Thursday, February 17, 2022

Spybuster Tip # 712: How to Thwart Off-Site Meeting Spies

The National Executive Council of the Academic Staff Union of Universities, on Sunday, changed the venue of the meeting... A reliable source said the venue was changed due to the fear of bugging of the auditorium by secret agents of the Nigerian government. more



RIP: Peter Earnest

Peter Earnest, a veteran of the CIA’s Cold War clandestine operations who ran agents in Eastern Europe and the Middle East, then helped promote and preserve the history of espionage while serving as the founding executive director of the International Spy Museum in Washington, died Feb. 13 at a hospital in Arlington, Va. He was 88...

Mr. Earnest acknowledged that his personality sometimes made it difficult to spend years working undercover. “It’s hard when you’re an open person by nature,” he told Washingtonian magazine in 2013. “In some cases, people say, ‘You don’t seem like a spy.’

“The best spies don’t seem like spies.” 

In a video interview for the Spy Museum, Mr. Earnest described what he called “my Bond moment” at the CIA, in which he slipped out of a black-tie reception at the home of an asset and bugged the person’s office. Lying on his back, with a handkerchief positioned on his chest to catch the shavings, he drilled small holes in the bottom of the target’s desk and installed a recording device. more

 

US Football Team Settles Video Voyeurism Suit for $2.4 Million

THE DALLAS COWBOYS paid a confidential settlement of $2.4 million after four members of their iconic cheerleading squad accused a senior team executive of voyeurism in their locker room as they undressed...

Each of the women received $399,523.27 after the incident. One of the cheerleaders alleged that she clearly saw Richard Dalrymple, the Cowboys' longtime senior vice president for public relations and communications, standing behind a partial wall in their locker room with his iPhone extended toward them while they were changing their clothes... Dalrymple gained entry to the back door of the cheerleaders' locked dressing room by using a security key card.
more

What Could be the Penalty for Posting a Spycam Video to the Net?

WV - A former Logan County resident pleaded guilty today to a federal wiretapping charge. According to court documents and statements made in court, Randall Dwight Holden II, 33, admitted to secretly recording a video of a woman engaged in sexually explicit conduct in her Logan County home on November 25, 2017. The video was later uploaded to the internet without the victim’s knowledge. The video was one of several secretly recorded videos that Holden had created and posted online depicting the victim. Holden is scheduled to be sentenced on June 2, 2022 and he faces up to five years in prison. more

Monday, February 14, 2022

An Update on AirTag and Unwanted Tracking

APPLE - We’ve become aware that individuals can receive unwanted tracking alerts for benign reasons, such as when borrowing someone’s keys with an AirTag attached, or when traveling in a car with a family member’s AirPods left inside. We also have seen reports of bad actors attempting to misuse AirTag for malicious or criminal purposes.

Apple has been working closely with various safety groups and law enforcement agencies. Through our own evaluations and these discussions, we have identified even more ways we can update AirTag safety warnings and help guard against further unwanted tracking...

Advancements Coming to AirTag and the Find My Network
The following updates represent important steps Apple is taking... more

Saturday, February 12, 2022

Why You Rarely Hear About Corporate Espionage

Corporations really hate publicity about their information security failures.
The smart ones sweep to mitigate the chances of failures.
The others just sweep the failures under the rug. 

Case in point...

Spanish power company Iberdrola is suing the holding company of business news site El Confidencial over coverage of an industrial espionage case, a move the site's director says threatens its survival.

The multinational energy firm, which is seeking $20 million in damages, said that for more than two years up to November 2021, El Confidencial published 225 stories on the espionage case, including 68 that harmed the company and 12 that were untrue.

The company contends the reports were a "violation of its right to honour," a term that in Spanish law refers to reputational damage. more

VR Headset Hacks Could Steal Sensitive Information

Researchers at Rutgers University-New Brunswick have published “Face-Mic,” the first work examining how voice command features on virtual reality headsets could lead to major privacy leakages, known as “eavesdropping attacks.”  

The research shows that hackers could use popular virtual reality (AR/VR) headsets with built in motion sensors to record subtle, speech-associated facial dynamics to steal sensitive information communicated via voice-command, including credit card data and passwords.

To demonstrate the existence of security vulnerabilities, Chen and her fellow WINLAB researchers developed an eavesdropping attack targeting AR/VR headsets, known as “Face-Mic.” more

Foreign Spies Use Dating Apps... to access government secrets

Foreign spies are using Tinder and other dating apps to recruit Australians with access to sensitive government secrets. ASIO boss Mike Burgess made the alarming revelation while delivering his annual threat assessment, in which he also warned identifying anti-vaccine activists who could turn violent was proving difficult. more

---

The National Security Service of Armenia (HAAT) has detained 19 people suspected of being members of an "espionage network" in the South Caucasus nation. The HAAT said on February 10 that dozens of servicemen in different units of the the armed forces may have been involved in the activities of the spy network, which worked for an unspecified nation.

According to the security agency, recruitment took place via an online dating service through which Armenian servicemen who possessed classified data and documents would eventually join the spy ring. more

9 Potential Signs of Corporate Espionage

If you suspect that your business has been a target of corporate espionage, it's essential to take action immediately — from doing an in-house investigation to hiring a private professional

If you see any of the below signs, don't ignore them, but also take care not to make any unfounded accusations or statements. Keep your thoughts closely held and get the evidence first...

1. Unexplained or sudden changes in practices
2. Changes in business relationships
3. Unusual computer activity
4. Becoming defensive or secretive about work
5. Equipment or files go missing
6. Unexplained drops in sales or profits
7. Employees quitting suddenly
8. Accessing computer files without permission
9. Corporate secrets leaked to the press more

School Principal Arrested - Facing Felony Eavesdropping Charge

The Lee County Virtual School Principal faces charges for illegally recording a meeting.

It is an unusual case of consent because Florida Statute 934.03 talks specifically about the interception and disclosure of wire, oral or electronic communications prohibited. “Florida is a two-party consent state,” said FGCU Professor Dr. David Thomas. Lee County Sheriff’s deputies arrested (him) for recording a meeting without permission. more

Ford Wants to Hide Spy Drones in Autonomous Cars

Among the many challenges facing the autonomous car industry is how to keep an eye on the condition of the vehicles while they're out and about.

Ford's patent would use drones to inspect autonomous cars. Interior cameras, like those installed in the latest Tesla models, can make sure passengers aren't damaging the cabin, but what about the outside of the vehicles?

Ford, which co-owns the Argo AI autonomous car company that's planning to launch a ride-hailing service soon, has now patented a way to do just that. more

Hidden Wisconsin Restaurant Serves Espionage Fun With Food


A truly exceptional themed restaurant needs to go further than some wall decor and select menu items, it needs to provide a full theme experience, something that the SafeHouse Restaurant and Bar in Milwaukee, Wisconsin seems to have nailed completely. Let's put it this way, when you arrive at the 'hidden' SafeHouse, you need to provide a password to gain entry, but once you get inside the real show begins. more

Personal recommendation... The Mission Impossible - Go rogue with this mission. A large fishbowl filled with Bacardi Superior Rum, Roaring Dan's Dark Rum, orgeat, lemon, orange, pineapple, and grenadine - serves 2 spies nicely or 1 brave agent. more

Wednesday, February 9, 2022

GSM Eavesdropping Bugs: A Recent Find in a Corporate Office

While on lockdown, businesses and individuals must think about their unoccupied premises and possessions. Now that we are coming out of this lockdown and going back to work, Gurpreet Thathy and Mike Moran give their thoughts and go through a recent case with a client last week...

Mike and his team conducted a ‘sweep’ of the offices in conjunction with our Cyber Audit. We identified a GSM eavesdropping device planted within a boardroom during the critical areas’ in-depth physical and electronic search. This device was cunningly disguised as a 3-way extension adapter which was fully operational.

A closer examination of the adapter revealed a SIM card and a microphone connected. The client was immediately informed, and as per our standard operating procedure (SOPs), the device was isolated from the infrastructure, bagged, tagged, and handed over to our internal forensic team to investigate.

The forensic investigation of the SIM card revealed dialled and received calls. more

What is a GSM Bug?  When was the last time your organization conducted an inspection for one?

Leaked Tapes Reveal Corporate Espionage


Testimony that Vatican officials engaged in corporate espionage sheds new light on the breakdown of the London property deal.

Luciano Capaldo is a property developer who was closely involved in the Vatican’s Secretariat of State plans for the London London property deal at 60 Sloane Avenue...

Capaldo told investigators that he had access to surveillance cameras inside Torzi’s offices for some time.  

So he passed information and images to Monsignor Mauro Carlino, a former official at the Secretariat of State currently indicted for extortion and abuse of office. The access, Capaldo said, came via a mobile phone app for which he had the login details. more

Investigation-driven Findings Identify Major Spikes in Industrial Espionage Incidents

 Key findings of the DTEX Systems 2022 Insider Risk Report include:

  • The ‘Super Malicious Insider’ accounted for 32% of malicious insider incidents...

  • 72% year-over-year increase in actionable insider threat incidents;

  • 42% of actionable incidents were related to IP and data theft, including industrial espionage incidents related to the theft of trade secrets, source code, and active collusion with a foreign nexus;

  • 75% of insider threat criminal prosecutions were the result of remote workers;

  • 56% of organizations had an insider data theft incident resulting from employees leaving or joining companies;

  • +200% year-over-year increase in data loss associated with users taking screenshots during confidential Zoom and Microsoft Teams meetings; and

  • +300% year-over-year increase in employees utilizing corporate assets for non-work activities.

For more than a decade, insider threats have been categorized as either malicious, negligent or compromised. Based on the findings of the DTEX i3 team, a fourth persona has emerged—the Super Malicious Insider. 

The Super Malicious Insider is a technically proficient employee who is acutely aware of an organization’s cyber security architecture, solutions, and processes and who understands both the technical and human analyst limitations in detecting insider threat indicators. more

It is time for your organization to implement a corporate counterespionage plan.