Do Company Execs Know Sensitive Data When They See It? Many in IT Say No

Today’s companies, clearly very good at collecting data, seem “less savvy when it comes to how to classify and manage it.”

That’s the conclusion of a survey among 100 IT executives and others conducted by global consulting firm Protiviti, which finds that there is “limited or no understanding of the difference between sensitive information and other data” at nearly a quarter of the companies participating in its survey.

The report is titled “The Current State of IT Security and Privacy Policies and Practices." Its topics: how organizations classify and manage the data they accumulate; specifically how they ensure customer privacy when they handle sensitive data, and how they comply with federal and state privacy laws and regulations. (more)

Jamming on the Bus, or The Cell Phone Vigilante

PA - A man in Philadelphia decided he'd had enough with listening to his fellow bus passengers blab away on their cellphones. But instead of buying himself some noise-cancelling headphones or politely asking people to pipe down, he chose to fight back with a handheld device that jams their signals.

"I guess I'm taking the law into my own hands," he told NBC10, which caught him red-handed with the illegal jammer, "and quite frankly, I'm proud of it."

Those who ride the bus with the man say he should be ashamed, not proud. (more)

Certified Ethical Hacker (CEH) Course Growing

India - "We started ethical hacking courses in 2009 with five students which has increased to approx 200 students today," said Jyoti Chandolia, assistant manager, corporate education sales at Udyog Vihar-located Mercury Solutions Ltd, the first ethical hacking training centre to come up in the city authorised by the International Council of E-Commerce consultants (EC-Council).

"Hacking is not legal in India and this particular course can distinguish black hat hackers (bad guys) and white hat hackers (good guys) after being certified as a Certified Ethical Hacker (CEH). The main objective behind this is to make people aware that CEH course is not all about how to hack but also to scan and protect IT systems and networks of an organisation," she added.

The EC-Council is a member-based organisation that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous CEH, Computer Hacking Forensics Investigator (CHFI) as well as many others programmes, that are offered in over 60 countries through a training network of more than 450 training partners globally. (more)

Former US Marine, Accused CIA Spy, to be Re-tried in Iran

Click to enlarge.

Iran’s Supreme Court has overturned a death sentence for spying handed down to a former U.S. Marine, Amir Mirzai Hekmati, ISNA news agency reported on Monday quoting a top judiciary official.

“The sentence was overturned by the Supreme Court … The case has been sent back” to the court for retrial, prosecutor general Gholam Hossein Mohseni Ejei told a press conference, ISNA reported. (more)

Poison Text Messages and Malicious Mobile Apps on the Rise

Nearly one in five mobile phone users have experienced some type of security threat with their device. That's the finding of a Cloudmark survey of 1,000 cellphone users, scheduled to be released Tuesday.

Poison text messages, nearly non-existent in the U.S. a few years ago, grew 300% in 2010 and 400% in 2011, accounting for about 1% of all text messages. "We've gone from totally clean to a trickle," says Rachel Kinoshito, head of Cloudmark's security operations. "Most people are seeing about one a month."

That foothold is part of a broader concern. Variations of scams that infest the Internet, through PC browsers, have begun spreading on a meaningful scale through mobile devices. And it looks like the bad guys are just getting warmed up. (more)

Business Espionage: Spy Who Stole DuPont's Secrets Pleads Guilty

A former DuPont Corp. scientist has pleaded guilty to conspiring to commit economic espionage for a company controlled by the Chinese government and agreed to testify against others charged with stealing secrets of a manufacturing process sought by China.

Tze Chao, 77, a DuPont employee from 1966 to 2002, admitted Thursday in a San Francisco federal court that he had provided confidential information about DuPont's titanium dioxide process to the Chinese-controlled Pangang Group Co. (more)

Japanese Acoustic Ray Gun Silences Blabbing Godzillas

Tired of listening to a boring talk, a lecture or a colleague rattling in the office? The Japanese have found an answer to your woes. You can now silence the talk with a speech jamming gun.

The device developed by Kazutaka Kurihara at the National Institute of Advanced Industrial Science and Technology and Koji Tsukada at Ochanomizu University can silence any person talking from about 100 feet distance.

When used the gun, an inbuilt microphone picks up the words being said and then plays it back 0.2 seconds later. According to an explanation provided by the two inventors, the human brain interprets this echo effect as silence. (more) (Kazutaka Kurihara's Website) (Speech Jammer Research Paper)

Kazutaka also has a flare for the dramatic. Watch as the jammer comes into view to do its deed. Reminds me of those wonderful Japanese 1950's horror movies.

Computer Mouse with Ears ...and its own Cell Phone

UK - Innocent-looking, regular office equipment are now increasingly being used by employers to monitor staff in Britain.

Employers use tools such as calculators and clocks that come with built-in cameras and listening device, to keep a track of their employees.

Now, even the regular PC mouse is no longer innocent. A variant, spy mouse, that looks the same as the normal mouse, comes with a listening device and a SIM card embedded in it. A phone call is used to activate the device, which then captures sounds and conversations within a 10-metre radius. (more) (many spy mice)

SpyCam Story #656 - This Week in SpyCam News

SpyCam stories have become commonplace and the techniques used, repetitive. While I will continue to keep lose track of the subject for statistical purposes, I won't bore you with the details. Only links to the stories will be supplied unless there is something useful to be learned.

SC - Teen in school Girl's Room with camera.

OR - Man in theater dressing room with camera.
IN - Former Notre Dame assistant registrar - video in bathrooms and dressing rooms.

WA - Missing Susan Powell's husband, and his father, video voyeurism.

SC - Two indictments in Myrtle Beach on voyeurism charges.

NJ - Rutgers spycam trial continues.

IN - Shoecam man sentensed to six months.

ID - Sister-in-law spycam'er appeals.

NC - Middle school teacher spycam'ing bathroom.

WA - High school teacher charged with voyeurism resigns.

ID - Man charged with video voyeurism; no details.

IN - High school custodian spycam's Boy's locker room.

FL - Man charged with through-the-bedroom-window video voyeurism.

UK - Camera in business washroom charged filed.

NY - Man spycam'ing in local tanning salon.

OH - Man videos woman in shower, three times.

IN - New trial date for swim coach accused of locker room filming.

FL - New video voyeur legislation making progress.

NM - Spycam in business bathroom; allegedly installed by owner.

Spy School - Monitor a Twitter Account Without Following It

Investigator's Tip: "Monitoring an opponent’s Twitter account is an important part of opposition research. If you would like to keep up with someone’s Tweets, but not actually publicly follow the author, try using Twitter to RSS. This service allows you to enter the name of a public Twitter account and create an RSS feed for popular RSS readers like Google Reader, Yahoo, Bloglines, and Newsgator." — Larry Zilliox, Investigative Research Specialists, LLC

Privacy Tip:  
Don't be a twit. Make your sweet tweets private.

Read up on how to protect your tweets here, 

and don't approve any "twitter to RSS" requests.

NSA-Level Cell Phone Security (No, you can't have one.)

The US National Security Agency has modified Google’s Android operating system to create smart phones that use powerful encryption to protect every call. The “Fishbowl” devices were announced today at the RSA security conference in San Francisco by Margaret Salter, the agency’s Technical Director, who said she hoped to encourage companies to adopt some of ideas used in the system.

Such was the interest in the NSA’s presentation that this reporter – and most others – weren't able to gain access to the room where the demo was held. Australian IT publication SC Magazine did, though, reporting that Salter said 100 Fishbowl phones are being used to test the new technology. The Fishbowl phones allow fully encrypted calls that can be used to discuss the most classified information. Commercially available phones would require NSA employees to “speak in code”, SC say.
 

The NSA has made rough specifications of the system available online. They show that Fishbowl phones make calls using a Skype-style VOIP app that routes connections through NSA servers. (more)

Just in time to celebrate "International Speak Like A Spy Day"

THE DICTIONARY OF ESPIONAGE: SPYSPEAK INTO ENGLISH

We use words to tell each other what we mean. Words illuminate reality. But sometimes, and it seems increasingly so in these troubled times, words can be used to conceal truth.

This is why “The Dictionary of Espionage” is so timely and will appeal to the average citizen who is made vaguely uneasy when he is told that his government is engaged in “surgical strikes” against our enemies, which on occasion, unfortunately, result in “collateral damage” - that is, the U.S. government set out to kill someone but ended up killing someone else.

In this accessibly written book, Washington author Joseph C. Goulden illuminates and defines much of the standard jargon of the intelligence community with refreshing asides about many of spying’s urban legends - many of which may or may not be true. 

Informed by remarkable access to the intelligence community, the book, first issued in 1986, has been significantly updated and contains a foreword by Peter Earnest, the founding executive director of the International Spy Museum in Washington and a former CIA operations officer. (more)

Smartphone Spyware Reaches the Drive-By Infection Stage

(summary) A team of researchers infected a Google Android smartphone, live, in front of a packed audience of computer security buffs to prove how mobile malware is now on the cusp of the big time... "drive-by" attack...the attack did not require a phone be jailbroken and would work on any of the devices using Webkit*...such an attack would be possible on the iPhone because of the root access obtained via the browser vulnerability...the point we are making: drive-by attacks will hit the phone just like the PCs. 

The technique: The attack followed several steps: the first was a text message delivered to the smartphone appearing to come from the mobile carrier requesting a system update via a link. Once clicked, the drive-by link delivered the first part of the malware to the phone to elevate access (root) privilege, then cause it to crash. It then automatically rebooted, executing the second part of the malware and hijacking the phone's communications. (more)

* Webkit - "Webkit is a tool used by Apple, Google and RIM to render HTML websites in Safari, Chrome and Android, and the latest versions of the BlackBerry."

Now that you know how this works, I'm sure you won't click on any text links unless you are 100% certain are safe. ~Kevin

Young Lawyers Win Suit Against Secret Wiretapping Powers

Georgia’s Constitutional Court has decided that parliament did not have the right to give prosecutors powers to conduct secret wiretappings.

Tamar Khidasheli and Georgian Young Lawyers Association filed a lawsuit at the Constitutional Court regarding the law of Georgia on Operational Investigative Activities, which gave the police extended powers during investigation. (more)

Colombia-Gate Continues

Colombia - Bernardo Moreno, former President Alvaro Uribe's then-chief of staff ordered the illegal wiretapping of judges, senators, and journalists, the former intelligence chief of Colombia's now-defunct intelligence agency DAS told the court Wednesday.

Former DAS executive Fernando Tabares reiterated the accusations in the trial against Mario Arangunen, the former director of Colombia's financial intelligence agency UIAF who is on trial for his alleged involvement in the wiretap scandal. (more)

Fernando Tabares news archive / Wiretap scandal news archive