Personnel Officer, "So, What Qualifies You for this National Security Position?"

After a recent grocery store clerk was appointed as an anti-terror chief, it can be revealed that a second young national security official was hired straight from the cash register—with disastrous results.

A U.S. intelligence worker charged with trying to leak state secrets to a foreign spy agency was hired as a 22-year-old with little professional experience outside the cash register at a local grocery store...

His professional experience prior to joining a U.S. national security agency was remarkably similar to that of Thomas Fugate, who has just been appointed to lead terror prevention at the Department of Homeland Security.

A cybersecurity graduate of Florida Polytechnic University, Nathan Vilas Laatsch is the second national security official in two days whom The Daily Beast has revealed to have virtually no professional experience other than working at a grocery store before being hired by a U.S national security agency at the age of 22.

Laatsch, now 28, a computer scientist with “top secret” clearance at the Defense Intelligence Agency (DIA) in Virginia, was hired under the last Trump administration. He was arrested last week, accused of attempting to pass sensitive information to Germany’s Federal Intelligence Service (BND). more

UFB (shakes head and walks away)

FBI: Home Internet Connected Devices Facilitate Criminal Activity

The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement to warn the public about cyber criminals exploiting Internet of Things (IoT) devices connected to home networks to conduct criminal activity using the BADBOX 2.0 botnet. Cyber criminals gain unauthorized access to home networks through compromised IoT devices, such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products. Most of the infected devices were manufactured in China. Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services known to be used for malicious activity.

WHAT IS BADBOX 2.0 BOTNET

BADBOX 2.0 was discovered after the original BADBOX campaign was disrupted in 2024. BADBOX was identified in 2023, and primarily consisted of Android operating system devices that were compromised with backdoor malware prior to purchase. BADBOX 2.0, in addition to compromising devices prior to purchase, can also infect devices by requiring the download of malicious apps from unofficial marketplaces. The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity.

INDICATORS

The public is urged to evaluate IoT devices in their home for any indications of compromise and consider disconnecting suspicious devices from their networks. more

Behold The Amazing "AIR" Key

AIR, a joke acronym for “Anti InfraRed.”

However, just a blast of compressed air can open most card-key access entry doors in commercial buildings. 

Compressed air does this by tricking the internal exit sensor into thinking someone wants to leave. 

Click the link to learn more and actually watch how anyone can B&E without a key. https://counterespionage.com/lock-trick/

P.S. - We creatively labeled these cans for our clients so they can demonstrate the vulnerability to their colleagues. Of course, we also provide them with security solutions to rectify the problem. 

You really should join our client family. It's easy. Just add our TSCM inspections to your security program. 

Corporate Spy v Spy v Spy v Spy, or Spy Cubed

The fight between HR tech startups has heated up another notch this week as Rippling on Thursday filed an 84-page amended complaint in its lawsuit against Deel.

The complaint accuses Deel of targeting, infiltrating, and compromising four other competitors, in addition to Rippling.

The revised complaint doesn’t name all of the four other alleged victims, except cryptocurrency-based tax and payroll compliance company, Toku. Toku is suing its competitor LiquiFi, also alleging corporate espionage and that Deel was involved...

The complaint also says that there are one or more additional victims who are “major competitors of Deel” in the employer of record market. A source familiar with the investigation believes that more witnesses will soon come forward at these other companies to offer details. more

So, A Man Steals A Cherry-Picker...

...while undercover L.A. sheriff’s deputy is using it to remove concealed surveillance cameras!

A man carjacked an L.A. County Sheriff’s Department bucket truck early Wednesday morning while a sheriff’s deputy was precariously positioned high above the ground in the bucket, authorities said....

Two undercover deputies were using the truck to remove concealed cameras when a man jumped into the vehicle, said he had to go to the hospital and began to drive away, law enforcement sources told The Times.

When the carjacking took place, one of the deputies was elevated in the bucket.

The man conducted a takeover of a 2011 Ford F550 utility bucket truck on the corner of Spring and Temple streets around 5 a.m. while two deputies were in the vehicle, according to a department bulletin. A deputy received minor injuries during a struggle with the carjacker and was treated at a hospital, according to a department statement. more

P.S. I'll bet there is at least one very nervous citizen who frequents that part of town.

Supermarket Facial Recognition: "Attention. Miscreant in Asile 5."

The facial recognition system used by New Zealand’s supermarket chain Foodstuffs to prevent retail crime is compliant with privacy rules but questions still remain about bias and negative impacts on Māori and Pacific people, according to the country’s privacy watchdog...

The trial covered 25 supermarkets in which more than 225.9 million faces were scanned ... the system was effective at reducing harmful behavior, especially reducing serious violent incidents...The system only identified people who have engaged in seriously harmful behavior, while people under 18 or deemed vulnerable were not included on the list.

The Privacy Commissioner’s Office is currently working on New Zealand’s first code of practice for regulating biometric data, slated to be released by mid-2025. more

Book: Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup

Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup

by Ross Haleliuk

Reader Review: “Cyber for Builders" offers an essential roadmap for navigating the cybersecurity vendor landscape.

Most cybersecurity books are written for hackers, security leaders and practitioners, and a general audience. 

This book is different as it is intended first and foremost for builders - startup founders, security engineers, marketing and sales teams, product managers, VCs, angel investors, software developers, investor relations and analyst relations professionals, and others who are building the future of cybersecurity. 

Cyber for Builders provides an overview of the cybersecurity industry from entrepreneurial lenses, breaks down the role of a variety of industry players, from investors to channel partners and acquirers, and offers insight into the trends shaping the future of security. 

Moreover, the book is packed with mental models, notes, and advice to help early-stage cybersecurity founders get their ideas off the ground and solve problems faced by young companies around problem discovery, hiring, building products, and fundraising, to name some. more

From the Off-Topic Files

The world's largest freely available fart recording dataset.
This dataset contains over 7500 fart recordings that were collected over a period of 37 months.

Suggested Uses

• Unsupervised signal classification - You can experiment with categorizing farts without any preexisting knowledge of defining characteristics and potentially apply these learnings to other signal types - speech, radar, tv, radio, light, EEG.

• Supervised signal recognition - This dataset could be used to experiment with developing deep learning models capable of recognizing whether a sound is a fart. An interesting property of farts is variable frequencies and inconsistent durations.

• Sound effects creation - This dataset could be used by sound designers or audio engineers as a basis to create new sound effects for movies, video games, or other media. You could also simply use it as a publicly available and free source of farts.

• Education and outreach - Educators and scientists can use this dataset as an approach to better engage their audiences in signal processing and deep learning.

License

• This data is publicly and freely available to use and modify however you would like. There is no license and no limitations for use. I would appreciate being notified of this data being used publicly, purely for my own entertainment. more

Belgium Bugged Football Stadium Box to Spy on Huawei MEP Lobbying

Belgian security agents bugged a corporate box at the RSC Anderlecht football stadium that was being used by Chinese tech giant Huawei to schmooze members of the European Parliament.

They also listened into other conversations involving one of Huawei’s leading lobbyists, including in his car. 

The surveillance operations, confirmed by three people with close knowledge of the investigation, formed part of a wide-ranging probe into allegations of corruption that was first revealed in March. They contributed to the Belgian prosecutor’s decision, reported by POLITICO on Monday, to request that a group of MEPs have their immunities lifted so they can be investigated. more

Dutch Government: More Forms of Espionage to be a Criminal Offence

More than state secrets...
Legislation already exists which makes traditional espionage, such as sharing state secrets, a criminal offence. The problem is that espionage is changing in terms of its manifestations and use.

Espionage targets more than just state secrets. Indeed, foreign governments are also interested in sensitive information which is not a state secret about a particular economic sector, or which is related to political decision-making. Such information can be used to influence political processes, weaken the Dutch economy, or play allies off against each other. 

Espionage may also involve activities other than sharing information, such as stealing high-tech know-how, sabotaging vital infrastructure, exerting an influence on political decision-making, or endangering Dutch citizens with a migration background. more

Türkiye: China Is Spying on Uyghurs Using Fake Cell Towers

Turkish intelligence has dismantled a Chinese espionage network operating on its soil. This network had been conducting surveillance on Uyghur refugees as well as Turkish officials using advanced technology, particularly fake mobile towers.

Earlier this month, Turkish intelligence agents arrested seven suspects and discovered their vehicles outfitted with IMSI-catcher devices. These devices, which emulate genuine base stations, can intercept data, call logs, conversations, and other sensitive information from nearby mobile phones.

Intelligence sources indicate that some members of this espionage ring entered Türkiye as recently as March. However, a report last week disclosed that the network has been operational for the previous five years. more

China’s Spy Agency Warns - Foreigners Posing as Scholars, Tourists or ‘Insincere Lovers’

‘Don’t be fooled by sweet talk,’ ministry says in social media post.

Chinese citizens should be on alert for friendly foreign faces who could be spies – from scholars who do not do research and tourists who do not sightsee, to lovers who only want information, the country’s top spy agency has warned.

In a post on its official social media account on Sunday, the Ministry of State Security said foreign spies might be hiding in plain sight, using various identities to carry out activities that threaten China’s national security.

It highlighted five deceptive identities commonly used by foreign spies: tourists who do not sightsee, scholars who conduct no real research, businesspeople who do not do business, investigation consultants who do not investigate, and “insincere lovers” who exploit relationships to gather information. more

FutureWatch / Spytech: Contact Lenses Allow Seeing in the Dark, Even With Eyes Closed

Neuroscientists and materials scientists have created contact lenses that enable infrared vision in both humans and mice by converting infrared light into visible light. 

Unlike infrared night vision goggles, the contact lenses, described in the journal Cell, do not require a power source—and they enable the wearer to perceive multiple infrared wavelengths. Because they're transparent, users can see both infrared and visible light simultaneously, though infrared vision was enhanced when participants had their eyes closed.

"Our research opens up the potential for noninvasive wearable devices to give people super-vision," says senior author Tian Xue, a neuroscientist at the University of Science and Technology of China. "There are many potential applications right away for this material. For example, flickering infrared light could be used to transmit information in security, rescue, encryption or anti-counterfeiting settings." more

AI Can't Protect It's IP Alone - It Needs TSCM

From her new book, Empire of AI, by journalist Karen Hao.

Sam Altman Asked for a Countersurveillance Audit of OpenAI

Altman himself was paranoid about people leaking information. He privately worried about Neuralink staff, with whom OpenAI continued to share an office, now with more unease after Elon Musk’s departure. Altman worried, too, about Musk, who wielded an extensive security apparatus including personal drivers and bodyguards. 

Keenly aware of the capability difference, Altman at one point secretly commissioned an electronic countersurveillance audit in an attempt to scan the office for any bugs that Musk may have left to spy on OpenAI. more

Got worries about your intellectual property? Get MA.

This Week in Spy News

Vlogger, Jyoti Malhotra

• The corporate espionage fight between Rippling and Deel again has escalated, and this time appears to involve a third HR software "unicorn." more

• Netherlands expands espionage laws to include cyber activities more

• After vlogger arrest, Haryana says more YouTube channels under espionage scanner more & more & more

• Russia’s intelligence services turned Brazil into an assembly line for deep-cover operatives. A team of federal agents from the South American country has been quietly dismantling it. more

• Why seduction is the weapon of choice in spying more

• Corrections sergeant accused of voyeurism - accused of putting a camera inside a shampoo bottle more

• Sen. Steinhardt sounds alarm after spy tech found in Chinese solar inverters more

• Bartender arrested for hidden cameras in restaurant bathroom, home more

• FBI Director Kash Patel Abruptly Closes Internal Watchdog Office Overseeing Surveillance Compliance more

• Researchers warn of China-backed espionage campaign targeting laid-off US workers more

• What China's spies are doing in the U.S., and what happens when they're caught more (CBS 60 Minutes)

• CIA Gadget-Maker Rates 11 Spy Gadgets In Movies And TV video