could make the concrete mixture useful to those concerned about becoming targets of industrial espionage.

Using the magnetite-embedded concrete, researchers have built a small structure in their laboratory that demonstrates the material's shielding capabilities. more

Monday, February 8, 2016

Employee Bugs Boss, or Bad Hair Day Beef

A labor dispute in a city hair salon 

became criminal when an employee made an audio recording of her boss, without the boss' knowledge, said Acting Deputy Police Chief Frank Warchol.

The employee, Nichole Brock, 35, of 89 Linden St. Unit B, Exeter, was arrested Monday on a misdemeanor count of wiretapping, police reported. Warchol said the law prohibits recording anyone without consent from all parties being recorded and that Brock's recording was made secretly. He said the underlying dispute was not criminal, but the recording was. more

Stealing White - How a corporate spy swiped plans for DuPont’s billion-dollar color formula

At first, you’re like: Why are they stealing the color white?

I had to Google it to figure out what titanium dioxide even was,” says Dean Chappell, acting section chief of counterespionage for the FBI. “Then you realize there is a strategy to it.”

You can’t even call it spying, adds John Carlin, the assistant attorney general in charge of the U.S. Department of Justice’s national security division. “This is theft. And this—stealing the color white—is a very good example of the problem. It’s not a national security secret. It’s about stealing something you can make a buck off of. It’s part of a strategy to profit off what American ingenuity creates.”

Most trade-secret theft goes unreported. Companies worry that disclosing such incidents will hurt their stock prices, harm relationships with customers, or prompt federal agents to put them under a microscope. Theft of trade secrets also rarely results in criminal charges because the cases are time-consuming and complicated, and it’s often difficult to win a conviction for conspiracy to commit espionage. more

Extra Credit...

This Week in Business Espionage

XPO Logistics Inc. charges that rival YRC Worldwide Inc. went to illegal extremes as XPO bought Con-way Inc. last year, the WSJ’s Loretta Chao writes, raiding the less-than-truckload carrier for executives and trade secrets on its operations and its customers. YRC won’t comment on the charges... XPO’s allegation of what amounts to corporate espionage comes at a critical time for the company. more

• One of the UK’s largest companies, British American Tobacco (BAT) is facing demands that it be investigated by the US Department of Justice, following allegations that it engaged in widespread bribery of politicians and policymakers in Africa... There are also claims that the company engaged in corporate espionage and the sabotage of competitors in Kenya. more

• Barcelona (soccer team) say they are “oblivious” to allegations of industrial espionage brought against them and former President Sandro Rosell. The Spanish Press reported on Friday that communications group Mediapro had taken Barca and Rosell to court, with its owner Jaume Roures accusing the ex-patron of e-mail theft, divulging business secrets and invading his privacy. more

• If American businesses want to curb the theft of their trade secrets and intellectual property by other countries, they are going to have to do it themselves. The good news for the American private sector is that machine learning (ML) and behavioral analytics, are offering some promise of detecting hackers before they start exfiltrating trade secrets and intellectual property (IP)... The not so good news is that those businesses are not going to be getting much help from the government. more

...and from "The World is a Strange Place" files...
• A U.S. law firm specializing in cross-border matters has opened its first office in China recently, aiming to assist local companies with legal issues against the background of a spate of spying charges against Chinese nationals. The law firm, Alston & Bird, opened its Beijing office on January 27, marking the first overseas branch of the law firm. The firm has served as counsel to a number of Chinese clients, including Tianjin University's Professor Zhang Hao, who was charged in the U.S. with economic espionage and theft of trade secrets. more


Another Bad Week for Spies

• Saudi Arabia places 27 on trial for spying for Iran more

• Hamas armed wing executes member 'for spying for Israel' more

• North Korea detains American citizen for allegedly spying more

• Iran holding several dual citizens on charges of spying more

• Four arrested 'spies' of postal dept suspended more

• Spy row officer lodges complaint against her superior more

and, to make spy image matters worse...
• Gabriel Kahane Wears Sunglasses Inside to Look Like a Spy and Sings About It on 'The Fiction Issue' more


Thursday, February 4, 2016

15,000+ People Get Paid by Their Eavesdropper

People will turn their smartphones into spying devices for just $5/month

Symphony Advanced Media, founded in 2010, has recruited over 15,000 people to be part of its “panel of media insiders.”

They downloaded an app from Symphony that collects a ton of information from their smartphones, and turns on their microphones every minute for 5-6 seconds to see what they’re watching on their TV or computer. Here’s how Symphony describes on its website what it knows about each individual in its panel:

Click to enlarge.
The data sucked up from panelists’ phones includes where they are; their Internet traffic; their search keywords; which mobile apps they use and for how long; how many calls, emails and texts they send; and, of course, what they’re watching on network or digital TV. In exchange for having everything they do on their phone spied on, panelists are paid $5/month—not in cash, but in the form of points on Perks.com. more

Amateur Eavesdroppers in the News This Week

MA - Brianne St. Peter McMahon, 36, was indicted Wednesday by a Plymouth County Grand Jury on charges including wiretapping and misleading a police investigation, according to the office of Plymouth District Attorney Timothy J. Cruz.

In October 2015, McMahon allegedly slipped her cellphone into the pocket of a witness, who was set to appear before a grand jury at Brockton Superior Court, to record the proceedings and interviews related to the murder of 45-year-old Robert McKennacq, according to Cruz’s office.

Later that afternoon, State Police seized the phone from the witness, a friend of McMahon’s who was unaware the device had been placed in her pocket, according to the indictment. more

---

MA - Three employees at Wyman-Gordon company in Grafton, Massachusetts, are facing felony wiretapping charges for setting up a hidden camera with audio to record their coworker inside their workplace, reports CBS Boston. more

---

S. Africa - An electronics expert testified in court on Monday that he planted a “bugging” device in the Pietermaritzburg advocates’ chambers and helped put a GPS tracker on an advocate’s car at the request of KZN advocate Penny Hunt.

Houston Wayne Impey said he had, at Hunt’s request, also removed the CCTV hard drive installed at the advocates’ chambers to copy the footage captured on the system.

Hunt had told him to plant the bugging device in the ceiling of the advocates’ chambers so she could listen to, and record, conversations in her secretary’s office, because she suspected her of leaking confidential information, he said. more