State-backed hackers are seizing on the coronavirus pandemic to lead cyber espionage.
In a rare joint assessment released on Wednesday, Britain’s National Cyber Security Centre — a branch of signals intelligence agency GCHQ — and the US’ Cybersecurity and Infrastructure Security Agency — part of the Department of Homeland Security — highlighted the “growing use” of Covid-19 in state-sponsored cyber attacks.
The frequency and severity of these initiatives is likely to “increase over the coming weeks and months”, the NCSC said. more
By monitoring network activity one can document and quantify this type of spying activity. Other spying methods—bugging, and physical intrusions—are covert, thus undetected. Makes sense these would be on the rise as well. Maybe more so. Something to think about while your offices are empty and vulnerable. ~Kevin
Thursday, April 9, 2020
Attorney Warns Business Against Relaxing Security Standards
via Seyfarth Shaw LLP -
Jeremy A. Cohen
And, of course, there are bad actors taking advantage of the current situation.
Relaxed security make systems and information far more susceptible to hacking and other data breaches, which often carry mandatory reporting obligations and hefty penalties, and invariably lead to class action lawsuits, not to mention privacy concerns.
Accordingly, companies should think twice before loosening these security standards. By all accounts, the current COVID-19 crisis will be relatively short-lived (whether that means weeks or months is, of course, unknown), but as the saying goes, once a secret is known, it cannot be unknown.
And when this is all said and done, while courts will likely give some leeway as a result of the emergency situation, if basic safeguards were disregarded, courts may have a hard time concluding that a company undertook reasonable efforts to safeguard its information, as is required in all jurisdictions to merit trade secret protection. more
And, of course, there are bad actors taking advantage of the current situation.
Relaxed security make systems and information far more susceptible to hacking and other data breaches, which often carry mandatory reporting obligations and hefty penalties, and invariably lead to class action lawsuits, not to mention privacy concerns.
Accordingly, companies should think twice before loosening these security standards. By all accounts, the current COVID-19 crisis will be relatively short-lived (whether that means weeks or months is, of course, unknown), but as the saying goes, once a secret is known, it cannot be unknown.
And when this is all said and done, while courts will likely give some leeway as a result of the emergency situation, if basic safeguards were disregarded, courts may have a hard time concluding that a company undertook reasonable efforts to safeguard its information, as is required in all jurisdictions to merit trade secret protection. more
Wednesday, April 8, 2020
Interesting Article in Food Safety Magazine
In addition to nation-state industrial espionage, companies face a wide range of threats.
“Hacktivists” launch attacks for ideological, political, or religious reasons, or simply for the challenge.
Criminal organizations attack for profit, trying to extract payment from the victim.
In addition, companies sometimes become victims even if they are not the intended target, such as the notpetya attack, which targeted a software company but had much broader impact, including the food and agriculture industry.
It is important to know that nation states and criminal organizations both do target corporations, and this article will provide solutions on how companies can better protect themselves. more
“Hacktivists” launch attacks for ideological, political, or religious reasons, or simply for the challenge.
Criminal organizations attack for profit, trying to extract payment from the victim.
In addition, companies sometimes become victims even if they are not the intended target, such as the notpetya attack, which targeted a software company but had much broader impact, including the food and agriculture industry.
It is important to know that nation states and criminal organizations both do target corporations, and this article will provide solutions on how companies can better protect themselves. more
Spy Satellites Shelter in Place, or “Don’t Stop Me Now" Stopped
The rapid spread of COVID-19 around the globe has delayed the launch of three US intelligence payloads from New Zealand until at least April 23, launch provider Rocket Lab confirmed April 6.
Rocket Lab announced that they were pausing the scheduled March 30 launch of three National Reconnaissance Office payloads following the New Zealand government’s March 23 announcement that the country would enter Alert Level 4. This forced most businesses to close and the government ordered people to stay at home...
Dubbed “Don’t Stop Me Now," the March 30 launch would have been the second NRO mission launch from Rocket Lab’s New Zealand facility. more
Rocket Lab announced that they were pausing the scheduled March 30 launch of three National Reconnaissance Office payloads following the New Zealand government’s March 23 announcement that the country would enter Alert Level 4. This forced most businesses to close and the government ordered people to stay at home...
Dubbed “Don’t Stop Me Now," the March 30 launch would have been the second NRO mission launch from Rocket Lab’s New Zealand facility. more
The Spy - Pre-Release Trailer
The trailer for an upcoming WWII-set action-drama titled The Spy has been released online through Signature Entertainment. The film will be released on digital in June. more
Tuesday, April 7, 2020
Spy-Hunter Killed in Lebanon
A prominent Hezbollah commander, Muhammad Ali Yunis, was killed by unknown gunmen on Sunday morning in southern Lebanon, Iranian and Lebanese media reported.
The Iranian semi-official Fars news agency reported that the slain commander was “responsible for tracking spies and collaborators.” more
The Iranian semi-official Fars news agency reported that the slain commander was “responsible for tracking spies and collaborators.” more
Taiwan Joins Canada & More in Banning Zoom
Taiwan's cabinet has told government agencies to stop using Zoom
Video Communications Inc.'s video conferencing app, the latest blow to
the company as it battles criticism of its booming platform over privacy
and security. more
Malaysia - The National Security Council (NSC) has warned that hackers could be listening to their conversations amid increasing use of video conferencing applications during the movement control order (MCO) period. more
New York City's education department is directing teachers and staff to “move away from using Zoom as soon as possible” for virtual instruction purposes due to cybersecurity concerns, department spokesperson Danielle Filson said on Saturday. more
Google has banned Zoom from its staffers' devices. Google told its employees last week that it would block Zoom from working on their Google-provided computers and smartphones. This move comes after Taiwan tolds government employees not to use Zoom. Earlier, New York schools told its teachers to "gradually transition" from Zoom to another video-conferencing service. more
Malaysia - The National Security Council (NSC) has warned that hackers could be listening to their conversations amid increasing use of video conferencing applications during the movement control order (MCO) period. more
New York City's education department is directing teachers and staff to “move away from using Zoom as soon as possible” for virtual instruction purposes due to cybersecurity concerns, department spokesperson Danielle Filson said on Saturday. more
Google has banned Zoom from its staffers' devices. Google told its employees last week that it would block Zoom from working on their Google-provided computers and smartphones. This move comes after Taiwan tolds government employees not to use Zoom. Earlier, New York schools told its teachers to "gradually transition" from Zoom to another video-conferencing service. more
Rare World War II Footage Released - British Spy Center
A silent film shows MI6 staff members at a site linked to the code-breaking facility Bletchley Park during World War II.
Like a home movie reel, the silent footage shows young people at candid moments: playing soccer and cricket, sunbathing, smiling and making faces at the camera...
But they were not ordinary office colleagues: They were off-duty secret British communications staffers, linked to code-breakers who decrypted German ciphers and helped the Allies win World War II.
The newly revealed footage features staff members of the MI6 Section VIII — the British spy agency’s communications staff — filmed at a site associated with the famous code-breaking facility Bletchley Park. more
Like a home movie reel, the silent footage shows young people at candid moments: playing soccer and cricket, sunbathing, smiling and making faces at the camera...
But they were not ordinary office colleagues: They were off-duty secret British communications staffers, linked to code-breakers who decrypted German ciphers and helped the Allies win World War II.
The newly revealed footage features staff members of the MI6 Section VIII — the British spy agency’s communications staff — filmed at a site associated with the famous code-breaking facility Bletchley Park. more
New iPad Pro Prevents Eavesdropping or Spying
Apple beefs up iPad Pro security by disabling the microphone when the case is closed, a feature which was previously reserved for the Mac.
Apple introduced a feature with the 2018 MacBook lineup, allowing the microphone to be disabled whenever the display lid was closed. This measure was put in place to prevent eavesdropping, preventing malicious apps to tap into the microphone to gather extra data about you.
Fast forward to 2020 and the feature has come to the new iPad Pro lineup. The way it works is pretty simple - just close the lid of the case on the iPad Pro, which has to be MFi compliant, and the microphone is physically disconnected to prevent any sort of eavesdropping or malicious code from running if iPadOS is compromised in some way. more
Apple introduced a feature with the 2018 MacBook lineup, allowing the microphone to be disabled whenever the display lid was closed. This measure was put in place to prevent eavesdropping, preventing malicious apps to tap into the microphone to gather extra data about you.
Fast forward to 2020 and the feature has come to the new iPad Pro lineup. The way it works is pretty simple - just close the lid of the case on the iPad Pro, which has to be MFi compliant, and the microphone is physically disconnected to prevent any sort of eavesdropping or malicious code from running if iPadOS is compromised in some way. more
Friday, April 3, 2020
Facebook Tried to Buy Controversial Tool to Spy on iPhone Users, Court Filing Reveals
Over the last few years, Facebook has had a slew of privacy and security blunders and more details about one of them have come to light through a new court filing as the social media company is suing the spyware company NSO Group. It turns out Facebook tried to buy controversial government spyware to monitor iPhone and iPad users.
Reported by Motherboard, when Facebook was starting to build its spyware cloaked in a VPN product, Onavo Protect for iOS and Android, the social media company reached out to the controversial company NSO Group that creates spyware for government agencies...
Apple made Facebook remove Onavo Protect from the App Store in August of 2018.
Then in 2019 Facebook repackaged it as a “Research app” and tried to pay teens to sideload it on their devices.
The Research app was shut down as well and Facebook finally shutdown Onavo completely in February 2019. more
Reported by Motherboard, when Facebook was starting to build its spyware cloaked in a VPN product, Onavo Protect for iOS and Android, the social media company reached out to the controversial company NSO Group that creates spyware for government agencies...
Apple made Facebook remove Onavo Protect from the App Store in August of 2018.
Then in 2019 Facebook repackaged it as a “Research app” and tried to pay teens to sideload it on their devices.
Zoom’s Encryption Is “Not Suited for Secrets” and Has Surprising Links To China, Researchers Discover
Meetings on Zoom, the increasingly
popular video conferencing service, are encrypted using an algorithm
with serious, well-known weaknesses, and sometimes using keys issued by
servers in China, even when meeting participants are all in North
America, according to researchers at the University of Toronto.
The
researchers also found that Zoom protects video and audio content using
a home-grown encryption scheme, that there is a vulnerability in Zoom’s
“waiting room” feature, and that Zoom appears to have at least 700
employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab
— widely followed in information security circles — that Zoom’s service
is “not suited for secrets” and that it may be legally obligated to
disclose encryption keys to Chinese authorities and “responsive to
pressure” from them.Zoom could not be reached for comment. more
4/15/2020 UPDATE - More top companies ban Zoom following security fears. more
Thursday, April 2, 2020
Think Your Smart Speaker is Spying On You... get Paranoid
(Note: As of this date the manufacturer is only accepting pre-orders. Gauging demand before going into production is not uncommon. The following is just an interesting bit of news; not a product endorsement. Also, it might be an April Fool's prank.)
Their headline reads, "Blocks smart speakers from listening, while keep them voice-activated. Just say "Paranoid" before your usual commands." more
"How?" ...you may ask.
A. In one of three ways.
Their headline reads, "Blocks smart speakers from listening, while keep them voice-activated. Just say "Paranoid" before your usual commands." more
"How?" ...you may ask.
A. In one of three ways.
- The BUTTON model begins with the mute button pressed. When it hears you say, "Paranoid" it presses again, thus letting your next command to pass through. After your command is finished it re-mutes with another press.
- The HOME model (it appears) uses ultrasound to block the speakers microphones. Click here to learn how ultrasound blocking works. The volume needed for this application is very low so it shouldn't be a health risk.
- The MAX model requires you sending them your smart speaker so they can physically install their solution. People who use this option are not true paranoids. True privacy paranoids would be afraid the unit might come back, bugged!
Wednesday, April 1, 2020
Guest Wi-Fi Access Comes with Risks for Organizations
Reported this week: A convicted sex offender downloaded indecent child images at a hostel where he was staying after using another resident's wi-fi code. more
In this case, a stolen access code was used to gain access. In many organizations the same guest code is given out to all guests. Sometimes it is even posted. Often it is never changed. Once the password is out, there is no telling who will access the system, or when, or for what purpose.
Downloading illegal images is only one of many guest access risks.
While hiding behind a reputable IP address unauthorized and anonymous "guests" can also conduct: drug transactions, video voyeurism, blackmail, financial scams, hacking, and more. The finger points at the organization's network. They might be legally held responsible. And, these are just the outward facing threats. Guest access can also be a pivot point to internal information theft.
Take this 15 second assessment.
Does your organization...
Legal defense is expensive. Reputational damage is hard to quantify. A proactive professsional analysis is easy. Reduce risk and keep profits where they belong, in the bottom line.
In this case, a stolen access code was used to gain access. In many organizations the same guest code is given out to all guests. Sometimes it is even posted. Often it is never changed. Once the password is out, there is no telling who will access the system, or when, or for what purpose.
Downloading illegal images is only one of many guest access risks.
While hiding behind a reputable IP address unauthorized and anonymous "guests" can also conduct: drug transactions, video voyeurism, blackmail, financial scams, hacking, and more. The finger points at the organization's network. They might be legally held responsible. And, these are just the outward facing threats. Guest access can also be a pivot point to internal information theft.
Take this 15 second assessment.
Does your organization...
- Provide guest Wi-Fi access?
- Does guest access use the organization's network?
- Is access unencrypted?
- Do all guests use the same password?
- Is the password posted anywhere, as in a conference room?
- If posted, can it be seen from outside with binoculars or a drone?
- Has the password remained the same for over a month?
Legal defense is expensive. Reputational damage is hard to quantify. A proactive professsional analysis is easy. Reduce risk and keep profits where they belong, in the bottom line.
The Potato Chip Bag Spy
Back in 2014, the potato chip bag became an audio eavesdropping device...
Want to listen in on a juicy conversation? Researchers from the Massachusetts Institute of Technology, Microsoft, and Adobe have designed an algorithm that can pick up conversation by analyzing the vibrations from speech as they ripple through a potato chip bag, MIT News reports. more
In 2020, the potato chip bag became a visual eavesdropping device too...
Mirrors aren't the only shiny objects that reflect our surroundings. Turns out a humble bag of potato chips can pull off the same trick, as scientists from the University of Washington, Seattle have made it possible to recreate detailed images of the world from reflections in the snack's glossy wrapping.
The scientists took their work a step further by predicting how a room's likeness might appear from different angles, essentially "exploring" the room's reflection in a bag of chips as if they were actually present. This is analogous to a classical problem in computer vision and graphics: view synthesis, or the ability to create a new, synthetic view of a specific subject based on other images, taken at various angles. more
The future?
Want to listen in on a juicy conversation? Researchers from the Massachusetts Institute of Technology, Microsoft, and Adobe have designed an algorithm that can pick up conversation by analyzing the vibrations from speech as they ripple through a potato chip bag, MIT News reports. more
In 2020, the potato chip bag became a visual eavesdropping device too...
Mirrors aren't the only shiny objects that reflect our surroundings. Turns out a humble bag of potato chips can pull off the same trick, as scientists from the University of Washington, Seattle have made it possible to recreate detailed images of the world from reflections in the snack's glossy wrapping.
The scientists took their work a step further by predicting how a room's likeness might appear from different angles, essentially "exploring" the room's reflection in a bag of chips as if they were actually present. This is analogous to a classical problem in computer vision and graphics: view synthesis, or the ability to create a new, synthetic view of a specific subject based on other images, taken at various angles. more
The future?
How Small Can a Video Camera Be?
Currently, one of the smallest we know is 1.66mm in size. It has a built-in high-intensity LED light. If you don't need the light it shrinks to .97mm in diameter.
Specs: Color, 120 degree lens, 200 x 200 @ 30fps resolution
Subscribe to:
Posts (Atom)