Wednesday, August 14, 2024

Thousands of Corporate Secrets Were Left Exposed

This Guy Found Them All...


If you know where to look, plenty of secrets can be found online. Since the fall of 2021, independent security researcher Bill Demirkapi has been building ways to tap into huge data sources, which are often overlooked by researchers, to find masses of security problems. This includes automatically finding developer secrets—such as passwords, API keys, and authentication tokens—that could give cybercriminals access to company systems and the ability to steal data.

In total, Demirkapi has found more than 15,000 active secrets of all kinds.

Within the vast number of exposed keys were those that could give an attacker access to the digital assets of companies and organizations, including the potential to obtain sensitive data. For instance, a member of Nebraska’s Supreme Court had uploaded details of usernames and passwords linked to its IT systems, and Stanford University Slack channels could be accessed using API keys. more

Increase Your Spy Resistance - Dumb Down Your Mobile Phone

The MP02 4G phone from Punkt .... It's a 'dumbphone' in the true sense of the word – it can make calls and send messages (though SMS or Pigeon), and offers a calendar too. 

But the Punk MP02's secret weapon is its 4G hotspot. This means when I want to switch off, I can stick my sim card in the Punkt phone and 'disconnect'. But if I'm carrying, say, my iPad mini in my bag, I can tether the 4G connection to it at the press of a button, giving my access to the likes of music and maps when needed.

But perhaps the best thing about the Punkt MP02 is the aesthetic. Conceived by industrial designer Jasper Morrison, the phone has a delightful retro and somewhat brutalist 1970s-inspired look. I've been asked whether it's a calculator, which just about sums it up. In a world of 'Y2K' dumbphone designs, it's refreshing to see something that stands out. more
Bonus: The MP02 is the first voicephone to offer a downloadable privacy feature that uses the Signal protocol to provide free, encrypted Internet-based calls and texts worldwide via Wi Fi or mobile data (subject to data charges).

Pakistan's Former Spy Chief Arrested

Pakistan's former spymaster - who was once tipped for the army's top job - has been taken into military custody. 

Lt Gen Faiz Hameed has been accused of abusing his power and raiding a private property development business during his time as head of the Inter-Services Intelligence (ISI) agency. 

It is incredibly rare for someone of Gen Hameed's rank to be arrested in Pakistan, and has sparked widespread speculation, with many linking the move to his close ties with former prime minister Imran Khan...Gen Hameed could not be reached for comment. more

FutureWatch: The AI Polygraph, or Who's Zoomin' You

PolygrAI - A Technology That Provides Real-Time Risk Assessment And Sentiment Analysis

How it Works

PolygrAI is a fusion of advanced computer vision algorithms and extensive psychological research designed to discern the validity of human expressions. The software meticulously analyzes a spectrum of physiological and behavioral indicators correlated with deceit. For instance, when a person tells a lie, they might unconsciously exhibit decreased blinking or an erratic gaze—these are the tell-tale signs that PolygrAI detects.

The system vigilantly computes a ‘trustfulness score’ by monitoring and interpreting subtle changes in facial expressions, heart rate variability, and eye movement patterns. This score is adjusted in real-time, offering a dynamic gauge of credibility.

Furthermore, PolygrAI assesses the voice for sudden shifts in tone and pitch—parameters that could betray an individual’s composure or reveal underlying stress. more Lifetime access ($100) for beta testers.
Click to enlarge.




History: How to Build a Bugging Device in 1917

Want to build a bug; known as a Detectograph back in 1917? 

Just write to a magazine, like The Electrical Experimenter, and they would tell you. Things were pretty simple back then, but the parts were not cheap. The average full-time worker's wage was $13.21 per week.



Security Camera Catch: Checking Her Mate... with poison

A chess player has been suspended by the Russian Chess Federation and is reportedly facing time in jail after she allegedly tried to poison her rival at the chessboard during a tournament.

Amina Abakarova, a 40-year-old chess coach from Makhachkala in the Russian Republic of Dagestan, is accused of trying to poison her rival, 30-year-old Umayganat Osmanova...

Security camera footage shows the incident where Abakarova calmly walked over to the board where Osmanova was supposed to appear 20 minutes later. It was reported that she'd previously asked if cameras were in operation and been told that they weren't. She then smeared what is said to be potentially deadly mercury from a thermometer. more

Wednesday, August 7, 2024

How to Fight a Corporate Espionage Accusation

via SPODEK LAW
What Constitutes Corporate Espionage Fraud?
Corporate espionage fraud involves illegally obtaining confidential business information from a competitor to gain an unfair advantage. This can include:
  • Stealing trade secrets or proprietary technology
  • Hacking into computer systems to access sensitive data
  • Using deception to obtain confidential documents
  • Bribing or blackmailing employees to reveal inside information
  • Industrial sabotage to damage a competitor’s operations
Common Defenses Against Corporate Espionage Charges
1. Lack of Intent
2. Information Was Not Actually a Trade Secret
4. Public Availability
5. Whistleblower Protections
6. Statute of Limitations

Key Legal Precedents in Corporate Espionage Cases
  • United States v. Hsu (1999): Established that attempted corporate espionage is prosecutable, even if no actual trade secrets were obtained.
  • United States v. Chung (2011): Clarified that the government must prove the defendant knew the information was a trade secret, not just confidential.
  • United States v. Aleynikov (2012): Found that software source code did not qualify as a trade secret under the Economic Espionage Act (later overturned).
  • United States v. Nosal (2016): Ruled that the Computer Fraud and Abuse Act applies to theft of trade secrets by former employees.
Strategies for Defending Against Corporate Espionage Charges
  • Challenging the evidence: 
  • Scrutinize how the evidence against you was obtained and push to suppress any improperly gathered information.
  • Negotiating with prosecutors
  • Presenting alternative explanations:
  • Demonstrating lack of economic benefit
  • Highlighting inadequate security measures
  • Leveraging expert witnesses
  • Pursuing civil resolutions
Greater detail appears in the original article, here.

Russian Spy Parents Reveal Identity to Their Children

How would you react if you found out your parents were foreign spies from a country where you couldn’t even speak the language? 

The prisoner exchange that secured the freedom of journalists Evan Gershkovich and Alsu Kurmasheva, as well former Marine Paul Whelan and more than a dozen others from Russian captivity also generated one mind-boggling anecdote seemingly straight out of a Soviet-era spy novel.

Among those swapped were Anna Dultseva and Artyom Dultsev, Russian spies who had been posing as an Argentinian couple in Slovenia. Not even their school-age children, who spoke Spanish with their parents, knew their true origins — until the parents revealed their identities after their release on the plane to Russia. more

How to Boost an Auction - Mention the Word Spy

The holder of Jeffrey Epstein's "little black book" believes it could hold the answer to suspicions that the late sex offender was a foreign spy

Eager for the cryptic scribbles and numbers to be investigated, the anonymous owner is putting the book up for online public auction on Aug. 16, with the goal of selling it to somebody capable of tracking down those named in it. more

Doc Boners: Recording Patients with Hidden Cameras

CA - An email sent to patients of a California chiropractic clinic informed them that a hidden camera was found inside an office bathroom
and a chiropractor was arrested, according to a new lawsuit.

Dr. Nicholas Vanderhyde, 40, who was arrested in June, is accused of “strategically” hiding the camera in a cabinet to record patients, including children, and their families undressing at The Joint Chiropractic’s office in Valencia, a lawsuit filed in California Superior Court in Los Angeles County says...

According to the complaint, The Joint Chiropractic knew Vanderhyde was a sexual “predator” before another employee discovered the camera, equipped with a battery pack, inside a cabinet. more

Doc Boner II: MA The owner of a Peabody chiropractic business is facing charges that he recorded nude visitors in his clinic after a hidden spy camera was found in a bathroom last week. more

Doc Boner III: NJ - Chiropractor charged after hidden camera found in bathroom at Springfield, NJ office. more

In other recent spy cam news...

FutureWatch: Eavesdropping on YOU, by Looking at Your Face

A Stanford University psychologist named Michal Kosinski claims that AI he's built can detect your intelligence, sexual preferences, and political leanings with a great degree of accuracy just by scanning your face,
Business Insider reports.

Though Kosinski says his research should be seen as a warning, his work can feel more like a Pandora Box. Many of the use cases for his research seems pretty bad (like AI security scanners and robcops), and simply publishing about them may inspire new tools for discrimination. (Oops, forget what I just said.)

There's also the issue that the models aren't 100 percent accurate (yet), which could lead to people getting wrongly targeted. (e.g. Being a treehugger is not a sexual preference.) more

Clickbait of the Week: How to Build a (Code Cracking) Photonic Quantum Computer

Spoiler Alerts: 
via Photonics Spectra: 
Expectations for quantum computers are high: They are supposed to outperform digital computers and pave the way for solutions that go far beyond the capabilities that artificial intelligence already delivers

They are predicted to crack unbreakable codes, find new materials for superconductors, and help develop medicine for the next pandemic. 

These are only some of the envisioned outcomes. more

Friday, August 2, 2024

Greenbrier Hotel Up for Public Auction

The Greenbrier Hotel, owned by Gov. Jim Justice and his family, has been announced for auction on the courthouse steps late this month because of default, according to a legal advertisement placed in Lewisburg’s West Virginia Daily News. more

So, why is this news?

One of the great vestiges of the Cold War is the Greenbrier bunker, a facility built to house all 535 members of Congress in the event of a nuclear attack.

In 1955, Dwight D. Eisenhower instructed the Department of Defense to draft emergency plans for Congress in case of a nuclear strike. Even if Washington, DC was destroyed, American officials needed a procedure to maintain the continuity of government. As part of these efforts, the Army Corps of Engineers was charged with scouting the location of a nuclear bunker for the members of Congress. They ultimately selected the Greenbrier, a luxury resort in White Sulphur Springs, West Virginia.

Greenbrier was chosen because of its location—relatively close and accessible to Washington, but far enough away to be safe from an atomic bomb—and because of its prior relationship with the United States government. During World War II, Greenbrier had served as an internment facility for Japanese, Italian, and German diplomats and then as a military hospital, where Eisenhower himself was at one time a patient. Although it returned to its original function as a hotel after the war, government officials occasionally held conferences at Greenbrier. more 
Video of the bunker.
Time to sing-s-long! or sing-a-long with... a little darker number.

Free TSCM AI Knowledge Wiki

The website, counterespionage.net, provides a comprehensive range of resources related to Technical Surveillance Countermeasures (TSCM), which can be considered as a knowledge wiki for several reasons:
  1. Informative Articles: It features detailed articles explaining what TSCM is and its importance in protecting corporate privacy and intellectual property. For example, the article on What Is TSCM? outlines the holistic approach needed for effective TSCM evaluations.
  2. Free Resources: The site offers free TSCM security reports, publications, and videos that educate users about various aspects of surveillance and counter-surveillance techniques. You can find these resources in the TSCM Information section.

  3. Guides and Tips: It includes practical guides such as the Security Director’s Guide to Discussing TSCM with Management and tips for businesses on counterespionage, which serve as valuable educational tools.

  4. Case Studies and Testimonials: The website also shares case studies and client testimonials that provide real-world examples of TSCM applications, enhancing the learning experience for users.

  5. FAQs and Expert Insights: The presence of a FAQ section allows users to get quick answers to common questions about TSCM, further contributing to its role as a knowledge base.

Overall, the combination of educational content, practical resources, and expert insights makes this website a valuable TSCM knowledge wiki. more

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers

IN MODERN MICROCHIPS, where some transistors have been shrunk to less than a 10th of the size of a Covid-19 virus, it doesn't take much to mess with the minuscule electrical charges that serve as the 0s and 1s underpinning all computing. 

A few photons from a stray beam of light can be enough to knock those electrons out of place and glitch a computer's programming. Or that same optical glitching can be achieved more purposefully—say, with a very precisely targeted and well timed blast from a laser. Now that physics-bending feat of computer exploitation is about to become available to far more hardware hackers than ever before.

At the Black Hat cybersecurity conference in Las Vegas next week, Sam Beaumont and Larry “Patch” Trowell, both hackers at the security firm NetSPI, plan to present a new laser hacking device they're calling the RayV Lite. 

Their tool, whose design and component list they plan to release open source, aims to let anyone achieve arcane laser-based tricks to reverse engineer chips, trigger their vulnerabilities, and expose their secrets—methods that have historically only been available to researchers inside of well-funded companies, academic labs, and government agencies. more