Privacy - If you are not outraged yet, wait for the strip search.

The assault on personal privacy has ramped up significantly in the past few years. From warrantless GPS tracking to ISP packet inspection, it seems that everyone wants to get in on the booming business of clandestine snooping -- even blatant prying, if you consider reports of employers demanding Facebook passwords prior to making hiring decisions.

What happened? Did the rules change? What is it about digital information that's convinced some people this is OK? Maybe the right to privacy we were told so much about has simply become old-fashioned, a barrier to progress. In search of an answer, I tried a little thought experiment. Follow me, if you will, on a journey to a place in the space-time continuum I call the Land Before the Internet... (more) 

This story, "Your privacy is a sci-fi fantasy," was originally published at InfoWorld.com.

The 'Open Mike' Devours Another Unsuspecting Victim

Unaware that a microphone was recording him, President Obama asked outgoing Russian President Dmitry Medvedev Monday for breathing room until after Mr. Obama’s re-election campaign to negotiate on missile defense. ...“This is my last election,” Mr. Obama said. “After my election, I have more flexibility.” (more)

TSCM Training & Counterespionage Education Around the World

AUSTRALIA
Dever Clark + Associates
Eavesdropping Detection and Prevention Workshop (2 days) 

Eavesdropping detection and prevention, also known as ‘debugging’, ‘audio countermeasures’, ‘technical surveillance countermeasures’ (TSCM), or even ‘sweeps’, is the term used to describe the recognition, evaluation and minimisation of the threat from covert (and often illegal) electronic surveillance. This two-day non-technical workshop consists of no nonsense, practical advice on information security and eavesdropping prevention and is presented in terms, which can be understood by people without training in electronics. ... The workshop includes practical demonstrations and illustrations of common vulnerabilities. (more) (course brochure) Contact: Michael Dever, BSc (Security) CPP PSP

SOUTH AFRICA

Eavesdropping Detections Solutions®
Basic Course in Electronic Eavesdropping Countermeasures
We are presenting a basic course in electronic eavesdropping countermeasures. The course is scheduled to take place from 02 – 13 July 2012 – Protea Waterfront Hotel, Centurion, Gauteng. Final date for registration is 25 June 2012. The course in electronic eavesdropping countermeasures, presented since 1998, is suitable for the individual who has no or little previous experience in technical surveillance countermeasures. The 80-hour course is presented over ten (10) working days. (more) Contact: Steve Whitehead

Eavesdropping Detections Solutions®

CBIA is hosting a three day international conference on business counterintelligence from 17 – 19 September 2012 at the Kwa Maritane Bush Lodge, Pilansberg (What a venue!). The brochure and registration form attached. One of the key aims of the conference is to involve and to provide business executives, decision-makers, managers and business unit leaders with the insight to understand business counterintelligence and how it differs from other streams of information management practices. This is a vital conference for those responsible for the protection of information in their organisations. The conference sessions are highly informative, powerful and offers a wealth of opportunities for learning.  (more) (brochure) Contact: Steve Whitehead

CANADA

Technical Security Branch (TSB) of Professional Development TSCM Group Inc.
Canadian Technical Security Conference (CTSC) - April 23-25, 2012
The annual Canadian Technical Security Conference (CTSC) event (Cornwall, Ontario) is a three (3) day professional development and networking opportunity with a local, regional, national and international following of professional technical operators, TSCM specific and test & measurement based equipment manufacturers and service providers. Our annual CTSC conference event is an absolute must attend event for local, regional and international technical security professionals from the private sector, corporate security industry, financial sector, oil, gas and mining sector, government, law enforcement and military organizations and agencies. (more) Contact: Paul D Turner, TSS TSI

USA
Research Electronics International (REI) (Algood, TN)
TSCM courses are designed to teach the basic procedural concepts of conducting a countersurveillance investigation. Courses currently offered provide training on REI equipment as well as general sweep procedures. Classes are held in our unique training rooms that simulate suspect environments. Students use these project rooms to exercise their knowledge of the use of detection equipment. REI has 5 full-time, highly qualified instructors with many years of cumulative experience in the surveillance field. (more) (brochure) Contact: Mark S. Uker, Director of Training
 
Jarvis Intelligence Solutions (Tulsa, OK)
Technical Security Countermeasures
This 40 hour course of instruction is designed to provide the student with the basic skills and knowledge to conduct technical security countermeasures sweeps and surveys. Students will learn various types of equipment that can be utilized to implement electronic espionage operations and how to effectively identify, locate and neutralize these attacks. (more) Contact: Ray Jarvis, Director

There are are several more schools and providers. These are just the ones I know personally, and which have some good programs coming up soon. ~Kevin

Too young to vote?

Try one of these!

The International Spy Museum in Washington, DC is always running interesting spy-related activities for kids. Check out their Spy School Summer Camp.

Can't get there? 

Try this, on-line...

Are You Ready to Become A Super Spy?

FutureWatch: Wireless Bugging Not Based on the Electro-Magnetic Spectrum for Transmission

Neutrinos have been in the news recently, and although it appears that they probably do not travel faster than light, they still hold court as three of the strangest of the known subatomic particles. Undeterred by these arcane particles, Fermilab scientists have succeeded in communicating with neutrino pulses through 240 meters of rock at a rate of 0.1 bits per second.

Although only capable of sending one alphanumeric character every minute, this is still an experimental tour de force that demonstrates the feasibility of using neutrino beams to provide a low-rate communications link independent of any electromagnetic radiation. 

FutureWatch: However, given the limited range, low data rate, and extreme technologies required to achieve this demonstration, significant improvements in neutrino beams and detectors will be required for “practical” applications of neutrino communications. (more)

How to Avoid Malicious Web Apps

Rule number one is simple: If you have any doubt, don't click. 

This single rule would help people avoid most Web app malware, but it seems to be hard to drill into users' heads.  –Tim Keanini, CTO of nCircle (more)

New Cell Phone Encryption Product - TrustCall

Here is a new twist on encrypting cell phone calls. TrustCall – Secure Phone Software

Both phones need to have an SDmicro card slot. The encryption is on the card, so it can be moved from phone to phone if desired. 

The beauty of this system is that the user doesn't have to do anything but place the call as normal. Calls takes slightly longer to connect, however. (review)

The product and company are new. As of this date, their web site is still under construction, but details can be seen here.

From the company... "TrustCall is a discreet, affordable, easy-to-install mobile security software solution for Android, BlackBerry® and iPhone in 2012. To activate, users simply choose a contact in their address book, select the “Place Secure Call” option and press send. TrustCall authenticates all user identities prior to establishing the call and maintains a secure phone connection from beginning to end. Enterprises can quickly deploy, manage and use TrustCall without advanced training or custom handsets.

 

Because our mobile phone security solution is portable, it can be easily removed and configured for multiple phones if needed. TrustCall can be deployed inside a client’s network or in a hosted environment while providing a platform to manage, activate and terminate secure communications in near real-time.

TrustChips are designed to operate on-demand, and only when needed, battery life is maximized. With these solutions, users enjoy all the benefits of a standard off-the-shelf smartphone as well as having seamless voice protection wherever and whenever a sensitive call needs to be made.

These TrustChip Secured applications are optimized for 3G and Wi-Fi networks. Multiple platforms are supported. (more)

A Cunning Plan to Protect Us from Business Espionage

(Not from the Daily Show or Black Adder.)

We are being bombarded with news stories and court trials tornadoing around Chinese spies. They’re everywhere. Collecting everything. They have become such a fixture in and around our hapless businesses that it only seems right to offer them health insurance, a pension plan, cookies and milk.

But wait. Let’s think this through. 

Aren’t these the folks who had the secrets of silk stolen from them by Justinian I? Humm, could this be why great neckties are made in Italy, not China? Even their espionage death penalty law couldn’t protect them. Boom! Economic espionage devastated their economy.

I also recall a dude from the UK, Robert Fortune, sort of an early 007. He was sent to steal the secrets of tea production from... Have you guessed yet? China! That caper is now know as The Great British Tea Heist. Boom! Economic espionage devastated their economy yet again. Oh, and what about the Chinese secret of making porcelain? A French Catholic priest stole that one. BOOM!! I could go on and on. Gunpowder, paper, etc. Bing! Bam! BOOM! Feeling sorry for China yet? Don’t. They are making up for it, right now. The disk drive that just started whirring in your computer... it might be them.

And, don’t think this is just some cosmic yin and yang, great mandella, or as we say here in Jersey, “What goes around, comes around.” No, that explanation is too simplistic, not to mention fatalistic. There is more to this industrial espionage business. The circle is bigger. This is history repeating itself, over and over and over.

Remember when England needed rubber? Where did they have to go to get it? I hear you say, “Brazil.” Correct! But they didn’t like being held captive by one source. So, what did they do? Right again. In 1876, they stole some rubber tree seeds from Brazil and cultivated their own trees. [insert Monty Python foot-stomping fart sound]! Brazil’s very promising economy, with car and bicycle tires just around the corner, is squashed. 

Click to enlarge.

Remember America’s meteoric rise to the top of the International charts? Guess what propelled that one... intellectual property thefts committed by Samuel Slater and Francis Cabot Lowell. They brought the secrets of cotton and wool production to our shores from England. Instant industrial revolution for us. Zip! The economic loose thread on Britain's sweater got “yanked”.

I feel their pain. It’s happening to us right now.

The history of mystery list continues with Lieven Bauwens, a Belgian, stealing the British spinning mule; Thomas Whitty stealing weaving secrets; John Lombe stealing silk machine designs; atomic bomb secrets going everywhere. Even English muffin baking secrets aren't safe. (“...there are but seven executives who know the exact formula that causes the English muffins to develop their nooks and crannies,” and one guy tried to make off with it.)

What we have learned.
• Anyone with exclusive information will attract business spies.
• Industrial spying changes the fortunes of countries and the courses of history.
• Espionage laws with stiff legal penalties do not deter spies.
• History repeats itself.

What we haven’t learned.
• How to stop business espionage.

Competitive advantages are national treasures. Losing a competitive advantage doesn’t just hurt the business which owns it. In the long run, it hurts entire countries and its citizens. The economic damage lasts for centuries. 

Viewed in this light, the obligation becomes clear. The keeper of a competitive advantage has a moral and social obligation to protect the asset.

So, why don’t businesses do a better job of protecting their intellectual property? 
• No direct ownership of the protection responsibility.
• Short-sighted greed. Security costs a little money. (Very little in the long run.)
• Reliance on espionage laws which are based solely on punishing the spies... if they are caught. If they are not caught the damage still occurs; no one is held accountable.

And now for my cunning plan...
Treat intellectual assets, business secrets, high-level business discussions, communications and critical strategies with the same respect we afford military secrets. They are just as vital, and arguably, more so. Label these gems of information for what they are... National Interest Assets.

Round out the espionage laws. 
History has proved the one-sided, punish-the-spy model does not work – even when the penalty is DEATH! 

Impose a legal responsibility to proactively protect National Interest Assets. Hold the corporate caretakers of our economic future accountable for protecting their valuables. Create standards of protection. Provide penalties for inadequate or negligent protection. Enforce compliance before the theft occurs. Hey, we do it with medical and financial records.

In short, make proactive counterespionage protection an economically attractive, moral and legal responsibility. 

If you agree, please pass this article on to your legislators. I’ll be doing the same here. The end result will benefit everyone.

Be seeing you,
Kevin

When Social Notworking May Really Mean Not Working

Employers ask job seekers for Facebook passwords
When Justin Bassett interviewed for a new job, he expected the usual questions about experience and references. So he was astonished when the interviewer asked for something else: his Facebook username and password.

Bassett, a New York City statistician, had just finished answering a few character questions when the interviewer turned to her computer to search for his Facebook page. But she couldn't see his private profile. She turned back and asked him to hand over his login information.

Bassett refused and withdrew his application, saying he didn't want to work for a company that would seek such personal information. But as the job market steadily improves, other job candidates are confronting the same question from prospective employers, and some of them cannot afford to say no. (more)

LAUSD Can Now Spy on Teachers' Online Activity, Punish Them for Facebook Comments
Los Angeles Unified School District headquarters tells teachers -- and any other adult associated with the district -- that they'd better keep their social-media persona in check.

Actually, the new policy was put in place almost two months ago. But until the news wire mentioned it in an article today, it seems to have passed quietly under the radar. (more)

FutureWatch: Your Next TV May Watch You

via the HD Guru...

Artist's conception. Not really Samsung.

Samsung’s 2012 top-of-the-line plasmas and LED HDTVs offer new features never before available within a television including a built-in, internally wired HD camera, twin microphones, face tracking and speech recognition.  

While these features give you unprecedented control over an HDTV, the devices themselves, more similar than ever to a personal computer, may allow hackers or even Samsung to see and hear you and your family, and collect extremely personal data.

And unlike other TVs, which have cameras and microphones as add-on accessories connected by a single, easily removable USB cable, you can’t just unplug these sensors.

Privacy concerns

We began to wonder exactly what data Samsung collects from its new “eyes and ears” and how it and other companies intend use it, which raises the following questions:

* Can Samsung or Samsung-authorized companies watch you watching your Samsung TV? 

* Do the televisions send a user ID or the TV’s serial number to the Samsung cloud whenever it has an Internet connection? 

* Does Samsung cross reference a user ID or facial scan to your warranty registration information, such as name, address etc.? 

* Can a person or company listen to you, at will, via the microphone and Internet connection? 

* Does Samsung’s cloud store all this information? How secure is this extremely personal data? 

* Can a hacker intercept this data or view you via the built in camera? 

* Can a third-party app program do any of the above? 

* Exactly what information does the TV send to Samsung or other parties? 

* Does Samsung intend to sell data collected by its Smart TV owners, such as who, what and when one is viewing? (more)

Send your Kids to Camp this Summer... Spy Camp

 This isn’t your ordinary day camp—this is Spy Camp!

Somewhere deep inside the International Spy Museum in Washington DC is an elite group of 10-13 year old recruits, lurking in the shadows, preparing to take on top secret missions. No one really knows who they are, or for that matter, what they’re really up to. Now it’s your turn to join their ranks. 

Each day at Spy Camp is filled with top secret briefings and activities that will put spy skills and street smarts to the test. Aspiring KidSpy recruits will hone their tradecraft, learn from real spies, and hit the streets to run training missions. Develop a disguise for cover, make and break codes, discover escape and evasion techniques, create and use spy gadgets, uncover the science behind spying—all of this and more awaits young recruits! (Secret Briefing)

Case History: How Foreign Espionage is Killing U.S. Companies

A cautionary tale of woe...

Last June, three men squeezed inside a wind turbine in China’s Gobi Desert. They were employees of American Superconductor Corp., a maker of computer systems that serve as the electronic brains of the device... to test a new version of its control system software...

The software was designed to disable the turbine several weeks earlier, at the end of the testing period. But for some reason, this turbine ignored the system’s shutdown command and the blades kept right on spinning.

The problem wasn’t immediately clear, so the technicians made a copy of the control system’s software and sent it to the company’s research center...

...some startling findings... The Sinovel turbine appeared to be running a stolen version of AMSC’s software. Worse, the software revealed Beijing-based Sinovel had complete access to AMSC’s proprietary source code. In short, Sinovel didn’t really need AMSC anymore...

...in March 2011, Sinovel abruptly and inexplicably began turning away AMSC’s shipments...

AMSC had no choice but to announce that Sinovel -- now its biggest customer, accounting for more than two-thirds of the company’s $315 million in revenue in 2010 -- had stopped making purchases. Investors fled, erasing 40 percent of AMSC’s value in a single day and 84 percent of it by September.

What happened to AMSC may be incredibly brazen, but it’s hardly exceptional. There have been a large number of corporate spying cases involving China recently, and they are coming to light as President Barack Obama and the U.S., along with Japan and the European Union, have filed a formal complaint to the World Trade Organization over China’s unfair trading practices. 

...14 U.S. intelligence agencies issued a report describing a far-reaching industrial espionage campaign by Chinese spy agencies. This campaign has been in the works for years and targets a swath of industries.

“It’s the greatest transfer of wealth in history,” General Keith Alexander, director of the National Security Agency, said at a security conference at New York’s Fordham University in January. (more)

Manufacturing is gone.

Intellectual property is going.

What will we have left to sell?

Please. Start taking espionage seriously. ~Kevin

FutureWatch: The Most Powerful Spy Center In the World

Deep in the Utah desert, at the feet of the Wasatch mountain range, is one of the most secret, most guarded, most secure facilities in the world. Here is where everything you say is analyzed to search for security threats against the United States.

It's the National Security Agency's Utah Data Center, a $2 billion facility that will capture, record and scrutinize every communication in the world, from emails to phone calls to text messages to chats. It will also crack codes. According to Threat Level, the encryption cracking will be the most powerful in the world, and will help get into "financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications."

There will be four data rooms, 25,000-square-foot each, full of servers, cooled down by 60,000 tons of machinery and 1.7 million gallons of water per day. The site has its own 65-megawatt electrical substation, as well as backup generators that can power the whole thing for three days, uninterrupted. Just the video security system alone costs more than $10 million. (more)

SpyCam Story #657 - Rutgers SpyCam Case Verdict

NJ - An ex-Rutgers student accused of using a webcam to spy on his gay roommate was convicted of invasion of privacy but cleared of some of the more serious charges of bias intimidation Friday.

Dharun Ravi, 20, was stoic as the jury rendered its mixed verdict in New Jersey’s Middlesex Country Superior Court after deliberating since Wednesday.

Ravi was accused of 15 counts after using a webcam to spy on roommate Tyler Clementi’s dorm-room tryst with another man in 2010.

Clementi, 18, jumped to his death from the George Washington Bridge three days after the spying incident. (more)

Two Simple Tips to Prevent Snooping on Your Lost Cell Phone

Anyone who loses their mobile phone should expect the data to be accessed by the person who finds it, and business data is no exception, according to a study released this week by security firm Symantec.

In its Smartphone Honey Stick Project, Symantec "lost" 10 phones in each of five cities, leaving them on top of newspaper boxes, in food courts, and even the ladies restroom of a Chinese restaurant. In all but one instance, people who found the phones accessed the devices, with 83 percent of people accessing one or more of the four business applications, including two human resources files, corporate email, and a remote administration tool. More than 4 out of 10 people even accessed the banking application on the device.

...two simple security measures can protect the data on devices... 

• While complex passcodes are best, using even a simple four-digit code would protect the devices from casual access.

• Installing a remote management tool to remotely track the device can help to quickly recover a lost phone. Most device management tools also allow users to remotely delete the data on the device, a hedge against a more tech-savvy data thief. (more)

Advice: Use Cell Phone Forensics, not Spyware, to Gather Evidence

via Pursuit Magazine...
"As a private investigator, I’m often asked by businesses to gather information from cell phones owned by a company; you can protect your business by tracking your employee’s cell phone data. Even though I know the best method for collecting data from phones is through mobile phone forensics, one client was insistent that we use spyware to track calls, text messages, etc. from one specific employee they suspected of stealing from the company..." (and it goes downhill from here) (more)