Two Polls

This poll reflects the opinions of our Security Scrapbook readers.  

Which privacy invasions concern you the most? 

(Pick three.)

26% - Mobile Phone Spyware

18% - Computer Spyware

14% - Bugging

12% - GPS Tracking

11% - Covert Video (SpyCams)

6% - Wiretapping

6% - Covert Voice Recording

5% - Physical Eavesdropping

1% - Other (unspecified)

The following poll asked about smartphone security concerns. It was independently conducted by one of our Security Scrapbook readers. 

They placed their poll on two very different Web sites; one sports oriented, one more military oriented.

What's your approach to smartphone security? 

(Poll allowed users to check more than one.)

29.3% - I just don't do financial stuff with it.

15.5% - Whatever came with it is good enough. I hope.

13.7% - I added a special security program.

13.7% - OK, but who'd want to hack/eavesdrop on me?

12% - Haven't even thought about it.

10.3% - I double-check all apps before downloading.

5.0% - Not worried - Apple's got my back.

Granted, neither poll is scientifically sound or statistically significant, but the answers are interesting on an informal level. 

Thanks to all who participated. 

If you have any ideas for future Security Scrapbook polls please let me know. ~Kevin

Inception - An Industrial Espionage Dream Job

Inception opens July 16th in theaters and IMAX

Dom Cobb is a skilled thief, the absolute best in the dangerous art of extraction, stealing valuable secrets from deep within the subconscious during the dream state, when the mind is at its most vulnerable. Cobb's rare ability has made him a coveted player in this treacherous new world of corporate espionage... (more) (more)

As we've been saying all along, the final frontier of eavesdropping is mind reading. Think of the movie Inception the same way you think of _this one_ ...just with a shorter flash to bang.

Bluetooth Bites Again

UK - A British woman's lawsuit against her ex-husband claims he bugged her car to record her private conversations during the final months of their marriage.

Baksho Devi Gora of Walsall, England, filed a High Court lawsuit seeking "substantial damages" from ex-husband Harvinder Singh Gora for allegedly violating her privacy by recording private telephone conversations from her car and playing them for family and friends, The Daily Telegraph reported Friday.

They were probably made via a small device secretly attached to the Bluetooth system in Mrs Gora's car in May 2008, said her barrister, Mr Eardley. (more) (how they do it)

Spies Demise

Moscow - The 14 alleged spies deported from Russia and the U.S. remained out of public view over the weekend amid uncertainty over where they had been taken and how they would restart their lives...

Nuclear scientist Igor Sutyagin phoned his family from an unidentified hotel near London, where he is apparently confined by British authorities until a decision is made about whether he will remain in the U.K., his mother said.

The whereabouts of the others, including the 10 Russian agents expelled from the U.S. to Moscow, were unknown. (more)

Quis custodiet ipsos custodes?

via Wired.com...

We’re not sure what’s more humorous: That California Rep. Jane Harman, the ranking member of the House Intelligence Committee, maintains two unencrypted Wi-Fi networks at her residence, or that a consumer group sniffed her unsecured traffic in a bid to convince lawmakers to hold hearings about Google.

A representative for Consumer Watchdog — a group largely funded by legal fees, the Rose Foundation, Streisand Foundation, Tides Foundation and others — parked outside Harman’s and other lawmakers’ Washington-area residences to determine whether they had unsecured Wi-Fi networks that might have been sniffed by Google as part of the internet giant’s Street View and Google Maps program.

The group wants the House Energy and Commerce Committee, of which Harman is also a member, to haul Google executives before it, so they can publicly explain why, for three years, Google was downloading data packets from unencrypted Wi-Fi networks in neighborhoods in dozens of countries.(more)

Bad Guys Bug Back

Pakistan - The Farozabad Police have arrested three suspected persons and recovered bugging devices and cameras, which could have been used for terrorism. (more)

"What to do?" The First Responder Blues

The Cell Phone

dum-di-dum-dum (makes a great ringtone)

...he’s looking at a homicide. For one thing, there’s that bullet in her head. He immediately realizes that another sort of witness to this crime might be on the other end of that phone connection. He reaches through the open car window to grab the phone and thumb through its recent call history. Then he stops himself...

...He knows better than to disturb a crime scene. And he’s never seen that particular model of phone—he could potentially push the wrong buttons and destroy evidence. He needs to get that device to a forensic lab, where the information can be extracted properly, in a way that preserves not only the contacts, call histories, text messages, e-mail, images, and videos but also their admissibility in court. (more)

"What would you do?" (click here)

The Bug in the Boardroom

(music to find bugs by)

It's a hot summer Monday morning. In the offices of Mongo Industries a secretary readies the Boardroom for the weekly strategy meeting. The air conditioning has been off all weekend, and just kicked in. Then...THUNK! 

Startled, she stares under the massive table. Her eyes adjust to the dark. A small dark object with gooey strips of masking tape near the Director's chair stares back.

"What would you do?" (click here)

The employees are picking your pockets...

Thirty-five percent of companies believe that their organisation's sensitive information has been given to competitors, according to a new survey. 

Cyber-Ark Software's "Trust, Security and Passwords" global survey also found that 37 percent of IT professionals surveyed cited former employees as the mostly likely source of this loss. 

The IT security company questioned more than 400 senior IT administrators in the UK and US in the spring of 2010 for the fourth annual survey.

The survey found that the most popular sensitive information to be shared with competitors was the customer database (26 percent) and R&D plans (13 percent). (more)

"Who's your DB daddy? Say it. Say IT."

TX - A former IT senior database administrator at a Houston electricity provider was sentenced Tuesday to one year in prison for hacking into his former employer's computer network, the US Department of Justice said...

On April 30, 2008, after he was fired, Steven Jinwoo Kim, 40, of Houston, used his home computer to connect to Gexa's computer network and to a database containing information on about 150,000 Gexa customers, the DOJ said. Kim damaged the computer network and the database in the process, the DOJ said. 

Kim also copied and saved to his home computer a database file containing personal information on the Gexa customers, including their names, billing addresses, Social Security numbers, dates of birth and drivers license numbers. Kim's actions caused a $100,000 loss to Gexa, the DOJ said. (more)

USB coffee-cup warmer could be stealing your data

via New Scientist...

Are you sure that the keyboard or mouse you are using today is the one that was attached to your computer yesterday? It might have been swapped for a compromised device that could transmit data to a snooper.

The problem stems from a shortcoming in the way the Universal Serial Bus (USB) works. This allows almost all USB-connected devices, such as mice and printers, to be turned into tools for data theft, says a team that has exploited the flaw.

Welcome to the murky world of the "hardware trojan". Until now, hardware trojans were considered to be modified circuits. For example, if hackers manage to get hold of a microchip when it is still in the factory, they could introduce subtle changes allowing them to crash the device that the chip gets built into. (more)

Security Directors - You already know about the dangers of plugging in dirty USB memory sticks. Now, you need to consider the possibility that foreign governments are loading other "legitimate" USB devices with spyware at the chip level. (Hey, they did it with hard drives.) Alert the employees. Convince them to resist the "Oh, isn't it cute. Let's plug it in," temptation.

Indians Put Squeeze on BlackBerrys... again

India - Security concerns associated with the services of BlackBerry, the smartphone used by nearly a million customers in India, have come to the fore again, raising the possibility of a fresh standoff between the Canadian service provider and the government.

The government plans to give BlackBerry maker Research in Motion (RIM) 15 days to ensure that its email and other data services comply with ‘formats that can be read by security and intelligence agencies’ after its spooks recently raised a red flag against the popular handset, said department of telecom (DoT) officials familiar with the matter. (more)

Seoul Suckers Drain Life from Businesses

South Korean industrial spying cases have risen consistently, largely in the electronics industry, a center tied to the chief national intelligence agency said.

During the past six years, 203 cases have involved current and former employees who stole and tried to sell South Korean technologies abroad, the National Industrial Security Center said in a report. (more)

Spy High

UK - A university is offering a degree - in SPYING.

Students are studying organised crime and terror groups for an MSc in Intelligence Data at Coventry University.

The 12-month postgraduate course - the first in the UK - has been set up because so many students want to work in intelligence. Applications to join MI5 and MI6 have risen 90 per cent in 10 years.

The university said: "We don't teach students how to hide behind newspapers with holes cut out for eyes, but how to interpret data and build criminal profiles for police and anti-terror organisations." (more)

Interesting...

• The course is available online and can be studied either part-time or full-time. 

• Colombo is the Senior Lecturer for the Criminology portion. (Just coincidence?) 

• "...and conduct your own research project"

• Those wishing to study this course can apply online by completing this online application form. "Unfortunately we cannot process online applications from international applicants at this time. Please check our website for details of how to apply.

Answer - "You lacked a counterespionage plan."

A cautionary tale...

CA - The leaders of the California Nurses Association had barely wrapped up a news conference recently slamming GOP gubernatorial candidate Meg Whitman when they learned Whitman's campaign had been watching them the whole time.

A volunteer for the Republican had sneaked into the event held at the union's downtown Oakland headquarters and sent live streaming video back to the campaign nearly 50 miles away in Cupertino. Within hours, Whitman aides were blasting to supporters an e-mail response to the event that featured clandestine video snippets.

"I wonder who it was," union Co-President Deborah Anne Burger said after learning about the Whitman spy. "How did they get in?" (more)

Tamatebako - The Hara Kiri Thumb Drive

Losing your memory?  Get this...
Fujitsu’s has a new Secure USB Memory Device, called Tamatebako. It has 2GB capacity and supports AES 256-bit encryption and will delete its stored data after 10 minutes up to one week. 
 
It will also commit hara-kiri if told the wrong password or forced to have intercourse with an unauthorized computer. (more)

Eavesdropping on The Auditors

IA - Four employees and the owner of a failed farm implement dealership have pleaded guilty in connection with a financial scheme.

Authorities allege Walterman Implement in Dike scammed lenders through a double financing scheme, which created both real and fake loans on single pieces of farm equipment.

Leon Walterman was the former owner. The 60-year-old pleaded guilty on Thursday to mail fraud, money laundering and illegal wiretapping. (more)

Court records allege auditors' phone lines were tapped during the investigation. (more)

Eyes in the Sky: Eisenhower, the CIA, and Cold War Aerial Espionage

FREE LUNCHTIME AUTHOR DEBRIEFING AND BOOK SIGNING  

Dino Brugioni, retired senior analyst with the CIA and one of the world’s premier experts on aerial reconnaissance, reveals details of the previously untold story of President Eisenhower’s secret Cold War program to develop cutting-edge spy planes and satellites to gather intelligence. Told from his insider perspective, Brugioni sheds new light on this breakthrough program and one president’s efforts toward building an effective and technologically advanced intelligence capability.

He briefed presidents from Eisenhower through Ford. As a founder of the CIA’s National Photographic Interpretation Center, during the Cuban Missile Crisis he was a key member of the team that provided President Kennedy the evidence that the Soviets were installing missiles in Cuba.

Eyes in the Sky: Eisenhower, the CIA, and Cold War Aerial Espionage

Free!
No registration required!
Join the author for an informal chat and book signing.

International Spy Museum, 800 F Street, NW Washington, DC 20004 (more)

Is it possible that these spies were thwarted at least in part by their reliance on out-dated steganography programs?

Steganography is becoming the tool of choice for a whole cadre of criminals a lot more daunting than these putative Borises and Natashas. It’s been used to exfiltrate sensitive data in corporate espionage, state sponsored espionage, and oddly enough--by gangs. 

What’s odd here is that the SVR went with such an old-school steganography method, one that leaves traceable evidence. Because there’s a lot better stuff out there....

Instead of leaving behind an artifact of your wrong-doing for the Justice Department to download, new stego programs use ephemeral channels that disappear when the communication has been completed. It’s called network steganography. You can do it in real time, you can transmit huge amounts of data, and you can do it without leaving behind any artifacts to implicate you.

If the Russian spies had known about these new protocols, they might not have gotten caught so handily. You can bet that the non-Russian spies in the United States (insert your own xenophobia here) are using more sophisticated methods to phone home. (more)

Password Tip from Russian Spy

The FBI's case against an alleged deep cover Russian spy ring relies heavily on surveillance of their use of ad hoc Wi-Fi networks, bespoke software, encryption and the web...

The Illegals were given a steganography program by the SVR's Moscow Centre, it says. The software is not commercially available, and investigators discovered the alleged spies held copies of it by clandestine searches of their properties...

A New Jersey search uncovered a network of websites, from which the alleged spies had downloaded images.

Similarly, a search in Boston led to websites carrying steganographic messages. The texts had also been encrypted, and both the Boston and New Jersey hard drives required a 27-character password. (more)

P.S. One of the most glaring errors made by one of the spy defendants was leaving an imposing 27-character password written on a piece of paper that law enforcement officers found while searching a suspect's home. They used the password to crack open a treasure trove of more than 100 text files containing covert messages used to further the investigation. (more)

FBI arrest 10 alleged Russian spies in biggest espionage swoop since Cold War

THE FBI arrested 10 people for allegedly serving for years as secret agents of Russia's intelligence service, the SVR, with the goal of penetrating US government policymaking circles...

 

Intercepted messages showed they were asked to learn about a broad sweep of topics including nuclear weapons, US arms control positions, Iran, White House rumours, CIA leadership turnover, the last presidential election, the Congress and political parties.

The court papers made public on Monday (PDF and PDF) include details of 21st century spycraft more high-tech than anything Jason Bourne knew about... used private Wi-Fi networks, flash memory sticks, and text messages concealed in graphical images to exchange information... (more)

After a secret multi-year investigation, the Justice Department announced the arrests in a blockbuster spy case that could rival the capture of Soviet Colonel Rudolf Abel in 1957 in New York. (more)

Colonel Abel, who hide his microfilm inside a hollowed out nickel, inspired one of our client gifts... The Official Espionage Spybuster Spy Coin! Our coin holds a microSD chip and contains the official FBI story about Abel's nickel. 
(click photos to enlarge)

Russia Denounces Arrests over Alleged Espionage

Russia angrily denounced the U.S. arrest of 10 alleged Russian spies as an unjustified throwback to the Cold War, and senior lawmakers said some in the U.S. government may be trying to undercut President Barack Obama's warming relations with Moscow. (more)

Germans Concerned About Industrial Espionage

Companies failing to protect themselves from external attack risk losing their competitive edge. In the information age, the threat of industrial espionage is all too real, with thousands of jobs at stake in Germany.

Some might describe the Cold War era as the good old age of espionage. Everything was clear cut: it was West versus East, capitalism versus communism... the fine art of spying is not dead...

And when it comes to economic espionage – something that is common in this day and age – the methods are generally a touch more subtle, and the prying eyes may be more familiar than you'd think. (more)

Russians Deny Industrial Espionage in Germany

The Russian government rejected Monday claims made by Berlin that its intelligence services were actively involved in industrial espionage in Germany.

The accusations, made in the annual security report published by the Berlin Interior Ministry on June 21, were "from the Cold War era," Russian Foreign Ministry Spokesman Andrei Nesterenko said according to the Interfax news agency. (more)

Meanwhile, in the Ivory Towers...

The Netherlands' three Universities of Technology have no plans to take extra steps to prevent spying by foreign delegations, the Nederlands Dagblad reports on Tuesday.

The paper say in April the security service AIVD warned that foreign secret services are sending students to Dutch universities to gather information. In one case, half a delegation was made up of security officials, the AIVD said. 

Delft, Twente and Eindhoven Universities of Technology are most vulnerable to spying because of their focus on nuclear science, biotechnology and nano technology, the paper said.

University officials told the paper combating spying is not a task for academics. (more)

Corporate Espionage... There's an app for that.

A new report from SMobile Systems who specializes in security issues on mobile phones and in the wireless infrastructure, 20% of the available applications on Android Market allow third parties access to personal information of users.

The report says that 20% of Android applications enable third parties to access private or sensitive information that could be used by crooks for malicious purposes including identity theft, mobile banking fraud and corporate espionage. (more)