Friday, July 13, 2018

Hackers Selling Access to Law Firm Secrets

...a cybersecurity firm that specializes in monitoring the dark web, showed CNBC a forum post in Russian where the cybercriminal was offering access to a New York City law firm’s network and files, and was willing to send screenshots as evidence he had broken in.

The price for the access was $3,500...

“If you're a law firm that's involved in major transactions, [mergers & acquisitions] of publicly traded companies, you're going to have a lot of sensitive information, inside information before it becomes publicly available,” Dominitz said. “If I'm able to access that, I can trade around that and manipulate stocks and make a lot of money. more

Note: Hacking is only one method used to collect inside information. Close and lock the IT door, but don't leave your other doors and windows open. Engage the services of a Technical Information Security Consultant who also has TSCM expertise.

Thursday, July 12, 2018

New Jersey: Wiretap, Spycam & GPS Tracking Laws

This is an excellent article covering phone recording, video surveillance and GPS tracking in New Jersey...

As technology rapidly advances and becomes more sophisticated, attorneys, litigants and the courts must grapple with the use of modern surveillance in the context of litigation in family matters.

Surveillance can be useful in some situations, and litigants often resort to surveillance of their spouse to gather what they perceive to be valuable evidence. That evidence, whether it be video footage, recorded telephone calls, GPS tracking, digital copies of hard drives or other forms of surveillance, may be used at trial or simply to gain leverage in settlement negotiations. Nevertheless, this type of activity does not come without risk.

Without careful guidance and an understanding of the legal implications, surveillance can place attorneys in jeopardy of legal or ethical violations, and could also undermine the client’s position (e.g., something of limited evidential value could backfire on the client).

This article explores three surveillance techniques and analyzes the risks and rewards of each. more

U.S. Wiretap Report - 2017

This report covers intercepts (also known as wiretaps) concluded between January 1, 2017, and December 31, 2017, as reported to the AO, and provides supplementary information reported to the AO on arrests and convictions resulting from intercepts concluded in prior years.

Click to enlarge
Forty-eight jurisdictions (the federal government, the District of Columbia, the Virgin Islands, Puerto Rico, and 44 states) currently have laws that authorize courts to issue orders permitting wire, oral, or electronic surveillance. Table 1 shows that a total of 30 jurisdictions reported using at least one of these types of surveillance as an investigative tool during 2017. more

Sunday, July 8, 2018

TSCM During Construction Projects

In the world of business espionage there is a golden time to install bugs, taps, and other electronic surveillance items.
  • It is a time when nobody is checking. 
  • It is a time when these devices become completely hidden from future detection.
  • It is construction time.
TSCM During Construction

The Bugged Embassy Case: What Went Wrong, is a well-documented story of eavesdropping devices planted so deeply the building had to be abandoned.

The Attack on Axnan Headquarters: An Espionage Operation, is a fictionalized true story of exactly how corporate construction penetrations are accomplished.

Both accounts are a fascinating read, and are true cautionary tales for our times.
———
“You really don’t want electronic surveillance
to become the hidden feature of
your new Boardroom, C-suite, or other sensitive area.”

———

Designing Information Security into Construction Projects

Electronic eavesdropping and information attacks can be stopped, but there is a catch; timing. Technical Surveillance Countermeasures (TSCM) needs to be included in the planning and construction phases of your project. Learn how.

South Korean Women Protest Against Spy Cam Porn

Thousands of South Korean women gathered in Seoul on Saturday to demand stronger government action to fight the spread of intimate photos and footage taken by hidden cameras, which they say has women living in constant anxiety and distress.

Police said about 18,000 took part in the all-women protest, with demonstrators calling for stronger investigations and punishments against male offenders who photograph or film women without their knowledge and post the material online...

Since 2004, South Korea has required smartphones to make large shutter sounds when taking pictures and videos to prevent such crimes. However, phone cameras can be silenced through apps and there’s also an abundance of miniaturized cameras that can be hidden inside bags, shoes and toilets or small holes drilled into bathroom walls and doors...

The national government plans to spend 5 billion won ($4.5 million) to equip local governments with more camera detecting equipment, and strengthen inspections of bathrooms in public spaces and private buildings. There are also plans to widen inspections to elementary, middle and high schools. more

Friday, July 6, 2018

Spycam Quote of the Week

~Christopher Falkenberg, president of security consulting firm Insite Risk Management and former U.S. Secret Service special agent discussing the ease of hotel room spycam bugging...

"Assuming someone has access to the room before and after the customer uses it, I think it’s quite easy because there are many devices available to the public that can be inserted into a room and retrieved after. It’s not high-speed stuff, and it’s not hard to get." more

Israeli Cyber Warfare Firm Employee Caught Selling Eavesdropping Software...

...which is why we say there is no such thing as a secure 'back door'.

Israel’s cyber warfare giant, NSO’s former employee stole company’s ‘Pegasus’ eavesdropping program software and tried to sell it on the ‘dark web’. 

The Pegasus is a classified security tool that can eavesdrop on any person in the world without their knowledge, Globes reported Friday.

The accused is believed to have stolen NSO products and the program worth hundreds of millions of dollars. An indictment filed against the employee last week charged him with security offenses, in addition to theft from his employer. more

What is Dumber than Spycaming a Police Station Restroom?

Not much. Give this dude a double Darwin!

A 28-year-old clerk has been accused of secretly recording other employees inside a restroom at the Long Beach Police Department’s headquarters, authorities said. 

Sergio Nieto of Downey was arrested late last month after he allegedly photographed and videotaped people inside a restroom at the department’s downtown offices...

Nieto was suspended pending further investigation... Investigators are trying to determine the scope of Nieto’s alleged misconduct, and how many people may have been illegally filmed. more

Infographic - Countries Where Private Security Outnumber Police

Whether they're patrolling shopping malls, conducting screening at airports or protecting VIPs, private security guards have become an increasingly common sight across the world. 

In many countries, they are armed with handguns and even dress in uniforms similar to the police.

The sector has experienced huge growth in recent years and today there are an estimated 20 million private security workers worldwide while the industry is worth approximately $180 billion. That is expected to grow even further to $240 billion by 2020, greater than the GDP of 100 countries including Portugal, Romania and Hungary.

According to research conducted by The Guardian, half of the planet's population lives in countries where there are more private security workers than police officers. more

Click to enlarge.
It is likely these are very conservative statistics, as they don't include security specialists, like: professional security consultants, Technical Surveillance Countermeasures (TSCM) specialists, private investigators, computer security specialists, and people working in the alarm and video surveillance sectors. ~Kevin

The Spy Who Dumped Me

Looks like a fun spy movie.
In theaters August 3, 2018.

Wednesday, July 4, 2018

Without Spies There May Have Been No 'Fourth of July'

By Nina Strochlic, for National Geographic magazine.

In 1777, the American colonies were badly losing their fight for independence from Great Britain. The British Army had captured New York City’s crucial port. Expecting further advances, the Continental Congress was evacuated from Philadelphia. It seemed that the war was lost.
Then George Washington, then Commander-in-Chief of the Continental Army, wrote a letter that changed the course of the war.

Washington was desperate to discover what was happening inside New York, but military scouts couldn’t get close enough. The general needed someone to penetrate enemy lines, but when he asked for volunteers, few of his troops raised their hands.

“Spying wasn’t seen as gentlemanly,” says Vince Houghton, resident historian at the International Spy Museum in Washington, D.C.

Finally, a young army captain named Nathan Hale volunteered for the dangerous assignment. He was caught a week later and hanged, the first known American spy to be executed on the job. (He’s memorialized with a statue outside CIA headquarters.)

Washington realized that the mission was too big for untrained volunteers, so he set about building an espionage organization.

John Jay, later the first Chief Justice of the Supreme Court, had been running counterintelligence as head of the New York State Committee and Commission for Detecting and Defeating Conspiracies. One of Jay’s operatives, a merchant named Nathaniel Sackett, had experience in secret writing and codes. 

In February 1777, Washington wrote a letter to Sackett in which he offered him $50 a month—out of his own pocket—to establish the first formal apparatus for the “advantage of obtaining the earliest and best Intelligence of the designs of the Enemy.” “Without the organization that Sackett set up, it would have been very difficult for us to win the war,” says Houghton. “We had a ragtag army and [the British] had the greatest army, greatest navy, and greatest economy in the world. We had no real business winning this war.”

But America’s spy service got off to an inglorious start. Most of Sackett’s agents failed at their jobs—including Sackett himself, who was fired after just six months.

Fortunately for the infant nation, Sackett’s replacement, 26-year-old Benjamin Tallmadge, created what is considered one of America’s greatest espionage operations: the Culper Spy Ring. Comprised of childhood friends from Long Island, the group included a shop owner inside New York City who gathered information, a traveling trader who smuggled it out of the city, and a whale boat captain who delivered it to Washington’s camp.

Employing the tools and tricks of the 18th-century spy trade—hiding secret messages in hollow feather quills, using “dead drops” to transport letters—the Culper operatives unmasked enemy spies, busted a money counterfeiting plan, and stopped the British from sabotaging a French aid mission to the colonies.

After important letters were lost during an enemy raid, Tallmadge invented a “numerical dictionary” code that matched 763 cities, names, and words to numbers. (Washington’s code name was Agent 711.) Washington also asked physician James Jay (brother to John) to invent an invisible ink that could be revealed only with another chemical and would “relieve the fears of such persons as may be entrusted in its conveyance.

Washington’s espionage experiment paid off. In 1781 the British surrendered, thanks in part to the intelligence gathered by the Culper Ring and their networks. “Washington didn’t really out-fight the British. He simply out-spied us,” a British intelligence officer allegedly said after the war.

None of the Culper spies were ever caught, and even Washington himself never learned exactly who was in the group. The ring’s very existence wasn’t discovered until the 1900s, and to this day no one knows for certain how many members it had.

After the war Washington asked Congress to reimburse him $17,000—nearly half a million dollars today—for his espionage expenses. The lawmakers obliged.

Tuesday, July 3, 2018

Washington Policymakers Bluster About High-Tech Foreign Surveillance (again)

Washington policymakers are growing increasingly worried about the threat of high-tech foreign surveillance, a development complicated by U.S. spy agencies' use of similar technologies.

Lawmakers are stepping up their demands for more information from the Trump administration about foreign efforts to spy on Americans' cellphones. more

Facebook Promises Not to Use Tech in Phone Eavesdropping Patent

In an attempt to assuage concerns raised by Facebook's filing for a patent for software that could turn the mics of smartphones on in order to record secret messages in TV ads, the social networking giant has ruled out using the technology in any of its products.


The patent had been filed "to prevent aggression from other companies," Facebook Vice President and Deputy General Counsel Allen Lo told Engadget in a statement this week. The technology in this patent has not been included in any of Facebook's products, "and never will be", Lo said. more

No Formal Process for Protecting a Trade Secret in Canada ?!?!

Canada - At the annual Uniform Law Conference of Canada in 1989, there was proposed legislation drafted that was called the Uniform Trade Secrets Act.

It provided for potential civil remedies against anyone who acquired a trade secret improperly, including through commercial espionage or electronic means. Courts could grant injunctions, award damages and determine who could make future use of the trade secret.

The proposed legislation was put forward one year after the Supreme Court of Canada issued its ruling in R. v. Stewart on the issue of whether “confidential information” can be the subject of theft under the Criminal Code. The court, in a unanimous decision, concluded that it could not, since confidential information on its own is not property...

Three decades later, there are still no criminal offences specific to this area and the Uniform Trade Secrets Act was never enacted into law by any province. In fact, the current website of the federal Canadian Intellectual Property Office states flatly that there is “no formal process” for protecting a trade secret. more

Meanwhile... Australia has passed new laws to get tough on spying. more

Monday, July 2, 2018

Sign Up - Hackers On Planet Earth (H.O.P.E.) - 3 Days & Nights in NYC

The Circle of HOPE will take place on July 20, 21, and 22, 2018 at the Hotel Pennsylvania in New York City. H.O.P.E. stands for Hackers On Planet Earth, one of the most creative and diverse hacker events in the world. It's been happening since 1994.

Three full days and nights of activities, including more of the provocative and enlightening speakers that the HOPE conferences are known for. In addition, they will have access to a massive amount of space to put together all sorts of hacker projects and assorted fun stuff.

In the past they've had huge hackerspace villages, film festivals, Segway rides, lock picking villages, a wide variety of vendors, art installations, live video, vintage computers, robots, an amateur/ham radio station, electronics workshops, book signings, and the country's biggest supply of Club-Mate.

All of that happening right in the middle of New York City, across the street from Penn Station and down the block from the Empire State Building. more

Be sure to check out the amazing list of speakers and topics!