Thursday, October 17, 2019

Massive Corporate Espionage Attack: 'One million pages stolen'

Australian blood giant CSL has been rocked by an alleged corporate espionage attack, with a former "high level" employee accused of stealing tens of thousands of its documents - including trade secrets - in order to land a job at a key competitor...
CSL’s allegations are expected to reverberate through the highly competitive global drug making industry where trade secrets are the most prized possession of the companies. more
It's never this obvious.

Any pharmaceutical company without: 
  • a robust Information Security Policy, 
  • Recording in the Workplace Policy
  • IT Compliance and Surveillance program, 
  • regularly scheduled Technical Surveillance Countermeasures (TSCM) inspections (with an Information Security Survey component)
is an easy target. Sadly, they won't even know they have had their brains picked until the damage is done.

CSL had protection measures in place. Thus, this discovery, and recovery. ~Kevin

Iranian President's Brother Claims Presidential Office was Bugged

Iran - After surrendering to serve his five-year term in prison, the younger brother of Iran’s president, Hossein Fereydoun claimed in a statement October 16 that the judge had convicted him based on eavesdropping on the presidential office.

A close advisor to Hassan Rouhani, Fereydoun did not name the body or persons responsible for the eavesdropping. Nevertheless, it is public knowledge that the Islamic Revolution Guards Corps Intelligence Organization had been behind the lawsuit against him. more

Holy Crap: IT Folks Fear the Internet Connected Toilet

IT security professionals are nervous people.

This seems clear from a new survey perpetrated on the part of the hardware security company nCipher...

The surveyors asked 1,800 IT security professionals in 14 countries about vital elements...

Thirty-six percent confessed they were afraid they'd be spied upon by an internet-connected device. The same number feared they'd have money stolen.

Twenty-four percent fear personal embarrassment as unholy information about them would be leaked.

I, though, feel a particular empathy for the 21% who are afraid that pranksters will hack their connected toilets. more

Friday, October 11, 2019

Spy Camera Detectors – Do they work? How do they work?

Covert cameras have been around since the 1800’s. Interestingly, as soon as photography developed, people wanted to surreptitiously take photos. From voyeurs to private eyes, a spycam was the gadget to have.

In 1900, movie maker, George Albert Smith, glamorized optical voyeurism in his movie, As Seen Through a Telescope. We will take a historical shortcut here and leave the discovery of these early film spy cameras to auctioneers and collectors.

Our spy camera detection history begins with the advent of CCD and CMOS behind the lens. These are the electronic sensors within modern digital spy cameras which capture images.

With a little knowledge—aided by some inexpensive gadgets—you can detect spycams! Continued here.

Planting Spy Chips in Routers - Proof of Concept

More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks...

But even as the facts of that story remain unconfirmed...

Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment... more
5 Cheap Things to Beef Up Your Security
by Rob Kleeger,
Digital4nx Group

Here are a few simple things to prevent and keep most of your private information as safe as possible from hacks or negligence.
  1. Invest in a Password Manager:  If you are like me, most people can’t remember the login details for the dozens of online services they use, so many people end up using the same password — or some variation of one — everywhere. If you are one of those people, this means that if just one site on which you use your password gets hacked, someone could gain access to all your accounts.
  2.  Use a virtual private network (VPN) service: When connected to any internet-connected device, it helps to keep most of your browsing private from your internet service provider; it reduces some online tracking; and it secures your connections when you use public Wi-Fi.
  3. Turn on MFA (2FA) on everything: Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because knowing the victim's password alone is not enough to pass the authentication check. Two-factor authentication doesn’t guarantee security, and it is vulnerable to hacking attacks like phishing attempts that spoof a login page.
  4. Backup: Have a backup plan. All too often, SMB leadership says they backup, but the backup is saved on the server, which if gets encrypted, serves no purpose...neither does attaching a NAS to the same network. Have a cloud-based or offline based backup plan. Confirm backups run regularly and periodically test those backups to do a full restore. 
  5. Don't forget about the paper:  In many ways, people are so focused on cybersecurity, they forget about the basics. Use a cross-cutting paper shredder.  Wirecutter recommends the AmazonBasics 15-Sheet Cross-Cut Shredder for most people, though serious privacy mavens should step up to the AmazonBasics 12-Sheet High-Security Micro-Cut Shredder, which runs a little slower but produces confetti half the size of a cross-cut shredder’s pieces.

Thursday, October 10, 2019

LaFollette Councilwoman Indicted - 34 counts of Wiretapping and Electronic Surveillance

TN - A LaFollette city councilwoman was indicted Thursday on wiretapping and official misconduct charges after a nearly eight-month investigation by the Tennessee Bureau of Investigation...


Campbell County District Attorney Jared Effler requested the TBI investigate after a recording device was found in the LaFollette City Hall Conference Room. Investigators later determined that Thompson was responsible for placing the device in the conference room.

On October 2nd, the Campbell County Grand Jury returned indictments charging Thompson with 34 counts of Wiretapping and Electronic Surveillance and two counts of Official Misconduct.  more

Julian Assange’s Hideout May Have Been Bugged

A Spanish security firm that worked for the Ecuadorean embassy in London is being investigated on suspicion it spied on WikiLeaks founder Julian Assange for US secret services.

Spain’s National Court says it is investigating whether David Morales and his Undercover Global SL security agency invaded Assange’s privacy and that of his lawyers by installing hidden microphones and other devices in the embassy.

It said the information gathered appeared to have been passed on to Ecuadorean and US bodies. more

UPDATE - Director of Spanish security company that spied on Julian Assange arrested.

Cop Dropped for Electronic Eavesdropping - Nothing Further to Report

CA - The Roseville Police Department arrested an officer of Folsom’s police force Wednesday on suspicion of stalking, electronic eavesdropping and illegally using monitoring equipment...

The Roseville Police Department said it would not be releasing any further information regarding the investigation. more

Read more here: https://www.sacbee.com/news/local/crime/article235979622.html#storylink=cpy

Read more here: https://www.sacbee.com/news/local/crime/article235979622.html#storylink=cpy

Don't Get Struck by Lightning by Borrowing a Cable

Bad news: A hacker has created a rogue Lightning cable that lets bad guys take over your computer. Worse news: Now it’s being mass-produced.

... from now on, asking a stranger to borrow a Lightning cable, or accepting an offer by a stranger to give you one, is the last thing you’ll want to do if you’re scrupulous about protecting your data.

That’s because a hacker has created the first Lightning cable that, when plugged into your Mac or PC, will allow someone to remotely take over your computer.

Worse, this hacked Lightning cable, called the O.MG Cable, isn’t a bespoke one-off. It’s being mass-produced in factories so anyone can buy and use them to target your datamore

Japan Ninja Student - Writes Essay in Invisible Ink - Gets A+

Japanese student of ninja history who handed in a blank paper was given top marks - after her professor realised the essay was written in invisible ink.

Eimi Haga followed the ninja technique of "aburidashi", spending hours soaking and crushing soybeans to make the ink.

The words appeared when her professor heated the paper over his gas stove.

"It is something I learned through a book when I was little," Ms Haga told the BBC. more

Tuesday, October 8, 2019

A Blue Blaze Irregular Asks About RFID Money Detectors

Hi Kevin, 

I would love it if you did a report on the RFID in currency and the "detectors" that are used to identify the exact amount of cash in a car, suitcase, etc. 

For example, a husband and wife were driving with $14,000 cash to buy a car when an automobile from Homeland Security pulled alongside them for a minute to scan their car. When they realized the car had $14,000 in it, they informed the local law enforcement which then proceeded to pull the car over to confiscate the money. Or the sheriff in Northern California who uses a similar "detector" to pull over people who are bringing cash to Nor Cal to buy cannabis during harvest season. From what I've read, wrapping anything that has the RFID in it with aluminum foil or a Faraday cage-like material is enough to block any signals. I think your readers would find this very interesting. 

Thanks Kevin I appreciate it. 

FutureWatch: I looked into it and found some interesting articles. It appears the U.S. Treasury department is looking into it. They currently have a Request for Information (RFI) out to develop this technology. Answers due by January, 24, 2020.

Technical papers on this technology include...
Banknote Validation through an Embedded RFID Chip and an NFC-Enabled Smartphone
A Comparison Survey Study on RFID Based Anti-Counterfeiting Systems
RFID banknotes

Apparently, this technology has been explored since at least 2001. I couldn't find that it has been implemented anywhere... yet. It appears it may be coming, however.

Our BBI is correct. RFID readers can be easily blocked by Faraday Cage techniques.

All this reminds me weapons of war; evolutionary stair-step escalation through the ages.

Double FutureWatch: RFID tracking of currency may become a moot point if governments leap-frog into cryptocurrencies.

Monday, October 7, 2019

Signal Users - Time to Patch

A security flaw in the privacy-focused encrypted messaging service Signal could enable a threat actor to listen to the audio stream recorded by the Android device of another Signal user, without their knowledge...

The attack does not work with Signal video calls.

The issue was discovered last month by a researcher with Google Project Zero. Signal has already released a patch. more

GPS Cyberstalking of Girlfriend Brings Indictment for Alleged Mobster

20 supposed wiseguys charged because one was possessive...

Joseph Amato's attempt to surveil his girlfriend by attaching a hidden GPS device to her car led authorities to surveil the alleged mobster, and ultimately to his indictment by a grand jury...

"In November 2016, a GPS tracking device was found on an MTA bus in Staten Island during a routine maintenance inspection: it had been hidden in an oil pan," the government's detention memo states. "In fact, Joseph Amato had purchased the device to place a girlfriend, identified herein as Jane Doe, under close surveillance and used the tracking device in an attempt to maintain control over her."...

...after Jane Doe discovered the GPS tracker on her car and removed it. The detention memo suggests she placed it on an MTA bus to thwart Amato's surveillance. more

Women Snooping on Boyfriends Help Topple Dictator Instead

It all started in 2015 with a frantic message from a woman in Sudan who was having cold feet ten days before her wedding. The woman had a nagging feeling her husband-to-be was cheating on her, and she was desperate to find out the truth before she went through with the marriage.

She decided to reach out to her friend Rania Omer, who had won a lottery visa to become a U.S. citizen five years earlier.

Now Omer was 24 and studying at a college in Nebraska, but she still fancied herself an anti-matchmaker among her close-knit community back home in Khartoum. The friend wanted Omer’s help. Would she mind posting a photo of the potential husband to Facebook to see if other women could dig up information on him?

A few hours later, Omer had her answer: one commenter posted to say she was his wife. more