This question comes from Reddit, where someone answered correctly.
Wednesday, October 18, 2023
World Spy News Roundup
PA - A Pittsburgh police commander previously placed on leave while officials investigated allegations he spied on colleagues has retired. Matthew Lackner, who had previously overseen the police bureau’s Zone 2 station in the Hill District, retired Tuesday, according to spokeswoman Cara Cruz. Mr. Lackner was placed on paid administrative leave earlier this month. A police source familiar with the incident said the commander was accused of putting a body-worn camera in an officer’s patrol vehicle to spy on the officer. more
Australia - Robot vacuums don’t just collect dust — they can also collect data of their surroundings, sending it back to external servers, experts at The Australian Information Security Association (AISA) warned on Tuesday. more
CA - The Five Eyes countries' intelligence chiefs came together on Tuesday to accuse China of intellectual property theft and using artificial intelligence for hacking and spying against the nations, in a rare joint statement by the allies. more
TX - It seems everything truly is bigger here in Texas, including the drama of partner snooping and infidelity! Recent data has exposed Texas as one of the leading states where the lines between privacy and suspicion are blurrier than ever. Relationship and sex expert Beth Darling joins the factor to talk about the data. more
USA - Ethical hacker helps prevent a potential espionage disaster for CIA. A glitch on X, formerly known as Twitter, could have opened a can of worms for the Central Intelligence Agency (CIA) had an ethical hacker on the microblogging website not sprung to action. more
VA - It could be years before Appian, a software company, sees a dollar of the $2 billion judgment it was awarded last year in a corporate espionage case against rival Pegasystems. more
China - China restricts foreign travel by bankers, state workers to curb spying... According to two analysts who spoke to the media, the moves reflect President Xi Jinping’s attention to national security in the midst of tense relations with the West. more
CA - The Five Eyes countries' intelligence chiefs came together on Tuesday to accuse China of intellectual property theft and using artificial intelligence for hacking and spying against the nations, in a rare joint statement by the allies. more
USA - Ethical hacker helps prevent a potential espionage disaster for CIA. A glitch on X, formerly known as Twitter, could have opened a can of worms for the Central Intelligence Agency (CIA) had an ethical hacker on the microblogging website not sprung to action. more
Donald Trump is suing a private investigations firm over "shocking and scandalous" claims that he engaged in "perverted sexual acts" in Russia. The former US president is taking legal action against Orbis Business Intelligence, a London-based company co-founded by ex-British spy Christopher Steele, over a dossier containing rumours about him that caused a storm before his 2017 presidential inauguration. more
Survey - 53% of employees in the Middle East, Turkiye, and Africa region fear spying from drones... Corporate spies and hackers use drones to get trade secrets, confidential information, and other sensitive data from corporations and data centers. A drone can carry a device for hacking into corporate networks – for instance, a smartphone, a compact computer (e.g., Raspberry Pi), or a signal interceptor (e.g., Wi-Fi Pineapple [1]), and hackers use these devices to access corporate data and disrupt communications. All wireless communication (Wi-Fi, Bluetooth, RFID, etc.) is vulnerable to drone attacks. more
Finland - Dead man's estate and firm fined €5m in shipyard espionage case. A man who worked for the Meyer Turku shipyard copied files from the shipyard and a shipping company onto a hard drive and transferred them to his own consulting firm – but then died while the investigation was underway. more
Survey - 53% of employees in the Middle East, Turkiye, and Africa region fear spying from drones... Corporate spies and hackers use drones to get trade secrets, confidential information, and other sensitive data from corporations and data centers. A drone can carry a device for hacking into corporate networks – for instance, a smartphone, a compact computer (e.g., Raspberry Pi), or a signal interceptor (e.g., Wi-Fi Pineapple [1]), and hackers use these devices to access corporate data and disrupt communications. All wireless communication (Wi-Fi, Bluetooth, RFID, etc.) is vulnerable to drone attacks. more
Finland - Dead man's estate and firm fined €5m in shipyard espionage case. A man who worked for the Meyer Turku shipyard copied files from the shipyard and a shipping company onto a hard drive and transferred them to his own consulting firm – but then died while the investigation was underway. more
IN - Parents Attack Little League Umpire after children say he was taking photos of them in bathroom. A Little League umpire is facing charges for allegedly taking photos of children in the bathroom... Deputies in Warrick County said they were called to an area baseball field because of reports that parents were fighting an umpire. Authorities said the parents told them the brawl started because their children came running out of the bathroom screaming that Custer had taken photos of them. more
Yet Another USB Cautionary Tale
Duped with a malicious USB...
Mr Burgess (ASIO Director General Mike Burgess) referenced an unnamed Australian company that found global success making a product "similar to a motion detector" before their sales suddenly dropped.
"A little while later, their product started being returned to the factory because they were broken," he said.
"When they opened their branded products, they discovered they weren't their branded products, because the components were inferior, they were exact knock-offs."
The problem was eventually traced to an international conference, where someone had offered to share information with one of the company's employees by plugging a USB into their laptop.
"That USB downloaded malware onto that laptop, which later on, when they were connected back to their corporate network, was used to steal their intellectual property," he said.
"That intellectual property was passed from the intelligence services to state-owned enterprise that mass-produced the goods and sold them on the market that undercut them." more
"A little while later, their product started being returned to the factory because they were broken," he said.
"When they opened their branded products, they discovered they weren't their branded products, because the components were inferior, they were exact knock-offs."
The problem was eventually traced to an international conference, where someone had offered to share information with one of the company's employees by plugging a USB into their laptop.
"That USB downloaded malware onto that laptop, which later on, when they were connected back to their corporate network, was used to steal their intellectual property," he said.
"That intellectual property was passed from the intelligence services to state-owned enterprise that mass-produced the goods and sold them on the market that undercut them." more
More USB Security Information...
• USB – Hacked Charging Cables
• USB – Malicious Spy Cable Detector Instructions
• USB – General Memory Stick Warning
• USB – NSA Type Cable Bug – $6.74
Extra USB Spy News - Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. "The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage and transfer of data between computer systems," Kaspersky said in its APT trends report for Q3 2023. more
Monday, October 16, 2023
The CARVER Mindset: How to Think Like a Spy - FREE
Luke Bencie (Mr. Carver Mindset), is a really smart guy. His book, Among Enemies: Counter-Espionage for the Business Traveler which first introduced me to him is excellent. Check out his other books, too. His Monday morning emails are always inspiring. I look forward to receiving them. Great way to start the week. The sign-up is at the bottom of this page.
I attended Carvercon 2022 at the University of South Florida and was impressed by the entire event. You can see this year’s event on-line, at no charge…
CARVERCON 2023 is coming November 1st (Day of the Dead).
This year's theme is The CARVER Mindset: How to Think Like a Spy
Friday, October 13, 2023
Smartphone Security: Delete These Apps
Smartphone owners have been urged to remove certain apps that could be spying on their activity.
Some of the most popular apps you love and have come to rely on could be posing more of a danger than they're worth. Here's what you need to know. ...some of those apps that you love and have come to rely on could actually be putting you at risk... We’ve (Reader's Digest) collected information about some of the worst offenders so that you can make an educated decision about which apps you trust with your privacy and which ones need to go...
CamScanner
Ana Bera is a cybersecurity expert with Safe at Last. She identified CamScanner, an app meant to imitate a scanner with your phone, as one of the apps consumers should be concerned about. “Cybersecurity experts have found a malicious component installed in the app that acts as a Trojan Downloader and keeps collecting infected files,” she explains. “This kind of app can seriously damage your phone and should be de-installed instantly. Luckily, once you remove it from your phone, it is highly unlikely that it will continue harming you.”
Weather apps
“Check your weather app,” says Shayne Sherman, CEO of TechLoris. “There have been several different weather apps out there that have been laced with Trojans or other malwares.” While the most benign of these claims to take your information purely for weather accuracy, he calls that questionable. “Watch your local forecast instead, and if you have Good Weather, delete it now,” he advises. “That one is especially dangerous.”
Facebook
Look, we all love our social networking apps. But cybersecurity expert Raffi Jafari, cofounder and creative director of Caveni Digital Solutions, says, “If you are looking for apps to delete to protect your information, the absolute worst culprit is Facebook. The sheer scale of their data collection is staggering, and it is often more intrusive than companies like Google. If you had to pick one app to remove to protect your data, it would be Facebook.”
WhatsApp
“This is a call to action for users who may be living under a rock and unaware of the vulnerabilities that were disclosed earlier this year,” says Michael Covington, VP of Product for mobile security leader Wandera. “The vulnerabilities with WhatsApp—both iOS and Android versions—allowed attackers to target users by simply sending a specially crafted message to their phone number. Once successfully exploited, the attackers would be granted access to the same things WhatsApp had access to, including the microphone, the camera, the contact list, and more.”
Instagram
Whatsapp and Instagram are both owned by Facebook, which is part of what makes them all a risk. Dave Salisbury, director of the University of Dayton Center for Cybersecurity and Data Intelligence, says that Instagram “requests several permissions that include but are not limited to modifying and reading contacts and the contents of your storage, locating your phone, reading your call log, modifying system settings, and having full network access.” Plus Nine More
CamScanner
Ana Bera is a cybersecurity expert with Safe at Last. She identified CamScanner, an app meant to imitate a scanner with your phone, as one of the apps consumers should be concerned about. “Cybersecurity experts have found a malicious component installed in the app that acts as a Trojan Downloader and keeps collecting infected files,” she explains. “This kind of app can seriously damage your phone and should be de-installed instantly. Luckily, once you remove it from your phone, it is highly unlikely that it will continue harming you.”
Weather apps
“Check your weather app,” says Shayne Sherman, CEO of TechLoris. “There have been several different weather apps out there that have been laced with Trojans or other malwares.” While the most benign of these claims to take your information purely for weather accuracy, he calls that questionable. “Watch your local forecast instead, and if you have Good Weather, delete it now,” he advises. “That one is especially dangerous.”
Look, we all love our social networking apps. But cybersecurity expert Raffi Jafari, cofounder and creative director of Caveni Digital Solutions, says, “If you are looking for apps to delete to protect your information, the absolute worst culprit is Facebook. The sheer scale of their data collection is staggering, and it is often more intrusive than companies like Google. If you had to pick one app to remove to protect your data, it would be Facebook.”
“This is a call to action for users who may be living under a rock and unaware of the vulnerabilities that were disclosed earlier this year,” says Michael Covington, VP of Product for mobile security leader Wandera. “The vulnerabilities with WhatsApp—both iOS and Android versions—allowed attackers to target users by simply sending a specially crafted message to their phone number. Once successfully exploited, the attackers would be granted access to the same things WhatsApp had access to, including the microphone, the camera, the contact list, and more.”
Whatsapp and Instagram are both owned by Facebook, which is part of what makes them all a risk. Dave Salisbury, director of the University of Dayton Center for Cybersecurity and Data Intelligence, says that Instagram “requests several permissions that include but are not limited to modifying and reading contacts and the contents of your storage, locating your phone, reading your call log, modifying system settings, and having full network access.” Plus Nine More
Stores Silently Deploying Facial Recognition to Spy on Shoppers
Cameras are being used not just to catch persistent shoplifters, but also to monitor shoppers and analyze their emotions, so that stores can deliver personalized adverts on screens inside the store, George warned...
‘But it’s also being used for marketing purposes, they are gathering information on shoppers and seeing what they are buying and not buying - and using AI tools to analyse the emotions of shoppers and see what sort of ads to direct at them.’ more
Intense Competition Leads to Attempted Corporate Espionage
via Lexology - from the Troutman Papper law firm.
Side Note: Troutman Pepper has formed a Corporate Espionage Response Team to help clients combat the increasing incidence of corporate espionage.
Arthur AI, a New York-based AI company, received a request for a Zoom demonstration of its technology from a startup called OneOneThree. The head of technology at OneOneThree, Yan Fung, expressed interest in purchasing Arthur AI’s technology. But there were some immediate red flags.
First, prior to the Zoom meeting, Arthur AI employees recognized that OneOneThree had no website. The Timesarticle says that Fung told Arthur AI at the time that OneOneThree was in “stealth mode,” which is why it had no website. Then, when Arthur AI asked Fung to sign a nondisclosure agreement (NDA), he reportedly asked Arthur AI to “hold off on the NDA,” and Arthur AI agreed.
Despite these issues, a Zoom meeting was arranged to demo the technology. Fung said Karina Patel, OneOneThree’s “main engineer,” would dial in to the meeting. However, during the Zoom meeting, an attendee logged in under the name of Aparna Dhinakaran, which an Arthur AI employee immediately recognized as a founder of Arize AI, a rival startup. When recognized, the attendee quickly logged off. Arthur AI later deduced that Fung was, in fact, an employee of Arize AI named Dat Ngo, and OneOneThree was an inactive company of his.
After the call concluded, one of Arthur AI’s employees messaged Ngo via LinkedIn direct messaging. Ngo responded by trying to recruit the Arthur AI employee, according to the Times article. more
Lessons Learned:
Despite these issues, a Zoom meeting was arranged to demo the technology. Fung said Karina Patel, OneOneThree’s “main engineer,” would dial in to the meeting. However, during the Zoom meeting, an attendee logged in under the name of Aparna Dhinakaran, which an Arthur AI employee immediately recognized as a founder of Arize AI, a rival startup. When recognized, the attendee quickly logged off. Arthur AI later deduced that Fung was, in fact, an employee of Arize AI named Dat Ngo, and OneOneThree was an inactive company of his.
After the call concluded, one of Arthur AI’s employees messaged Ngo via LinkedIn direct messaging. Ngo responded by trying to recruit the Arthur AI employee, according to the Times article. more
Lessons Learned:
- Require NDAs Every Time.
- Perform Proper Due Diligence and Act Consistently With Your Findings.
- Only Use Secure Communication Channels and Restrict Recording.
- Train Employees on Spotting and Responding to Potential Threats.
- Conduct a Prompt and Careful Investigation Into Suspected Activity.
Apple AirTag: Police Official Accused of Stalking
The female officer who accused Labrada of stalking contacted Ontario police after she discovered an AirTag — a small tracking device that can be attached to personal items — among her possessions, according to two sources familiar with the case.
A group of officers from a since-disbanded San Fernando Valley gang unit is under investigation for, among other misconduct, allegedly using the devices to track suspects without court authorization...
Ontario police had been investigating the stalking allegations, but the San Bernardino County district attorney’s office said Wednesday it did not have enough evidence to pursue charges against Labrada. more
Monday, October 9, 2023
China Is Becoming a No-Go Zone for Executives
Foreign executives are scared to go to China.
Their main concern: They might not be allowed to leave.
Beijing’s tough treatment of foreign companies this year, and its use of exit bans targeting bankers and executives, has intensified concerns about business travel to mainland China. Some companies are canceling or postponing trips. Others are maintaining travel plans but adding new safeguards, including telling staff they can enter the country in groups but not alone.
“There is a very significant cautionary attitude toward travel to China,” said Tammy Krings, chief executive of ATG Travel Worldwide, which works with large employers around the world. “I would advise mission-critical travel only.” Krings said she has seen a roughly 25% increase in cancellations or delays of business trips to China by U.S. companies in recent weeks. more
“There is a very significant cautionary attitude toward travel to China,” said Tammy Krings, chief executive of ATG Travel Worldwide, which works with large employers around the world. “I would advise mission-critical travel only.” Krings said she has seen a roughly 25% increase in cancellations or delays of business trips to China by U.S. companies in recent weeks. more
Where The Spies Are
Details: European states have been actively countering the Russian intelligence network, expelling employees of Russian embassies since the beginning of Russia's full-scale invasion of Ukraine in February 2022.
However, Switzerland did not resort to such a step due to the long tradition of neutrality. The estimates of the intelligence service, shared with members of parliament in September, indicate that there are currently about 80 Russian agents in the country.
A representative of the Swiss Department of Foreign Affairs in an interview with NZZ emphasized that the country's government "does not impose any sanctions in the form of expelling diplomats", adding that communication channels with Russia should be preserved. more
Fine... Feathered Drones Now
Boffins create drone that flies exactly like a bird to blend in on spying missions.
This drone flies exactly like a bird so it blends in on spying missions. The wing-flapping robot mimics the natural flight of its feathered counterparts. The Icelandic company behind it, said it could be for military or private use. Silent Flyer UAV went on display during the DroneX expo at East London’s ExCel centre. It is designed by Icelandic company Flygildi.
Earlier this year we revealed creepily realistic drones made from dead birds were being developed by scientists. more
Earlier this year we revealed creepily realistic drones made from dead birds were being developed by scientists. more
How New Corporate Espionage Techniques Are Born, or... Their Next App Attack
In a university somewhere (guess where) students are working on this...
"Introduction: Snooping keystrokes (a.k.a., keystroke inference attacks) seriously threaten information security and privacy.
By launching such an attack, an adversary has an opportunity to steal sensitive information such as accounts, passwords, credit card numbers, SSNs, and conidential (sic) documents[1, 15, 29, 30] from the victims when they are typing on a keyboard.
Smartphone-based snooping [15, 18, 24] further eases the launching when an adversary could intentionally leave his own smartphone near the victim’s keyboard.
Furthermore, an attacker could spread a malicious mobile app (e.g., in app markets) that pretends to be a normal audio playing and recording application but stealthily collects user’s keystroke data over the Internet. He may afect (sic) a large volume of smartphones and enable large-scale keystroke inference attacks as shown in Fig. 1..." more
Wednesday, October 4, 2023
If Ants Can be Tricked, What Chance do Corporations Have?
A cautionary tale for corporations that think they are espionage-proof.
In a study in the journal Science, researchers report that blue butterfly caterpillars infiltrate red ant colonies and grub food by mimicking the raspy sound of the ant queen.
It’s good to be the Queen. You get fed and cared for and generally treated like royalty. But if you’re a blue butterfly caterpillar, you can get the same benefits by just pretending to be queen. Because these crafty caterpillars trick ants into feeding them—by mimicking the sound of their queen.
Ants are social creatures whose colonies contain a queen ant, and hordes of worker ants who feed the queen and take care of all her young. Blue butterfly caterpillars have come up with clever ways to exploit that system. These parasitic caterpillars take up residence in the nests of red ants. And they mooch free meals in part by waggling their heads to beg for food like all the other ant grubs.
It’s good to be the Queen. You get fed and cared for and generally treated like royalty. But if you’re a blue butterfly caterpillar, you can get the same benefits by just pretending to be queen. Because these crafty caterpillars trick ants into feeding them—by mimicking the sound of their queen.
Ants are social creatures whose colonies contain a queen ant, and hordes of worker ants who feed the queen and take care of all her young. Blue butterfly caterpillars have come up with clever ways to exploit that system. These parasitic caterpillars take up residence in the nests of red ants. And they mooch free meals in part by waggling their heads to beg for food like all the other ant grubs.
But that’s not all. Scientists using sophisticated recording equipment were able to listen to the caterpillars chatter. And found that the interlopers imitated the sounds of an adult queen. more
- Your company is filled with hard-working, innocent, social creatures.
- Anyone bent on corporate espionage knows they just have to blend in.
- They will listen to your sounds.
- They will exploit your system.
- They will imitate loyalty.
- They will eat your lunch.
- Fight back.
Monday, October 2, 2023
FutureWatch - Robot Eavesdropping Microphone Smart Swarms
by Nick Bil
With the help of modern technology, muting distracting voices in video calls has become a simple process. With just a few clicks, you can silence unwanted background noise and side conversations, ensuring that the primary speaker's message remains clear and uninterrupted. This is largely possible due to the sophisticated audio processing algorithms and noise cancellation features built into video conferencing software...
One can take precautions to minimize background noise and encourage attendees to be considerate, but there is no easy technological solution to separate voices cleanly from a shared physical space. That may change in the near future, however, thanks to a swarm of robotic smart microphones that was recently developed by researchers at the University of Washington. The robots autonomously navigate around a room to distribute themselves optimally, then they run onboard deep learning algorithms to identify and track the position of each individual speaker.
The robots are powered by Nordic Semiconductor nRF52840 microcontroller, with a Bluetooth Low Energy module added for wireless communication capabilities. By selecting a sufficiently powerful microcontroller, the algorithms can run on-device, sidestepping any privacy concerns associated with sending a stream of audio to a cloud service. A gyroscope and accelerometer provide odometry information, and a pair of micro motors provide for locomotion. A pair of microphones and a speaker are onboard, and the entire system is powered by a rechargeable LiPo battery.
Each of the circular, wheeled robots is about an inch across. After deployment from a charging station, they all travel in different directions, emitting high frequency sounds to communicate with one another and make sure they are spread out as far as possible from one another. These high-pitched chirps also keep the robots from falling off of tables or bumping into other obstacles.
By feeding audio information into a deep neural network, including the delay in time with which a particular voice arrives at microphones in different positions, the team found that it was possible to locate and track individual speakers in space. And the algorithm proved to be accurate enough to distinguish between speakers, even if they had similar sounding voices and were near to one another. Experiments showed that the present system was able to accurately distinguish between nearby individuals 90% of the time. Importantly, this was accomplished without prior information about the individuals, so no initial training session is required to calibrate the device...
And further down the road yet, they plan to explore incorporating noise-canceling technologies into the robots. That addition could allow them to mute noisy areas in physical locations, producing a sci-fi-like cone of silence. more
Time for an espionage sequel to the movie Runaway (1984)?
Monday, September 25, 2023
Legacy Systems Threaten Security in Mergers & Acquisitions
We have seen two primary trends throughout 2023:
– Threat groups are closely following news cycles, enabling them to quickly target entire portfolios with zero-day attacks designed to upend aging technologies — disrupting businesses and their supply chains.
– Corporate espionage cases are also on the rise as threat actors embrace longer dwell times and employ greater calculation in methods of monetizing attacks. more
Subscribe to:
Posts (Atom)