Wednesday, February 16, 2011

Business Espionage: Quote of the Week

Kommersant, a leading financial newspaper in Russia, interviewed Raili Maripuu, WhiteRock’s Managing Director for this week’s major business trend analysis. The article is dedicated to the growing threat of industrial espionage from China and following the trade secrets theft scandal surrounding the French car producer Renault. 

Miss Maripuu explains that: "Any successful company with a value is a likely target to its competitors. Information gatherers do not necessarily choose a particular sector to attack - espionage happens across the board." (more)

Business Espionage: Ratan Tata Lashes Out Over Leaks

In an interview, Indian industrialist Ratan Tata lashed out at the government for allowing media outlets to get hold of wiretap recordings of his lobbyist's phone calls, and said strong privacy protection is needed to prevent similar episodes in the future. (more)

Sunday, February 13, 2011

Library PC Bugging Scam

In-line Keyboard Cable Logger
UK - Police are investigating the discovery of snooping devices attached to public computers in two Cheshire libraries. Staff found the keyloggers, USB devices which record keyboard activity, in the back of two PCs at Wilmslow Library and one at Handforth Library. (more)

Tip: Don't use public computers, but if you must, don't type in any confidential information, but if you must, don't use public computers. 

In-line USB Keystroke Logger
A physical search may turn up a keystroke logger, but cannot be relied upon to declare a computer is clean. Keystroke loggers are also sold embedded inside keyboards and as spyware (software), some of which instantly transmits the keystrokes to a remote location. 

Two types of physical hardware loggers are shown. ~Kevin

Business Espionage: Target - Global Energy Companies

A China-based man named Song Zhiyue has provided cheap U.S. computer servers for hackers who used everyday tools to infiltrate five multinational energy companies for as many as four years, according to a report issued by McAfee. Song, based in the Shandong Province's Heze City, in eastern China, is one of an undetermined number of other hacking specialists working normal business hours in Beijing to infiltrate the computer systems of energy companies in four countries -- the United States, Taiwan, Greece and Kazakhstan. McAfee did not identify the companies but said that Song's operation and that of the hackers has not been shut down.

Artist's conception.
The attacks are a sign of the increasing difficulty and high stakes involved in oil and gas exploration, and the extent to which some companies and countries are willing to go to get access to the fields. The purpose of the octopus-like hacking was a system that mined financial and exploration data on oil- and gas-fields that was critical to bidding for the fields, McAfee said. The attacks suggest that officials or companies in China were attempting to understand fields that were or going to be under bid; the financial and other plans of rivals that might bid on the same fields; and the equipment already at the fields or that might be used to explore or produce there. (more)

Tip: Computer hacking is supplemental to other espionage techniques, like electronic eavesdropping. Spies also want information before it gets put into the computer and the information which never gets put into a computer. Check your networks, but check your offices and phones first. ~Kevin

This week in Spy News

UK - An MP's assistant accused of spying for Russia is on course to follow in the footsteps of Anna Chapman after being offered a job at the Kremlin's English-language TV news propaganda channel.(more)

A Taiwanese general detained in what could be the island's worst espionage case in 50 years was lured by sex and money offered by a female Chinese agent, media reported Thursday. (more)

Alleged spying at French car maker Renault may have targeted the costs involved in making electric cars, its chief executive said in an interview published Friday. (more)

A court in Moldova's breakaway Transdniestria region has sentenced a Moldovan man to 14 years in jail after convicting him of espionage. (more)

India - A senior home ministry official accused of leaking sensitive information in return for sexual favours moved his bail application in a court here Friday. (more)

Italy's sex scandal mired prime minister Silvio Berlusconi has likened Italy's prosecutors, its left-leaning newspapers and TV talkshows to spies from the former communist East Germany. (more)

Pakistan - Militants killed three, including two Khasadar tribal force members, accusing them of spying, sources said. (more)

Iran - Two Americans accused of spying appeared in a closed-door Iranian court session Sunday to begin trial after an 18-month detention that has brought impassioned family appeals, a stunning bail deal to free their companion and backdoor diplomatic outreach by Washington through an Arab ally in the Gulf. (more)

German federal prosecutors have charged a 43-year-old Moroccan with spying on exiled opposition activists for his country's intelligence service. (more)

Pakistani authorities have decided to indict US diplomat Raymond Davis on espionage charge, saying he had been conducting surveillance of the Pakistan Army’s bunkers on the Eastern border with India. (more)

Two retired marines have been held captive for more than eight weeks in the Horn of Africa after a gun battle while they were escorting a merchant ship through waters threatened by pirates... they are accused of spying after being arrested by a naval vessel from Eritrea as they guarded the ship in the Indian Ocean. A dispute about their paperwork escalated and threats were followed by shots being exchanged. Two guards tried to escape in a skiff but were seized after a chase. They were, it is claimed, kept on an offshore island without food or water for more than a day before being taken back to a port city on the mainland for incarceration. (more)

OR - A student at St. Paul High School has been caught spying on the girls' basketball team by hiding his cell phone in their locker room. (more

Mark J. Hulkower, prosecutor in Aldrich Ames spy case, dies at 53. (more)

SpyCam Story #600 - Wildman on Good Behavior

Australia - A 29 year old Nelson Bay man who broke into his ex-girlfriend's home and installed a camera to spy on her has been placed on a good behavior bond.

Dane Wildman pleaded guilty in November last year to breaking into his ex-girlfriend's home to install the optical surveillance device.

He admitted to having a key cut so that he could install the small camouflage camera under the woman's bed to determine if she was seeing another man. A small child discovered the device.

The woman took it to police who downloaded nearly 400 images including one of Wildman as he installed it. (more)

First modern spy novel is still one of the best

Book review: Penguin Classics has reissued "The Riddle of the Sands" by Erskine Childers, a 1903 novel thought to be the progenitor of all modern spy novels, and still one of the best.

Childers' story of Britons trying to foil German spies takes place partly on the Baltic Sea, with which he was familiar as a yachtsman. His day job was clerking for the House of Commons, but at night he toiled away at this novel, adding a romantic subplot at the suggestion of his sister Dulcibella, whose mellifluous first name he gave to the yacht in his book.

Childers was superb at depicting action, as in this scene in which the narrator, Carruthers, senses that he is not alone on deck: "I started up involuntarily, bumped against the table, and set the stove jingling. A long step and a grab at the ladder, but just too late! I grasped something damp and greasy, there was tugging and hard breathing, and I was left clasping a big sea-boot, whose owner I heard jump on to the sand and run." (more)

How to Secure Cell Phones in Sensitive Areas

"The US Government has a requirement to properly secure any Portable Electronic Device (PED) introduced into classified processing areas...

PEDs such as cellular phones, Blackberry devices, laptop computers and PDAs have inherent technical vulnerabilities that are potentially exploitable... without the users’ knowledge. For example, microphones and photographic/video cameras built into many PEDs can be remotely activated... audio and/or visual information near the PED can either be transmitted in real-time or recorded and then transmitted at a later time. PEDs can also... wirelessly probe the surrounding area... in an attempt to connect to or map out any computer network system."

Several companies, including Vector, have come up with some ingenious products. From cell phone box and socks to portable Faraday rooms, there are solutions for every need.

Resources list:

Tip: Turn your gadget entirely off before storing it. Otherwise the phone will try transmitting signals to the cell site using its highest power level, thus depleting your battery quicker than normal.

Beware: Googling "Cell Phone Shielding" will return hundreds of sites selling quack personal radiation shielding products.

Saturday, February 12, 2011

Hackers Retaliate Against Corporate Security Firm

WikiLeaks hackers and a California-based Internet security business has opened a window onto the secretive world of private companies that offer to help corporations investigate and discredit their critics.

This week, hackers said they had penetrated the computers of HBGary Federal, a security company that sells investigative services to corporations, and posted tens of thousands of what appear to be its internal company e-mails on the Internet.

The documents appear to include pitches for unseemly ways to undermine adversaries of Bank of America and the U.S. Chamber of Commerce, like doing background research on their critics and then distributing fake documents to embarrass them. (more)

Friday, February 11, 2011

SpyCam Story #599 - Looking Up Down Under

Australia - Police say a man used a sophisticated system to secretly film up women's skirts in Sydney's CBD.

Sabapathy Chandrahasan, 56, has been granted bail after officers allegedly found more than 1,000 photos on his home computer yesterday.

He was arrested by police at Central Station yesterday, moments after he allegedly filmed a woman who was climbing stairs to a platform. (more)

Thursday, February 10, 2011

Update on Camera Man

Remember Camera Man?
 The New York University professor who implanted a camera in the back of his head was prepared for privacy-related objections by the school and his pupils. What he didn’t anticipate was resistance from a more intimate source: his own body.

Last week, Wafaa Bilal removed part of the device, saying his body had rejected it despite antibiotics and steroid treatments, according to a report in the Chronicle of Higher Education. A spokeswoman for Bilal did not immediately respond to a request for comment.

Bilal, an assistant professor at NYU’s Tisch School of the Arts, was commissioned to implant the camera in his head for one year by a museum in Qatar, part of a project that broadcasts to the museum and to a website a live stream of images snapped automatically by the device at one-minute intervals.

The 10-megapixel camera was attached to Bilal’s skull during a November procedure at a piercing studio that specializes in body modification. Three titanium plates, each with a post attached, were inserted underneath a large flap of skin on the back of his head. The camera was screwed onto the posts. But his body rejected one of the posts, causing him “constant pain,” he told the Chronicle. He had one post removed, but left the other two, and intends to replace the camera with a lighter model. (more)

CA Court - Car Computer Data Protected by 4th Amendment

The case is State v. Xinos. The question... Can the police swipe your car's black box data, without due process, after an accident and use the findings against you?

The answer... No, "We do not accept the Attorney General’s argument that defendant had no reasonable expectation of privacy in the data contained in his vehicle’s SDM (Sensing and Diagnostic Module). The precision data recorded by the SDM was generated by his own vehicle for its systems operations. While a person’s driving on public roads is observable, that highly precise, digital data is not being exposed to public view or being conveyed to anyone else. . . . We conclude that a motorist’s subjective and reasonable expectation of privacy with regard to her or his own vehicle encompasses the digital data held in the vehicle’s SDM."

Another interesting point the court made... The SDM is located inside the vehicle, not outside, so... "Thus, a warrantless search of a vehicle, or the containers within it, under the automobile exception continues to be circumscribed by probable cause." (more)

Wednesday, February 9, 2011

Five out of Seven Hacker Types also Bug & Tap

infoworld.com has identified seven types of hackers. Five of them (in bold) will also use standard electronic surveillance techniques to achieve their goals. 

Why? Because that information is fresher, it is available long before it becomes computer data... and some of it will never become computer data.

If you are only watching your computer networks, you are a day late and a dollar short. Traditional bugs and wiretaps remain spy staples. Two more overlooked attack points include Wi-Fi security (and compliance) and Internet telephony (VoIP).

Malicious hacker No. 1: Cyber criminals
Professional criminals comprise the biggest group of malicious hackers, using malware and exploits to steal money. It doesn't matter how they do it... (Eavesdropping is just another profit center.)

Malicious hacker No. 2: Spammers and adware spreaders
Purveyors of spam and adware make their money through illegal advertising.

Malicious hacker No. 3: Advanced persistent threat (APT) agents
Intruders engaging in APT-style attacks represent well-organized, well-funded groups -- often located in a "safe harbor" country -- and they're out to steal a company's intellectual property. They aren't out for quick financial gain like cyber criminals; they're in it for the long haul. Their dream assignment is to essentially duplicate their victim's best ideas and products in their own homeland, or to sell the information they've purloined to the highest bidder.

Malicious hacker No. 4: Corporate spies
Corporate spying is not new; it's just significantly easier to do, thanks to today's pervasive Internet connectivity. Corporate spies are usually interested in a particular piece of intellectual property or competitive information. They differ from APT agents in that they don't have to be located in a safe-harbor country. Corporate espionage groups aren't usually as organized as APT groups, and they are more focused on short- to midterm financial gains.

Malicious hacker No. 5: Hacktivists

Lots of hackers are motivated by political, religious, environmental, or other personal beliefs. They are usually content with embarrassing their opponents or defacing their websites, although they can slip into corporate-espionage mode if it means they can weaken the opponent. 

Malicious hacker No. 6: Cyber warriors
Cyber warfare is a city-state against city-state exploitation with an endgame objective of disabling an opponent's military capability. Participants may operate as APT or corporate spies at times...

Malicious hacker No. 7: Rogue hackers
There are hundreds of thousands of hackers who simply want to prove their skills, brag to friends, and are thrilled to engage in unauthorized activities.

Tuesday, February 8, 2011

Visit the New CIA Website

The CIA has launched a revamped website with links to YouTube and Flickr to help the public better understand the spy agency's often clandestine work, officials said.

"The idea behind these improvements is to make more information about the Agency available to more people, more easily," CIA Director Leon Panetta said in a statement on Monday.

"The CIA wants the American people and the world to understand its mission and its vital role in keeping our country safe," he said.

Although the Central Intelligence Agency's mission has always hinged on secrecy, the spy service is conscious of its public image -- partly for recruiting reasons -- and in recent years has added games and links for children on its website. (more)

Are you the right kind of person for a career at the CIA? Take this fun quiz and find out. You might be surprised by the type of people we actually hire. (QUIZ)

My quiz result... "According to your responses, you are a: Thoughtful Observer."

Dental Data Extraction

Dentist hacked into fiancee’s laptop to show she was a fantasist
A dentist loaded spyware onto his fiancee’s laptop to gather evidence against her as their relationship collapsed, a court has heard...

The High Court heard that in a desperate attempt to hang on to his assets, Mr Singh, described as a “canny businessman”, tried to exploit the spyware he placed on her pink laptop "for improper advantage". He had also "lost no opportunity to belittle and discredit" his ex-lover in court when they came face to face. (more)