Wednesday, February 17, 2016

Canada’s Spy Agency Wants to Hire Shrinks to Study Terrorists

Faced with a foreign fighter problem that has seen dozens of Canadians leave to fight alongside the Islamic State, Canada's main intelligence service is putting together a team of shrinks to help them get to the root causes of radicalization and extremism.

The Canadian Security Intelligence Service (CSIS) is looking to staff up their new "applied psychology section," to help them understand why anyone would join groups like the Islamic State.

The job postings are for research and development psychologists, meaning they'll be asked to "conduct applied research on trends, behaviors and other relevant aspects of ideological extremism.

"Among other things, the members of this small unit are tasked to assist the Service in better understanding radicalization and terrorism," the posting says. more

Banks are Hiring Former CIA Agents

Some of the world's biggest banks are hiring former spies 
to try and prevent the rise of any more so-called "rogue traders" and generally ensure that banks are put on the hook for fewer fines.

According to a report from Bloomberg, banks including HSBC, Deutsche Bank, and JP Morgan have all hired ex-spies from the likes of the UK and US military, the CIA, and GCHQ to watch the activities of bank employees, and try to prevent misconduct. more

Tuesday, February 16, 2016

Slacker Hacker Hi-Jacker ...Poof! Your VoIP Phone is Pwned

Hackers could listen in on you via your VoIP phone, security researchers have warned.

By using a simple exploit taking advantage of weak default passwords, attackers can hack your VoIP phone to make and receive calls, transfer calls without your knowledge and even spy on your in-person conversations.

Security expert Paul Moore discovered the flaw after consulting on the installation of several VoIP phones...

Once infected, the hacker has complete control over the phone, allowing them to block incoming calls, silently call premium-rate numbers, and secretly listen in on a user's conversations. more

from Paul Moore...
Q. What can the attacker do?
A. Virtually anything. Make calls, receive calls, transfer calls (even before it rings), play recordings, upload new firmware and crucially... use the device for covert surveillance.

Need a security evaluation of your VoIP phones? Contact me. ~Kevin

New Book - Industrial Espionage and Technical Surveillance Counter Measures (TSCM)

Industrial Espionage and Technical Surveillance Counter Measures 

Authors:
Iosif Androulidakis, Fragkiskos – Emmanouil Kioupakis
ISBN: 978-3-319-28665-5

This book examines technical aspects of industrial espionage and its impact in modern companies, organizations, and individuals while emphasizing the importance of intellectual property in the information era.

The authors discuss the problem itself and then provide statistics and real world cases. The main contribution provides a detailed discussion of the actual equipment, tools and techniques concerning technical surveillance in the framework of espionage. Moreover, they present the best practices and methods of detection (technical surveillance counter measures) as well as means of intellectual property protection. more

Recommended for corporate security directors. ~Kevin

New Law to Prevent Drone Industrial Espionage

TX - With plants and refineries fearful of safety and espionage threats posed by drones, a Southeast Texas congressman wants strict new guidelines for operating un-monitored aircraft near those facilities.

U.S. Rep. Brian Babin has offered two amendments to the Aviation Innovation, Reform and Reauthorization Act to address a mounting security concern and help safeguard chemical facilities, representatives with American Chemistry Council said Friday.

The U.S. House Transportation and Infrastructure Committee unanimously approved the amendments this week.

More than 50 large chemical plants in Jefferson, Orange and Hardin counties risk exposure of trade secrets, though no cases have been reported by law enforcement officials.

The unease is based on a concern that freelancers will take aerial photos at plant sites and try to sell them to competitors, John Durkay, legal counsel for Southeast Texas Plant Managers Forum said previously.

Durkay called the drone business "a tremendous opportunity for industrial espionage," which he said facilities worry about. more with video

Have something to hide? Here’s how to make it disappear in Windows...

Perhaps you share a computer, and want to keep some documents under wraps. Maybe there’s a file you want to keep on your computer, but don’t want to see every day. Or maybe, just maybe, you’re worried about keeping a particular file from prying eyes.

If you want to hide something around your house, you’ve got two options. First off, you can hide it somewhere insecure — like under the rug — and hope that no one thinks to look there. Or, secondly, you can lock it up in a safe where people can’t get in without some serious effort. The same is true for your files. You can make them harder to find with obscurity, or you can protect them with encryption. Let’s go over some tips both methods, starting with how to hide your files. more

The NSA that Watches the Stars... TMZ

TMZ resembles an intelligence agency as much as a news organization, and it has turned its domain, Los Angeles, into a city of stool pigeons.

In an e-mail from last year, a photographer reported having four airport sources for the day, including “Harold at Delta, Leon at Baggage service, Fred at hudson news, Lyle at Fruit and nut stand.” A former TMZ cameraman showed me expense reports that he had submitted in 2010, reflecting payments of forty or fifty dollars to various sources: to the counter girl at a Beverly Hills salon, for information on Goldie Hawn; to a valet, for Pete Sampras; to a shopkeeper, for Dwight Howard; and to a waiter, for Hayden Christensen. “Everybody rats everybody else out,” Simon Cardoza, a former cameraman for the site, told me. “That’s the beauty of TMZ.” more

Saturday, February 13, 2016

The Day the iPhone Died

Feeling particularly masochistic? Boy do we have a trick for you. If you’d like to permanently brick (that is, render unusable) your iPhone, just turn back time. It’s not as hard as it sounds — all you have to do is set the date to January 1, 1970. It’s a time when the iPhone didn’t exist, and if you do it, your iPhone won’t exist (in working condition) anymore, either.


So for the rest of us who would like to maintain a functioning mobile device, please, please, avoid this dangerous date. It apparently affects all 64-bit iOS 8 and iOS 9 phones, as well as tablets using Apple’s A7, A8, A8X, A9, and A9X processor. more

17th-Century Female Spies Smuggled Information Through Eggs and Artichokes

In the 17th century, espionage was more diverse than you might think. Not only did female spies exist, they employed some of the most fascinating techniques in their information gathering.
 
Forthcoming research into female spies that operated in Europe and England at the time shows that they utilized an ingenious arsenal of tools, such as eggs and artichokes, to smuggle secrets.

While Dr. Nadine Akkerman of Leiden University was examining letters sent by Elizabeth Stuart, Queen of Bohemia during her exile in the Hague, she discovered that some were filled with secret codes...

Akkerman found about 60 such instances of female spies in the 17th century while researching for her upcoming monograph, “Female Spies or 'she-Intelligencers': Towards a Gendered History of Seventeenth-Century Espionage.” British playwright and poet Aphra Behn was one such spy, employed by King Charles to conduct political espionage in Antwerp under the code names "Astrea" and "Agent 160." In collaboration with MIT, Akkerman has produced several mesmerizing videos that recreate some of the ingenious methods used by female spies for their secret correspondences.

Friday, February 12, 2016

Skype Scalper

A new piece of malware making the rounds intercepts Skype communications and takes custom backdoor software a step forward, according the researchers with Palo Alto Networks, who discovered it. Dubbed T9000, the malware contains a host of cybercriminal bells and whistles.

"Most custom backdoors used by advanced attackers have limited functionality. They evade detection by keeping their code simple and flying under the radar. But during a recent investigation we found a backdoor that takes a very different approach," say researchers Josh Grunzweig and Jen Miller-Osborn. "In addition to the basic functionality all backdoors provide, T9000 allows the attacker to capture encrypted data, take screenshots of specific applications, and specifically target Skype users." more

Three Laptop Thefts - A Coordinated Espionage Attack

South Africa - The DA suspects espionage might be at play in the theft of laptops belonging to members.

KwaZulu-Natal DA MPL Francois Rodgers and another staff member lost their laptops and other equipment in separate theft incidents in Kokstad within a month. 

Rodgers said the home of a party staff member was broken into on Saturday, and a laptop, a hard drive and a diary from the staff member’s briefcase were stolen.

“What makes this even more sinister is the fact that in the very same room was another briefcase containing a laptop and tablet, yet nothing else was removed from the home,” he said.

Rodgers said the thieves had gained entry to the house through the back door, while the member and his family were asleep.

He said the Saturday break-in followed a theft out of his own vehicle a month ago.

The first occurrence was coincidentally on the very same day that three DA councillors resigned and defected to the ANC." more

This is a cautionary tale.  
It details some pretty brazen acts of espionage; bush league acts, due to their obviousness. Pros get what they want by entering business locations, after hours, to duplicate drives and scavenge other information. You'll never know they were there, or that you lost anything. 

Recommendations: 
Conduct an after-hours information security survey to see what information is left out, unsecured and un-encrypted.  
• Check your perimeter security hardware and access procedures. Make sure they haven't decayed over time. 

These two items are the most common vulnerabilities we discover during our clients' surveys. ~Kevin

Physical Security a Growing Threat to Organizations

Physical security is seen as growing concern for business continuity professionals, according to the fifth annual Horizon Scan Report published by the Business Continuity Institute, in association with BSI. Among the ranks of potential threats that organizations face, acts of terrorism gained six places from 10th in 2015 to 4th this year, while security incidents moved from 6th place to 5th place. more
A proper TSCM / Information Security inspection can help in all areas of concern.

What if Sacha Baron Cohen was the brother of James Bond?

That is essentially the plot of The Brothers Grimsby. Seems harmless enough. But, if we've learned anything from past Cohen comedies (Ali G, Borat, Bruno), it will be anything but wholesome.

The Brothers Grimsby will be in theaters March 11.

Thursday, February 11, 2016

Tests Reveal Windows 10 Spying Is Out Of Control

Back in November Microsoft confirmed Windows 10’s worst kept secret: its extensive telemetry (or ‘spying’ as it has been labelled) cannot be stopped. What no-one realized until now, however, is just how staggering the extent of this tracking really is…

Blowing the lid on it this week is Voat user CheesusCrust whose extensive investigation claims Windows 10 contacts Microsoft to report data thousands of times per day. And the kicker? This happens after choosing a custom Windows 10 installation and disabling all three pages of tracking options which are all enabled by default.

The raw numbers come out as follows: in an eight hour period Windows 10 tried to send data back to 51 different Microsoft IP addresses over 5500 times. After 30 hours of use, Windows 10 expanded that data reporting to 113 non-private IP addresses. Being non-private means there is the potential for hackers to intercept this data.

Taking this a step further, the testing was then repeated on another Windows 10 clean installation again with all data tracking options disabled and third party tool DisableWinTracking was also installed which tries to shut down all hidden Windows 10 data reporting attempts. At the end of the 30 hour period Windows 10 had still managed to phone home with data 2758 times to 30 different IP addresses. more

UPDATE 2/12/16 (Another opinion.) - Windows 10 users who might be in a state of panic after reading an alarmist report claiming the OS is "spying" on PCs with thousands of data transfers a day can rest easy. The report was based on comments from a so-called security expert's comments that have since been deleted. more

Spy Shop Sales Soaring Ahead of Valentine’s Day

Valentine's Day is the time of the year when couples all over the country profess their love.

That is, unless you suspect your significant other of cheating. But you don’t have to go on a reality show to find an unfaithful spouse.

You can actually buy the equipment out right and do it yourself and have that equipment forever,” Spy Guy Allen Walton told NewsFix.

Walton's been selling spy gear for the last seven years, and he says when it comes to this hallmark holiday, his store sees a spike in business. more