U.S., China Vow Not to Engage in Economic Cyberespionage

President Obama and Chinese leader Xi Jinping pledged Friday...

that neither of their governments would conduct or condone economic espionage in cyberspace in a deal that sought to address a major source of friction in the bilateral relationship.

But U.S. officials and experts said that it was uncertain whether the accord would lead to concrete action against cybercriminals. more

----

Question from a reporter...
Without government assistance, what can private sector organizations do to protect themselves more effectively from China stealing their IP?

Answer...
#1 - Realize that computer hacks are not perpetrated solely by someone sitting at a remote computer exploiting a software glitch they just discovered. A close look at many cases shows other elements of espionage in the path to the hack... social engineering, sloppy security practices, lack of oversight, multiple forms of classic electronic surveillance, blackmail, infiltration of personnel, etc.

The misconception that "this is an IT security problem" has lead to a morphing of corporate information security budgets into a lopsided IT-centric security budget. Thus, pretty much ignoring that most information in their computers was available elsewhere before it was ever converted into data! This situation is like having a building with one bank vault door, while the rest of the entrances are screen doors.

Here is what the private sector can do for themselves...
• View information security holistically. Spread the budget out. Cover all the bases.
   - Provide information security training to all employees.
   - Create stiff internal controls. Enforce them.
   - Conduct independent information security audits quarterly for compliance, discovery of new loopholes. Technical Surveillance Countermeasures (TSCM) is the foundation element of the audit. A TSCM sweep is conducted to discover internal electronic surveillance (audio, video, data), and verify security compliance of wireless LANs (Wi-Fi), etc.
~Kevin

Ex-Spies Join Cybersecurity Fight

Firms turn to cloak-and-dagger tactics to infiltrate hacker groups and pre-empt attacks.

Their job: Befriend hackers to find out about attacks before they even happen.

Last year, Black Cube, an Israel-based firm that specializes in gathering intelligence online, asked one of its bank clients for access to some of its internal HR and payroll data—sensitive enough to look like the spoils of a real cyber theft, but not enough to affect operations.

When Black Cube accessed the information, it left a digital trail that made it look like it had broken into the bank’s networks and stolen the data. By dangling this bait, Black Cube operatives posing as hackers infiltrated a group of cyber thieves that had been circling the bank, according to a person familiar with the sting, helping thwart an attack.

With the pace and severity of corporate cyberattacks increasing, a growing number of small cybersecurity and business intelligence firms like Black Cube are deploying the same sort of cloak-and-dagger moves that governments and police have long used to penetrate spy rings or break up terrorist cells. more

Android Apps Get Graded for Privacy - What's App on Your Phone?

A team of researchers from Carnegie Mellon University have assigned privacy grades to Android apps based on some techniques they to analyze to their privacy-related behaviors. Learn more here or browse their analyzed apps.

Grades are assigned using a privacy model that they built. This privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior.

For example, according to studies they conducted, most people don't expect games like Cut the Rope to use location data, but many of them actually do. This kind of surprise is represented in their privacy model as a penalty to an app’s overall privacy grade. In contrast, most people do expect apps like Google Maps to use location data. This lack of surprise is represented in their privacy model as a small or no penalty. more

Concerned about Android spyware, click here.

Sports TSCM: Manchester United Searched Hotel for Bugging Devices

UK - Manchester United reportedly organised for their hotel to be searched for bugging devices prior to Saturday's match against arch rivals Liverpool...

According to the Manchester Evening News, security men used devices to check a meeting room at the Lowry Hotel before Van Gaal discussed tactics for the game.

The report adds that the Premier League giants have been checking hotels for more than a year after a bugging device was found in a meeting during the 2013-14 season. more

Police: Fired Officer Used Drone to Spy on Neighbors

GA - A Valdosta police officer was out of a job as of Monday evening after being arrested for reportedly using a drone to eavesdrop on a neighbor.

Officer Howard Kirkland, 53, of Ray City, was fired Monday morning, Valdosta Police Chief Brian Childress confirmed.


He had been on suspension since September 4th. He was arrested at the police department by Lanier County Sheriff's Deputies on September 10th. The sheriff's office had been conducting an investigation for about a week. more

Twitter Slapped With Class-Action Lawsuit for Eavesdropping on Direct Messages

Twitter has been slapped with a proposed class action lawsuit, which alleges that the service uses URL shorteners in violation of the Electronic Communications Privacy Act and California’s privacy law.

According to court documents filed Monday, Texas resident Wilford Raney brought the complaint to federal court in San Francisco, citing that although “Twitter represents that its users can ‘talk privately,’ Twitter ‘surreptitiously eavesdrops on its users private direct message communications.”
The complaint alleges that Twitter “intercepts, reads, and at times, even alters the message” as soon as someone sends a direct message. more

Giving Up Privacy in the Name of Security

Cicada Drones Will Eavesdrop in Swarms Like Their Creepy Namesake

The U.S. Navy has developed tiny drones that can fly in swarms like cicada bugs, the organisms that give the drones their names.

In this case, "Cicada" is short for Covert Autonomous Disposable Aircraft. They're small yellow devices that can fit in the palm of one's hand and are made of only ten parts. They can fly up to 46 miles per hour almost silently.

The military described the drones as "robotic carrier pigeons," though unlike the birds historically used to send messages, these drones have an array of sensors that monitor things like weather and location data, as well as microphones that or eavesdropping on anyone in the vicinity.

The Cicada drones are meant to be deployed in swarms; they will reportedly be used behind enemy lines to determine things like troop positions, whether or not a car is on a road, and where military forces should be deployed.

For now, the tiny devices cost $1,000, but the government plans to manufacturing them more cheaply: about $250 per drone. The future of surveillance drones is, apparently, a relatively inexpensive one. more

Security Director Alert - Worker Admits to Bathroom Spycam - Think Forseeability

If you don't have a written Recording in the Workplace Policy, and an in-house inspection procedure, right now is the time to get one in place. Contact me. I can help you do this, easily and inexpensively. ~ Kevin

AZ - A worker at a Cottonwood business was arrested on suspicion of voyeurism after police said he hid a cellphone in a women’s restroom.

Oscar Valles, 22, of Rimrock, admitted during police questioning that he placed the cellphone behind a plant in the bathroom to record one of his coworkers, officers said.

Valles said he knew the coworker changed clothes there each at the end of her shift each day. He said he did not mean to record any other person but was not able to retrieve his phone before others used the restroom, according to police. more

What is the First Thing a Spycam Sees?

All together now...
"The dumb owner setting it up!"

A bungling voyeur was captured on a video camera he set up to record women using the toilet at a party - in a stunt inspired by an American Pie film.

Adam Stephen Barugh, 26, used velcro to hide the small digital camera beneath a sink directly facing a toilet, after being invited to a house in Brotton.

His solicitor Paul Watson told Teesside Magistrates’ Court yesterday that the “prank” was inspired by watching the comedy film American Pie: Bandcamp, which features women being secretly filmed...

During the party, a female at the house noticed a small blue light coming from beneath the sink while using the toilet, and alerted her mum and sister.

Quickly hooking the camera up to a laptop, they discovered it had captured a full facial shot of Barugh setting up the camera, and videos of two women using the toilet. more

Woman Discovers Spycam in Her Bedroom... (then the action starts)

Ms. Wu, age 26, is suing her former roommate, identified by his last name Lin, for installing a spycam in her bedroom...

Ms. Wu noticed that there was a large black trashbag that didn’t belong to her, stuffed into the space above her closet. Inside, she discovered a camera, and a wire that ran from the camera across the hall into her roommate’s bedroom.

Ms. Wu waited for her roommate, Mr. Lin, to return home from work before confronting him about the camera.

Mr. Lin denied that he’d put a spycam in Ms. Wu’s room, but broke down her door to steal the camera back and packed up his computer equipment.

Ms. Wu, while attempting to stop him from leaving with the evidence, was thrown from the moving car. Ms. Wu said she’d still file charges against him for the spycam, despite the lack of evidence, and would also be filing a vehicular assault charge.  (more with video report)

The Starbucks Bathroom Spycam - Anatomy of the Crime

A 44-year-old man turned himself in Monday for being the "person of interest" sought for a spy camera being found hidden in a Starbucks restroom...

A female customer of the Starbucks was in the unisex restroom around when she found a four-inch long device--about the size of a marking pen--hidden behind a bracket. She pulled it out and called police...

Forensic laboratory investigators confirmed it's a video camera that recorded images of men and women using the restroom...

Police posted images on its Twitter and Facebook pages of the spy camera, its hiding place and a "person of interest" seen loitering outside the coffeehouse: a dark-haired man wearing a black shirt with a white stripe...

After intense local television coverage Monday morning, a Starbucks spokesman emailed a statement to KTLA that afternoon that said, "We take our obligation to provide a safe environment for our customers and partners (employees) very seriously. As a part of regular store operations, we monitor the seating areas and restrooms in our stores on a regular basis to identify potential safety or security concerns." more

Suggestion: Spycams in public restrooms are "foreseeable"; a legal term loosely meaning "you better do something about this."  At least one shift manager should receive spycam detection and deterrence training. Being pro-active and showing due diligence saves money (legal expenses and awards). Plus, if signage is posted, customer goodwill increases.

Spy Fears Drive U.S. Officials from Chinese-Owned Waldorf-Astoria Hotel

Fears of espionage have driven the U.S. government from New York’s famed Waldorf-Astoria Hotel, which has housed presidents and other top American officials for decades but was bought last year by a Chinese firm from Hilton Worldwide.

Instead, President Barack Obama, his top aides and staff along with the sizable diplomatic contingent who trek to Manhattan every September for the annual U.N. General Assembly will work and stay at the New York Palace Hotel, the White House and State Department said.

The Associated Press first reported the impending move in June but it wasn’t formally announced until Friday, a day after the final contract was signed with the Palace.

Officials said the change is due in large part to concerns about Chinese espionage, although White House and State Department spokesmen said the decision was based on several considerations, including space, costs and security. more

Baseball Eavesdropping - Apparatus for Transmitting Sound from a Baseball Field - US Patent #3045064

Filed June 1, 1959 by James S. Sellers, and granted July 17, 1962, this patent was for a system of hidden microphones, concealed within the bases on a baseball diamond. Apparently, the transmission of foul language was not a consideration.

Click to enlarge.

from the patent...
"It is highly desirable for the spectators at a baseball game to hear what is transpiring on the playing field, such as arguments at the bases between opposing players, and discussions between the umpires and players. By transmitting the sounds from the playing field to the grandstand, the spectators feel that they are taking part in the game. Also, it enables the spectators to judge a play better as they can hear the baseball strike the glove or mitt of a player.

Click to enlarge.

It is an object of my invention to provide apparatus for transmitting sound from a baseball field which is positioned beneath a base on a baseball field and does not interfere in any manner with the playing of the game.

It is a further object of my invention to provide apparatus for transmitting sound from a baseball field in which a resilient pad or support for the base is formed of a greater surface area than the base and has perforations or apertures in the area adjacent the base whereby sound may be transmitted through the perforations to a microphone there beneath.

An additional object of my invention is to provide a rigid support for the resilient pad to which the pad and the base may be secured to retain them in position, and with the rigid support having openings to permit the passage of sound there through to a microphone positioned there beneath." more

Windows 10 is a Window into Your World - Kill its Keystroke Logger

via Lincoln Spector, Contributing Editor, PCWorld 
 
Microsoft pretty much admits it has a keylogger in its Windows 10 speech, inking, typing, and privacy FAQ: “When you interact with your Windows device by speaking, writing (handwriting), or typing, Microsoft collects speech, inking, and typing information—including information about your Calendar and People (also known as contacts)…”

The good news is that you can turn off the keylogging. Click Settings (it’s on the Start menu’s left pane) to open the Settings program. You’ll find Privacy on the very last row.

Once in Privacy, go to the General section and Turn off Send Microsoft info about how I write to help us improve typing and writing in the future. While you’re there, examine the other options and consider if there’s anything else here that you may want to change.

Now go to the Speech, inking and typing section and click Stop getting to know me. (I really wanted to end that sentence with an exclamation point.)

You may also want to explore other options in Privacy. For instance, you can control which apps get access to your camera, microphone, contacts, and calendar. more