Andy Miles via Finextra...
With the option to wield large budgets in the fight against cyber crime there is, however, a tendency for financial service IT leaders to be drawn to the latest, shiniest technology solution of the moment...
What needs real investment, and not necessarily in cash terms is the trinity of People, Process and Technology (PPT). A security vulnerability can appear in any element of the business and a holistic approach that covers all colleagues and operations is vital for a good active defensive strategy.
Technology cannot answer all issues and won’t always work together with the culture and processes already instilled in an organization.
That is why it is so important to have a holistic approach that encompasses a security-first culture, enables constant review of processes and understands the importance of investment in technologies that evolve to combat emerging vulnerabilities and threats. more
Wednesday, August 22, 2018
Friday, August 10, 2018
Corporate Espionage: GM Skunks Ford
When you think of corporate espionage, you think of documents exchanging hands in dark parking garages, or hackers breaking into company mainframes. But GM is better than all that, and instead opted to walk in the front door in their attempts to best the Ford F-150, the best-selling truck in America. That meant GM engineers joining public factory tours of Ford’s Dearborn plant.
The engineers studied Ford’s production methods and said, yeah, we can do better. ... armed with stopwatches and trained eyes, the GM engineers believed they saw problems.
“They had a real hard time getting those doors to fit,” Tim Herrick, the executive chief engineer for GM truck programs told Reuters. His team did more intelligence gathering. They bought and tore apart Ford F-series doors sold as repair parts. Their conclusion... more
The idea of giving plant tours ended years ago, just for this reason. It has been 32 years since you could watch a freakin' corn flake being made. If you give plant tours, STOP. ~Kevin
1986 - "They have stopped the public tours at the Kellogg Company...
The company says it had no choice. Spies from rival manufacturers were sneaking in with the tourists, it said. In fact, according to Joseph M. Stewart, a vice president, engineers from a foreign competitor took the tour 20 times before setting up a rival manufacturing operation." more
The engineers studied Ford’s production methods and said, yeah, we can do better. ... armed with stopwatches and trained eyes, the GM engineers believed they saw problems.
“They had a real hard time getting those doors to fit,” Tim Herrick, the executive chief engineer for GM truck programs told Reuters. His team did more intelligence gathering. They bought and tore apart Ford F-series doors sold as repair parts. Their conclusion... more
The idea of giving plant tours ended years ago, just for this reason. It has been 32 years since you could watch a freakin' corn flake being made. If you give plant tours, STOP. ~Kevin
1986 - "They have stopped the public tours at the Kellogg Company...
The company says it had no choice. Spies from rival manufacturers were sneaking in with the tourists, it said. In fact, according to Joseph M. Stewart, a vice president, engineers from a foreign competitor took the tour 20 times before setting up a rival manufacturing operation." more
Eavesdropping and Wiretapping History
In July 1956, the Pennsylvania Bar Association Endowment (PBAE) commissioned a comprehensive study of "wiretapping practices, laws, devices, and techniques" in the United States. At the time, Pennsylvania was one of several jurisdictions in the country without a statute regulating eavesdropping. Members of the PBAE's Board believed that a nationwide fact-finding mission had the potential to help state lawmakers establish effective policies for police agencies and private citizens. The man appointed to direct the study was Samuel Dash, a prominent Philadelphia prosecutor whose stint as the city's District Attorney had given him a first-hand look at eavesdropping abuses on both sides of the law. Two decades later, while serving as Chief Counsel of the Senate Watergate Committee, Dash would see many of those abuses come full circle...
The result of Dash's efforts was The Eavesdroppers, a 483-page report co-authored with Knowlton and Schwartz. Rutgers University Press published it as a standalone volume in 1959. The book uncovered a wide range of privacy infringements on the part of state authorities and private citizens, a much bigger story than the PBAE had anticipated. more (long, in-depth and very interesting)
The result of Dash's efforts was The Eavesdroppers, a 483-page report co-authored with Knowlton and Schwartz. Rutgers University Press published it as a standalone volume in 1959. The book uncovered a wide range of privacy infringements on the part of state authorities and private citizens, a much bigger story than the PBAE had anticipated. more (long, in-depth and very interesting)
Thursday, August 9, 2018
TSCM is Technical Surveillance Countermeasures - Beware of Imitations
TSCM from the Yellow Pages.
TSCM from IBM.
TSCM live from New York.
TSCM from the International Association of Professional Security Consultants (iapsc.org), or here.
Facial Recognition Technology – Not Ready for PRIME Time
Amazon.com’s facial
recognition tools incorrectly identified Rep. John Lewis (D-Ga.) and 27
other members of Congress as people arrested for a crime during a test
commissioned by the American Civil Liberties Union of Northern
California, the watchdog said Thursday...Amazon’s so-called Rekognition technology — already in use at law-enforcement agencies in Oregon and Orlando — is hampered by inaccuracies... more
Security Scrapbook Flashback to 2008.
Security Scrapbook Flashback to 2008.
Wednesday, August 8, 2018
Cree CEO: 'All technology companies' face espionage
Cree CEO Gregg Lowe said Tuesday that “all technology companies face the same thing” when it comes to the need to protect trade secrets.
“Every day, they are making changes to help protect and secure their technology and I think we’re no different than anybody else,” he said at Triangle Business Journal's Power Breakfast at PNC Arena.
“I think all companies face these challenges. You’ve got technology, you’ve got capability and people want to come after it.”
A former Cree employee, Coy Bell, is alleged to have stolen trade secrets worth millions by downloading classified files onto an SD card, according to a report. more
“Every day, they are making changes to help protect and secure their technology and I think we’re no different than anybody else,” he said at Triangle Business Journal's Power Breakfast at PNC Arena.
“I think all companies face these challenges. You’ve got technology, you’ve got capability and people want to come after it.”
A former Cree employee, Coy Bell, is alleged to have stolen trade secrets worth millions by downloading classified files onto an SD card, according to a report. more
Samsung's Galaxy S7 Alert - Meltdown
Samsung's Galaxy S7 smartphones have a security flaw that could allow hackers to spy on tens of millions of users.
The smartphone, owned by more than 30 million people, contains a compromised microchip which would enable cybercriminals to exploit a flaw called Meltdown.
Meltdown was uncovered earlier this year and only affects chips designed by Intel. It is believed to have existed in devices dating back 20 years, but was disclosed to chip makers Intel, ARM and AMD in 2017.
Potentially, it could allow hackers to bypass the barrier in hardware between applications and a computer’s memory, allowing them to steal passwords. more
Dearest, I am formerly Spy Chief of Nigeria and need your assistance to move...
Nigeria's head of the intelligence service has been fired after security services staged a brief "takeover" of parliament in the capital Abuja, at a time when President Muhammadu Buhari is out of the country.
Hooded armed men from the police and Department of State Service (DSS) blocked access to the two chambers - the Senate and House of Representatives - on Tuesday morning, preventing lawmakers, workers, journalists and other visitors from entering. more
Hooded armed men from the police and Department of State Service (DSS) blocked access to the two chambers - the Senate and House of Representatives - on Tuesday morning, preventing lawmakers, workers, journalists and other visitors from entering. more
The War Against Tiny Spy Cameras in South Korea - TSCM Police Activity
In response to a growing outcry, teams organized by the police have sprung into action. Armed with infrared scanners that can spot a lens and devices that detect electrical charges, they spend hours hunting for cameras* installed by peeping Toms in changing rooms and public bathrooms...
Although concerns about spy cams and illicit filming are far from new in South Korea — the activity was dubbed “molka” years ago — the problem appears to be growing. The number of suspected perpetrators identified by police rose from 1,354 in 2011 to 5,363 in 2017; more than 95 percent were men...
Police identified more than 26,000 victims of illicit filming between 2012 and 2016, over 80 percent of them female. But many never find out they are victims: The real number “would be 10 times higher than the police figure” if the full extent were known, said Oh Yoon-sung, a criminology professor at Soonchunhyang University... more
* 20% off.
Although concerns about spy cams and illicit filming are far from new in South Korea — the activity was dubbed “molka” years ago — the problem appears to be growing. The number of suspected perpetrators identified by police rose from 1,354 in 2011 to 5,363 in 2017; more than 95 percent were men...
Police identified more than 26,000 victims of illicit filming between 2012 and 2016, over 80 percent of them female. But many never find out they are victims: The real number “would be 10 times higher than the police figure” if the full extent were known, said Oh Yoon-sung, a criminology professor at Soonchunhyang University... more
* 20% off.
Tuesday, August 7, 2018
Anatomy of a Bankruptcy
CA - The Gardena-based parent company of the retail chains Fallas and Anna’s Linens said Monday it filed for bankruptcy reorganization and plans to close 74 of its 344 stores. National Stores Inc., a family-owned firm, operates in 22 states and Puerto Rico...
National Stores said the bankruptcy filing was due to certain under-performing stores and severe weather in various regions that hurt sales.
In addition, the company suffered a data breach in the second half of last year in which some customers’ payment-card information was exposed at dozens of stores, and as a result “access to operating funds diminished” for the company, National Stores said. more
Three reasons for the failure, in the order stated:
Number Two is vague.
Number Three is a killer.
The list should be reversed, to show order of importance order.
Takeaway... Information security (from IT to TSCM) can make or break any business.
National Stores said the bankruptcy filing was due to certain under-performing stores and severe weather in various regions that hurt sales.
In addition, the company suffered a data breach in the second half of last year in which some customers’ payment-card information was exposed at dozens of stores, and as a result “access to operating funds diminished” for the company, National Stores said. more
Three reasons for the failure, in the order stated:
- Under-performing stores.
- Severe weather.
- Data breach diminished operating funds.
Number Two is vague.
Number Three is a killer.
The list should be reversed, to show order of importance order.
Takeaway... Information security (from IT to TSCM) can make or break any business.
Sunday, August 5, 2018
This Week in Spy News
US - The July arrest and indictment of Maria Butina, a 29-year-old Russian woman accused of being a spy, sent shockwaves through Washington and left the political world wondering where she had come from. Her Instagram page showed a glimpse of what her life looked like in Russia while she was allegedly "laying the groundwork" to move to the United States and conduct high-level espionage on behalf of the Russian government. more
UK- SPY chiefs are to develop futuristic technology that will predict when and where terrorist attacks will take place. They are pumping millions into a project called “Unblinking Eye” to identify and keep watch on people who pose a security threat. A new cutting-edge system will monitor and analyse human behaviour and help security services act before an outrage is committed. It mirrors the sci-fi movie Minority Report, starring Tom Cruise, where cops use psychic technology to arrest murderers before they strike. more
US - A suspected Russian spy was employed for more than a decade at the US Embassy in Moscow before being fired last year, a senior administration official tells CNN. The woman, a Russian national, worked for the US Secret Service for years before she came under suspicion during one of the State Department regional security office's routine security reviews in 2016, the official said. The security office found the woman was having regular, unauthorized meetings with the Russian intelligence service, the FSB. more
US - Sen. Dianne Feinstein’s office was infiltrated by a Chinese spy who worked as her driver and attended official functions on her behalf for 20 years, according to new reports from Politico and The San Francisco Chronicle.
US - An engineer employed by General Electric Co. was arrested by the FBI and charged with using sophisticated techniques to steal digital files on the company's turbine technology to benefit his interest in Chinese companies that compete with GE... The federal criminal complaint says that in 2014, Zheng "downloaded more than 19,000 files from GE's computer network onto an external storage device, believed by GE investigators to have been a personal thumb drive." Federal authorities said that Zheng is a U.S. citizen and also holds citizenship in China. more
S. Korea - The country is in the grip of what's been described as a spy camera epidemic. Hidden cameras capture women - and sometimes men - undressing, going to the toilet, or even in changing rooms in clothing stores, gyms and swimming pools. The videos are posted online on pop-up pornography sites. Activists in Seoul now warn that unless more is done to prevent it, this type of crime is likely to spread to other countries and will prove difficult to stop. more (Too late. It already has.)
US - A local handyman has been charged with spying on his customers’ personal lives by installing hidden cameras in homes where he had done work. Alton police arrested Peter Mugford and charged him with five felony counts of unlawful wiretapping, two counts of burglary, violation of privacy, and stalking... Mugford allegedly used his profession as a contractor/handyman to get access to client homes and place hidden cameras in bedrooms, bathrooms, and other private areas of the home. Mugford would then return to the homes without the owners knowledge or consent to retrieve cameras and footage. more
...and The Hollywood Reports submits its Top 10 Best Spy Comedies list. See if you concur. My pick for #1 is Top Secret.
UK- SPY chiefs are to develop futuristic technology that will predict when and where terrorist attacks will take place. They are pumping millions into a project called “Unblinking Eye” to identify and keep watch on people who pose a security threat. A new cutting-edge system will monitor and analyse human behaviour and help security services act before an outrage is committed. It mirrors the sci-fi movie Minority Report, starring Tom Cruise, where cops use psychic technology to arrest murderers before they strike. more
US - A suspected Russian spy was employed for more than a decade at the US Embassy in Moscow before being fired last year, a senior administration official tells CNN. The woman, a Russian national, worked for the US Secret Service for years before she came under suspicion during one of the State Department regional security office's routine security reviews in 2016, the official said. The security office found the woman was having regular, unauthorized meetings with the Russian intelligence service, the FSB. more
US - Sen. Dianne Feinstein’s office was infiltrated by a Chinese spy who worked as her driver and attended official functions on her behalf for 20 years, according to new reports from Politico and The San Francisco Chronicle.
US - An engineer employed by General Electric Co. was arrested by the FBI and charged with using sophisticated techniques to steal digital files on the company's turbine technology to benefit his interest in Chinese companies that compete with GE... The federal criminal complaint says that in 2014, Zheng "downloaded more than 19,000 files from GE's computer network onto an external storage device, believed by GE investigators to have been a personal thumb drive." Federal authorities said that Zheng is a U.S. citizen and also holds citizenship in China. more
S. Korea - The country is in the grip of what's been described as a spy camera epidemic. Hidden cameras capture women - and sometimes men - undressing, going to the toilet, or even in changing rooms in clothing stores, gyms and swimming pools. The videos are posted online on pop-up pornography sites. Activists in Seoul now warn that unless more is done to prevent it, this type of crime is likely to spread to other countries and will prove difficult to stop. more (Too late. It already has.)
US - A local handyman has been charged with spying on his customers’ personal lives by installing hidden cameras in homes where he had done work. Alton police arrested Peter Mugford and charged him with five felony counts of unlawful wiretapping, two counts of burglary, violation of privacy, and stalking... Mugford allegedly used his profession as a contractor/handyman to get access to client homes and place hidden cameras in bedrooms, bathrooms, and other private areas of the home. Mugford would then return to the homes without the owners knowledge or consent to retrieve cameras and footage. more
...and The Hollywood Reports submits its Top 10 Best Spy Comedies list. See if you concur. My pick for #1 is Top Secret.
A Spycam Backlash in South Korea
South Korea - Thousands of women wearing red shirts endured the suffocating heat... to protest against the illegal filming of women...
According to South Korean police, a total of 5,363 hidden camera crimes occurred last year*, and similar crimes are still occurring.
Last month, a high school boy was caught filming in a girl’s restroom. Separately, a man in his 30s who sold 2,845 videos illegally filmed in public restrooms was caught as well...
Hidden camera cases coming up over and over again has forced women to become more cautious about using public restrooms. They have come up with ways to spot hidden cameras, such as filling in any holes they find in restrooms and turning off all the lights in bathrooms to check for camera lights.
The organizers, who asked reporters not to ask demonstrators any questions, let their chants and pickets do the talking.
The first protest of the "Inconvenient Courage" kicked off in May, drawing more than 10,000 protestors. And the second and third protests drew another 15,000 and 18,000, respectively.
Saturday's protests, according to the organizers, nearly quadrupled those numbers. more
* This is only the discovered and reported incidents. Most are never discovered.
According to South Korean police, a total of 5,363 hidden camera crimes occurred last year*, and similar crimes are still occurring.
Last month, a high school boy was caught filming in a girl’s restroom. Separately, a man in his 30s who sold 2,845 videos illegally filmed in public restrooms was caught as well...
Hidden camera cases coming up over and over again has forced women to become more cautious about using public restrooms. They have come up with ways to spot hidden cameras, such as filling in any holes they find in restrooms and turning off all the lights in bathrooms to check for camera lights.
The organizers, who asked reporters not to ask demonstrators any questions, let their chants and pickets do the talking.
The first protest of the "Inconvenient Courage" kicked off in May, drawing more than 10,000 protestors. And the second and third protests drew another 15,000 and 18,000, respectively.
Saturday's protests, according to the organizers, nearly quadrupled those numbers. more
* This is only the discovered and reported incidents. Most are never discovered.
Tuesday, July 31, 2018
Corporate Espionage Alert: Deep Portrait Videos – Not Just a Government Problem
The bad actors
have stepped up their game with perhaps the most potentially devastating
cyber ruse of all – the high-tech “Deepfake” videos...
Deepfake videos are the residue of new internet technology that supplies almost anyone the ability to alter reality so that subjects can be manipulated to say anything the hacker wants, from the ludicrous and inflammatory to the downright incriminating...appears so real it is almost impossible to spot the bogus video.
The potential security impact of these altered videos has both the federal government and the U.S. Intelligence community on high alert...
“This started several years ago with fake videos and then it turned into Deepfake videos and it’s currently progressing to deep portrait videos,” says Bob Anderson, who is a Principal in The Chertoff Group’s global Strategic Advisory Services and a former national security executive and former Executive Assistant Director with the FBI...
“This is a potentially huge national security threat for a variety of reasons. Picture telecommunication calls or video conference calls that an adversary could potentially interject a fake deep portrait video of a three-star general or CEO of a company directing members of that company or organization to partake in potential detrimental national security or criminal actions,” Anderson says. “Nation-states like Russia, China and Iran could potentially utilize this technology for a variety of counterintelligence, corporate espionage, economic espionage and political influence campaigns across the United States.” more
Deepfake videos are the residue of new internet technology that supplies almost anyone the ability to alter reality so that subjects can be manipulated to say anything the hacker wants, from the ludicrous and inflammatory to the downright incriminating...appears so real it is almost impossible to spot the bogus video.
The potential security impact of these altered videos has both the federal government and the U.S. Intelligence community on high alert...
“This started several years ago with fake videos and then it turned into Deepfake videos and it’s currently progressing to deep portrait videos,” says Bob Anderson, who is a Principal in The Chertoff Group’s global Strategic Advisory Services and a former national security executive and former Executive Assistant Director with the FBI...
“This is a potentially huge national security threat for a variety of reasons. Picture telecommunication calls or video conference calls that an adversary could potentially interject a fake deep portrait video of a three-star general or CEO of a company directing members of that company or organization to partake in potential detrimental national security or criminal actions,” Anderson says. “Nation-states like Russia, China and Iran could potentially utilize this technology for a variety of counterintelligence, corporate espionage, economic espionage and political influence campaigns across the United States.” more
Monday, July 30, 2018
More Security Cameras Vulnerable to Spying
A popular wireless security camera designed to safeguard businesses and homes was vulnerable to a spying hack.
The flaw meant it was possible to hijack video and audio streamed from other people's properties by making a minor tweak to Swann Security's app.
Researchers found the problem after the BBC reported a case where one customer had received another's recordings.
Australia-based Swann and OzVision - the Israeli provider of its cloud tech - said the issue had now been fixed.
Swann said that the vulnerability had been limited to one model - the SWWHD-Intcam, also known as the Swann Smart Security Camera - which first went on sale in October 2017. Retailers including Maplin, Currys, Debenhams, Walmart and Amazon have sold them.
However, there are concerns that other companies' cameras supported by OzVision could have problems. more
It is argued that the company offers cloud service to around three million smart cameras and users rely upon its app to connect to their IoT devices, and if anyone can gain access to live stream then all the smart cameras stand at risk. These include the Flir FX smart camera and other brands apart from Swann. The problem lies in the tunnel protocol that is responsible for verifying is a particular viewer is authorized to access the live stream or not. more
The flaw meant it was possible to hijack video and audio streamed from other people's properties by making a minor tweak to Swann Security's app.
Researchers found the problem after the BBC reported a case where one customer had received another's recordings.
Australia-based Swann and OzVision - the Israeli provider of its cloud tech - said the issue had now been fixed.
Swann said that the vulnerability had been limited to one model - the SWWHD-Intcam, also known as the Swann Smart Security Camera - which first went on sale in October 2017. Retailers including Maplin, Currys, Debenhams, Walmart and Amazon have sold them.
However, there are concerns that other companies' cameras supported by OzVision could have problems. more
It is argued that the company offers cloud service to around three million smart cameras and users rely upon its app to connect to their IoT devices, and if anyone can gain access to live stream then all the smart cameras stand at risk. These include the Flir FX smart camera and other brands apart from Swann. The problem lies in the tunnel protocol that is responsible for verifying is a particular viewer is authorized to access the live stream or not. more
Labels:
#eavesdropping,
#hack,
#IoT,
#spycam,
Alert,
cybersecurity,
privacy,
product
Saturday, July 28, 2018
Dad Charged With Felony Eavesdropping - Phone Ownership Irrelevant
MI - An Antrim County man faces two felony charges after authorities said
he recorded conversations between his ex-wife and his 12-year-old
daughter for nearly three years...
Carlson, who has custody of his daughter ... had been using a Voice Over Internet Protocol (VOIP) setting to record all telephone calls associated with his cellphone number, according to a report from the Michigan State Police.
Investigators contend Carlson let his daughter use the phone so she could talk to her mother, Kellie Poehner, who lives in Genesee County, but did not inform Poehner or his daughter that he was recording the calls, nor did he ask for their consent. Both believed the conversations were private, the report said.
Carlson is suspected of emailing some of the recordings in March to John Poehner, who is married to Kellie Poehner. That alleged action prompted an investigation that led to the distribution and dissemination charge... more
Carlson, who has custody of his daughter ... had been using a Voice Over Internet Protocol (VOIP) setting to record all telephone calls associated with his cellphone number, according to a report from the Michigan State Police.
Investigators contend Carlson let his daughter use the phone so she could talk to her mother, Kellie Poehner, who lives in Genesee County, but did not inform Poehner or his daughter that he was recording the calls, nor did he ask for their consent. Both believed the conversations were private, the report said.
Carlson is suspected of emailing some of the recordings in March to John Poehner, who is married to Kellie Poehner. That alleged action prompted an investigation that led to the distribution and dissemination charge... more
Subscribe to:
Posts (Atom)