Friday, January 29, 2016

Spies Accused of Winging It, or A Very Sordid Sortie

Israel Nature and Parks Authority officials are pleading for the release of a vulture after residents of a southern Lebanese town captured the bird, claiming it was being used for spying. 

Lebanese media reported that the bird – allegedly carrying Israeli spy equipment -- was caught Tuesday to prevent it from attacking citizens in the town of Bint Jbail, according to the Jerusalem Post...

Israeli officials said the bird was released in the Gamla Nature Reserve about a month ago after arriving from Spain in 2015. The bird, outfitted with a transmitter, was brought to Israel in hopes to increase its local population, the officials added. more

P.S. They came to their senses and released the vulture.

Even Antiquarian Book Shops are Less Suspicious

A Canadian citizen who ran a coffee shop near the sensitive China-North Korea border has been charged with spying by Beijing after being kept in detention for more than a year.


Kevin Garratt... “has been accused of spying and stealing China's state secrets”, state news agency Xinhua said, citing “authorities”.

"During the investigation, Chinese authorities also found evidence which implicates Garratt in accepting tasks from Canadian espionage agencies to gather intelligence in China," Xinhua reported. more

The Defend Trade Secrets Act of 2015

Prepared Statement by Senator Chuck Grassley of Iowa
Chairman, Senate Judiciary Committee
Executive Business Meeting

The next bill on the agenda is S.1890, the Defend Trade Secrets Act of 2015, introduced by Senators Hatch and Coons.

As we learned in a recent Committee hearing, while state trade secret laws provide U.S. companies many protections, at times these laws are inadequate.

The threats trade secret owners face are coming from thieves who are able to quickly travel across state lines and who use technology to aid their misappropriation. In many cases, the existing patch-work of state laws governing trade secret theft presents difficult procedural hurdles for victims who must seek immediate relief.

Further, the pace of trade secret theft is mounting and federal law enforcement authorities don’t have the bandwidth to prosecute but a fraction of cases. This means that victims of trade secret theft cannot rely on criminal enforcement, making a civil cause of action an effective way to go after the perpetrators.

The Defend Trade Secrets Act would amend the Economic Espionage Act of 1996 to create a federal civil remedy for trade secret misappropriation, allowing for a uniform national standard without preempting state law. The bill would provide clear rules and predictability for trade secret cases. Victims will be able to move quickly to federal court, with certainty of the rules, standards, and practices to stop trade secrets from being disseminated and losing their value. By improving trade secret protection, this bill will also help to incentivize future innovation.

Additionally, Ranking Member Leahy and I will be offering an amendment to help protect whistleblowers. more

Tuesday, January 26, 2016

Security Director Alert: Check your board and conference rooms for equipment made by AMX

Lots of companies -- and even the White House -- use a conference calling system that could possibly be tapped by hackers, according to new research.

On Thursday, cybersecurity experts at SEC Consult revealed a secret doorway that's built into a popular conference calling product built by a company called AMX.

AMX makes tablet panels used to control conference calls for businesses, government agencies and universities.

The company hard-coded backdoor access into its system. AMX created a "secret account" with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.

It's a glaring security hole. more

Murray Associates Recommendation
A firmware update is available for products and systems incorporating the NetLinx NX Control platform:

NX Series Controllers
NX-4200 FG2106-04
NX-3200 FG2106-03
NX-2200 FG2106-02
NX-1200 FG2106-01
Massio® ControlPads
MCP-106 FG2102-06X-X
MCP-108 FG2102-08-X
Enova® DVX All-in-One Presentation Switchers
DVX-3256HD FG1906-22/24
DVX-3255HD FG1906-16/18
DVX-3250HD FG1906-15/17
DVX-2250HD FG1906-11/13
DVX-2255HD FG1906-12/14
DVX-2210HD FG1906-07/09

Firmware downloads require a current login and password for the AMX Account Center to access the protected Technical Documentation and Support Materials sections of the AMX by HARMAN website. Technical Support Staff within End User organizations should contact their authorized AMX Dealer or HARMAN Professional representative for assistance.

Monday, January 25, 2016

More Banksy Art, from Artsy

I received this email today and thought you might like to know...

Hi - my name is Oliver, and I work at Artsy. While researching Banksy, I found your page: http://spybusters.blogspot.com/2014_06_01_archive.html. I wanted to briefly tell you about Artsy's Banksy page, and about our mission.

Click to enlarge.
We strive to make all of the world’s art accessible to anyone online. Our Banksy page, for example, provides visitors with Banksy's bio, over 150 of his works, exclusive articles, as well as up-to-date Banksy exhibition listings. The page even includes related artist & category tags, plus suggested contemporary artists, allowing viewers to continue exploring art beyond our Banksy page.

Glad to help!
Here is another Banksy anti-surveillance piece of art.

Radar Rat, 2004
Spray paint and silkscreen on paper
14 × 14 in
35.6 × 35.6 cm
Gallery Nosco
Sold
£20,000 - 30,000 ($28,500 - $42,800)

World's Largest Bugging Device Hears What You Can't... and it may save our butts!

This desolate outpost in remotest Greenland is home to one of the world's most high-tech listening devices, tasked with saving humanity from itself.

Located along the coastline just outside the village of Qaanaaq – which bears the additional distinction of being the world's most northerly palindrome – the sole purpose of Infrasound station IS18 consists of listening to the planet's groans that occur at frequencies too low for the human ear to detect, occurring within the range of 20 Hz down to 0.001 Hz.

Click to enlarge.
Qaaanaaq's eight-element array is divided into two sub-arrays bolstered by wind reduction technology, all of which are linked to a Central Processing Facility (or CPF) that churns out data around-the-clock to a central terminal in Qaanaaq proper. But why put such an extremely space-age device in a village accessible only by helicopter, whose locals subsist largely on narwhal, seals, and polar bears?

In its most practical application, IS18 is part of a network of highly specialized sensors charged with monitoring the globe for atomic blasts, as set forth by the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO). Around the clock, the array monitors the entire world for distinctive blast patterns produced by such explosions, as their unique pattern of ultra-low frequency sound waves persist even when ricocheting through the Earth's surface. more

Saturday, January 23, 2016

Fibre Optic Eavesdropping Tap Alarm

Allied Telesis, announced that it has released an innovative security measure to prevent eavesdropping on fibre communications, 

Active Fiber Monitoring. The patent-pending technology can detect when a cable is being tampered with, and will raise an alarm to warn of a possible security breach.

Fibre-optic links are used extensively for long-range data communications and are also a popular choice within the LAN environment. One of the perceived advantages of fiber is that eavesdropping on traffic within the cable is not possible. However, it is now possible to acquire devices that can snoop traffic on fiber cables; and even more disturbing is that these devices are readily available and very easy to use.

Active Fiber Monitoring, a technology that detects small changes in the amount of light received on a fibre link. When an intrusion is attempted, the light level changes because some of the light is redirected by the eavesdropper onto another fibre. As soon as this happens, Active Fiber Monitoring detects the intrusion and raises the alarm. The link can either be shut down automatically, or an operator can be alerted and manually intervene. more

VoIP Software Used to Eavesdrop

The backdoor could allow agents, employers or third parties to listen in on conversations...

The GCHQ has developed VoIP encryption tools with a built-in backdoor, allowing both authorities and third parties to listen in on conversations.

The backdoor is embedded into the MIKEY-SAKKE encryption protocol and has a 'key escrow' built in, allowing those with authority - whether an employer or government agency - to access it if a warrant or request is made.

The backdoor was uncovered by Dr Steven Murdoch, a security researcher from the University of London, who wrote a blog about the potential snooping tool. more

Ex-San Diego Mayor Bob Filner alleges his office was bugged...

Former San Diego Mayor Bob Filner, in an interview this week, denied having sexually harassed women and claimed that his City Hall office had been bugged...

...later in the interview, he said he had "found a bug" in his office that he claimed was planted there by the city attorney. "We asked the police to look at it and they didn't want to or didn't do it," he said.

Former Police Chief Bill Lansdowne disputed that claim Tuesday, saying Filner's chief of staff approached him with the concern that there might be a recording device in the mayor's office.

Lansdowne worked with the department's intelligence unit, hired an outside company to sweep Filner's office for bugs and came up empty-handed, the former police chief said.

"We had that office checked and we came back negative. They did not find anything," Lansdowne said. more

The Top Private Investigators on Twitter in 2015

via PINow.com...
We are happy to release the Top Private Investigators on Twitter in 2015! We received a lot of nominations and saw plenty of excitement, so thank you for your participation!

Twitter is a great tool for interacting with peers, sharing legislation updates, related news, business tips, promoting associations, and more. We present this list every year to recognize those in the industry who have proved to be valuable resources to their peers, specifically on the topic of investigations. Congratulations to all 2015 list-makers!

The list is ranked based on a variety of criteria, including nominations, scores on social media sites like Retweetrank, Klout, and StatusPeople, and on scores for content, consistent activity, and more.

Thank you!
Kevin

Wednesday, January 20, 2016

Why an RFID-blocking Wallet is Something You Don't Need

via Roger A. Grimes
You don't need a tinfoil hat, either. Opportunists have exploited consumer fears to create an industry that doesn't need to exist...

(summary)

First and foremost, does your credit card actually have an RFID transmitter? The vast majority does not. Have you ever been told you can hold up your credit card to a wireless payment terminal, and without inserting your card, pay for something? For most of my friends, and the world in general, the answer is no...

If you look at the number of credit cards with RFID, you can’t even represent it statistically. It’s not 0 percent, but it’s so far below 1 percent that it might as well be 0 percent...

On top of that, most of the world is going to wireless payments using your mobile device...


But did that bad guy ever sit on the corner in the first place? Sure, I’ve seen the demos, but I’ve yet to hear of one criminal who was caught using an RFID sniffer or who admitted to stealing credit card info wirelessly. We know about all sorts of cyber crime. Why not the theft of RFID credit card information if the risk is so high?

Here's why: It would be a lousy use of a criminal mastermind’s time. Today’s smart criminals break into websites and steal hundreds of thousands to tens of millions of credit cards at a time. Why would a criminal go to the effort and expense of stealing credit card info one card at a time when you can steal a million in one shot?  more

Tuesday, January 19, 2016

Did Your Lame Password Make the Top 25 List for 2015?

Here are the most popular passwords found in data leaks during the year, according to SplashData:
  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars 
    more 

Your Old Wi-Fi Router May Be Security Screwed

...starting from the day you bought it.
 
The reason: A component maker had included the 2002 version of Allegro’s software with its chipset and hadn’t updated it. Router makers used those chips in more than 10 million devices. The router makers said they didn’t know a later version of Allegro’s software fixed the bug.
 
The router flaw highlights an enduring problem in computer security: Fixing bugs once they have been released into the world is sometimes difficult and often overlooked. The flaw’s creator must develop a fix, or “patch.” Then it often must alert millions of technically unsophisticated users, who have to install the patch.

The chain can break at many points: Patches aren’t distributed. Users aren’t alerted or neglect to apply the patch. Hackers exploit any weak link. more

Four Textbook Business Espionage Case Histories

This past year, the FBI has observed a stark increase (53%!) in the amount of corporate espionage cases within the United States... the FBI has pointed out that a major concern in corporate espionage today are “insider threats” – essentially, employees who are knowledgeable of confidential matters are being recruited by competitor companies, and foreign governments in exchange for large amounts of money at much higher rates than ever before. 

Walter Liew vs. DuPont – “titanium dioxide”
In July 2014, Walter Liew, a chemical engineer from California, pleaded guilty to selling DuPont’s super secret pigment formula that makes cars, paper, and a long list of other everyday items whiter to China.

Starwood vs. Hilton
In 2009, Starwood Hotels accused Hilton Hotels of recruiting executives out from under them and stealing confidential materials... Starwood alleged that the ex-employees had stolen more than 10,000 documents and delivered them to Hilton – the worst part being that Starwood didn’t even notice that the documents were missing until after the indictment.

Microsoft vs. Oracle
In June 1999, Oracle hired a detective agency called Investigative Group International (IGI) to spy on Microsoft – it was headed by a former Watergate investigator, if that says anything... IGI, following Oracle’s orders, sifted through Microsoft’s trash (a practice also known as Dumpster Diving)...

The following May, the same happened. This time, IGI focused its investigations on the Association for Competitive Technology, a trade group; IGI arranged for a random woman to bribe ACT’s cleaning crew with $1,200 in exchange for bringing any office trash to an office nearby – of course, the office was a front for IGI.

Steven Louis Davis vs. Gillette
In 1997, Steven Louis Davis, an engineer helping Gillette develop its new shaving system, was caught faxing and emailing technical drawings to four of Gillette’s competitors...

Sadly, these economic espionage cases aren’t shocking to most corporate executives; it’s not uncommon for rivalry companies to dumpster dive, hack, bribe, and hire away key employees. In a rush to push out new products, major corporations will do just about anything to defame their competitors. And, although a few of these cases stem from the 1990s, their spirit still holds today – as the FBI has noted that corporate espionage is no where near slowing downmore

Workplace Surveillance is Sparking a Cyber Rebellion

GPS jammers in vans, FitBits strapped to dogs — employees are fighting back.

...Worksnaps is a piece of software that takes regular screenshots of a worker’s computer screen (with their full knowledge), counts their mouse and keyboard clicks each minute, and even offers the option of capturing webcam images. The customer testimonials are worth reading. One small business owner enthuses that she was able to “find and weed out” workers who were chatting on Facebook even though she was in the US and they were in the Philippines...

There are the drivers who plug cheap GPS jammers from China into the cigarette lighter slots in their vans to confuse their companies’ tracking systems. Or the workers who strap their employer-provided Fitbits on to their dogs to boost their “activity levels” for the day. Remember the business owner who used Worksnaps to monitor her workers in the Philippines? She found they were using programs to fool the software into thinking they were working. Worksnaps had to design a tool to identify the cheaters. more

Estranged Husband Goes Under House to Bug Wife

Australia - A Wilsonton man who suspected his ex-wife was seeing another man "bugged" her home to spy on her, Toowoomba Magistrates Court heard.

The couple had been in a relationship for six years but separated last year, the court heard.

In early October, the woman had started receiving text messages from her 48-year-old estranged husband that she took as threatening and intimidating, police prosecutor Tim Hutton told the court...

...toward the end of the offending period, the victim noticed some of the text messages contained information that only she and a few people close to her knew including the sale of a horse and other private matters, Sergeant Hutton said...

When police spoke with the man on October 24, he readily admitted to having planted a recording device attached to an air-conditioning duct underneath his ex-wife's home which was connected through the floor to a microphone in the woman's bedroom, Sgt Hutton told the court. more

Monday, January 18, 2016

Cyber Crime Costs Projected To Reach $2 Trillion by 2019

‘Crime wave’ is an understatement when you consider the costs that businesses are suffering as a result of cyber crime. ‘Epidemic’ is more like it. IBM Corp.’s Chairman, CEO and President, Ginni Rometty, recently said that cyber crime may be the greatest threat to every company in the world...

In 2015, the British insurance company Lloyd’s estimated that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts over the past year put the cybercrime figure as high as $500 billion and more...

The World Economic Forum (WEF) says a significant portion of cybercrime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot. [Especially when electronic surveillance and classic corporate espionage techniques are used.] Those crimes would arguably move the needle on the cyber crime numbers much higher.

For anyone who wants to tally their own bill from cyber crime, check out Cyber Tab from Booz Allen. It is an anonymous, free tool that helps information security and other senior executives understand the damage to companies inflicted by cyber crime and attacks. more

CBS 60 Minutes - The Great Brain Robbery... and what to do about it.

The following is a script from "The Great Brain Robbery" which aired on Jan. 17, 2016 by CBS. Lesley Stahl is the correspondent. Rich Bonin, producer.

If spying is the world's second oldest profession, the government of China has given it a new, modern-day twist, enlisting an army of spies not to steal military secrets but the trade secrets and intellectual property of American companies. It's being called "the great brain robbery of America."

The Justice Department says that the scale of China's corporate espionage is so vast it constitutes a national security emergency, with China targeting virtually every sector of the U.S. economy, and costing American companies hundreds of billions of dollars in losses -- and more than two million jobs.

John Carlin: They're targeting our private companies. And it's not a fair fight. A private company can't compete against the resources of the second largest economy in the world. more

Part of the problem (worldwide) are the victims themselves. Many companies view taking steps to protect themselves an expensive annoyance. Corporate espionage is truly a national security issue, for many countries. Countering it requires an enhanced response. The old "punish the spy" solution is lopsided and ineffective. Check here for a new solution. Please spread the word.

Illya Kuryakin Writes a Spy Novel - Welcome back to the genre!

David McCallum — yes, actor of “The Man from U.N.C.L.E.” 
and “NCIS” fame — confidently embarks on a second career in his highly entertaining debut that mixes the espionage novel with the mystery thriller, Once a Crooked Man.

McCallum, 82, is no John le Carre, nor does his “Once a Crooked Man” hero, Harry Murphy, resemble George Smiley or Illya Kuryakin, the role that made the Scottish actor famous. But McCallum respects the genres’ tenets, supplying the right amount of intrigue, violence and sex for a well-plotted, action-packed tale. more

Thursday, January 14, 2016

Do You Have an IoT in the Workplace Policy? (you need one)

via Rafal Los 
It’s the beginning of the year, and for many of us that means hauling in some new gear into the office. Santa continues to bring more widgets and gizmos, and some of that stuff comes to the office with you. I think this is as good a time as any to think about the Internet of Things (IoT) and what it means for your CISO.

We’ve had an Amazon Echo at my house for a while now, since I couldn’t help myself but get on the early adopters list long ago. Truth be told, I love it. Alexa tells me the weather, keeps the twins’ Raffi albums close at hand, and reminds me to buy milk. But since my daughter has discovered her inner spider monkey, she likes to climb up on the cabinet where Alexa lives and likes to talk to her… and pull on the power cable. Also, she once turned the volume up all the way so that when I asked Alexa the weather at 6:30 a.m. I woke up the entire house…whoops. So long story short, Alexa has been unplugged, and I thought … why not take it to the office?

The find.
Here’s the issue — Echo is “always listening” so there’s that question of how welcome she would be in my office where confidential and highly sensitive conversations are a-plenty. Furthermore, Echo streams music and would need my credentials to get wireless network access. I suppose I could just use my personal Wi-Fi hotspot, but that seems like a waste. In case you’re wondering, I opted to not test my CISO’s good will, and Alexa will just have to live with my twins’ abuse. more

This is not a theoretical, I found an Echo in a top executive's office last year. He said it was a gift.

Add an IoT policy to your BYOD policy, and have us check for technical surveillance items and information security loopholes periodically. ~Kevin

American Textile Industry - Woven from Espionage

Samuel Slater, who established the United States' first textile mill in 1793, is widely regarded as the father of America's industrial revolution, having received that very accolade from Andrew Jackson. But American industry may owe as much to his fantastic memory and legally questionable sneakiness as his skill as a machinist and manager. This is the story of how the industrial pioneer earned his other title: "Slater the Traitor."

The ninth of 13 children, Samuel Slater was born in Belper, England in 1768. At age 14, he entered a seven-year apprenticeship agreement with mill owner Jedediah Strutt. He proved a clever, talented young man and quickly became Strutt’s “right hand.” During Slater’s apprenticeship, he learned a great deal about cotton manufacturing and management. He had the opportunity to work on the machines, and saw how Richard Arkwright’s spinning frame—the first water-powered textile machine—was used in large mills. Unfortunately for the ambitious Slater, Strutt had several sons of his own. As a result, Slater would not have a path to advance in the business.

In 1790, Slater decided to leave Strutt’s employment after coming across a Philadelphia newspaper that offered a “liberal bounty” (£100) to encourage English textile workers to come to the United States... Once he arrived in Rhode Island, legend has it that it took him just one year to build the complicated Arkwright machines from memory. Soon they had plenty of thread to sell and Slater’s reputation was secure. In 1793, the newly established Almy, Brown, and Slater company built the mill that would usher in the American industrial revolution. The rest is history. more

EU Law - Yes, the boss can spy on you... and what you can do about it. (updated)

The European Court of Human Rights has ruled that your boss has the right to spy on you at work.

Europe’s top human rights court ordered the handover of transcripts of private conversations by a Romanian worker on Yahoo Messenger. In this case, the employer had warned staff in its company policy that their devices were only to be used for work.

They argued: “It proved that he had used the company’s computer for his own private purposes during working hours.”

But lawyers told the Independent that your employer doesn't have to give you warning before monitoring your private correspondence. "Within the UK you can conduct monitoring without employee consent," said Paula Barrett, partner, head of privacy, at Eversheds. more

UPDATE - No, the European Court of Human Rights did NOT just greenlight spying on employees
The press has got itself carried away with a European court ruling on a labour dispute: workers' private communications are safe. more

Read both articles and decide for yourself. ~Kevin 

Your New IoT Ding-Dong Can Open Your Wi-Fi... to hackers

Getting hacked is bad, but there’s something worse than that: getting hacked because of your own smart doorbell. 

Ring is a popular smart doorbell that allows you to unlock your door from your phone, as well as see and hear visitors via a webcam.

Unfortunately for Ring, that same doorbell meant you could have had your Wi-Fi password stolen in a few minutes if someone cracked into the physical doorbell...

According to Pen Test Partners, the attack was relatively trivial... more

Wednesday, January 13, 2016

What Makes a Trade Secret a Trade Secret?

Article 39 of the Trade-Related Aspects of Intellectual Property Rights Agreement (TRIPS) provides general guidance on necessary conditions for trade secrets:
  • The information must be secret (i.e. it is not generally known among, or readily accessible to, circles that normally deal with the kind of information in question);
  • It must have commercial value because it is a secret; and
  • It must have been subject to reasonable steps by the rightful holder of the information to keep it secret (e.g., through confidentiality agreements, non-disclosure agreements, etc.). more
The "etc." part also includes providing extra security for the information, and the areas where it is generated, stored and used. Periodic Technical Surveillance Countermeasures inspections (TSCM) are a very important part of these conditions. Contact me for more information about this.

The Unofficial World's Record for Arresting Wiretappers Goes to...

Turkey - Thirty people alleged to have illegally wiretapped hundreds of Turkish officials, politicians and journalists were detained in simultaneous operations across the country early Tuesday. 

Suspects are accused of illegally wiretapping the communications of 432 people, including businessmen, journalists and politicians from the ruling Justice and Development (AK) Party, Republican People’s Party Party and the Nationalist Movement Party. more

Today in Spying - Bad Day for Spies

Iran Seizes U.S. Sailors Amid Claims of Spying more

Kuwait sentences two to death for 'spying for Iran' more

North Korea holding U.S. citizen for allegedly spying more

Senior officer quizzed on 'police spying' more

Former Skidmore security guard admits spying on woman more

Indian man sentenced to five years in prison for spying in UAE more

Man accused of spying on female neighbor with homemade selfie stick pleads guilty more

From those wonderful people who like back doors...

US - A hacker appears to have broken into personal accounts of the nation’s top spy chief.

The reported teenager is part of the group that hacked into CIA Director John Brennan’s personal emails last year and is using the new access for pro-Palestinian activism. According to Vice Motherboard, which broke the news on Tuesday, the hacker claimed to have broken into a personal email and phone account of Director of National Intelligence James Clapper and his wife. more

Sunday, January 10, 2016

Business Espionage: The Hoverboard Knockoff

The hoverboard hubbub at CES in Las Vegas Thursday was something straight out of a corporate espionage movie...

US marshals raided a booth set up by Chinese company Changzhou First International Trade. It was promoting its Trotter electronic skateboard—what Bloomberg describes as looking "like a seesaw with one big wheel in the middle."

The problem: Silicon Valley startup Future Motion says the product is a knockoff of its own Onewheel skateboard, invented and designed by Kyle Doerksen.

"When we got word that a company was exhibiting a knock-off product, we engaged in the formal process, which involved sending a cease and desist letter and ... getting a restraining order ... then enforced by the US marshals," Doerksen tells the BBC. more

Business Espionage: Employee's Steal Bends Steel Company With Her Bare Hands

Australia - On the day long-serving BlueScope software development manager Chinnari Sridevi "Sri" Somanchi was to be made redundant in June 2015, she was suddenly busy on the phone.

For the next two hours her redundancy meeting was delayed while Ms Somanchi was locked on the lengthy call, as her manager circled her desk trying to get her attention.

What the company did not know at the time, and now alleges, was Ms Somanchi was spending those precious hours downloading a cache of company secrets so financially important to BlueScope it has launched emergency legal action in the Federal Court of Australia and Singapore, where she is now based, to stop the information falling into the hands of its competitors.

The case of alleged international espionage has left the company reeling.

Ms Somanchi has been accused this week of downloading a trove of company documents – about 40 gigabytes – over a four-year period, including the codes she allegedly downloaded just before her redundancy meeting.

BlueScope is now trying desperately to retrieve "highly sensitive and commercially valuable" information allegedly stolen by Ms Somanchi, who it describes as a disgruntled former employee...

The case of alleged international espionage has left the company reeling and urgently seeking a judge's help to find and destroy trade secrets before they fall into the hands of competitors.

Losing its customized software to a rival firm would so badly damage BlueScope that it was not seeking penalties because "it is difficult to see how damages could adequately compensate BlueScope for the loss",
a senior manager's affidavit said. The business unit at risk generates $US45 million in turnover each year. more

Business Espionage: Former Cardinals Executive Pleads Guilty To Hacking Astros

Chris Correa, the former scouting director of the St. Louis Cardinals, has pleaded guilty to five criminal charges in connection with unauthorized access of the Houston Astros' database.

Correa appeared before a U.S. district court judge in Houston on Friday and had his sentencing hearing scheduled for April 11.

The maximum penalty for each of the five counts, The Houston Chronicle reported, is up to five years in prison, a fine of up to $250,000 and restitution. more

Buy Banksy Spy Art - Get a free House

Consider yourself a bargain hunter with a penchant for modern art? Well why not buy a Banksy mural for just £210,000 ($304,900 UDS) and to sweeten the deal the owner will throw in a three-bedroom house.

A property in Cheltenham, Gloucestershire, featuring the artist's Spy Booth piece is on the market after its stressed owner said he was sick of the circus caused by the mural.

Spy Booth shows three 1950s-style agents, wearing brown trench coats and trilby hats, using devices to tap into conversations at a telephone box. more - with video
click to enlarge


Monday, January 4, 2016

"Official? Nah, I'm just hanging out here."

UK government wants to send tech companies officials to jail 

for disclosing snooping details on users.

Under a new sweeping law, many tech companies like Twitter, Yahoo and Google may face prison if they tip off their customers about spying operations by police and the security services.

These tech giants have a policy of notifying users when it’s suspected that a state-level actor is attempting to hack into their account. Twitter, Facebook and Google had previously assured their users that they would also warn them of any potential government spying. more

Surveillance Cameras Get Twittered

There is an air of mystery when you first notice @FFD8FFDB...

The Twitter bot tweets a grainy, context-free picture escorted by a line of peculiarly formatted gibberish every few minutes.

Only after you begin digging into the actual working of the bot that it becomes clear that the project is developed on a profoundly disquieting foundation that throws light on one of the major privacy escapes in the modern telecommunication set-up.

Basically, the software behind @FFD8FFDB browses the Internet for webcams whose operators have left them unsafe, taking screenshots from the feeds, and then tweets them. more

Time to check your surveillance cameras for password protection. ~Kevin

Et tu Earhart?

A new book about Amelia Earhart contains the controversial claim that she wasn’t really killed when her plane crashed in the middle of the Pacific in 1937 but instead was taken prisoner by the Japanese as a spy...

...she and navigator Fred Noonan vanished without a trace during an attempt to circumnavigate the globe.

What happened to the duo and their twin-engine aircraft during the round-the-world bid has remained one of aviation’s enduring mysteries.


Now ‘Amelia Earhart: Beyond the Grave,’ by WC Jameson, which is published tomorrow, January 5, makes the controversial claim that Earhart was actually sent to the South Pacific on a surveillance operation that had been authorized by United States President Franklin D. Roosevelt.

Mr Jameson claims that her plane was fitted with cameras with which to film Japanese military outposts and that she was actually shot down and taken prisoner.

He also claims that she was released in 1945 and returned to the United States under an assumed identity.

This flies in the face of the long-standing official theory that the pair ran out of fuel and crash landed in the middle of the Pacific Ocean near Howland Island. more

A Tale of Two Spy Cams

Despite the fast-moving pace of technology, there is one thing that's fairly uncommon, and that is a USB-powered speaker.


It's something that just simply isn't seen very often, and for fairly obvious reasons. Now, why am I pointing this out? Well, if you happen to encounter what looks like a normal computer speaker and there's a USB cord coming out the back of it, you should probably be a little suspicious about the speaker's true intentions.


After removing the back... That white thing is not a speaker -- it's actually a web cam. Someone created this unique spy speaker with bad intentions. more

Sometimes, spycams pose as legitimate web cams. 

I came across this recently...

Clue. Legitimate web cams don't need infrared LEDs positioned around the lens.  ~Kevin

Sunday, December 20, 2015

Irony Alert: Video Voyeur Sentenced - He Was Caught Spying by Spying

Former Border Patrol agent Armando Gonzalez was sentenced to 21 months in federal prison for planting a hidden camera in the women’s restroom at a Chula Vista Border Patrol facility. 

The camera, which Gonzalez used to violate the privacy of female employees who used the restroom, was discovered when he made reference to it in an email sent from his personal account to a friend and fellow voyeur-cam enthusiast...

Back Stories...
  • Department of Homeland Security’s surveillance of private emails credited with discovery of Border Patrol agent’s hidden camera voyeurism...
  • Further, drone footage taken through Mr. Gonzalez’s bedroom window clearly shows him viewing the camera’s digital feed on this personal computer. more

The Spy Pen in the Pen, or... Why You Need a Recording in the Workplace Policy

In March, state computer technician Rob Jones was on a routine job assignment at Maury Correctional Institution east of Goldsboro, working on a computer in an office used by private maintenance contractors.

Jones wanted to write a note but did not have a pen, so he grabbed one from the desk and clicked it.

Instead of a protruding pen point, Jones saw a blue light. He clicked again and the light changed to amber.

Jones didn’t know what the pen was, but he apparently knew it didn’t belong inside a maximum security prison. Jones took the pen to his office, unscrewed the top and found a USB plug. When he plugged it into a computer he saw the pen was actually a video camera.

Spy cameras, like cellphones and weapons, are contraband in prison. Jones gave it to his supervisors, whose investigation showed that a maintenance worker employed by The Keith Corp. brought the spy pen into the prison.

The investigation found that Andrew Foster, the top Keith employee at Maury, used the camera several months before to secretly record a meeting with the prison superintendent, whom Foster believed had mistreated him. Foster sent the recording to his bosses in Charlotte, who watched it but did not report the contraband to prison officials. more

P.S. I provide a "Recording in the Workplace" policy template (no charge) to all my clients.

Smartphone App: Record, Store & More

There are plenty of apps for recording your phone calls, but Yallo one has some extra tricks... like adding a subject line to your phone call. 
  • "Not urgent if you're busy."
  • "Emergency. Pick up."
  • "Quick question, promise."
  • "This is the kidnapper."
The full feature set... 

iPhone Call Recording App features:
  1. Outgoing Call Recording
  2. Free Incoming Call Recording - Unlimited!
  3. Saved on a Secure Cloud - Free Up Space
  4. Truly Unlimited Call Duration
  5. Keep Your Caller ID
  6. Mark Favorite Calls
  7. Custom Call Title 

Android App features:
  1. Go Yallo: No cell reception? No problem! With Go Yallo you are still available for calls to your regular number via WiFi and Yallo. 
  2. For the Record: Record and playback your calls, send them to your email, HD call quality. Save calls and listen later. Forward a recorded call to somebody else. Search based on keywords and phrases used in the call. 
  3. Call Caption: Want to let someone know why you’re calling so they can decide to pick up or not? Call Caption is the answer. Write a quick message that gives someone the context in advance.
  4. Existing Phone Numbers Welcome: No need to get a new number or transfer your existing one. Yallo works with your current number.
  5. Flexible: Make any device your phone, regardless of where your SIM card is. Out of juice or lost your phone? No problem. Log into Yallo on someone else’s phone and voila! it is your phone. Outgoing calls have your caller ID and incoming calls to your regular number, now come to your newly adopted phone.

The Ultimate Smartphone Brain Sucking Spider

As Razyone describes its product, "InterApp is a game-changing tactical intelligence system, developed for intelligence and law enforcement agencies, enabling them to stealthily collect information from the cloud using smartphone application vulnerabilities."

InterApp can allow its operators to break into nearby smartphones that have their WiFi connection open, and then, employing a diverse arsenal of security vulnerabilities, gain root permission on devices and exfiltrate information to a tactical server.

InterApp can steal passwords and data from targeted smartphones.

According to Rayzone, InterApp can steal a user's email address password and content, passwords for social networking apps, Dropbox passwords and files, the user's phone contact list, and his photo gallery.

Additionally, the gadget can also acquire the phone's previous geographical locations and plot them on a map, IMEI details, MSISDN data, MAC address, device model, OS info, and personal information on the target, such as gender, age, address, education, and more...

Even better, InterApp's hacking operations leave no forensics traces on a target's smartphone, or so Rayzone claims. more

Thursday, December 17, 2015

A History of Privacy - From 1844 to the NSA

An extraordinary fuss about eavesdropping 
started in the spring of 1844, when Giuseppe Mazzini, an Italian exile in London, became convinced that the British government was opening his mail.

Mazzini, a revolutionary who’d been thrown in jail in Genoa, imprisoned in Savona, sentenced to death in absentia, and arrested in Paris, was plotting the unification of the kingdoms of Italy and the founding of an Italian republic.

He suspected that, in London, he’d been the victim of what he called “post-office espionage”... more

Wednesday, December 16, 2015

From Ear Trumpets to Listening Urns: 2,500 Years of Chinese Bugging

Wee Kek Koon says, in light of Hong Kong University Council leaks, that China has a long history of clandestine recording.

Given the number of audio recordings involving members of the University of Hong Kong council leaked recently, one fears Hong Kong will become a place where everybody either watches what they say or chooses not to say anything for fear of being tried and fried by public opinion. The obvious question – who’s been doing the recording? – on everyone’s minds notwithstanding, it can’t be that hard to screen for listening devices.

Illustration: Bay Leung

Clandestine listening devices in ancient China were simple cylindrical tubes pressed against the wall, which gave rise to the saying geqiang you’er (“the walls have ears”).

“Listening urns”, which were detailed in a military treatise some 2,500 years ago, were used on battlefields to provide advance warning of enemy approach. A wide-bodied urn would be buried with its small opening above ground, over which a thin piece of leather was stretched. By pressing one’s ear to the leather, one could detect the direction from which an enemy was approaching. For precision, huge urns were used, with someone sitting inside, at times. The visually impaired were preferred, for their supposedly acute sense of hearing. more

Bugging Incident - Episcopal Church COO Placed on Administrative Leave

via David W. Virtue DD
The Presiding Bishop of The Episcopal Church, Michael Curry, has suspended his right hand man, COO Bishop Stacey Sauls, and placed him on administrative leave along with two other senior church officers over what is being described as "misconduct in carrying out their duties as members of senior management of the Domestic and Foreign Missionary Society."

No one will give information about the exact nature of the incident...

A tape-recording device had been concealed and was running, Barlowe told a shocked room. Council members were exhorted to look under their tables to see if anything was taped. The hidden tape recorder was found on the floor near the lead table where top church leaders had been seated throughout Executive Council... No surveillance cameras that might have recorded someone hiding the recorder were found.

Who would possibly want to bug a church that is dying and has already passed all the hot button issues at various General Conventions? What is there left to bug, pray tell? Apparently a lot.

The incident resembles something out of an episode of Fawlty Towers, when Fawlty (John Cleese) bugged a guest's room to check how much toilet paper was being used. more

VPN Equip All Your Devices... especially if you use public Wi-Fi

To put it simply, a Virtual Private Network (VPN) is a service or program that allows a device to connect to a secure offsite server over a network using an encrypted, “tunnel-like” connection.

It allows the user’s IP address to be masked, providing a layer of all-important privacy and anonymity. Besides, the encryption of the connection is generally of such a high-grade that any data transmitted can be considered perfectly safe. Originally used for businesses, companies offering VPN services to consumers started to form, realizing the immense security benefits that users can reap from the service.

They are used by everyone from families at home who want to make sure no one can track their online habits to a journalist who doesn’t want people or governments to know where they are. Travelers love them in particular due to the safety they grant one on unknown networks. The underlying thread is protection, and running a quality VPN on your computer is a surefire way to make yourself safer and protect your personal information. more

The First Clip on a Spycam is Usually the Perp

LA - Baton Rouge Police detectives are attempting to identify a man who is believed to have placed a small video camera in the men’s urinal at the office building of 4000 S. Sherwood Forest.

According to police, the camera was found by a male using the restroom.

The camera was retrieved and an analysis was completed in which the image of this individual was observed.

Anyone with information on the identity of this individual is urged to contact the Special Victims Division at 225-389-3853 or Crime Stoppers at 225-344-7867. video

The Smallest Cameras Keep Getting Smaller

Misumi Electronics Corp. specializes in spy applications, surveillance systems, industrial inspection, and medical applications.

Monday, December 7, 2015

Field Reports from the Blue Blaze Irregulars - iPhone & Micro TV News

Your iPhone Keeps a List of Everywhere You’ve Ever Been. Here’s How to Delete It 





Your iPhone lists all of the exact locations of the major cities you’ve been recently.beneath every location you’ve visited, it lists the number of recorded visits in a certain time period. If you click on a location, it will list out all of the times and dates of your visit.  more

Want to turn it off? Here’s how:
  1. Go to the Settings menu, select Privacy
  2. Select Location Services
  3. Scroll down (really far) to the bottom (keep going) and select System Services
  4. Scroll and select Frequent Locations
  5. Get sufficiently creeped out by how much your iPhone knows about you
  6. Select ‘Clear History’ and swipe the Frequent Locations tab left
 (Submitted without comment.) ~BBI 62521


The Smallest Camera in the World
Medigus has developed a range of micro CMOS (complementary metal-oxide semiconductor) and CCD (charge-coupled device) video cameras, including micro ScoutCam™ 1.2, which to the best of the company's knowledge, is the smallest in the world. more

While these are intended to some degree for medical use they can be used for any “special” need. When you get down to the nano-sized cameras, the potential is mind-boggling. There are cameras now in insect-like drones too that would probably land on your shirt to save power. Hmmm…that buzzing in your ear is a camera!  ~BBI 77377

Saturday, December 5, 2015

Security Director Alert: A Brilliant Answer to Shredding Security Worries, and Cost

Epson Develops the World's First Office Papermaking System
Turns Waste Paper into New Paper 
  
PaperLab promises to revolutionize office recycling by securely destroying documents and turning them into office paper using a dry process.

Seiko Epson Corporation has developed what it believes to be the world's first compact office papermaking system capable of producing new paper from securely shredded waste paper, without the use of water.

Epson plans to put the new "PaperLab" into commercial production in Japan in 2016, with sales in other regions to be decided at a later date.

Businesses and government offices that install a PaperLab in a backyard area will be able to produce paper of various sizes, thicknesses, and types, from office paper and business card paper to paper that is colored and scented.

Until now enterprise has had to hire contractors to handle the disposal of confidential documents or has shredded them themselves. With a PaperLab, however, enterprise will be able to safely dispose of documents onsite instead of handing them over to a contractor. PaperLab breaks documents down into paper fibers, so the information on them is completely destroyed. more



This could be the biggest information security news of the year for many corporations and government agencies. ~Kevin

Being Ordinary Saves Apple from Wiretapping Charge

CA - A federal judge Monday found no evidence that Apple's failure to deliver text messages sent via iMessage to non-iPhone users amounts to wiretapping.

U.S. District Judge Lucy Koh... wrote. "Defendant does not 'intercept' the message within the meaning of the Wiretap Act by erroneously classifying the message as an iMessage."

Koh agreed with Apple that its server falls under the Wiretap Act's "ordinary course of business" exception, saying the evidence, redacted and undisputed by both sides, showed that the iMessage server never operated outside its ordinary functions. A device acting within the ordinary course of business, Koh wrote, cannot form the basis of a Wiretap Act claim. She granted Apple's motion for summary judgment.  more