The indictment charges Yu Xue and, to a lesser extent, Lucy Xi, with emailing trade secret and confidential information, including information about biopharmaceutical products under development, GSK research data, and GSK processes regarding the research, development, and manufacturing of biopharmaceutical products, and a business plan for a quality control unit, to their co-conspirators, Tao Li and Yan Mei, who is Lucy Xi’s husband. Yu Xue, Tao Li, and Yan Mei allegedly formed three corporations: Renopharma, Inc., which was incorporated in Delaware; and Nanjing Renopharma, Ltd, and Shanghai Renopharma, Ltd., which were established offshore and operated in China (collectively “Renopharma”), to market and sell the stolen trade secrets and confidential information. According to the indictment, Renopharma advertised that it operated as “a drug research and development company in China with limited U.S. affiliation,” and promoted itself as “‘a leading new drug research and development company, [which] specialized in providing products and services to support drug discovery programs at pharmaceutical and biotech companies.’” As the indictment also noted, the stolen documents contained information which would be especially useful for a start-up biopharmaceutical company such as Renopharma represented itself to be. more
Friday, February 19, 2016
Business Espionage: GSK Plugs Trade Secret Leaks
The United States Attorney’s Office for the Eastern District of Pennsylvania announced the indictment of five people, including two research scientists at GlaxoSmithKline (“GSK”), on charges of stealing trade secrets from the company, wire fraud in connection with the theft of confidential information, money laundering and conspiracy. While the majority of the charges in the 43-count indictment focus on the role of Yu Xue, described in the indictment as “one of the top protein biochemists in the world, the indictment describes an elaborate scheme to sell the stolen information through companies in China, and to launder the proceeds.
The indictment charges Yu Xue and, to a lesser extent, Lucy Xi, with emailing trade secret and confidential information, including information about biopharmaceutical products under development, GSK research data, and GSK processes regarding the research, development, and manufacturing of biopharmaceutical products, and a business plan for a quality control unit, to their co-conspirators, Tao Li and Yan Mei, who is Lucy Xi’s husband. Yu Xue, Tao Li, and Yan Mei allegedly formed three corporations: Renopharma, Inc., which was incorporated in Delaware; and Nanjing Renopharma, Ltd, and Shanghai Renopharma, Ltd., which were established offshore and operated in China (collectively “Renopharma”), to market and sell the stolen trade secrets and confidential information. According to the indictment, Renopharma advertised that it operated as “a drug research and development company in China with limited U.S. affiliation,” and promoted itself as “‘a leading new drug research and development company, [which] specialized in providing products and services to support drug discovery programs at pharmaceutical and biotech companies.’” As the indictment also noted, the stolen documents contained information which would be especially useful for a start-up biopharmaceutical company such as Renopharma represented itself to be. more
The indictment charges Yu Xue and, to a lesser extent, Lucy Xi, with emailing trade secret and confidential information, including information about biopharmaceutical products under development, GSK research data, and GSK processes regarding the research, development, and manufacturing of biopharmaceutical products, and a business plan for a quality control unit, to their co-conspirators, Tao Li and Yan Mei, who is Lucy Xi’s husband. Yu Xue, Tao Li, and Yan Mei allegedly formed three corporations: Renopharma, Inc., which was incorporated in Delaware; and Nanjing Renopharma, Ltd, and Shanghai Renopharma, Ltd., which were established offshore and operated in China (collectively “Renopharma”), to market and sell the stolen trade secrets and confidential information. According to the indictment, Renopharma advertised that it operated as “a drug research and development company in China with limited U.S. affiliation,” and promoted itself as “‘a leading new drug research and development company, [which] specialized in providing products and services to support drug discovery programs at pharmaceutical and biotech companies.’” As the indictment also noted, the stolen documents contained information which would be especially useful for a start-up biopharmaceutical company such as Renopharma represented itself to be. more
"Take a hard look." or "Hell NO!" - You decide...
A group of 46 U.S. lawmakers urged regulators who investigate deals that could harm national security to take a hard look at a bid by a Chinese company to buy the storied Chicago Stock Exchange...
The 46 signatories were all from the House of Representatives, and most were Republican. They included Rep. Robert Pittenger, a North Carolina Republican on the Financial Services Committee and the Congressional-Executive Commission on China.
Pittenger cited concern that China, which has been accused of corporate espionage, would have access to the data of U.S. companies who use the exchange. more
 |
| My vote. |
Pittenger cited concern that China, which has been accused of corporate espionage, would have access to the data of U.S. companies who use the exchange. more
Thursday, February 18, 2016
Security Alert: Your Security Camera May Have Friends You Don't Know About
via Krebs on Security
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware.
Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt...
Turns out, this Focscam camera was one of several newer models the company makes that comes with peer-to-peer networking capabilities baked in. This fact is not exactly spelled out for the user (although some of the models listed do say “P2P” in the product name, others do not).
But the bigger issue with these P2P -based cameras is that while the user interface for the camera has a setting to disable P2P traffic (it is enabled by default), Foscam admits that disabling the P2P option doesn’t actually do anything to stop the device from seeking out other P2P hosts online.
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware.
 |
| The FI9286P, a Foscam camera that includes P2P communication by default. |
Turns out, this Focscam camera was one of several newer models the company makes that comes with peer-to-peer networking capabilities baked in. This fact is not exactly spelled out for the user (although some of the models listed do say “P2P” in the product name, others do not).
But the bigger issue with these P2P -based cameras is that while the user interface for the camera has a setting to disable P2P traffic (it is enabled by default), Foscam admits that disabling the P2P option doesn’t actually do anything to stop the device from seeking out other P2P hosts online.
Personal Security Advisory: SimpliSafe Home Security Alarm Vulnerability
Researchers with the Seattle-based security consulting firm IOActive have released an advisory regarding SimpliSafe's wireless home security systems, claiming that the system doesn't adequately protect its transmissions from being recorded and reused...
A potential intruder would need to leave the device within 100 feet of your home's keypad, then basically press record and wait for you to disarm the system with your code.
At that point, they'd have a record of the data packet that gets transmitted whenever you punch your code in. The packet doesn't tell them what the code actually is, but that doesn't matter -- all they'd need to do is use the device to resend the packet in order to disarm your system.
IOActive's researchers built and tested the device in August of 2015. After confirming that it worked, they say that they attempted to share their findings with SimpliSafe on multiple occasions, but received no reply. more
A potential intruder would need to leave the device within 100 feet of your home's keypad, then basically press record and wait for you to disarm the system with your code.At that point, they'd have a record of the data packet that gets transmitted whenever you punch your code in. The packet doesn't tell them what the code actually is, but that doesn't matter -- all they'd need to do is use the device to resend the packet in order to disarm your system.
IOActive's researchers built and tested the device in August of 2015. After confirming that it worked, they say that they attempted to share their findings with SimpliSafe on multiple occasions, but received no reply. more
Security Director Alert - 46,000 Internet-accessible Digital Video Recorders (DVRs) Hackable
Hackers can log into DVRs from RaySharp and six other vendors using a six-digit hard-coded root password
Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers.
According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account.
Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development...
RBS researchers found that they contained a routine to check if the user-supplied username was "root" and the password 519070."If these credentials are supplied, full access is granted to the web interface," the RBS researchers said... (Test it on your DVRs. ~Kevin)
RaySharp claims on its website that it ships over 60,000 DVRs globally every month, but what makes things worse is that it's not only RaySharp branded products that are affected.
The Chinese company also creates digital video recorders and firmware for other companies which then sell those devices around the world under their own brands. The RBS researchers confirmed that at least some of the DVR products from König, Swann Communications, COP-USA, KGUARD Security, Defender (a brand of Circus World Displays) and LOREX Technology, a division of FLIR Systems, contain the same hard-coded root password.
And those are only the confirmed ones. more
Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers.
According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account.Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development...
RBS researchers found that they contained a routine to check if the user-supplied username was "root" and the password 519070."If these credentials are supplied, full access is granted to the web interface," the RBS researchers said... (Test it on your DVRs. ~Kevin)
RaySharp claims on its website that it ships over 60,000 DVRs globally every month, but what makes things worse is that it's not only RaySharp branded products that are affected.
The Chinese company also creates digital video recorders and firmware for other companies which then sell those devices around the world under their own brands. The RBS researchers confirmed that at least some of the DVR products from König, Swann Communications, COP-USA, KGUARD Security, Defender (a brand of Circus World Displays) and LOREX Technology, a division of FLIR Systems, contain the same hard-coded root password.
And those are only the confirmed ones. more
Wednesday, February 17, 2016
Slow News Day in Spiesville
Disorder Convinced This Guy His Cat Was a Spy
You may have heard of Capgras syndrome, an eerie delusion that convinces people their loved ones have been replaced with nefarious clones. This is like that, only eerier: Due to what appeared to be a version of that syndrome, a 71-year-old man became “obsessed” with the idea that his cat had recently been replaced with an impostor cat, sent by the FBI to spy on him. The man’s ordeal was recently reported by the Discover blog Neuroskeptic, drawing from the case study in the journal Neurocase.
The Patient: This man, who is not named, had a history of heavy drinking and head injuries from his ice-hockey days; he had also been diagnosed with bipolar disorder. About six years before the cat-related delusion began, he stopped taking his anti-psychotics and soon became “acutely paranoid." The case-report authors write that he would pass his wife "written notes stating that their house was being monitored, and often mistook persons in parking lots for Federal Bureau of Investigation agents.” more
------
The game, called “Need to Know,” requires players to climb the ranks of the fictional “Department of Liberty,” a government agency seemingly based on the NSA, whose mass surveillance programs Mr. Snowden exposed through leaks in 2013, Newsweek reported.
Players must decide whether to spy on citizens to gain information or leak intel from the department to underground media groups.
The game was developed by Australia-based Monomyth Games. The company hopes to raise $29,000 through crowdfunding to complete the game.
“Electronic surveillance is a huge issue for everyone today, and will only grow more pressing,” the game’s Kickstarter page reads. “Need to Know lets you spy on citizens’ texts, emails, geodata, and much more. How you’ll use this information is where the real excitement (and moral conflict) begins.” more
You may have heard of Capgras syndrome, an eerie delusion that convinces people their loved ones have been replaced with nefarious clones. This is like that, only eerier: Due to what appeared to be a version of that syndrome, a 71-year-old man became “obsessed” with the idea that his cat had recently been replaced with an impostor cat, sent by the FBI to spy on him. The man’s ordeal was recently reported by the Discover blog Neuroskeptic, drawing from the case study in the journal Neurocase.The Patient: This man, who is not named, had a history of heavy drinking and head injuries from his ice-hockey days; he had also been diagnosed with bipolar disorder. About six years before the cat-related delusion began, he stopped taking his anti-psychotics and soon became “acutely paranoid." The case-report authors write that he would pass his wife "written notes stating that their house was being monitored, and often mistook persons in parking lots for Federal Bureau of Investigation agents.” more
------
Edward Snowden inspires spy video game
A new video game aiming to expose “suffocating privacy invasions” carried out by intelligence agencies has drawn some of its inspiration from controversial National Security Agency whistleblower Edward Snowden.
The game, called “Need to Know,” requires players to climb the ranks of the fictional “Department of Liberty,” a government agency seemingly based on the NSA, whose mass surveillance programs Mr. Snowden exposed through leaks in 2013, Newsweek reported.Players must decide whether to spy on citizens to gain information or leak intel from the department to underground media groups.
The game was developed by Australia-based Monomyth Games. The company hopes to raise $29,000 through crowdfunding to complete the game.
“Electronic surveillance is a huge issue for everyone today, and will only grow more pressing,” the game’s Kickstarter page reads. “Need to Know lets you spy on citizens’ texts, emails, geodata, and much more. How you’ll use this information is where the real excitement (and moral conflict) begins.” more
Canada’s Spy Agency Wants to Hire Shrinks to Study Terrorists
Faced with a foreign fighter problem that has seen dozens of Canadians leave to fight alongside the Islamic State, Canada's main intelligence service is putting together a team of shrinks to help them get to the root causes of radicalization and extremism.
The Canadian Security Intelligence Service (CSIS) is looking to staff up their new "applied psychology section," to help them understand why anyone would join groups like the Islamic State.
The job postings are for research and development psychologists, meaning they'll be asked to "conduct applied research on trends, behaviors and other relevant aspects of ideological extremism.
"Among other things, the members of this small unit are tasked to assist the Service in better understanding radicalization and terrorism," the posting says. more
The Canadian Security Intelligence Service (CSIS) is looking to staff up their new "applied psychology section," to help them understand why anyone would join groups like the Islamic State.The job postings are for research and development psychologists, meaning they'll be asked to "conduct applied research on trends, behaviors and other relevant aspects of ideological extremism.
"Among other things, the members of this small unit are tasked to assist the Service in better understanding radicalization and terrorism," the posting says. more
Banks are Hiring Former CIA Agents
Some of the world's biggest banks are hiring former spies
to try and prevent the rise of any more so-called "rogue traders" and generally ensure that banks are put on the hook for fewer fines.
According to a report from Bloomberg, banks including HSBC, Deutsche Bank, and JP Morgan have all hired ex-spies from the likes of the UK and US military, the CIA, and GCHQ to watch the activities of bank employees, and try to prevent misconduct. more
to try and prevent the rise of any more so-called "rogue traders" and generally ensure that banks are put on the hook for fewer fines.According to a report from Bloomberg, banks including HSBC, Deutsche Bank, and JP Morgan have all hired ex-spies from the likes of the UK and US military, the CIA, and GCHQ to watch the activities of bank employees, and try to prevent misconduct. more
Tuesday, February 16, 2016
Slacker Hacker Hi-Jacker ...Poof! Your VoIP Phone is Pwned
Hackers could listen in on you via your VoIP phone, security researchers have warned.
By using a simple exploit taking advantage of weak default passwords, attackers can hack your VoIP phone to make and receive calls, transfer calls without your knowledge and even spy on your in-person conversations.
Security expert Paul Moore discovered the flaw after consulting on the installation of several VoIP phones...
Once infected, the hacker has complete control over the phone, allowing them to block incoming calls, silently call premium-rate numbers, and secretly listen in on a user's conversations. more
from Paul Moore...
Q. What can the attacker do?
A. Virtually anything. Make calls, receive calls, transfer calls (even before it rings), play recordings, upload new firmware and crucially... use the device for covert surveillance.
Need a security evaluation of your VoIP phones? Contact me. ~Kevin
By using a simple exploit taking advantage of weak default passwords, attackers can hack your VoIP phone to make and receive calls, transfer calls without your knowledge and even spy on your in-person conversations.
Security expert Paul Moore discovered the flaw after consulting on the installation of several VoIP phones...
Once infected, the hacker has complete control over the phone, allowing them to block incoming calls, silently call premium-rate numbers, and secretly listen in on a user's conversations. more
from Paul Moore...
Q. What can the attacker do?
A. Virtually anything. Make calls, receive calls, transfer calls (even before it rings), play recordings, upload new firmware and crucially... use the device for covert surveillance.
Need a security evaluation of your VoIP phones? Contact me. ~Kevin
New Book - Industrial Espionage and Technical Surveillance Counter Measures (TSCM)
Industrial Espionage and Technical Surveillance Counter Measures
Authors:
Iosif Androulidakis, Fragkiskos – Emmanouil Kioupakis
ISBN: 978-3-319-28665-5
This book examines technical aspects of industrial espionage and its impact in modern companies, organizations, and individuals while emphasizing the importance of intellectual property in the information era.
The authors discuss the problem itself and then provide statistics and real world cases. The main contribution provides a detailed discussion of the actual equipment, tools and techniques concerning technical surveillance in the framework of espionage. Moreover, they present the best practices and methods of detection (technical surveillance counter measures) as well as means of intellectual property protection. more
Recommended for corporate security directors. ~Kevin
Authors: Iosif Androulidakis, Fragkiskos – Emmanouil Kioupakis
ISBN: 978-3-319-28665-5
This book examines technical aspects of industrial espionage and its impact in modern companies, organizations, and individuals while emphasizing the importance of intellectual property in the information era.
The authors discuss the problem itself and then provide statistics and real world cases. The main contribution provides a detailed discussion of the actual equipment, tools and techniques concerning technical surveillance in the framework of espionage. Moreover, they present the best practices and methods of detection (technical surveillance counter measures) as well as means of intellectual property protection. more
Recommended for corporate security directors. ~Kevin
New Law to Prevent Drone Industrial Espionage
TX - With plants and refineries fearful of safety and espionage threats posed by drones, a Southeast Texas congressman wants strict new guidelines for operating un-monitored aircraft near those facilities.
U.S. Rep. Brian Babin has offered two amendments to the Aviation Innovation, Reform and Reauthorization Act to address a mounting security concern and help safeguard chemical facilities, representatives with American Chemistry Council said Friday.
The U.S. House Transportation and Infrastructure Committee unanimously approved the amendments this week.
More than 50 large chemical plants in Jefferson, Orange and Hardin counties risk exposure of trade secrets, though no cases have been reported by law enforcement officials.
The unease is based on a concern that freelancers will take aerial photos at plant sites and try to sell them to competitors, John Durkay, legal counsel for Southeast Texas Plant Managers Forum said previously.
Durkay called the drone business "a tremendous opportunity for industrial espionage," which he said facilities worry about. more with video
The U.S. House Transportation and Infrastructure Committee unanimously approved the amendments this week.
More than 50 large chemical plants in Jefferson, Orange and Hardin counties risk exposure of trade secrets, though no cases have been reported by law enforcement officials.
The unease is based on a concern that freelancers will take aerial photos at plant sites and try to sell them to competitors, John Durkay, legal counsel for Southeast Texas Plant Managers Forum said previously.
Durkay called the drone business "a tremendous opportunity for industrial espionage," which he said facilities worry about. more with video
Have something to hide? Here’s how to make it disappear in Windows...
Perhaps you share a computer, and want to keep some documents under wraps. Maybe there’s a file you want to keep on your computer, but don’t want to see every day. Or maybe, just maybe, you’re worried about keeping a particular file from prying eyes.
If you want to hide something around your house, you’ve got two options. First off, you can hide it somewhere insecure — like under the rug — and hope that no one thinks to look there. Or, secondly, you can lock it up in a safe where people can’t get in without some serious effort. The same is true for your files. You can make them harder to find with obscurity, or you can protect them with encryption. Let’s go over some tips both methods, starting with how to hide your files. more
If you want to hide something around your house, you’ve got two options. First off, you can hide it somewhere insecure — like under the rug — and hope that no one thinks to look there. Or, secondly, you can lock it up in a safe where people can’t get in without some serious effort. The same is true for your files. You can make them harder to find with obscurity, or you can protect them with encryption. Let’s go over some tips both methods, starting with how to hide your files. more
The NSA that Watches the Stars... TMZ
TMZ resembles an intelligence agency as much as a news organization, and
it has turned its domain, Los Angeles, into a city of stool pigeons.
In
an e-mail from last year, a photographer reported having four airport
sources for the day, including “Harold at Delta, Leon at Baggage
service, Fred at hudson news, Lyle at Fruit and nut stand.” A former TMZ
cameraman showed me expense reports that he had submitted in 2010,
reflecting payments of forty or fifty dollars to various sources: to the
counter girl at a Beverly Hills salon, for information on Goldie Hawn;
to a valet, for Pete Sampras; to a shopkeeper, for Dwight Howard; and to
a waiter, for Hayden Christensen. “Everybody rats everybody else out,”
Simon Cardoza, a former cameraman for the site, told me. “That’s the
beauty of TMZ.” more
In
an e-mail from last year, a photographer reported having four airport
sources for the day, including “Harold at Delta, Leon at Baggage
service, Fred at hudson news, Lyle at Fruit and nut stand.” A former TMZ
cameraman showed me expense reports that he had submitted in 2010,
reflecting payments of forty or fifty dollars to various sources: to the
counter girl at a Beverly Hills salon, for information on Goldie Hawn;
to a valet, for Pete Sampras; to a shopkeeper, for Dwight Howard; and to
a waiter, for Hayden Christensen. “Everybody rats everybody else out,”
Simon Cardoza, a former cameraman for the site, told me. “That’s the
beauty of TMZ.” more
Saturday, February 13, 2016
The Day the iPhone Died
Feeling particularly masochistic? Boy do we have a trick for you. If you’d like to permanently brick (that is, render unusable) your iPhone, just turn back time. It’s not as hard as it sounds — all you have to do is set the date to January 1, 1970. It’s a time when the iPhone didn’t exist, and if you do it, your iPhone won’t exist (in working condition) anymore, either.
So for the rest of us who would like to maintain a functioning mobile device, please, please, avoid this dangerous date. It apparently affects all 64-bit iOS 8 and iOS 9 phones, as well as tablets using Apple’s A7, A8, A8X, A9, and A9X processor. more
So for the rest of us who would like to maintain a functioning mobile device, please, please, avoid this dangerous date. It apparently affects all 64-bit iOS 8 and iOS 9 phones, as well as tablets using Apple’s A7, A8, A8X, A9, and A9X processor. more
17th-Century Female Spies Smuggled Information Through Eggs and Artichokes
In the 17th century, espionage was more diverse than you might think. Not only did female spies exist, they employed some of the most fascinating techniques in their information gathering.
Forthcoming research into female spies that operated in Europe and England at the time shows that they utilized an ingenious arsenal of tools, such as eggs and artichokes, to smuggle secrets.
While Dr. Nadine Akkerman of Leiden University was examining letters sent by Elizabeth Stuart, Queen of Bohemia during her exile in the Hague, she discovered that some were filled with secret codes...
Akkerman found about 60 such instances of female spies in the 17th century while researching for her upcoming monograph, “Female Spies or 'she-Intelligencers': Towards a Gendered History of Seventeenth-Century Espionage.” British playwright and poet Aphra Behn was one such spy, employed by King Charles to conduct political espionage in Antwerp under the code names "Astrea" and "Agent 160." In collaboration with MIT, Akkerman has produced several mesmerizing videos that recreate some of the ingenious methods used by female spies for their secret correspondences.
Forthcoming research into female spies that operated in Europe and England at the time shows that they utilized an ingenious arsenal of tools, such as eggs and artichokes, to smuggle secrets.
While Dr. Nadine Akkerman of Leiden University was examining letters sent by Elizabeth Stuart, Queen of Bohemia during her exile in the Hague, she discovered that some were filled with secret codes...
Akkerman found about 60 such instances of female spies in the 17th century while researching for her upcoming monograph, “Female Spies or 'she-Intelligencers': Towards a Gendered History of Seventeenth-Century Espionage.” British playwright and poet Aphra Behn was one such spy, employed by King Charles to conduct political espionage in Antwerp under the code names "Astrea" and "Agent 160." In collaboration with MIT, Akkerman has produced several mesmerizing videos that recreate some of the ingenious methods used by female spies for their secret correspondences.
Subscribe to:
Posts (Atom)