Wednesday, March 14, 2018
Off-the-shelf Smart Devices Easy to Hack
Off-the-shelf devices that include baby monitors, home security cameras, doorbells, and thermostats were easily co-opted by cyber researchers at Ben-Gurion University of the Negev (BGU). As part of their ongoing research into detecting vulnerabilities of devices and networks expanding in the smart home and Internet of Things (IoT), the researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.
"It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices," says Dr. Yossi Oren, a senior lecturer in BGU's Department of Software and Information Systems Engineering and head of the Implementation Security and Side-Channel Attacks Lab at Cyber@BGU. "Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products."
"It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand," says Omer Shwartz, a Ph.D. student and member of Dr. Oren's lab. "Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely." more
Monday, March 12, 2018
Combatting Corporate Espionage -- Warning Signs
by Adam Brown
In the modern age of relatively cheap and ever-evolving technology, corporate espionage is a real threat that could be perpetrated by any employee or other insider at any time.
The term “corporate espionage” covers many different types of behavior, ordinarily taking the form of a malicious company insider secretly stealing confidential company information, usually for use in a competing business. The insider may be planning on joining an existing competitor, or may be planning on founding a new competing business of their own.
In essence, however, the term refers to any act of spying that is carried out for commercial purposes. Regardless of the form it takes, the wrongdoer will be looking to exploit the time, money, and hard work you have put in to make your business successful for their own malicious purposes.
Corporate espionage comes in many forms, some more sophisticated than others. While there is no foolproof way to spot all transgressions before it is too late, here are some general warning signs to watch for:
Time for a technical surveillance countermeasures (TSCM) inspection.
In the modern age of relatively cheap and ever-evolving technology, corporate espionage is a real threat that could be perpetrated by any employee or other insider at any time.
The term “corporate espionage” covers many different types of behavior, ordinarily taking the form of a malicious company insider secretly stealing confidential company information, usually for use in a competing business. The insider may be planning on joining an existing competitor, or may be planning on founding a new competing business of their own.
Hiding a bug in a book binding. |
Corporate espionage comes in many forms, some more sophisticated than others. While there is no foolproof way to spot all transgressions before it is too late, here are some general warning signs to watch for:
- The employee begins working from home or out of the office more often;
- You see an increase in after-hours work or unusual office or remote computer access;
- The employee begins meeting with customers without recording meetings in company systems;
- The employee knows about business matters they are not directly involved in;*
- The employee becomes disgruntled or has a sudden change in attitude;
- Files or other materials are missing from the office with no explanation;
- The employee unexpectedly resigns without advance notice; and
- The employee refuses an exit interview or does not want to discuss post-resignation employment plans. While not necessarily indicative of any improper actions, any of these behaviors should be considered “red flags” that merit further investigation or research. more
Time for a technical surveillance countermeasures (TSCM) inspection.
You may also want to read... Business Espionage: The Employee Competitor… and what to do about it.
What is the Salary for a Female Spy in Australia?
Australia - The anti-corruption watchdog sought special exemption from the Anti-Discrimination Board of NSW to advertise for the $127,627 ($100,440.71 USD) job which requires women to be sent into the field in “covert” spying operations.
“The exemption is required to ensure operational effectiveness and flexibility,”... more ($)
Cameras at Women’s Apparel Shop Hacked
A viral Peeping Tom who hacked into the closed-circuit TV surveillance camera at a women’s bathing suit shop has led to a warning from the Israel Police Cybercrimes Unit that similar systems may be compromised and violate the privacy of unsuspecting persons.
According to police, an unidentified 41-year-old man was arrested on Wednesday after he allegedly used his computer to hack into the CCTV system at a high-end boutique in northern Tel Aviv and recorded customers as they undressed and tried on bathing suits.
While details of the incident remain unclear due to a gag order, police said the suspect subsequently posted the videos to a social media page. more
So, uh, why were there cameras in the changing areas in the first place? Better learn how to spot the cam.
According to police, an unidentified 41-year-old man was arrested on Wednesday after he allegedly used his computer to hack into the CCTV system at a high-end boutique in northern Tel Aviv and recorded customers as they undressed and tried on bathing suits.
While details of the incident remain unclear due to a gag order, police said the suspect subsequently posted the videos to a social media page. more
So, uh, why were there cameras in the changing areas in the first place? Better learn how to spot the cam.
Sunday, March 11, 2018
Has Your Information Been Compromised? Check Here to See
via peerlyst.com
"We build NoSecrets to inform the public that their information is being traded and sold not just on the dark web, but between data brokering companies."
Do data brokers hold information about you that they should not hold, thus putting you at risk?
You can check here.
"We build NoSecrets to inform the public that their information is being traded and sold not just on the dark web, but between data brokering companies."
Do data brokers hold information about you that they should not hold, thus putting you at risk?
You can check here.
Friday, March 9, 2018
Pruitt Do It In a SCIF
African Union Bugged by China: Cyber Espionage as Evidence of Strategic Shifts
A number of African leaders have turned to Chinese investment as a viable alternative to Western development aid. The recent allegations of Chinese cyberespionage of the African Union's headquarters might prompt them to reconsider... Although this sort of spycraft is fairly routine, it signals Africa’s growing strategic importance to China. In a world of finite resources, states spy on states that matter to them. more
Russia has found yet another way surreptitiously to influence U.S. public policy: Stealing the identities of real Americans and then using these identities to file fake comments during the comment submission period preceding the formulation of public policies... Researchers, journalists, and public servants have found a wide range of fake comments and stolen identities in the public proceedings of the Labor Department, Consumer Financial Protection Bureau, Federal Energy Regulatory Commission, and Securities and Exchange Commission. more
The impact of a data breach should not be underestimated. A breach can lead to regulatory investigations by a number of agencies, including the Federal Bureau of Investigation, Secret Service, Immigration and Customs Enforcement as well as through enforcement actions by regulators including State Attorneys General, the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC), among many others. more
So, is it any wonder paranoia is forcing SCIF spending...
The Washington Post first reported details of the contract on Tuesday evening, which will cost the government $24,570.
The “privacy booth” will be installed by Oct. 9, so Pruitt can have “a secured communication area in the administrator’s office so secured calls can be received and made,” EPA spokeswoman Liz Bowman told the Post in a statement.
“Federal agencies need to have one of these so that secured communications, not subject to hacking from the outside, can be held,” Bowman continued. “This is something which a number, if not all, cabinet offices have and EPA needs to have updated.” more sing-a-long (for what it's worth)
A number of African leaders have turned to Chinese investment as a viable alternative to Western development aid. The recent allegations of Chinese cyberespionage of the African Union's headquarters might prompt them to reconsider... Although this sort of spycraft is fairly routine, it signals Africa’s growing strategic importance to China. In a world of finite resources, states spy on states that matter to them. more
Russia has found yet another way surreptitiously to influence U.S. public policy: Stealing the identities of real Americans and then using these identities to file fake comments during the comment submission period preceding the formulation of public policies... Researchers, journalists, and public servants have found a wide range of fake comments and stolen identities in the public proceedings of the Labor Department, Consumer Financial Protection Bureau, Federal Energy Regulatory Commission, and Securities and Exchange Commission. more
The impact of a data breach should not be underestimated. A breach can lead to regulatory investigations by a number of agencies, including the Federal Bureau of Investigation, Secret Service, Immigration and Customs Enforcement as well as through enforcement actions by regulators including State Attorneys General, the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC), among many others. more
So, is it any wonder paranoia is forcing SCIF spending...
The Environmental Protection Agency is spending nearly $25,000 to build a soundproof communications booth in Administrator Scott Pruitt’s office, according to media reports.
The Washington Post first reported details of the contract on Tuesday evening, which will cost the government $24,570.
The “privacy booth” will be installed by Oct. 9, so Pruitt can have “a secured communication area in the administrator’s office so secured calls can be received and made,” EPA spokeswoman Liz Bowman told the Post in a statement.
“Federal agencies need to have one of these so that secured communications, not subject to hacking from the outside, can be held,” Bowman continued. “This is something which a number, if not all, cabinet offices have and EPA needs to have updated.” more sing-a-long (for what it's worth)
Wednesday, March 7, 2018
A Very Weird Tale of Corporate Espionage and Murder and More Corporate Espionage
Apotex claims longtime chemist went rogue and stole drug secrets...
Apotex Inc., the generic-drug giant founded by murdered billionaire Barry Sherman, has been waging a year-long court battle against an ex-employee who was fired for allegedly stealing millions of dollars’ worth of pharmaceutical trade secrets from a laboratory computer—in the hopes of launching a rival company in his native Pakistan...
Barry Sherman, 75, and his wife, Honey Sherman, 70, were discovered strangled inside their North York mansion nearly three months ago, the victims of what police have labeled a “targeted” double homicide. Since then, detectives have said little else about the high-profile murders...
News of the lawsuit comes at the same time as Apotex tries to defend itself against similar allegations of corporate espionage. In a court action launched last July in the United States, Sherman’s company is accused of using sex, lies and USB drives to illegally obtain valuable trade secrets from the world’s largest generic drug-maker, Israel’s Teva Pharmaceutical Industries Ltd. As Maclean’s reported last month, a Pennsylvania judge denied Apotex’s attempt to throw out the sensational lawsuit, which accuses a former Teva executive of leaking confidential information to her boyfriend—then-Apotex CEO Jeremy Desai. Desai abruptly resigned in January, six weeks after the Shermans were killed, “to pursue other opportunities.” more
Further insights... Business Espionage: The Employee Competitor… and what to do about it.
Apotex Inc., the generic-drug giant founded by murdered billionaire Barry Sherman, has been waging a year-long court battle against an ex-employee who was fired for allegedly stealing millions of dollars’ worth of pharmaceutical trade secrets from a laboratory computer—in the hopes of launching a rival company in his native Pakistan...
Barry Sherman, 75, and his wife, Honey Sherman, 70, were discovered strangled inside their North York mansion nearly three months ago, the victims of what police have labeled a “targeted” double homicide. Since then, detectives have said little else about the high-profile murders...
News of the lawsuit comes at the same time as Apotex tries to defend itself against similar allegations of corporate espionage. In a court action launched last July in the United States, Sherman’s company is accused of using sex, lies and USB drives to illegally obtain valuable trade secrets from the world’s largest generic drug-maker, Israel’s Teva Pharmaceutical Industries Ltd. As Maclean’s reported last month, a Pennsylvania judge denied Apotex’s attempt to throw out the sensational lawsuit, which accuses a former Teva executive of leaking confidential information to her boyfriend—then-Apotex CEO Jeremy Desai. Desai abruptly resigned in January, six weeks after the Shermans were killed, “to pursue other opportunities.” more
Further insights... Business Espionage: The Employee Competitor… and what to do about it.
Australian Spy Who Revealed Bugging Under 'Effective House Arrest'
The spy who blew the whistle on Australia’s bugging of Timor-Leste’s cabinet room during sensitive oil and gas negotiations is still under “effective house arrest” and has been treated disgracefully by Australia in retaliation for his actions, his lawyer says.
The Australian secret intelligence service agent, known only as Witness K, had his passport seized in 2013 as he prepared to give evidence in The Hague on an Australian bugging operation.
In 2004, Witness K was involved in a covert mission to listen in on the Timor-Leste cabinet aimed at giving Australia the upper hand during negotiations to carve up oil and gas reserves in the Timor Sea, estimated to be worth about $53bn. more
The Australian secret intelligence service agent, known only as Witness K, had his passport seized in 2013 as he prepared to give evidence in The Hague on an Australian bugging operation.
In 2004, Witness K was involved in a covert mission to listen in on the Timor-Leste cabinet aimed at giving Australia the upper hand during negotiations to carve up oil and gas reserves in the Timor Sea, estimated to be worth about $53bn. more
Secret Agent Man & Daughter
Intrigue continues to swirl as the “poisoned spy”, Sergei Skripal, and his daughter, Yulia, remain in intensive care. Counter-terrorism police have taken over the investigation. Boris Johnson has said the possibility of a Russian assassination attempt means UK officials might boycott the World Cup.
This morning, Shaun Walker examines how the Skripal case looks like a warning about the fate awaiting those who collaborate with western intelligence agencies.
And more details are emerging about the life of the former double agent, known in his Salisbury neighborhood as a genial man with a penchant for Polish sausage and lottery scratch cards. more video sing-a-long
This morning, Shaun Walker examines how the Skripal case looks like a warning about the fate awaiting those who collaborate with western intelligence agencies.
And more details are emerging about the life of the former double agent, known in his Salisbury neighborhood as a genial man with a penchant for Polish sausage and lottery scratch cards. more video sing-a-long
Labels:
#espionage,
cautionary tale,
government,
MI5,
MI6,
political
Monday, March 5, 2018
Court Admits Husband's Illegal Bugging into Evidence
Turkey - A top appeals court decided that evidence collected through illegal bugging could not be used by itself to prove guilt but could be used in conjunction with other evidence in a 2015 case where a man in the Aegean province of Aydın believed his wife was cheating on him and installed a bugging application onto her cell phone.
The application turned the cell phone into a recording device. The recordings showed the woman really was cheating on him with a colleague from work. The man immediately filed for divorce, demanding compensation from his wife and the custody of their child. more
An app that can help determine if an Android phone is infected with spyware.
The application turned the cell phone into a recording device. The recordings showed the woman really was cheating on him with a colleague from work. The man immediately filed for divorce, demanding compensation from his wife and the custody of their child. more
An app that can help determine if an Android phone is infected with spyware.
10 New Attacks on 4G LTE Discovered
A group of researchers has uncovered ten new attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals.
The attacks exploit design flaws in the communications protocol and unsafe practices employed by the stakeholders and can be used to achieve things like impersonating existing users, spoofing the location of the victim device, delivering fake emergency and warning messages, eavesdropping on SMS communications, and more.
Among the uncovered attacks they consider one particularly worrying: an authentication relay attack that allows an adversary to impersonate an existing user (mobile phone) without possessing any legitimate credentials.
“Through this attack the adversary can poison the location of the victim device in the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation,” they pointed out. more
The attacks exploit design flaws in the communications protocol and unsafe practices employed by the stakeholders and can be used to achieve things like impersonating existing users, spoofing the location of the victim device, delivering fake emergency and warning messages, eavesdropping on SMS communications, and more.
Among the uncovered attacks they consider one particularly worrying: an authentication relay attack that allows an adversary to impersonate an existing user (mobile phone) without possessing any legitimate credentials.
“Through this attack the adversary can poison the location of the victim device in the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation,” they pointed out. more
Cuba's Sonic Attacks - Possibly a Side-Effect of Spying
Its surveillance tools may have transmitted ultrasonic sounds by mistake...
Remember those 'sonic attacks' against the American and Canadian embassies last summer, making staff queasy and raising all kinds of questions as to what happened? There might have an answer. University of Michigan researchers have theorized that the incidents were really the result of ultrasonic signals from poorly functioning surveillance equipment. While individual ultrasonic signals can't harm people outside of extreme circumstances, multiple signals can clash with each other and produce a sound that's just low enough to be audible.
The scientists tested their hypothesis by replicating the "chirping" from an AP video using two ultrasonic emitters that combined tones, one at 25kHz and another at 180Hz. That produced a similar-sounding 7kHz frequency with ripples of sound at an even 180Hz spacing. The team even built a device that would simulate eavesdropping by playing a song instead of the 180Hz tone. more
Security Scrapbook fans knew this might be a botched spying attempt, and how it worked, last August. ~Kevin
Remember those 'sonic attacks' against the American and Canadian embassies last summer, making staff queasy and raising all kinds of questions as to what happened? There might have an answer. University of Michigan researchers have theorized that the incidents were really the result of ultrasonic signals from poorly functioning surveillance equipment. While individual ultrasonic signals can't harm people outside of extreme circumstances, multiple signals can clash with each other and produce a sound that's just low enough to be audible.
The scientists tested their hypothesis by replicating the "chirping" from an AP video using two ultrasonic emitters that combined tones, one at 25kHz and another at 180Hz. That produced a similar-sounding 7kHz frequency with ripples of sound at an even 180Hz spacing. The team even built a device that would simulate eavesdropping by playing a song instead of the 180Hz tone. more
Security Scrapbook fans knew this might be a botched spying attempt, and how it worked, last August. ~Kevin
Wednesday, February 28, 2018
Invention: Simple Device Allows Fast Lockdowns in Schools
As school carpenter Cory Webster replaced dozens of deteriorating rubber door stoppers that were installed to help keep Palos Verdes Peninsula classrooms safe in the event of a lockdown, he thought there must be a better way...
The 123 Lock-down Latch works much like a hotel door bumper: a teacher simply slides the metal lever to prevent a locked door from closing. When a lockdown happens, anyone inside the classroom can slide the lever back and the door closes and locks...
Because most classroom doors can only be locked from the outside with a key, the teacher can leave the door locked but with the latch engaged during passing period to allow students in and out easily. In the event of an active shooter, it’s not always safe for a teacher to step outside to lock the door. With the latch, there’s no need to fumble for keys or leave the classroom to secure the door. more
The 123 Lock-down Latch works much like a hotel door bumper: a teacher simply slides the metal lever to prevent a locked door from closing. When a lockdown happens, anyone inside the classroom can slide the lever back and the door closes and locks...
Because most classroom doors can only be locked from the outside with a key, the teacher can leave the door locked but with the latch engaged during passing period to allow students in and out easily. In the event of an active shooter, it’s not always safe for a teacher to step outside to lock the door. With the latch, there’s no need to fumble for keys or leave the classroom to secure the door. more
Austria: Bugging Devices Found... and then, a break-in!
The office of Austrian far-right leader and vice chancellor Heinz-Christian Strache was broken into this week, shortly after bugging devices were discovered there, and a criminal inquiry has been launched, prosecutors said on Thursday.
The break-in occurred on Wednesday night while Strache, whose Freedom Party entered the governing coalition after elections in October, was out for dinner, his spokesman said, confirming an earlier report by broadcaster Oe24.
The spokesman said the electronic surveillance devices had been discovered last week behind a mirrored wall by intelligence service specialists. “This was a routine check after moving into a new office,” he said. more
TSCM 101 - When you find one bug, don't stop looking. A post-discovery break-in may indicate the removal of additional, and more sophisticated bugs. Later discovery of these devices might implicate who planted them in the first place. ~Kevin
The break-in occurred on Wednesday night while Strache, whose Freedom Party entered the governing coalition after elections in October, was out for dinner, his spokesman said, confirming an earlier report by broadcaster Oe24.
The spokesman said the electronic surveillance devices had been discovered last week behind a mirrored wall by intelligence service specialists. “This was a routine check after moving into a new office,” he said. more
TSCM 101 - When you find one bug, don't stop looking. A post-discovery break-in may indicate the removal of additional, and more sophisticated bugs. Later discovery of these devices might implicate who planted them in the first place. ~Kevin
Tuesday, February 27, 2018
Smartphone Goes Dark at the Flip of a Switch
Cybersecurity firm DarkMatter has launched its first smartphone, designed to stop spy agencies listening to you.
An Android device called Katim, it was made available commercially Monday at Mobile World Congress in Barcelona, Spain, and has a 5.2-inch display, as well as a high level of encryption...
One security feature built by the Middle East-based firm is called "shield mode," which disconnects power from the microphone and camera on the device so that nobody can spy on your conversations. more
An Android device called Katim, it was made available commercially Monday at Mobile World Congress in Barcelona, Spain, and has a 5.2-inch display, as well as a high level of encryption...
One security feature built by the Middle East-based firm is called "shield mode," which disconnects power from the microphone and camera on the device so that nobody can spy on your conversations. more
Subscribe to:
Posts (Atom)