Allegations police chief secretly recorded conversations

LA - Reaction to Monroe Police Chief Ron Schleuter’s use of a digital recorder to secretly record conversations with Mayor Jamie Mayo and other local officials is one of disbelief.

“I’d be pretty upset if that happened to me,” said West Monroe Mayor Dave Norris. “I find it very disappointing.”

It has been reported that Schleuter recorded West Monroe Police Chief Chris Elg...

 

The media reported last week that Schleuter, who could not be reached, made possibly 100 recordings, including meetings with Mayo, city attorney Nanci Summersgill, city councilmen and Elg. (more)

Cop Out Your Car with a Black Box Recorder

If you have security responsibility for your company's limos, vans or truck fleet, this SeCube USA Vehicle Security DVR may interest you...

Records the front view and the interior view. Documents locations on google maps with the GPS feature. G-force sensors record shock, accelerations and decelerations.

Time to Review Your Computer Usage Policies

Companies should spend the time to review computer usage policies. There have been a few impactful court decisions that should address expectations of privacy and permissible access.

Examples:

• Quon v. Arch Wireless Operating Co. Inc.,
529 F.3d 892 (9th Cir. 2008), 2009 WL 1146443 (2009)

• Stengart v. Loving Care Agency Inc.,
408 NJ Super. 54 (NJ App. Div. 2009) 

• LVRC Holdings LLC v. Brekka,
581 F.3d 1127 (9th Cir. 2009)

...via Rob Kleeger - The Intelligence Group

Students + Keystroke Logger...

...What could possibly go wrong?

MD - Students at a Potomac high school hacked into the school's computer system and changed class grades, according to sources briefed by the school's principal, and officials are investigating how widespread the damage might be... The students involved used a computer program to capture passwords from at least one teacher, according to school sources familiar with the situation who spoke on the condition of anonymity because of the sensitivity of the situation. (more)

Business Espionage - Wall Street's Spy Games

Eamon Javers, author of Broker, Trader, Lawyer, Spy, says spying is pervasive in corporate America and especially on Wall Street as firms try to get a competitive advantage against each other. View the interview, then hire a good counterespionage consultant.

...thus creating future Wall Street's Spy Games

NYC - The American International Toy Fair began today. This is the annual event where toy makers show off new offerings that will make their way into next year's stockings. Previews from toymakers and interviews with analysts make clear that the focus is on innovation and price....

Jakks Pacific is offering some high-tech spying gear for kids in its Spy Net line, including a video spy watch for $54.99 and a Pen Audio Bug for $24.99. Yes, they're just what they sound like — miniature video and audio recorders. (more)

"Serial Bugger" or "Dude, shut up!"

Australia - A Gold Coast man who installed hidden cameras to try to spy on his flatmates now claims he felt pressured to plead guilty to the offence by his lawyer, and he has a secret recording of their conversation that he says proves it. (more)

How to Spy on a Fashion Show?

Bury a spycam in your hair!

(video)

From the Art imitates life file: "Eavesdropping is...

"Eavesdropping is the easiest form of investigation in Assassin's Creed." - via Assassin's Creed wiki

Business Espionage - Goldman Sachs

NY - A former Goldman Sachs Group computer programmer was indicted Thursday on charges he stole computer codes used for proprietary high-frequency trading program. 

Sergey Aleynikov, 40 years old, was charged in a three-count indictment with theft of trade secrets, transportation of stolen property in interstate and foreign commerce and unauthorized computer access.(more)

Internet Steganography - Data Under the Radar

7:00 p.m., Shanghai

An employee of an electronic equipment factory uploads a music file to an online file-sharing site. Hidden in the MP3 file (Michael Jackson's album Thriller) are schematics of a new mobile phone that will carry the brand of a large American company. Once the employee's Taiwanese collaborators download the file, they start manufacturing counterfeit mobile phones essentially identical to the original—even before the American company can get its version into stores.

3:30 p.m., somewhere in Afghanistan

A terrorist hunted by the U.S. Federal Bureau of Investigation posts an excerpt from the motion picture High School Musical Three: Senior Year on Facebook. Inside are hidden instructions for a bomb attack on a commuter rail line in southern Europe. Later that day, terrorists based in Athens follow the instructions to plan a rush hour attack that kills hundreds of people.

4:00 a.m., Malibu, Calif.

A very famous actor (VFA) has a brief conversation with a well-known director (WKD) over Skype, an application that lets them make free voice calls over the Internet. They discuss the medical problems of VFA's cat in great detail. When the conversation is over, WKD's computer has a sleazy new addition—in a folder on his desktop, there is a picture of a nude teenager, along with her mobile number and the date and time at which WKD will meet her at VFA's pool party for a photo session.

What all these scenarios have in common is an information-smuggling technique called steganography—the communication of secret messages inside a perfectly innocent carrier... (more)

Roll Your Own Drone

via David Schneider...

This new branch of the [model airplane flying] hobby goes by the name first-person view, or FPV for short...

Having read up about this activity at such sites at DIYDrones.com and FPVPilot.com, I was eager to give it a try. I purchased a tiny SN555 video camera for US $129 from Hobby Wireless, an online seller of FPV gear. While there, for another $95 I also bought a diminutive 0.5-watt video transmitter and a matching receiver tuned to 910 megahertz, which is well separated from the frequencies used for radio-controlled model aircraft in the United States (72 MHz and 2.4 gigahertz).

The big question was what model to use. I ended up with a plane called the Twin Star II, which is manufactured by Multiplex Modellsport of Bretten-Gölshausen, Germany. It normally retails for $150, but I picked up a kit for this model at the bargain price of $86 from BP Hobbies of Piscataway, N. J. (more with video) (another high roller)

Conviction in First U.S. Economic Espionage Trial

A Chinese-born engineer convicted in the United States' first economic espionage trial was sentenced Monday to more than 15 years in prison for stealing sensitive information on the U.S. space program with the intent of passing it to China.

Dongfan "Greg" Chung, a Boeing stress analyst with high-level security clearance, was convicted in July of six counts of economic espionage and other federal charges for storing 300,000 pages of sensitive papers in his Southern California home. Prosecutors alleged the papers included information about the U.S. space shuttle, a booster rocket and military troop transports. (more)

Business Espionage - Samsung v. Hynix

The number of people facing charges related to the passing of process technology secrets from Samsung Electronics Co. Ltd. to Hynix Semiconductor Inc. has risen to 18 according to a Sapa-AP report. 

It was revealed last week that a number of employees at Applied Materials' Korean subsidiary are alleged to have stolen manufacturing process technology details for DRAM and NAND flash memory as well as investment plans for chip production, and passed them to a Hynix employee who has also been indicted. The information was passed to Hynix between March 2005 and December 2009 and has cost Samsung more than $100 million, earlier reports said. (more)

The Chips are Down

Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks...

Tarnovsky figured out a way to break chips that carry a "Trusted Platform Module," or TPM, designation by essentially spying on them like a phone conversation. Such chips are billed as the industry's most secure and are estimated to be in as many as 100 million personal computers and servers, according to market research firm IDC. (more)

Business Espionage - Bristol-Myers Squibb Co.

A former employee of Bristol-Myers Squibb Co. is being charged with stealing trade secrets from the pharmaceutical firm in an attempt to create a competing company in India, according to the federal government. 

U.S. Attorney Richard S. Hartunian and the Federal Bureau of Investigation said in a statement that Shalin Jhaveri, who worked at Bristol-Myers from November 2007 until Tuesday, stole numerous trade secrets from the company. If convicted, he faces up to 10 years in prison and a $250,000 fine. 

It's unclear what sort of information Jhaveri is alleged to have taken from the company. He worked as a technical operations associate at the company, according to a press release. (more) (FBI press release)

SpyCam Story #568 - Community Control?

OH - A Fostoria lawyer who had a pinhole camera in the restroom at his office was placed on community control for four years yesterday and ordered to pay a $5,000 fine. Sitting in Seneca County Common Pleas Court, visiting Judge Russell Wiseman of Crawford County also ordered Donald Guernsey, 57, to undergo a psychological evaluation and any ordered treatment. (more)

...thus adding insult to injury.

IL - An Elizabeth man is awaiting a court date in Jo Daviess County Circuit Court following charges of battery and eavesdropping.

According to court records, on Jan. 4, Brian D. Tessendorf, 33, knowing and intentionally caused bodily harm to his ex-girlfriend and mother of his child...

The day after the incident, Tessendorf allegedly used an eavesdropping device to record at least two different telephone conversations between him and the battery victim without her consent, a class 4 felony in Illinois that carries a maximum penalty of three years in prison and $25,000 for each count. (more)

Business Espionage - Famous Last Words

NY - A former state lottery official is accused of eavesdropping on a confidential meeting in an apparent retaliation attempt after he was fired from his $148,000-a-year position.

John Charlson, 46, of Saratoga Springs, was the public information officer for the Division of Lottery from June 2007 until he was terminated Jan. 13, 2009, for failing to be a team player. Lottery executives say Charlson, who was responsible for media and public relations, supervised his staff poorly and made inconsistent statements.

A report released Tuesday by the state Inspector General’s office found that after being fired, Charlson accessed 16 Lottery e-mails and forwarded out-of-context information on video lottery terminals to state Racing and Wagering Board chairman John Sabini. He’s also accused of eavesdropping on lottery officials by using his former state code to dial into an executive meeting and conference call held nearly a week later.

Charlson reportedly told Lottery Director Gordon Medenica “you’re going to be sorry,” upon being fired. (more)

Shocks from down under...

Darwin, Australia - An internal police investigation has been launched after a security camera was allegedly used to "zoom in on the rear of a lady" in Darwin's CBD. CCTV equipment at the Darwin police station has been disabled until software is installed to keep a record of the officer controlling the equipment at the time. (more)

NSW, Australia - Australia Post has been accused of secretly monitoring Sydney postal workers using computerised street-side red letter boxes in breach of NSW surveillance laws. But the postal service says it is entitled to spy on its staff because it is not subject to state laws. (more)

USB Memory Stick Failed Encryption - UPDATE

In our January story, USB Crypt Stick - design flaw, or... design back door discovered, several USB stick manufacturers were identified as having their encryption cracked. Subsequently, two clients asked me to research this. They wanted to know if the flawed encryption included all encrypted USB stick manufacturers.

So far, I have found one manufacturer who affirms their crypt-sticks remain secure.

from their press release...

"In response to the reports that certain hardware-encrypted USB flash drives have been hacked on Monday, Jan. 4, IronKey, maker of the world's most secure flash drive, today announced that its devices are not vulnerable to the serious architectural flaw that has compromised many 'secure' USB storage devices. IronKey customers remain safe." (more)

Imagine getting this far without a roadmap!?!?

"Networks are like roads," Michael Markulec explains. "And we provide the road map."

Markulec's company, Lumeta, is about to start drawing maps that will reveal every intersection, cul-de-sac and IP address in the U.S. military's vast and sprawling NIPRNet (Non-classified Internet Protocol Router Network). The "non-classified but sensitive" network is used around the world by several million U.S. personnel and about 10 million devices, Markulec said.

IPSonar, will find and identify all devices on the NIPRNet and tell network operators how they are interconnected, Markulec said. "Without that knowledge, you can't manage the network. And if you can't manage it, you can't secure it."

Mapping isn't IPSonar's only talent. The software, which is costing the Defense Department more than $10 million, also searches for leaks. (more)

By the way, do you know what electro-leaches have latched on to your LANs, your Wi-Fi networks? Help is out there.

Business Espionage - The Cost of Spying II

News Corp. agreed to pay $500 million to settle an ongoing, four year, lawsuit initiated by Valassis charging anti-competitive practices. Insert printer Valassis sued News Corp.'s News America Marketing unit in three separate cases, alleging price fixing and other predatory practices. Last year a jury in Michigan awarded Valassis $300 million in that case...

Last year, News America Marketing was accused by Floorgraphics Inc. Hamilton, NJ, of corporate spying. Floorgraphics, a producer of graphics placed on retails stores' floors, accused News America of illegally accessing its computer system and obtaining proprietary information, and disseminating false, misleading and malicious information about the company to its clients. The case was settled, and then days later News Corp. purchased Floorgraphics for an undisclosed sum. (more)

Business Espionage - The Cost of Spying

Italy - Telecom Italia and former parent Pirelli on Monday said they agreed to settle a criminal probe into a suspected spy ring that used phone data records, freeing the companies from lengthy court proceedings.

Italian newspaper Corriere della Sera said Pirelli and phone giant Telecom Italia agreed to pay 7.5 million euros ($10.43 million dollars) in the plea bargain deal filed on Saturday. (more)

Snitch Culture Rule Switch

MD - A Maryland delegate is proposing changes to state wiretap law after he was inspired by two filmmakers who claimed to be a pimp and prostitute seeking tax advice while surreptitiously taping ACORN staffers in Baltimore.

Delegate Richard Sossi, an Eastern Shore Republican, wants to provide immunity for people who intercept a wire, oral or electronic communication that provides evidence of the commission of a felony.

Right now in Maryland, it is illegal to record private conversations unless both parties consent to the taping. (more)

This is one way to deter James O'Keefe from showing up at your political headquarters with a team of fake telephone technicians with hidden cameras.

Pssst... (BARTNICKI v. VOPPER (99-1687) 200 F.3d 109) already accomplished this in a 2001 Supreme Court ruling. 
 "Privacy of communication is an important interest. However, in this suit, privacy concerns give way when balanced against the interest in publishing matters of public importance. One of the costs associated with participation in public affairs is an attendant loss of privacy."  
See Extortionography.

Drew Peterson Tapes?

IL - A teen who was a neighbor of the late third wife of former Bolingbrook, Ill., police Sgt. Drew Peterson testified Monday that Kathleen Savio was terrified of her husband and felt that the police department was not doing enough to help her...

Nick Pontarelli, 19, testified during the pre-trial hearing in Joliet, Ill., that Savio, found dead at home in 2004, feared Peterson was bugging her telephone calls and showed him tapes that she believed were recordings of her calls, the Breaking News Center reported.

They're Bolder in Boulder

CO - A 37-year-old man has been accused of stalking his ex-girlfriend by repeatedly sneaking into her residence over a period of months, installing voice recorders in the home, spyware on her computer and sending her threatening e-mails.

Sarah Huntley, spokeswoman for the Boulder Police Department, identified the suspect as Christopher Spiewak of Boulder.

Huntley said Spiewak is being held for investigation of domestic-violence related to stalking, second-degree burglary, computer crimes and repeated harassment. (more)

Business Espionage - Government Bugs Taps & Hacks

UK - The security service MI5 has accused China of bugging and burgling UK business executives and setting up “honeytraps” in a bid to blackmail them into betraying sensitive commercial secrets...

The warning to British businessmen adds: “Hotel rooms in major Chinese cities, such as Beijing and Shanghai, which are frequented by foreigners, are likely to be bugged ... hotel rooms have been searched while the occupants are out of the room.”  

It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.” (more)

The Bigger Picture - Many countries engage in business espionage. Bug and wiretap attacks happen more in the business's country than in the spying country – that's where the strategic conversations are held. If your organization does not have a coherent counterespionage strategy yet, consult with a specialist before your pockets are picked, and your executives fall victim to blackmail. Good start... Regularly scheduled inspections of your offices for electronic surveillance devices an espionage vulnerabilities.

Detecting Unwanted Cell Phone Use

There are places when you just don't want cellular communications... financial trading floors, certain hospital areas, conference and Board rooms where sensitive meetings are held, to name a few. "What's the solution?"

Forget the obvious. Although radio-frequency jamming gadgets are easy to obtain, they are not legal here in the United States.

Here is what you can do...

• Establish a written "no wireless" policy for your organization.

• Set up a system for storing electronic communications gadgets before allowing entry into a secured area.

• Alternatively, ask people to turn off their communications devices.

• Monitor compliance. "How?"

Here are two detection methods...

General Alert - Install a low-cost cellular receiver (SureSafe, pictured above). It will trip an alarm, turn on a light, or make a voice announcement whenever it detects a cellular transmission within its 1-20 meter range. (more)

Specific Alert - This pricier system, called AirPatrol, can pinpoint on a computer map (to ≈2 meters) where the offending device is located. It can also be used to locate rogue Wi-Fi devices. Very cool! (more)

Press Tapper Convicted

Italy - Giuliano Mignini, the chief prosecutor in the Meredith Kercher trial, has been convicted of abuse of office and bugging the phones of journalists. 

Mr Mignini, who succeeded in having the American student Amanda Knox jailed for 26 years for murdering her British flatmate in Perugia in 2007, was convicted in relation to a separate case regarding a notorious serial killer known as the Monster of Florence.

He was sentenced by a Florence court to a year and four months in prison, but will remain free pending the two stages of appeal available to him under Italian law and will be allowed to continue working. (more)

ZigBee Eavesdropping

Software error in ZigBee radio modules facilitates eavesdropping.

As reported by developer Travis Goodspeed on his blog, a weakness in the way Z-Stack, Texas Instruments' open source wireless communication protocol stack used in its ZigBee radio modules, generates pseudo-random numbers makes it easier for an attacker to eavesdrop on encrypted communications. This is not the first occasion on which Goodspeed has hit the headlines for his cryptographic analyses of ZigBee modules.

The weakness allows attackers to eavesdrop on wireless communications for devices such as automation systems and sensors and potentially even to access these devices. The vulnerability is of particularly concern in view of the widespread use of smart electricity meters in the USA. Some electricity providers use ZigBee to transfer data from electricity meters to base stations. (more)

Wiretapping at the DMV

A published report says North Carolina's former Division of Motor Vehicles commissioner had telephone equipment installed that would let them eavesdrop on calls to any phone line at the agency's headquarters. The News & Observer of Raleigh reported Friday that the technician who installed the equipment testified about the system before a federal grand jury. George Tatum, who resigned as DMV commissioner in 2007, did not respond to phone messages and an e-mail seeking comment Friday. (more)

UPDATE

Federal authorities are investigating whether the former commissioner of the state Division of Motor Vehicles illegally wiretapped the phone calls of agency employees.

George Tatum, who resigned in 2007 amid a corruption scandal, had a special telephone in his office that allowed him to listen in on the calls of his subordinates without their knowledge, according to current DMV officials. Greg Lockamy, who retired unexpectedly last year after serving as the agency's internal affairs director, also had a phone set up for secret eavesdropping.

State law forbids intercepting phone calls without a warrant unless at least one person in the conversation is aware the monitoring is taking place.

Tatum, now the director of emergency management at Fayetteville State University, did not respond to repeated requests for comment this week...

Brent Parrish, a telephone technician at DMV, was subpoenaed to appear before the federal grand jury hearing evidence in a wide-ranging investigation of former Gov. Mike Easley. Parrish said Tuesday he testified Sept. 16 about the special features on Tatum's phone...

Parrish, the technician, said the DMV phone system allows managers supervising the agency's call center to monitor conversations with the public. Those calling the DMV with questions about license renewal and other issues hear a recorded disclaimer informing them their calls might be monitored for quality assurance.

Parrish said Tatum and Lockamy also had the function installed on their phones, allowing them to listen in on any phone line at DMV headquarters, including those of other high-ranking administrators.

The technician said the function allowed Tatum to program his phone so that a "busy light" would indicate when particular lines were in use. The commissioner could then pick up his phone and press a button to listen to the call, with his handset automatically muted. Those on the line would have no indication their call was monitored. (more)

Espionage Flash: Wiretappers Caught in the Act

LA - Alleging a plot to wiretap Democratic Sen. Mary Landrieu's office in the Hale Boggs Federal Building in downtown New Orleans, the FBI arrested four people Monday, including James O'Keefe, a conservative filmmaker whose undercover videos at ACORN field offices severely damaged the advocacy group's credibility.

Also arrested were Joseph Basel, Stan Dai and Robert Flanagan, all 24. Flanagan is the son of William Flanagan, who is the acting U.S. Attorney for the Western District of Louisiana, the office confirmed. All four were charged with entering federal property under false pretenses with the intent of committing a felony.

According to the FBI affidavit, Flanagan and Basel entered the federal building at 500 Poydras Street about 11 a.m. Monday, dressed as telephone company employees, wearing jeans,  fluorescent green vests, tool belts, and hard hats. When they arrived at Landrieu's 10th floor office, O'Keefe was already in the office and had told a staffer he was waiting for someone to arrive.

When Flanagan and Basel entered the office, they told the staffer they were there to fix phone problems. ...the staffer gave Basel access to the main phone at the reception desk. The staffer told investigators that Basel manipulated the handset. He also tried to call the main office phone using his cell phone, and said the main line wasn't working. Flanagan did the same.

They then told the staffer they needed to perform repair work on the main phone system and asked where the telephone closet was located. The staffer showed the men to the main General Services Administration office on the 10th floor, and both went in. There, a GSA employee asked for the men's credentials, after which they stated they left them in their vehicle.

The U.S. Marshal's Service apprehended all four men shortly thereafter. (more) (FBI Press Release) 

Spybusters Tip # 623 - Do not allow service people on your premises until you can verify who in your organization called them, and why. Photocopy their credentials. Conduct your proactive inspections for bugs and wiretaps, quarterly.

SpyCam Story #555 - Along Came Jones (Update)

MI - A former Brighton City Councilman charged with spying on female employees has entered a plea in the case. 54 year old Richard Gienapp, the owner of Mexican Jones restaurant in Brighton, pleaded guilty Friday to one count of surveillance of an un-clothed person. In exchange, prosecutors dropped two separate counts of installing and possessing an eavesdropping device.

The prosecution also agreed to not issue any other charges involving computer images of child sexually abusive material.

State Police say Gienapp placed a camera in an office at the restaurant where he spied on a female employee as she undressed. He faces up to two years in prison when he is sentenced on March 4th.

Gienapp has been in and out of court all month in separate cases. Last week, he pleaded guilty to failing to conspicuously post notice of his alcohol license being suspended at his restaurant. He was also recently convicted of filing a false police report. He was sentenced to 10 days of community service and 12 months of probation but soon filed a motion for a new trial, which was rejected by 53rd District Court Judge Theresa Brennan. (more) (original)

Man Bites Dog Story

China Accuses U.S. of Cyberwarfare
In the wake of a recent speech by U.S. Secretary of State Hillary Clinton condemning countries that censor the internet and engage in hacking, China has lobbed a return volley and accused the United States of hypocrisy and initiating cyberwarfare against Iran. (more)

Thursday is International Data Privacy Day

On January 28, 2010... Search Engine Startpage.com Introduces Free Anonymous Web Browsing

Startpage, the self-proclaimed "world's most private search engine", and its E.U. brand, Ixquick will release a new proxy service that allows users to surf the web with complete privacy. The proxy lets users browse websites safely and anonymously, without passing on any private, personally identifiable information to the websites they view.

The Startpage proxy is a free service that works in conjunction with the Startpage search engine, available at www.startpage.com. When users perform a search, they will find a clickable "proxy" option below each search result. When this option is selected, Startpage acts as an intermediary to retrieve the page and display it in a privacy-protected Startpage window.

The proxy offers complete anonymity, since the user never makes direct contact with the third-party website. The user's IP address is invisible to the viewed website. In addition, the website cannot see or place cookies on the user's browser. (video)

How Not to Handle a Bug Find

LA - West Feliciana Parish Sheriff J. Austin Daniel said Friday he asked State Police detectives to investigate a report of a listening device being planted in a Police Jury office.

Daniel said determining who planted the device may be difficult because a Police Jury employee took it apart and removed a battery.

The sheriff also said the device was found around Thanksgiving but was not reported to him until after Christmas. (more)

How to handle a bug find... (here)

So, a trusted employee is starting a new company.

Business espionage often begins closer to home than you think.

Over three decades, I have heard this too many times... "I think my employee is stealing business and is planning on competing with me. What should I do?"

This is pretty much a textbook case...
• Employee starts a side business using the employer’s resources, methods, client lists, and often client products.
• Employee plans to leave when business is self-sustaining.
• Employee quietly recruits other employees.
• Employee leaves, or is discovered and is fired.
• Over time, other employees desert to go work for the ringleader, taking even more intellectual property.
• Covert lines of communications remain open between the two businesses: employee chit-chat, room bugs, telephone wiretaps, computer spyware, unauthorized access to email/voicemail, etc.
• The employer takes appropriate investigative/legal steps... or slowly bleeds to death.

Recommendations:
• Act quickly and firmly.
• Secure personnel records and back them up off-site. Especially important: Non-compete agreements, termination agreements, signed copies of company rules, etc.)
• Take any collected evidence to an outside attorney to determine a course of action for investigation, employee termination and possible prosecution.• Document evidence of business diversion. (Talk to customers openly, or indirectly. Consider setting up a sting.)
• Monitor and back-up their business e-mails, if legal in your state.
• Conduct a survey for electronic surveillance devices and other counterespionage vulnerabilities. (Hire the best specialist you can find. You may only get once chance to do this part correctly.)
• As soon as possible, conduct a forensic examination all their company-owned computer devices. (Computers, PDAs, Cell phones, etc..) Hire the best specialist you can find. You may only get once chance to do this part correctly.

• Upon termination of the first rogue employee, conduct interviews with remaining employees (with your attorney). Let them know the full ramifications of intellectual property theft.
• Notify customers of personnel changes.
• Quickly, introduce replacement personnel.
• Notify recently departed customers of the situation, and warn them (nicely) of potential ramifications (if any) from dealing with renegade employees.
• Develop a marketing device to keep remaining customers loyal.
• Monitor competition for future compliance.

Your situation may require additional, or alternate, steps. Partner with a counterespionage specialist for direct advice. ~Kevin

Passwords stink... Face It

A Japanese company that specialises in face recognition technology has claimed the need for security passwords and identity swipe cards may soon become a thing of the past. Omron is working on software that scans faces to help recognise customers and employees. (more)

If we are not in your Boardroom...

...keep quiet, and put in a few of these.

The best move you can make for any Boardroom which isn't regularly swept for bugs... "Get down, and Boogie."

Improv Electronics has re-invented the old "Magic Slate."

Their version, called Boogie Board, is a pressure-sensitive tablet. It uses a watch battery for power, and only when the erase button is pushed. The secret is a Reflex LCD which doesn't need any power to keep the written secrets on the screen. The watch battery will last for 50,000 erases; cost $29.97. (more)  
(Pssst... The Apple iPad will cost a whole lot more and provide less security.)

Limited Time Offer...

Use Murray Associates to clear your Boardroom on a quarterly basis this year and we'll supply a Boogie to Board members - FREE. We are always fun, and get the job done.

--------

Did You Know?
• In the early 1920s, R.A. Watkins, the owner of a small printing plant in Illinois, was approached by a man who wanted to sell him the rights to a homemade device made of waxed cardboard and tissue, on which messages could be printed and then easily erased by lifting up the tissue. Watkins wanted to sleep on it, and told the man to return the next day. In the middle of the night, Watkins's phone rang and it was the man calling from jail. The man said that if Watkins would bail him out, he could have the device. Watkins agreed and went on to acquire a U.S. patent and rights, as well as the international rights for the device, which he called MAGIC SLATE. (via DrToy.com)

• (April, 1987) American journalists meeting with Soviet dissidents in Russia have occasionally used Magic Slates as a way of communicating. And last week, even the U.S. government bought the idea. In fact, Rep. Dan Mica (D-Fla.) and Rep. Olympia J. Snowe (R-Maine) received special instructions from the State Department to take the 99-cent toys with them on their recent inspection tour of the U.S. Embassy in Moscow. "An aide ran out to the local Toys 'R Us store and picked up a dozen," said John Gersuk, Mica's press secretary.

Now, not only has the child's toy put an unexpected kink in the multibillion dollar world of espionage, but it also has the $12-billion toy industry taking notice. (more)

"The best defense is a good... no, wait, uhhhh..."

Despite the objections of senior intelligence leaders, the White House National Security Council has instructed U.S. spy agencies to make intelligence gathering for China less of a priority. The move lowers China from "Priority 1" status to "Priority 2."

Intelligence leaders are concerned that the shift will hinder initiatives to acquire secrets about the Chinese government's military and its cyberattacks.

Anonymous administration officials say the policy is part of the White House's overarching effort to cultivate a friendlier, more constructive relationship with Beijing. But critics within the government charge that strategic intelligence on China will be downgraded over time, undoing what officials say are crucially necessary efforts to accrue more knowledge about China's political, economic, military, and intelligence operations. (more)

GSM Bugs, or Cell Phones Gone Wild

If you are not already familiar with GSM Bugs, I could go over it again, or you could listen to this dangerous-sounding woman...
(These bugs are flooding the market; less than $60. on eBay.)

By the way...

New for 2010 at Murray Associates, is our in-house designed GSM Bug locator.

Our instrument instantly detects and plots the location of GSM Bugs on a computer map. Without this technology, mostly-dormant GSM Bugs range from difficult to impossible to find.

Murray Associates new investigative technique (Digital Surveillance Location Analysis™) is now part of our advanced TSCM inspection audits. Bonus... our new instrumentation also locates rogue Wi-Fi stations on our client's networks.

Not a client, yet?
Become one.
You won't find this level of security elsewhere.
Start here.

SpyCam Story #567 - HomerCam

IL - An Elgin man who admitted placing a spy camera in the women's bathroom at his workplace was sentenced Wednesday to two years of nonreporting probation, and no jail time, by a judge who indicated his lack of criminal record spared him a worse punishment. 

(He) had faced a maximum three years in prison after pleading guilty in December to a felony charge of unauthorized video recording stemming from the July 31 discovery of the pen-size camera in a washroom at Ridgefield Industries, near Crystal Lake.

Authorities said (he) recorded one female co-worker, but mostly what was recorded was himself looking into the lens while trying to figure out how to operate the camera ("Doh!"). The camera was discovered by another co-worker and turned over to police. (more)

IBM = I Be "M"

Its purchase of an intelligence firm signals boom time in the spy business.

International Business Machines's move Wednesday to purchase National Interest Security Company (NISC) shows that the technology sector believes it can find growth servicing the government with high-end intelligence services. (more)

The "Why Us?" Question

"My company is regulated, with little to no R & D, no manufacturing, and only a very limited exposure in the competitive wholesale markets. In your professional opinion, what is our exposure or risk in regards to industrial//corporate espionage?"

Your question about espionage exposure is one I hear quite often; "Why us?"

Just as every person has uniqueness — their personality, list of friends, list of enemies, list of things someone might want to steal, etc. — corporations are unique as well. While I don't know much about the characteristics of your particular company, I can hazard a few rough guesses about possible corporate espionage risk areas...

• Media interest – Reporters digging for information to make headlines. A public safety issue, for example, might prompt a full expose on the company's policies, maintenance procedures, employee health epidemiology data, etc..

• Activist Group Interest – Media reports always have the potential to spark activist groups. Catalysts include: safety issues, regulatory issues, price increase hearings, etc.

• Stockholder Interest – When a price increase hearing is not favorable (possibly due in part to activist lobbying) predicted earnings may fall below expected levels, thus sparking stockholder unrest and desire for change. To support their case, collection of internal information becomes a priority for them.

• Construction Interest – Construction contracts usually incorporate a bidding process. The higher the stakes, the more desire for inside information. If espionage is successful, the company pays more than necessary and runs the risk of purchasing inferior products and services. Due diligence on this point alone is especially important if your construction impacts the public, in any way.

• Mergers & Acquisitions – Inside information means big $$$ to many outsiders.

• Intellectual Property Protection – Any unique advantage that makes your business profitable is a target for outsiders. They can make money by stealing it, or even just neutralizing it.

• Lawsuit Strategy – Inside information from the Legal Department means big $$$ to the opposition.

• Labor / Management Issues – Contract negotiations create periods of very high-risk. Also consider this... Your Personnel Department is involved with a multitude of high-value situations (every day) where meetings, conversations and other 'real-time' decision-making conversations and data hold immense value to outsiders.

I am sure I can come up with a few more examples, but this should get you started.

Recommendation – Identify key physical areas impacted by the above. Provide these areas with quarterly or biannual (or a mixture) counterespionage audits. In addition to providing specific sensitive work environments with heightened privacy protection, you will have shown due diligence; necessary for obtaining 'business secret' status for your side in court.

A Counterespionage Strategy is an important element in every corporate security program. Thank you for asking.

~Kevin

The Latest Surveillance Video Winners

The winners are in for the top three surveillance videos of the quarter... (videos)

Business Espionage - Starwood vs. Hilton

Starwood Hotels & Resorts Worldwide Inc. Thursday raised new allegations about the role of top Hilton Worldwide executives in an escalating corporate-espionage case.

Starwood sued Hilton and two former Hilton executives last April, alleging that they stole more than 100,000 documents containing "competitively sensitive information" and used it to pursue a rival to Starwood's successful "W" hotel chain.

On Thursday, it filed an amended complaint in U.S. District Court, White Plains, N.Y., claiming that Hilton's misconduct reached the highest levels of the McLean, Va., chain's management, including its chief executive officer, Christopher Nassetta, and its head of global development, Steven Goldman. The complaint says that the alleged theft was known to and condoned by at least five of the ten members of Hilton's executive committee. A Hilton spokeswoman declined all comment. (more)

Burglar Leaves Present... that keeps on giving.

Australia ...police are investigating a computer crime they is the first of its type in the state. A man broke into a recruitment company's premises recently and stole cash and equipment. (nothing new so far) Police say security vision revealed he was in the office for several hours and installed software on a computer. They say the software could have allowed him remote access to sensitive information. (more)

Moral: Treat all security alarm calls (even if "false" and "nothing taken") as espionage events. ~Kevin

Close Your Windows... and they still see in.

A widespread but highly targeted cyber-attack shows that all versions of Windows can be compromised by a determined hacker - right now.

The consensus is that the attack came from Chinese-sponsored agents, using every trick they could to hack specific, profiled targets. These weren't your usual criminals aiming the daily blind scattergun at a huge swathe of Windows users, hoping to find those without anti-virus software, or running unpatched and outdated versions of Windows.

No, they pointed their laser sights at selected Western technology company staff, who were more likely running fully-patched versions of Windows and Internet Explorer. And, it's fair to suggest, with their corporate PCs fully equipped with modern anti-virus software.

And yet still they got in...

The hackers used a combination of social engineering - for example, spoofing an email to appear to come from a trusted colleague - along with zero-day vulnerabilities in all versions of Microsoft's swiss-cheese browsing device, otherwise known as Internet Explorer.

‘Zero-day vulnerability' is of course a euphemism for ‘a barn-sized security hole in the software to which the maker is entirely oblivious'. The software maker's screw-up is discovered by a would-be intruder, who uses it to walk in and effectively own the computer.

The suggestion is that this particular attack was industrial espionage, with the aim of stealing corporate technology secrets - all without the target ever aware that their PC was leaking its juicy contents to a distant spy.

(more)

Social Networking - Another Tenticle of Corporate Espionage

Social networks have become a goldmine of information for companies skilled in the art of connecting the dots - a little-noticed development that is beginning to concern companies.

Main Points...

• (Some companies) have an all too clear understanding of the impact social media data has - and are mining it for competitive purposes.

• ...unlike corporate espionage and hack attacks, it is legal, according to Bob Fox, head of a competitive intelligence program for Canadian entrepreneurs." he says (via the Globe and Mail).

• ...advises firms to monitor competitors' comments in the media, on industry blogs, at conferences and, yes, on social networks like Twitter and Facebook... These sites are potential gold mines for competitors that want to better understand client and partner relationships.

• A key question in most investigations is relationships - who knows who, who is transacting business with whom, she said. Connecting these dots becomes much easier when people link to their friends for all the world to see. Twitter especially can be valuable in this way.

• People aren't using nearly as much discretion as they should - they will mention a project they are working on on Twitter. If a competitor is watching, it could pick up valuable nuggets of information.

• New hires can also be telling - information that is readily found on LinkedIn.

• Corporate 'spying' has never been easier - companies and organizations have little or no control over the information their employees share on social networks, and individuals generally make no distinction between public or confidential corporate data that they disseminate.

(more)