Thursday, July 20, 2023

U.S. Blacklists 2 Firms - Built Meta, iOS and Android Spyware

The Commerce Department blacklisted two European cyber firms that build spyware software, the Commerce Department announced Tuesday, including technology hawked by both firms that was used to surveil Meta users and reportedly at least one Meta employee.

The software exploited vulnerabilities in Android and iOS software and deployed hundreds of spoof Meta accounts to surveil activists, politicians and journalists around the world.

The firms — Intellexa and Cytrox — were described jointly as traffickers of “exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide” in a Bureau of Industry and Security press release. more

Privacy Risks: Phones Purchased at Police Auctions

Law enforcement agencies nationwide regularly sell items that are seized in criminal investigations or are unclaimed from lost-and-found inventories. 

Many of these items—vehicles, jewelry, watches and electronic devices like cellphones—end up at online auction houses.

People looking for a bargain can bid on cellphones in bulk, snatching up dozens at rock bottom prices for parts or other uses. This ultimately provides revenue for the police agencies, making for a good deal for everyone involved. Or is it?

A recent study by University of Maryland security experts found that many of the phones sold at police property auction houses are not properly wiped of personal data. The study, conducted over two years with cellphones bought from the largest police auction house in the U.S., uncovered troves of personal information from previous owners that was easily accessible. more

Kevin Mitnick, Hacker Turned Security Consultant, Dies at 59

Kevin Mitnick, who became the country’s most famous cybercriminal after an FBI manhunt and later became a cybersecurity consultant, died on July 16.

Mitnick, who was 59, died of pancreatic cancer, said Kathy Wattman, a spokeswoman for KnowBe4, where Mitnick worked. Mitnick’s survivors include his wife, Kimberley, who is expecting a child this year.

“Mr. Mitnick branded himself the ‘world’s most famous hacker,’ as KnowBe4 called him in a Thursday statement. As the World Wide Web was slowly being adopted across the globe, he broke into the computer systems of companies such as Motorola, Nokia and Sun Microsystems, causing what prosecutors alleged was millions of dollars in damage,” Kelly writes.

“Before he was 30, Mr. Mitnick had already served a brief prison sentence for computer crimes. But his infamy as a hacker was cemented in 1995, when the FBI arrested him in the middle of the night at a North Carolina apartment in a highly publicized raid that capped a 24-hour stakeout outside his home and brought an end to his more than two years as a fugitive.”

Mitnick was a polarizing figure in the cybersecurity community after his release from prison in 2000. “He portrayed himself as a misunderstood ‘genius’ and pioneer, and some supporters said he was a victim of overzealous prosecution and overhyped media coverage,” Kelly writes.

“He became a cause célèbre for the internet,” former federal cybercrime prosecutor Mark Rasch, who investigated Mitnick, told Kelly. “There was this idea that he was liberating data, he was liberating information, and that he was just proving how hacking could be done,” he said. “You had a whole bunch of people in the hacker defense community who thought he was the worst thing in the world, and people in the hacker community who thought he was a demigod.” website

Wednesday, July 12, 2023

Alert: Not All Documents Labeled Confidential Actually Are

A Harris County Texas District Court jury found a telecom company acted in bad faith by filing a $23 million trade secret misappropriation lawsuit against a rival where the underlying technology was found to not actually be a trade secret...


As Texas courts have noted, and Liquid Networx cited in its motion for directed verdict, affixing a confidentiality label to a document does not necessarily make the information within a trade secret. See Providence Title Co. v. Truly Title, Inc., 547 F. Supp 3d 585, 609 (E.D. Tex. 2021) (“[B]usiness information is not necessarily a trade secret simply because it is confidential.”)...

It is important to always consider the nature of the document, how it was created, what value comes from keeping it confidential, what efforts are made to keep it from third parties, and what safeguards are used when it is disseminated to third parties, in analyzing trade secrets. more

Note: TSCM information security surveys are used by savvy businesses to show serious trade secret protection efforts. 

South Korean Spy Luck, or Pearls of Wisdom

For weeks, counterintelligence officials at South Korea's spy agency struggled to crack a tiny adversary — a locked USB stick that they believed was the key to proving that a South Korean labor activist followed orders from the North to foment unrest in the South...

The solution to this dilemma was randomly discovered by a NIS agent, who stumbled upon a string of gibberish written in the Latin alphabet that read, “rntmfdltjakfdlfkehRnpdjdiqhqoek,” in another data storage device owned by Seok. 

When the NIS agent typed out Korean letters in the same locations on a computer keyboard as these Latin letters in the same order, they spelled out, “Even three sacks of pearls only turn into treasure if you weave them together.”


The Korean proverb proved key to uncovering the cipher officials needed to crack the USB and the word document inside it. more

Crocs Sues Rival Joybees Over Stolen Trade Secrets...

...by former manager...


Footwear makers Crocs and rival Joybees have filed competing claims against each other in a U.S. court, as the companies clash over corporate trade secrets, intellectual property and competition in the foam clog market.

The new complaint accuses McCarvel, who was a midlevel manager at Crocs, of stealing several thousand documents containing Crocs’s highly confidential and proprietary business information, as well as the contents of an entire Crocs email account...

The complaint accuses McCarvel of using the stolen documents to build Crocs' rival shoe company, Joybees. more

Business Espionage: Quote of the Week

“...cyber threat actors target successful firms, possibly for industrial espionage,” AEI researchers said in a study released this month. “Large cash holdings increase the likelihood...” more


14 Hilarious Moments from Spy Spoofs and Comedies

There are few film genres as reliable in modern times as spy films, shows and even video games

James Bond led the way to Remington Steele to Ethan Hunt to Solid Snake to Austin Powers. But the somber seriousness of the espionage game makes it a prime target for comedians and comedy writers to mine some humor out of all the profession’s sternness, violence and ludicrous clandestine nature.

Your mission (should you choose to accept it) is to enjoy these funniest moments from or about the spy genre in pop culture. more

Thursday, July 6, 2023

Step one: Identifying Your Trade Secrets

Can you identify your business’ most valuable information, how it is stored and who has access to it?


Are you sure? 

It may surprise you that even some of the most sophisticated companies in the world don’t have a proper handle on their information “crown jewels” or trade secrets until someone tries to take them. 

Now is a good time to review your business’ approach to protection of its trade secrets and other confidential information and make sure you have done everything you can to protect them.

Why now? Data is one of the most valuable assets any business has. Industrial espionage is becoming more prevalent (and sophisticated)... more

Once you know what you have to protect, install an alarm system. In this realm, Step One is creating a scheduled program of Technical Surveillance Countermeasures (TSCM) inspections.

Lawsuit: West Virginia Police - Spying Using Hidden Cameras on Women & Minors

West Virginia State Police have been accused of planting hidden cameras to spy on women, from active law enforcement officers to recruits training at the academy, some of whom were minors.


Two of the active West Virginia law enforcement officers involved in the civil suit, Brenda Lesnett and Megan Talkington, spoke with CNN...

Lesnett and Talkington are two of around 70 women suing the department after an anonymous letter addressed to the state’s top lawmakers with the allegations was made public in February. Among the allegations of misconduct, which are said to have taken place over a 10-year period, are a hidden camera system set up in the women’s locker room and showers at the West Virginia Police Academy. Some of the possible victims are minors who took part in a junior program. Lesnett and Talkington said there could be “hundreds, if not thousands” of total victims. more

Protect yourself. Learn how you can detect spycams.

France Set To Allow Police To Spy Through Phones

French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late Wednesday.


Part of a wider justice reform bill, the spying provision has been attacked by the left and rights defenders as an authoritarian snoopers' charter, though Justice Minister Eric Dupond-Moretti insists it would affect only "dozens of cases a year".

Covering laptops, cars and other connected objects as well as phones, the measure would allow geolocation of suspects in crimes punishable by at least five years' jail.

Devices could also be remotely activated to record sound and images of people suspected of terror offenses, as well as delinquency and organized crime. more

NJ Makes It Harder for Police to Snoop on Social Media

New Jersey is known for many things, from delicious bagels to the heated pork roll vs. Taylor ham debate... But the Garden State deserves a new accolade: defender of digital privacy rights.

In an important decision that has seemingly flown under the radar, late last month the Supreme Court of New Jersey decided Facebook Inc. v. State, which puts much-needed guardrails on police conduct in the state when it comes to law enforcement’s access to digital communications. more

Tasmanian Government Blocks Radio Network Eavesdropping

Australia - The days of people listening to the police scanner are numbered, with the Tasmanian Government officially launching their new ‘secure’ Government Radio Network today.

Telstra were contracted to commission the $763 million dollar initiative, which the State Government say is one of Tasmania’s largest infrastructure projects ever.

TasGRN has ‘been purpose-built’ and will be used all Government agencies – including Tasmania Police, Ambulance Tasmania, Tasmania Fire Service, Tasmania SES, Department of Natural Resources and Environment, Sustainable Timber Tasmania, TasNetworks and Hydro Tasmania.

Police & Emergency Services Minister Felix Ellis says the new network is “secure” and will allow Tasmania’s key organisations “to better serve the community with fully encrypted voice communications, limiting exposure to criminals covertly accessing the network”. more

Saturday, July 1, 2023

US Spies Issue Warnings Over Risks of Doing Business in China

US intelligence officials renewed warnings for American companies doing business in China, citing an update to a counterespionage law that’s due to take effect (today, July 1, 2023).


A bulletin issued by the National Counterintelligence and Security Center on Friday warns executives that an update to China’s counterespionage law, which comes into effect on July 1, has the “potential to create legal risks or uncertainty” for companies doing business in China.

It adds that the law broadens the scope of China’s espionage law and expands Beijing’s official definition of espionage. “Any documents, data, materials, or items” could be considered relevant to the law due to its “ambiguities,” the bulletin says. more

North Carolina House Speaker Installs Spy Cameras

Rep. Tim Moore (R-Cleveland) allegedly used his political influence to bed former Apex Town Councilman Scott Lassiter’s wife, Jamie Liles Lassiter, over the course of their three-year extramarital relationship, according to a lawsuit filed June 18.

After Lassiter, 36, confronted the Republican legislator about the infidelity, Moore allegedly hired an unidentified goon to install a camera on the Lassiters’ Raleigh property earlier this month in an effort to keep the tryst under wraps.

“Defendant Tim Moore and Defendant John Doe willfully and wantonly interfered with [Lassiter’s] property rights and right to privacy by entering upon [Lassiter’s] property in the middle of the night and installing equipment intended to surreptitiously record [Lassiter’s] private actions in his own home,” the lawsuit states.
Lassiter claims to have found the camera inside his flowerbed in the early hours of June 1, on what would have been his and Jamie’s 10th wedding anniversary. more