Friday, July 30, 2010

How Does Business Espionage Work?

By Remy Melina, Life's Little Mysteries Staff Writer, livescience.com
Companies hire corporate spies, also known as industrial spies, to get valuable information from their competitors. Industrial espionage can also include former employees who go on to work for competitors and reveal their previous employer's secrets.

Company secrets can include information regarding flavor formulas (for example, the recipe for Coca-Cola), the kinds of equipment used, the amount of product being made, projected profit estimates and plans for future advertising campaigns.

For example, in 1965, Abbott Laboratories of North Chicago, Ill., filed a lawsuit against two of its former employees, claiming they memorized the formula for its highly successful artificial sweetener, Sucaryl, and duplicated it for a product belonging to Abbott's competition.

While corporate subterfuge is immoral, it's not exactly illegal. The Economic Espionage Act, which passed in 1996 and provides a way to deal with foreign agents stealing trade secrets from American companies, requires that companies prove that the stolen information was, in fact, a secret. For example, the source code for Microsoft Windows is a trade secret, but public filings, patents and annual reports technically are not.

This loophole allows employees to quietly collect information while working for a company and then secretly offer their business rivals corporate secrets for a hefty price. Others may flat out quit and take a better-paying job for the competition, using their prior knowledge as leverage when negotiating a salary.

Some companies even have special "competitive intelligence" (or C.I.) employees on staff. These workers' sole focus is on attaining information about their competitors' projects so that their company can always stay one step ahead of the competition. While not quite conducting C.I.A.-level espionage, these spies still do their fair share of snooping. (more)

Key phrase: "... requires that companies prove that the stolen information was, in fact, a secret."

The courts are tough. Companies must prove they took extra steps to protect their trade secrets before legal protection will be afforded to them.   

"So, how do I prove it?" I hear you say.

By segregating the really important stuff and giving it extra security protection. 

This extra protection comes in many forms. One primary protection are regularly scheduled TSCM inspections, with counterespionage security surveys. 

A well documented history of this elevated security is key evidence of due diligence. Continuity is also very important. Periodic inspection schedules (quarterly is most widely recognized) carry considerable weight in court; occasional sweeps do not. 

Whatever you do, don't start a TSCM program and then cut it for economic reasons. This false economy is viewed by the court that the information you were protecting is no longer a valuable business secret... by your own admission!

Last on the list, is the non-inspection. If you don't think your business secrets are valuable enough to afford some counterespionage security measures, why should the court?

"So, uh, what does TSCM cost?" 

It is the cheapest insurance you can buy. The company programs I run cost them less than $7.50 per hour when amortized annually, usually much less. ~Kevin

This Week in Business Espionage

Plano, TX - There are plenty of questions involving the Plano woman accused of trying to smuggle military grade equipment to Russia...

What was the west Plano "girl next door", who happens to be a Latvian expatriate, doing with the high-tech scopes? Immigration and customs agents seized Fermanova's luggage, and found at least one Raptor Night Vision 4x Scope. The scopes, which are on the federal no-export munitions list, cost about $13,000 each.

Catherine Smit is a security expert with 20 years experience and she agrees that Fermanova's story doesn't add up. "Anyone who has been asked to carry something with removed serial numbers you know that you're not supposed to have them in your possession," she explained. "She [Fermanova] was more likely a patsy for someone who's involved in industrial espionage." (more)

---

MI - Former General Motors (GM) employee Shanshan Du and her husband Yu Qin have been indicted in Michigan for allegedly stealing hybrid car technology information from GM. They have both been charged with conspiracy to possess trade secrets without authorization, unauthorized possession of trade secrets and wire fraud; one of them has also been charged with obstruction of justice. (more)

---

Huawei has denied being involved in a plan by former Motorola staff to steal confidential information and use it to set up their own company in competition with Motorola. Last week, a modified lawsuit by Motorola alleged that former employee Shaowei Pan secretly reported to Ren Zhengfei, Huawei's founder and chairman, while he was working at the US company. Motorola claims that the defendants were developing a microcell base station, and later passed technical details over to Huawei. (more)

---

 Toyota is said to be planning a U.S. production date for the fourth-generation Prius, but it won't arrive here until 2016. And would you be curious to know that the first Prius lost $28,000 per copy? That's what you learn through industrial espionage, says Kinder Essington over on PoliticsAndCars. (more)

Mission Impossible Data Destruction for Computers

from the press release...
UK - From 1st August, Stone http://www.stonegroup.co.uk/, the UK's largest privately-owned computer hardware manufacturer, will only provide its public sector customers with PCs and laptops that include the famous "Mission: Impossible" option to self-destruct the data on the system prior to disposal...  These products will include - at no extra cost - a pre-configured executable programme which will allow the customer to perform a data erasure process in-house, without the presence of an engineer or the need to remove hardware to an off-site facility.

James Bird, CEO at Stone, explains, "It sounds like that great opening sequence in Mission: Impossible when the data self-destructs after 30 seconds! It is, of course, very carefully controlled and managed and there isn't the excitement of flames and smoke, just a simple electronic signal! But with the penalty for data protection breaches now reaching up to 500,000 pounds for organisations which do not properly manage the deletion of their records... (more)

Thursday, July 29, 2010

The Time Has Come for a Transition

The Jetsons predicted that we'd have flying cars by at least 2062, and Back to the Future promised them to us by 2015. It turns out that reality may, for once, outpace fiction.

A small, privately held company called Terrafugia has recently gained FAA approval for its roadable aircraft (i.e., flying car), and new improvements to the vehicle's design bring it only about a year away from being available to customers, according to MSNBC

A company called Terrafugia is expected to start selling ''The Transition'' late next year. Price: $194,000. (more)

iStole iPhone iTracked iCaught iDumb

CA - In perhaps what was one of the unluckiest moves of his career as a petty thief, Horatio Toure stole an iPhone on Monday afternoon. The irony? The iPhone Toure stole was being used to demonstrate a program that tracks GPS location in real-time--it took the police all of ten minutes to pin down his exact location and arrest him. (more)

Wednesday, July 28, 2010

Is your Blackberry a National Security Threat?


Perhaps, if you live in these countries...
According to the BBC, the United Arab Emirates (UAE) has described RIM’s device as a threat posing “serious social, judicial and national security repercussions” due to the country’s inability to successfully eavesdrop on users, and the fact that transmitted data is stored offshore.
The same concerns have also been expressed by India, Kuwait and Saudi Arabia, with market analysts contributing the timing of these comments to yesterday’s decline in RIMM shares...

When discussing UAE’s obsession with RIM’s device, it’s worth emphasizing on the fact that the country unsuccessfully attempted to install spyware application on the devices of Etisalat users in 2009, pitching it as a “performance-enhancement patch. Instead, the SS8 Interceptor drained the batteries of the users who installed to the point where they became suspicious about its true nature...

The bottom line - are BlackBerries a threat to the national security of any country? They are, but only to the country that’s attempting to decrypt the data itself, instead of targeting the weakest link - in this case the user who now more than ever has to be aware that he’s become the primary target, not the encryption protocol itself. (more

"The bottom line" is worth noting. The more you protect one info-conduit, the more your adversary will be forced into attacking your lesser protected conduits. Hence, businesses need a counterespionage consultant on-board who has a holistic view of the espionage possibilities. The days of "they swept, they left" TSCM teams are long gone. 

If you have read this far, you the foresight to see why this story is a valuable cautionary tale. Good consultants are only as far away as the websites which bring you Kevin's Security Scrapbook.

GSM Cell Phone Eavesdropping Alert

US - A security expert said he has devised a simple and relatively inexpensive way to snoop on cellphone conversations, claiming that most wireless networks are incapable of guaranteeing calls won't be intercepted.

Law enforcement has long had access to expensive cell-phone tapping equipment known as IMSI catchers that each cost hundreds of thousands of dollars.

But Chris Paget, who does technology security consulting work, says he has figured out how to build an IMSI catcher using a US$1,500 piece of hardware and free, open-source software. 'It's really not hard to build these things,' he said.

Paget will teach other hackers how to make their own IMSI catchers on Saturday during in a presentation at the annual Defcon security conference in Las Vegas. (more)

Sunday, July 25, 2010

Got a stick? You can spy!

According to Mugil all you need is a USB stick and a FREE program called “USBThief_Modified_by_NEO”. 

USB Thief is a simple program which makes your standard USB stick into a spying USB stick, if you plug it into someone’s PC, it will extract all the passwords from it.

This improved version also steals ALL of the following:
• Visited Links List
• Internet Explorer Cache List
• Internet Explorer Passwords List
• Instant Messengers Accounts List
• Installed Windows Updates List
• Mozilla Cache List
• Cookies List
• Mozilla History List
• Instant Messengers Accounts List
• Search Queries List
• Adapters Report
• Network Passwords List
• TCP/UDP Ports List
• Product Key List
• Protected Storage Passwords List
• PST Passwords List
• Startup Programs List
• Video Cache List

The question is, "Do you trust him?"
Feeling lucky?
His program is here.

As always... 
Why do I mention it?
So you will know what you are up against.
• Never let someone else stick you with their stick.
• Never stick yourself with a dirty stick.

Satellite Spy Photos Reveal History

Spying on the Past: Declassified Satellite Images and Archaeology,’’ runs at Harvard’s Peabody Museum through Jan. 2.

Using declassified U.S. government spy satellite and aerial images, Harvard student archaeologists explore sites in Northern Mesopotamia and South America. These images are both visually arresting and potent archaeological tools. Four case studies in Syria, Iraq, Iran and Peru reveal complex early cities, extensive trackways, intricate irrigation canals and even traces of nomadic journeys. (more)

History's Spy Mysteries - The Profumo Keeler Affair

The KGB planted bugs to eavesdrop on John Profumo’s pillow talk with Christine Keeler, according to newly released top-secret files.

The topless showgirl and model’s KGB lover also persuaded her to question Profumo, Britain’s Minister of War, about Britain’s nuclear arsenal, the files reveal.

The reports claim that the Russians obtained ‘a lot of information’ which threatened to undermine Western security, contradicting the long-term view that the affair did not damage UK security and that no secrets were leaked to Russia. ... The papers also reveal how Hollywood star Douglas Fairbanks Jr. (a former US Naval Intelligence officer) knew many of those involved and gave regular reports to Washington about the scandal.

The affair’s exposure in 1963 led to Profumo’s resignation and rocked Prime Minister Harold Macmillan’s Government. (more)

Thursday, July 22, 2010

Ireland - Louis Walsh has had his phone hacked by an employee of his service provider.

The X Factor judge was shocked to discover that much of his personal information had been accessed and speaking to The Irish Star newspaper he confirmed that gardai have been informed.

“I knew nothing about it at all until the boss of the company contacted me.” Walsh said. 

Revealing that Irish TV presenter and model Glenda Gilson had also been the victim of the same person Louis added: “It just makes me wonder how much of this is going on all the time.” 

“I don’t know how much personal information he managed to gather or how long it was going on. It makes me wary of exchanging confidential information by phone and yet its hard to avoid given the nature of this business.” (more)

NSA Insights

Thursday, 5 August; 12 noon – 1 pm
Washington, DC

Book signing! 
In The Secret Sentry, Matthew M. Aid traces the growth of the National Security Agency from 1945 through critical moments in its history, including the Cold War and its ongoing involvement in Afghanistan and Iraq.

Aid, a visiting fellow at the National Security Archives, explores the agency’s connection to the intelligence failure that occurred when evidence that NSA officials called “ambiguous” was used as proof of Iraqi WMD capability. He also details the intense debate within the NSA over its growing role under the Bush administration to spy on U.S. citizens. Don’t miss this overview of the dramatic evolution of this far-reaching spy agency.

Free! No registration required!
Join the author for an informal chat and book signing.
Can't make it? Buy the book here!

CIA applicant's arrest tops wave of China spy cases

A young Michigan man was quietly arrested last month and charged with lying on a CIA job application about his connection with Chinese intelligence, a case that drew virtually no attention outside his home state.

Glenn Duffie Shriver, 28, of Georgetown Township, Mich., tried to conceal $70,000 in payments from the Beijing government and denied his “numerous” meetings with Chinese intelligence officials, according to the government’s indictment.

Shriver’s arrest on June 22 is just the latest in a virtual tsunami of prosecutions against suspected Chinese agents in the past two years. Many cases are hidden and ongoing... more than 40 Chinese and American citizens have been quietly prosecuted -- most of them successfully -- on espionage-related charges in just a little over two years... a compendium of successful federal prosecutions involving espionage and espionage-related charges against Chinese agents... The list revealed that the Justice Department had convicted 44 individuals in 26 cases since March 2008, almost all of whom are now serving time in federal prisons. (more) (music to applaud by)

Wednesday, July 21, 2010

Bail for Bug Killer Spy?

MA - A federal judge in Worcester is pondering whether to grant bail to a 45-year-old Westborough man who, in a highly unusual case, is accused of economic espionage for allegedly sending trade secrets about insecticides to China.

Kexue Huang faces a dozen counts of economic espionage to benefit a foreign government or instrumentality, as well as five counts of interstate or foreign transport of stolen property.

Assistant US Attorney Scott Garland said only six or seven people had ever been charged with the crime. He said the value of the information that Huang allegedly passed on exceeded $100 million. (more)

Sounds outrageous, but in fairness, bail is only meant to assure the accused shows up for trial. In the article his lawyer mentions, "...his client had a wife and two children in Marlborough and they would all be willing to give up their passports as well as use the $275,000 to $300,000 equity in their home to secure his bail. "It's hard to picture the whole family moving without passports to Canada or any other foreign country," he said. "It's unlikely they would be on the lam for more than 10 minutes. ... This is a responsible person, a well-educated person [with] a good job, assets."

Really? Accused spies have a habit of evaporating recently. (more)

Tuesday, July 20, 2010

Your Very Own "Ex" Files

What do you do when your 'ex' pops up in your Web browser like a nightmare jack-in-the-box?

Create an "Ex" file!
Ah, privacy and sanity restored.
Stalkers are disposed, one "Ex" at a time.
Reduced chance of post-break-up remorse.
It's easy. It's free. It's a no-brainer that zaps your old no-brainers to the bit bin of your Internet world window.