Wednesday, March 27, 2019

This Week in Corporate Espionage

HONDA
Calling corporate espionage a threat to its competitive advantage in the all-terrain vehicle market, Honda of South Carolina is going to court to find out who posted unauthorized photos of its Talon side-by-side vehicles on the Internet...

...photos and detailed, confidential information about the Talon models started showing up on Internet sites hondasxs.com and HondaProKevin.com.

According to Honda’s complaint, someone using the screen name “hondasecrets” posted photos of Talons taken inside the factory. Another using the name “HondaTalon” posted specifications “regarding the horsepower, maximum speed, and measurements, which Honda had not yet released to the public,” the complaint states. more

-----

TESLA
Tesla Inc. accused one of its former engineers of stealing highly confidential autopilot information before bolting to the Tesla of China, Xpeng Motors, eight months after one of Apple Inc.’s ex-employees was charged with taking sensitive robocar secrets to a new job with Xpeng.

Allegations that a second Silicon Valley giant (see below) was betrayed by one of its own workers bound for the same Chinese startup come amid a major U.S. crackdown on Chinese corporate espionage. more

-----

APPLE
A former hardware engineer (Zhang Xiaolang) for Apple’s autonomous vehicle development team who went to work for Xpeng is facing criminal charges brought by the U.S. Justice Department. He has pleaded not guilty...

Zhang told Apple he wanted to be closer to his ailing mother in China just before revealing to his supervisor that he intended to work for Xpeng. Apple grew more suspicious after seeing his increased network activity and visits to the office before he resigned, prosecutors said in a criminal complaint. He was arrested after he passed through the security checkpoint at Silicon Valley’s San Jose International Airport to board a flight to China. more

Spybuster Tip #471 - Block People Who Track You via Email

Ugly Email is a Gmail / Firefox plug-in. When a tracker is detected, it shows the icon of an eyeball in the subject line to alert you that a tracker is hidden inside the email.

Blocked trackers include:
  • MailChimp
  • SendGrid
  • Drip
  • Mailgun
  • Streak
  • Bananatag
  • Yesware
  • Postmark
  • Sidekick
  • TinyLetter
  • MixMax
  • MailTrack
  • toutapp
  • Litmus
  • Boomerang
  • ContactMonkey
  • Cirrus Insight
  • Polymail
  • YAMM
  • GetResponse
  • phpList
  • Close.io
  • Constant Contact
  • Marketo
  • Return Path
  • Outreach
  • Intercom
  • Mailjet
  • Nethunt
...and Ulgy Email is soliciting suggestions for other email spies to add to the list. Ugly Email claims it does not store, transfer, transmit or save any of your data.

Student Newspaper Accused of Bugging an On-Campus Apartment


Ireland - A student newspaper accused of “bugging” an on-campus apartment in its investigation into an alleged initiation ceremony has been defended by the National Union of Journalists.

A referendum will be held in Trinity College Dublin in April about whether to strip The University Times of most of the funding it receives from the student’s union over the reporting methods used for a story on the Knights of the Campanile, an all-male sporting society.

The referendum was triggered when 500 students signed a petition calling on the student’s union to reconsider its funding. Reporters left a recording device outside the apartment of Ben Arrowsmith, a student and captain of the society. The paper reported this month that they heard “groaning, gagging and retching... more

The Case of The Very Dumb Spycam Man

CA - A detective identified the man charged with filming dozens of cops in a police station restroom by recognizing his shoes, according to newly revealed court documents that allege his spying was more widespread than previously known...

He took note of the distinctive dress shoes in the stall next to him, and later that day, detectives confronted Sergio Nieto, the clerk who was wearing them, according to the documents.


Nieto admitted he’d been filming officers as they used the toilet and said he’d also spied on people in the bathroom of a 24 Hour Fitness at The Promenade at Downey shopping center. more

Corporate Romper Room - Don't Bee a Slack Slacker

More than 10 million people use Slack every day, mostly to communicate with co-workers. The app has gained so much popularity in the five-plus years since its launch that private investors value the company at over $7 billion.

“I love my people, but they never shut up on Slack,” said the CEO of a security company who asked not to be named so he could speak openly about his concerns. “It’s very good for productivity, but the problem is we’re working on security, so we have to be careful about what we say.”

Employees communicate on Slack using “channels” to focus conversations on various topics specific to different departments. It followed corporate chat tools from Microsoft, Google and Cisco as well as a plethora of start-ups, but none gained Slack’s level of adoption or had so much success in pulling workers away from email and into messaging groups. more

Information Security and Cryptography Seminar - June 17-19, 2019

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience. This includes the foundations needed to understand the different approaches, a critical look at the state-of-the-art, and a perspective on future security technologies.

The material is presented at three different levels. At the highest level, the basic concepts are presented in detail, but abstractly (e.g., as black boxes), without mathematics. No background is required to follow at this level. At an intermediate level, the most important concrete schemes, models, algorithms, and protocols are presented as well as their applications. Here some minimal mathematical and systems background is assumed. At the deepest level, which is not required to understand the higher levels, different special topics, requiring some mathematical background, are discussed.

Lecturers:
Prof. David Basin and Prof. Ueli Maurer
Advanced Technology Group GmbH
Grundgasse 13
9500 Wil
Switzerland
F: +41 (0)44 632 1172

Seminar Location: 
Marriott Courtyard Zurich North
Max-Bill-Platz 19
CH-8050 Zurich
Switzerland
more

Monday, March 25, 2019

Security Director Alert: Check for These Bug-Like Products at Your Location

Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions.

A series of both unauthenticated and authenticated remote code-execution vulnerabilities have been uncovered in a variety of Grandstream products for small to medium-sized businesses, including audio and video conferencing units, IP video phones, routers and IP PBXs.

Attackers can also use the vulnerabilities to gain access to cameras and microphones to turn them into listening devices. “The most notable aspect of the vulnerabilities is what you can do simply by using the programs that get shipped on the device,” Brendan Scarvell, senior security consultant at Trustwave SpiderLabs, told Threatpost in an interview.

“This includes playing audio through the speakers, recording conversations through the microphone, activating cameras and taking photos, installing custom software/malware etc. This is pretty bad for places such boardrooms or executive offices where confidential conversations frequently happen. more

Many common office products have information security vulnerabilities. A Technical Surveillance Countermeasures (TSCM) survey, conducted by a competent consultant, will discover them for you.

College Student Pleads Guilty to Illegal Wiretapping

A Maryland university student has pleaded guilty to illegally wiretapping a congressional staffer and putting the conversation on Facebook Live without consent...

Prosecutors say Burdett, a 21-year-old advocate for Maryland Marijuana Justice, took part in a rally in front of Rep. Andy Harris' office in Salisbury, Maryland, in October. Then he and others met with a member of the congressman's staff in his office.

Harris' staff told the group not to record the meeting, citing office policy, but prosecutors say Burdett recorded and streamed it on Facebook Live without the staffer's consent. more

FutureWatch - Who Really Lives in that Apartment

NY - A Brooklyn landlord intends to install facial recognition technology at the entrance of a roughly 700-unit rent-stabilized complex, raising alarm among tenants and housing rights attorneys about what they say is a far-reaching and egregious form of digital surveillance...

We don’t want to be tracked,” said Icemae Downes, a longtime tenant. “We are not animals. This is like tagging us through our faces because they can’t implant us with a chip.more

Thursday, March 21, 2019

Korea - Molka Means Spycam - Government Creates a Handbook for Women

The Seoul Metropolitan Government on Monday distributed guidelines on how to respond to spycam crimes for victims and law enforcement officers, amid a growing epidemic of spycam porn in the country. 

Divided into two parts -- for civilians and police officers -- the handbook was designed to raise awareness of what constitutes secondary damage to victims of spycam porn and how police officers and victims can handle such cases, according to the Seoul city government.

For example, the guidelines recommend that victims secure evidence -- such as a hidden camera -- if possible and remember the perpetrator’s appearance. If illegally filmed videos have already been distributed, the advice is to copy the links and obtain screenshots. Then the victims should report the situation to the police and ask the website or social media companies to remove the videos, the handbook says. more

-----

The (K-Pop) scandal magnifies the proliferation of hidden camera porn in South Korea — an issue which drove 22,000 women to the streets last June in the largest women’s demonstration in the nation’s history. Known as molka, meaning “spycam”, hidden camera porn has become an increasingly visible issue in South Korea, as the distribution of footage from secret, tiny cameras — often depicting women in sexual or intimate circumstances without their consent — has grown in recent years. From 2013 to 2017, police estimate nearly 6,000 cases of spycam porn each year. more

Korea - 1,600 hotel guests were secretly filmed...

...on cameras hidden in wall sockets, with footage live-streamed to paying customers!

Two South Korean men have been arrested after allegedly installing spy cameras in dozens of hotel rooms, secretly recording more than 1,600 guests and live-streaming the footage.


The men are accused of installing cameras in electrical sockets, hair dryer holders and digital TV boxes in 30 hotels in ten cities across South Korea, local police said.

They would then broadcast the footage on a website with thousands of members, charging a $44.95 monthly fee. more

Important: Learn how to inspect your hotel room (or any expectation of privacy area) for spy cameras ...and what to do if you find one.
On-line, self-paced, video training for private individuals and business.

Korea - K-pop Sex Scandal Reveals Practice of Sharing Spycam Porn

A sex scandal engulfing South Korea's K-pop industry is drawing attention and criticism to the country's problem with illegal spy cam "porn," says NPR's former Seoul correspondent...

Earlier this month, police questioned K-pop star Jung Joon-young about allegations he secretly filmed himself having sex with women and then shared the footage in private group chats.

"Tiny cameras that can be the size of lipstick containers or lighters are hidden in public places like subway stations, but also in highly private places like dressing rooms and bathrooms," Hu explained.

"The most common kind that's traded online, and shared online, and sometimes profited off of online, is footage of women having sex." more

Wednesday, March 20, 2019

Cops Spying on Cops, the Village President & Spycamer's in Crawlspaces

IN - A second lawsuit has been filed against New Carlisle alleging command staff in the police department secretly recorded private conversations... The five plaintiffs claim that Deputy Police Chief Brian Thompson and Chief Calleb Dittmar allegedly secretively “placed, or caused to be placed,” recording devices in the ceilings of non-essential areas of the department. more

-----

IL - Former Hinckley Chief of Police Kimberly S. Everhart has been charged with eavesdropping and official misconduct after Illinois State Police say she illegally recorded a conversation with the village president in 2017. more

-----
 
GA - A Catoosa County man is facing a handful of privacy invasion charges after he allegedly broke into a Ringgold residence and planted monitoring equipment, police say.

According to the Catoosa County Sheriff’s Office: Samuel David Townsend, 32, of 103 Parkview Drive in Ringgold, was arrested March 7 on charges of first-degree burglary, possession or sale of an eavesdropping device, unlawful eavesdropping, and Peeping Tom.

...resident reported suspicious sounds coming from underneath her home.

The victim said she was getting out of the shower when she heard a sound coming from the house’s master bathroom. The woman claimed she initially thought a mouse was in the home, but that the noise got louder almost like something was being cut...

...a white truck parked out on the street in front of the home and that the crawl space at the back of the house was open...

Sheriff Gary Sisk said Townsend did some work at the home in the past, and that he planted a recording device. more

Spybuster Tip # 629 - Watch What You Say at the Drive-Thru

Next time you have a private conversation while in a drive-through, you might want to keep it quiet — as workers in fast food restaurants are able to hear you, even when you can’t hear them.

Well, as long as they are wearing a headset and you’re parked next to the microphone with your window down, that is.

...the revelation on r/LifeProTips: They posted; “If we apologize [sic] and say we’ll be with you in a minute – you’re not on hold, we can hear everything. If you’ve ordered but the drive-thru line won’t let you pull ahead yet – we can hear every single thing you’re saying.

Suggesting that having the ability to eavesdrop isn’t always a good thing, they added: “I wish I could forget some of the stuff I’ve heard.more

Mr. Blobby - UK TV Star & Accidential Voyeur

UK - Mr. Blobby is a big, pink blobby thing covered in yellow dots resembling a dangerous bout of liver cirrhosis. He also happens to be a dearly loved kids’ character on British TV.

However, he could have some explaining to do to Mrs. Blobby after he was caught perving on a naked woman in a bath on a billboard in the northern British city of Leicester.

Thankfully, all is not what it seems and it appears ...

A storm on Friday damaged the existing billboard’s skin – an ad for telco firm BT that showed a woman in a bath watching her laptop – which then revealed the previous ad that featured Mr. Blobby. more