Saturday, July 6, 2013

Living in La La Land - Where Nobody Spies

Canada's top corporate executives remain relatively unconcerned that their businesses are vulnerable to cyber attacks.

The latest C-Suite survey of business leaders shows that cyber-security is not a serious worry for a majority of those sitting in the nation’s corner offices.


Only 40 per cent say they are very or somewhat concerned about cyber-security threats to their companies. Even fewer say they think that businesses like theirs will likely be a target of an attack on the corporate computer system. 

And more than 90 per cent of those who responded are confident in their organization’s efforts to protect their business from these threats... (more)

A voice in the wind...
Greg Hawkins, CEO of Yellowhead Mining Inc., agrees that companies should not be complacent... Firms that think they have the situation completely under control “are living in la la land,” he said.

Friday, July 5, 2013

TSCM Bug Sweep Cost Question & Infrared Instrumentation Example

Security Director: "When I ask for TSCM bug sweep quotes I get some prices which seem incredibly low. Shouldn't everyone be in the same ballpark?"

Answer: There are many reasons for this. Most revolve around skimping by the vendor — on everything from insurance to training to instrumentation.

Let's look at one representative example, thermal imaging...

Most TSCM providers these days offer thermal imaging as a detection technique. The skimpers use ineffective, cheap cameras – just so they can claim this capability. It is a dishonest marketing ploy which lets skimpers "say" they are in the game.

Cost:
• Outdated and low-end utility thermal cameras are available on ebay for less than $2,000.
• High-sensitivity / resolution thermal cameras cost between $25,000-$50,000.

DIY Test:
A TSCM-capable infrared thermal camera will clearly show heat from a fingerprint after an object has been lightly and briefly, touched.

Generally speaking, low-cost equals low probability of detection. Effective TSCM service costs are driven by capital / educational investment... and sincere commitment.

Moral: A cheap sweep is worse than no sweep. Bugs aren't eliminated, just your sense of caution, and budget.

[sotto voce] If you like cartoons, hire a clown.

Security Alert: 'Master key' to Android Phones Uncovered

If exploited, the bug would give attackers access to almost any Android phone.

A "master key" that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox.


Upon hearing the bad news Android wets itself.
The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.

The loophole has been present in every version of the Android operating system released since 2009.

Google said it currently had no comment to make on BlueBox's discovery...


The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves. (more)

The race is on between Google and The Cyber-thieves. We'll keep you posted. ~Kevin

Surveillance Humor

Eavesdropping... scanning... watching... 
Friday July 5, 2013 5:52 PM By Walt Handelsman

(Newsday

Thursday, July 4, 2013

Secret Recording of Rupert Murdoch's Staff Meeting Published

A recording from March earlier this year, obtained by investigative website Exaro, shows the 82-year-old... raging against the police and claiming that the inquiry into corrupt payments to public officials has been blown out of proportion.

Throughout the recording, which lasts about 45 minutes, the News Corp boss repeatedly accuses the police of incompetence - of being "unbelievably slow" he says at one point.

He belittles the corrupt payments issue. And for anyone convicted over it... (more)

Isn't it time to sweep your boardroom?

How to Use Public Wi-Fi More Securely

via Eric Geier, PCWorld
  • Every time you log in to a website, make sure that your connection is encrypted. The URL address should start with https instead of http.
  • You also need to make sure that the connection stays encrypted for all of your online session. Some websites, including Facebook, will encrypt your log-in and then return you to an unsecured session—leaving you vulnerable to hijacking, as discussed earlier.
  • Many sites give you the option of encrypting your entire session. You can do this with Facebook by enabling Secure Browsing in the Security settings.
  • When you check your email, try to login via the Web browser and ensure that your connection is encrypted (again, look for https at the beginning of the URL). If you use an email client such as Outlook, make sure your POP3 or IMAP and SMTP accounts are configured with encryption turned on.
  • Never use FTP or other services that aren’t encrypted.
  • To encrypt your Web browsing and all other online activity, use a VPN, or virtual private network (this article will show you how).
  • Keep in mind that private networks have similar vulnerabilities: Anyone nearby can eavesdrop on the network. Enabling WPA or WPA2 security will encrypt the Wi-Fi traffic, obscuring the actual communications, but anyone who also has that password will be able to snoop on the packets traveling over the network. This is particularly important for small businesses that don’t use the enterprise (802.1X) mode of WPA or WPA2 security that prevents user-to-user eavesdropping. (more)

Major Privacy Breach Discovered on Motorola Phones

An independent security researcher published proof this week that Motorola phones with the Blur service installed are sending a myriad of credentials and private information silently to Motorola servers, as well as communicating via a modified version of the Jabber protocol in a format reminiscent of botnet command-and-control.

The disclosure - which featured packet captures, screen shots, and a full analysis of all of the data being sent - includes reproduction instructions for anyone concerned about their Motorola phone behaving in a similar manner. 

Impacted phone owners appear to have little recourse at this time, as the service responsible for this information disclosure cannot be removed without rooting the phone and installing a stock version of Android. (more)

Espionage is No Secret

Governments around the world are responding with outrage about the revelations from National Security Agency traitor Edward Snowden...

Are they really that outraged? Not likely. Only the childishly naïve would believe foreign governments were unaware of international espionage. Not only is the U.S. spying on foreign governments, including their allies, virtually every government in the world is engaged in espionage against every other government accessible to them...

Think allies don’t spy on each other? Think again... There isn’t room on this page to list the espionage activities of nations like China. For the curious, simply type, China espionage into any Internet search engine. (About 77,100,000 results)

The tactics used in the espionage world shock and surprise polite society because they seem underhanded and dishonest. And, usually, they are. Just as importantly, they are usually necessary evils. (more)


Your tax dollars at work, really.

The Surveillance Group Ltd Denies Bugging the Ecuadorian Embassy

British security firm Surveillance Group Ltd has denied bugging the Ecuadorian Embassy in London.
"We have this morning heard an accusation the source of which is apparently Ricardo Patino, the Ecuadorian Foreign Minister suggesting that we have bugged the Ecuadorian Embassy.
This is completely untrue. The Surveillance Group do not and have never been engaged in any activities of this nature.
We have not been contacted by any member of the Ecuadorian Government and our first notification about this incident was via the press this morning.
This is a wholly untrue assertion."
– Timothy Young, CEO, Surveillance Group Ltd. (Press Release - 04/07/2013)

We are waiting see if the embassy produces some substantial evidence to support their claim. After all, "What is in a name?" R&J (II, ii, 1-2)

Wednesday, July 3, 2013

Hidden Microphone Found at Embassy Where Julian Assange Resides

A hidden microphone has been found inside the Ecuadorean embassy in London, where the WikiLeaks founder Julian Assange is holed up, according to the country's foreign minister.

Ricardo Patiño said the device had been discovered a fortnight ago inside the office of the Ecuadorean ambassador, Ana Alban, while he was in the UK to meet Assange and discuss the whistleblower's plight with the British foreign secretary, William Hague.

"We regret to inform you that in our embassy in London we have found a hidden microphone," Patiño told a news conference in Quito on Tuesday.

"I didn't report this at the time because we didn't want the theme of our visit to London to be confused with this matter," he said.

"Furthermore, we first wanted to ascertain with precision the origin of this interception device in the office of our ambassador." (more)


Good luck.

In other news...
French company Spotter has developed an analytics tool that claims to have up to 80% accuracy in identifying sarcastic comments posted online.

Spotter says its clients include the Home Office, EU Commission and Dubai Courts. (more)


We retract the last comment.

Monday, July 1, 2013

U.S. Looks to Blunt Corporate Espionage

The U.S. could be signaling stepped-up prosecution of Chinese companies accused of stealing trade secrets as it filed criminal charges against one of China's largest wind-turbine manufacturers and two of its executives, experts said.

"Maybe five years ago, it was sexier to chase drug cases than trade-secret cases," said Benjamin Bai, a partner at Allen & Overy in Shanghai. However, "the political climate is brewing the perfect storm in the U.S. for prosecutions to increase."

A recent law strengthening the U.S. Economic Espionage Act will likely encourage more prosecutions, said Mr. Bai, who has represented U.S. clients on intellectual-property issues. (more)

European Commission Conducts Bug Sweeps

The European Commission will sweep its offices for electronic listening devices and other security breaches following revelations of alleged U.S. surveillance programs targeting European leaders, a commission spokeswoman said Monday.

   

The allegations, reported Sunday by the German news magazine Der Spiegel, threaten to derail negotiations on a variety of issues with the United States, French President Francois Hollande said Monday...

Hollande's comments and the planned security sweep come amid building outrage in Europe over allegations that the National Security Agency had bugged EU offices in Washington and New York and conducted an "electronic eavesdropping operation" that tapped into an EU building in Brussels, Belgium. (more)

---


The European Union has ordered a worldwide security sweep of all its premises following reports US intelligence has bugged its offices in Washington, Brussels and the United Nations. Jose Manuel Barroso, president of the EU's Executive Commission, "has instructed the competent commission services to proceed to a comprehensive ad hoc security sweep and check" in light of the most recent spying allegations leveled at the US, spokeswoman Pia Ahrenkilde Hansen told reporters. (more)
Note: It is generally standard practice for government agencies (and at-risk businesses) to conduct Technical Surveillance Countermeasures (TSCM, or bug sweeps) on a regular basis. Check with your Security Department to see if your office is being inspected regularly.

Wi-Vi Sees Movement Behind Walls Using Cheap Wi-Fi Tech

A new system allows researchers to track up to three separate people through a wall, solely with the help of low-power Wi-Fi signals.

The Wi-Vi system relies on two antennas to broadcast Wi-Fi signals and a receiver to read them, according to the researchers’ paper. The Wi-Fi signals degrade in quality each time they pass through a wall, so the receiver must be prepared to pick up on very weak signals. It is also quickly overwhelmed if there are too many to sort through...


 
Researchers think the Wi-Vi system could also be used to find survivors in destroyed buildings or count and track criminals. Compared to previous military-oriented tracking systems, Wi-Vi is cheap, compact and lightweight, which makes it practical for consumer uses such as personal safety. (more)

What does espionage look like in the 21st century?

A short interview (10:17) on the BBC...



(audio - available until 7/7/13)