Friday, October 25, 2019

Espionage Weekend Movie: "The Current War"

Don't let the fancy attire and the Gilded Age setting fool you, there is nasty business afoot in "The Current War."

It's a power struggle, both literal and societal, with Benedict Cumberbatch as inventor Thomas Edison on one side, Michael Shannon as industrialist George Westinghouse on the other, Nicholas Hoult as eccentric visionary Nikola Tesla in the middle and the future of electricity in America hanging in the balance.



In theaters Friday, Oct. 25, the film is a tale of innovation advanced via moral compromise. There are dead animals, corporate espionage, even the invention of the electric chair all deployed in the battle to determine whether Edison's direct current or Westinghouse's alternating current would light up the nation.

It's a story rife with tragedy and squandered potential. more

Spy Doc Dropped

The doctor accused of corporate espionage and stealing trade secrets from blood giant CSL to further his career and to land a job at rival group Pharming has been sacked from his job.

Dutch pharmaceutical company Pharming announced on Thursday that it had permanently terminated Joseph Chiao's employment.

Dr Chiao had been subject to a US court injunction preventing him from starting work at Pharming in October so that CSL and Pharming could investigate CSL's allegations that Dr Chiao had stolen 1,000,000 documents from CSL. more

Hacker Physically Plants Keylogger Devices on Company Systems

A hacker admitted to planting hardware keyloggers on computers belonging to two companies to get unauthorized to their networks and steal proprietary data. He now faces 12 years of prison time.

It appears that the individual was after data relating to an "emerging technology" that both targeted companies were developing.

In February 2017, 45-year old Ankur Agarwal of Montville, New Jersey, trespassed the premises of one of the two tech companies and installed keylogging devices on its computers to capture employee usernames and passwords. He also added his laptop and a hard drive to the company's computer network. more

A Technical Information Security Survey could have prevented this in the first place. ~Kevin

Racoon Steals Data for $200. per Month - Cute

A new kind of easy to use trojan malware is gaining popularity among cyber criminals, providing them with simple means of stealing credit card data, passwords and cryptocurrency -- and it has already infected hundreds of thousands of Windows users around the world.

Raccoon Stealer first appeared in April this year and has quickly risen to become one of the most talked-about malware services in underground forums.

Researchers at Cybereason have been monitoring Raccoon since it first emerged, and note that while not sophisticated, it is aggressively marketed to potential criminal users, providing them with an easy-to-use back end, along with bulletproof hosting and 24/7 support -- all for $200 a month. more

Thursday, October 24, 2019

Turning Amazon and Google Smart Speakers into Smart Spies

Researchers at Germany’s SRLabs found two hacking scenarios — eavesdropping and phishing — for both Amazon Alexa and Google Home/Nest devices. They created eight voice apps (Skills for Alexa and Actions for Google Home) to demonstrate the hacks that turns these smart speakers into smart spies. The malicious voice apps created by SRLabs easily passed through Amazon and Google’s individual screening processes...

For eavesdropping, the researchers used the same horoscope app for Amazon’s smart speaker. The app tricks the user into believing that it has been stopped while it silently listens in the background. more

Google Accused of Spying with New Tool

Google employees have accused their employer of creating a surveillance tool disguised as a calendar extension designed to monitor gatherings of more than 100 people, a signal that those employees may be planning protests or discussing union organizing. Google parent company Alphabet “categorically” denies the accusation. 

The accusation, outlined in a memo obtained by Bloomberg News, claims severe unethical conduct from high-ranking Google employees, who they say allegedly ordered a team to develop a Chrome browser extension that would be installed on all employee machines and used primarily to monitor internal employee activity.  

Employees are claiming the tool reports anyone who creates a calendar invite and sends it to more than 100 others, alleging that it is an attempt to crackdown on organizing and employee activism. more

Hospital Bathroom Video Voyeur had 1 Million Images

FL - Authorities have arrested a 41-year-old man who they say hid a small camera in bathrooms at three Florida medical facilities...
 
Police began investigating on Oct. 3 when a hidden camera was found inside an employee bathroom at St. Mary's Medical Center. 
 
Investigators found more than a million still and video images.
 
(The suspect) was a technician who took CT scans at the hospital and PET scans at medical facilities in Delray Beach and Boca Raton. more

Toga! Toga! Toga! ...SCIF Fight!

SCIF fight shows lawmakers can be their own biggest cybersecurity vulnerability.

About two dozen House Republicans enter a sensitive compartmented information facility (SCIF) where a closed session before the House Intelligence, Foreign Affairs and Oversight committees took place.

A group of House Republicans could have created a field day for Russian and Chinese intelligence agencies when they stormed into a secure Capitol Hill room where their colleagues were taking impeachment testimony yesterday with their cellphones in tow. more

"You're all worthless and weak!" ~Doug Neidermeyer

Wednesday, October 23, 2019

CNN - In 1999 a listening device was planted inside the State Department...

After a suspicious rise in Russian diplomats visiting the State Department in 1999, the FBI worked with the Diplomatic Security Service to follow mysterious radio frequencies. For more, watch "Declassified" Sunday at 11 p.m. ET/PT. more

Thanks to our Blue Blase Irregular at Big T for spotting this one for us.

Free Ransomware Decryption Tool

Emsisoft Decryptor for STOP Djvu

The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.

Please note: There are limitations on what files can be decrypted. more

Of course, put all the safeguards in place first so you won't need this tool. ~Kevin

Friday, October 18, 2019

IT / Security Director Alert: Cisco Aironet Wi-Fi High-Severity Vulnerability Patch Available

Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.

It also issued a slew of additional patches addressing other flaws in its products.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. "...it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more

Thursday, October 17, 2019

Why Do CIA Spies Stop at Every Yellow Light?

After spending years in the CIA fighting to prevent nuclear terrorism and other catastrophes, some old habits just will not go away for the ex-spy Amaryllis Fox...

...a former CIA clandestine-service officer and author of the new book "Life Undercover: Coming of Age in the CIA"...

...CIA spies learn to master skills regular people do not, and they stick with you...

...But there is one old habit, she said, that drives her husband a little bit crazy — stopping at every yellow light when she drives. more

Welcome to our home. Your visit may be recorded for no apparent reason. Would you like a glass of wine?

The privacy backlash against AI-powered digital assistants has just taken an interesting twist, with a senior exec from one of the core proponents of the technology admitting that he has his own privacy concerns over the tech.

Google hardware chief Rick Osterloh told the BBC that guests visiting a home where smart speakers are stored should be warned that their conversations might be overheard and recorded. more

Calling All Ears - Calling All Ears

“EAVESDROPPING,” COMEDY CENTRAL DIGITAL SKETCH
Comedy Central is casting talent for “Eavesdropping,” a digital sketch. The production needs talent, aged 20–40, to play cute families, tourists, creepy men, and more. Two of the roles require the ability to cry on command. Filming will take place on Oct. 23 in New York City. Pay is $100 per day with meals provided on set. Apply here for the general background roles and apply here for the crying background roles!

Massive Corporate Espionage Attack: 'One million pages stolen'

Australian blood giant CSL has been rocked by an alleged corporate espionage attack, with a former "high level" employee accused of stealing tens of thousands of its documents - including trade secrets - in order to land a job at a key competitor...
CSL’s allegations are expected to reverberate through the highly competitive global drug making industry where trade secrets are the most prized possession of the companies. more
It's never this obvious.

Any pharmaceutical company without: 
  • a robust Information Security Policy, 
  • Recording in the Workplace Policy
  • IT Compliance and Surveillance program, 
  • regularly scheduled Technical Surveillance Countermeasures (TSCM) inspections (with an Information Security Survey component)
is an easy target. Sadly, they won't even know they have had their brains picked until the damage is done.

CSL had protection measures in place. Thus, this discovery, and recovery. ~Kevin