Huang faces a maximum penalty of 10 years in prison and a $250,000 fine. He will be sentenced at a later date. Imprisonment is all but certain. more
Monday, October 5, 2015
Scientist Pleads Guilty to Corporate Espionage
Researcher Xiwen Huang pleaded guilty Friday to one count of stealing trade secrets. But the legal battle over the punishment the former Charlotte resident receives already is underway.
Federal prosecutors say the 55-year-old chemical engineer stole proprietary technology and hundreds of pages of documents over the last decade from his government and civilian employers, including a company in Charlotte. Huang’s goal, according to court documents, was to aid both the Chinese government and his own company, which he started in North Carolina to do business in his Asian homeland.
Huang faces a maximum penalty of 10 years in prison and a $250,000 fine. He will be sentenced at a later date. Imprisonment is all but certain. more
Huang faces a maximum penalty of 10 years in prison and a $250,000 fine. He will be sentenced at a later date. Imprisonment is all but certain. more
Ai Weiwei Discovers Eavesdropping Devices in His Studio
Ai Weiwei has posted a number of pictures of what he says are listening devices found in his Beijing studio.
The Chinese dissident artist captioned one photo of a bug on Instagram with "There will always be surprises".
His friend Liu Xiaoyuan confirmed the bugs were found after the artist returned from a trip to Germany.
Xiaoyuan tweeted that they were found when redecoration started on Ai's home and were found in the office and a living room.
The artist also posted a video clip of firecrackers being set off in a metal bucket next to one of the devices. He wrote "Did you hear it?" next to the video. more
His friend Liu Xiaoyuan confirmed the bugs were found after the artist returned from a trip to Germany.
Xiaoyuan tweeted that they were found when redecoration started on Ai's home and were found in the office and a living room.
Gang Using Spy Cam, Bluetooth for Exam Paper Leaks Busted
India - Police have busted a New Delhi-based gang involved in assembling spy cameras and bluetooth devices in undergarments and shirts to facilitate question paper leaks in important competitive exams across the country.
...the accused used to assemble spy cams and bluetooth devices in shirts, briefs and vests, mobile hardware kits, and other equipment to get the question papers leaked out from the exam centres...
...the kit included an android smartphone which was connected with a spy cam in cuff of a shirt. The question paper was clicked by some candidate or a staff member through spy camp and smuggled outside the examination centre through drop box application.
The paper was then distributed through e-mails or WhatsApp to a team of six to eight teachers, who solved the paper. The candidates, who paid for the solved paper, were given a bluetooth ear device which did not require mobile handset and acted just as receiver. The accused had assembled a set with 40 mobile phones through which the answers were dictated to the candidates... more
...the kit included an android smartphone which was connected with a spy cam in cuff of a shirt. The question paper was clicked by some candidate or a staff member through spy camp and smuggled outside the examination centre through drop box application.
The paper was then distributed through e-mails or WhatsApp to a team of six to eight teachers, who solved the paper. The candidates, who paid for the solved paper, were given a bluetooth ear device which did not require mobile handset and acted just as receiver. The accused had assembled a set with 40 mobile phones through which the answers were dictated to the candidates... more
Phone on Drone Hacks Wireless Printer
You might think that working
on a secured floor in a 30-story office tower puts you out of reach of
Wi-Fi hackers out to steal your confidential documents.
But researchers in Singapore have demonstrated how attackers using a
drone plus a mobile phone could easily intercept documents sent to a
seemingly inaccessible Wi-Fi printer. The method they devised is
actually intended to help organizations determine cheaply and easily if
they have vulnerable open Wi-Fi devices that can be accessed from the
sky. But the same technique could also be used by corporate spies intent
on economic espionage. more
Sunday, October 4, 2015
Operation Armchair - Son of The Thing, or...
...how a small Dutch company, helped the CIA to eavesdrop on the Russians.
"A small company from Noordwijk, Dutch Radar Research Station, worked for the CIA for decades. It built sophisticated listening devices that the Americans used against the Soviet Union. I came across this story when a schoolmate gave me papers of his grandfather. Along with intelligence expert, Cees Wiebes, I reconstructed in eighteen months the never told key role that this Dutch company played during the Cold War." ~ Maurits Martijn
(A long, but interesting story.)
(A long, but interesting story.)
Friday, October 2, 2015
IP Protection: Don’t Expect Government Help
If actions – or in this case inaction – speak louder than words, the message from the U.S. government to the private sector regarding defense against cyber economic espionage by China is clear: “You’re on your own.”
That remains true, in the view of multiple experts, even after Chinese President Xi Jinping and U.S. President Barack Obama announced an agreement last week that, according to a White House press secretary Fact Sheet, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
...the agreement refers only to the governments of both countries – not their private sectors...
Kevin Murray, director at Murray Associates, said the reality is that, “both leaders know economics comes first. “Waving an ‘agreement’ in the air may mollify some of their constituents,” he said, but the subtext of promising that “governments” won’t do it acknowledges the reality that they, “can't control all the rogue hackers out there. All they can say is that their governments are not behind it, and they don't condone it. Meanwhile, cutouts will manage the "consultants" who make money with their data-vacuums." more
That remains true, in the view of multiple experts, even after Chinese President Xi Jinping and U.S. President Barack Obama announced an agreement last week that, according to a White House press secretary Fact Sheet, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
...the agreement refers only to the governments of both countries – not their private sectors...
Kevin Murray, director at Murray Associates, said the reality is that, “both leaders know economics comes first. “Waving an ‘agreement’ in the air may mollify some of their constituents,” he said, but the subtext of promising that “governments” won’t do it acknowledges the reality that they, “can't control all the rogue hackers out there. All they can say is that their governments are not behind it, and they don't condone it. Meanwhile, cutouts will manage the "consultants" who make money with their data-vacuums." more
Wednesday, September 30, 2015
In China Counterespionage is Everyone's Job... by law
Counter-espionage Law of the People's Republic of China (interesting highlights)
Adopted at the 11th meeting of the Standing Committee of the Twelfth National People's Congress on November 1, 2014.
Article 20: Citizens and organizations shall facilitate and provide other assistance to anti-espionage efforts.
Article 25: Individuals and organizations must not illegally hold or use special-purpose spy equipment needed for espionage activities. Special-purpose spy equipment will by verified by the State Council department responsible for national security in accordance with relevant national provisions.
Article 32: For those in unlawful possession of state secret documents, materials and other items, as well as those who unlawfully possess or utilize specialized spying equipment, state security organs may conduct a search of their person, items, residence and other relevant locations in accordance with law; and confiscate the state secrets documents materials and other items they unlawfully possessed, as well as the specialized spying equipment they possessed or utilized. Where the unlawful possession of state secrets documents, materials or other materials constitutes a crime, pursue criminal responsibility in accordance with law; where it does not constitute a crime, state security organs give warnings or administrative detention of up to 15 days.
Adopted at the 11th meeting of the Standing Committee of the Twelfth National People's Congress on November 1, 2014.
- Chapter I: General Provisions
Article 4: Citizens
of the People's Republic of China have a duty to preserve national
security, honor and interests; and must not endanger national security,
honor or interests. All
State organs, armed forces, political parties and public groups, and
all enterprises and organizations, have the obligation to prevent and
stop espionage activities and maintain national security. State
security organs must rely on the support of the people in
anti-espionage efforts, mobilizing and organizing the people to prevent
and stop espionage conduct threatening state security .
- Chapter II: Functions and Powers of State Security Organs in Anti-Espionage Efforts
Article 12: As
needed for investigation of espionage activities, and on the basis of
national provisions, state security organs may employ technological
investigative measures upon strict formalities for approval.
Article 13: National
security organ counterintelligence work, organizations and individuals
can check electronic communication tools, equipment, and other equipment
and facilities in accordance with the regulations. Where situations
harmful to state security to national security are discovered in the
course of an inspection, the state security organ shall order
rectification; and where rectification is refused or after the
rectification requirements are still not met, they may be sealed or
seized.
Where
situations harmful to state security to national security are
discovered in the course of an inspection, the state security organ
shall order rectification; and where rectification is refused or after
the rectification requirements are still not met, they may be sealed or
seized.
- Chapter III: The Duties and Rights of Citizens and Organizations
Article 20: Citizens and organizations shall facilitate and provide other assistance to anti-espionage efforts.
Article 25: Individuals and organizations must not illegally hold or use special-purpose spy equipment needed for espionage activities. Special-purpose spy equipment will by verified by the State Council department responsible for national security in accordance with relevant national provisions.
- Chapter IV: Legal Liability
Article 32: For those in unlawful possession of state secret documents, materials and other items, as well as those who unlawfully possess or utilize specialized spying equipment, state security organs may conduct a search of their person, items, residence and other relevant locations in accordance with law; and confiscate the state secrets documents materials and other items they unlawfully possessed, as well as the specialized spying equipment they possessed or utilized. Where the unlawful possession of state secrets documents, materials or other materials constitutes a crime, pursue criminal responsibility in accordance with law; where it does not constitute a crime, state security organs give warnings or administrative detention of up to 15 days.
- Chapter V: Supplementary Provisions
Sunday, September 27, 2015
Bugged: Russian Roach Rampage (Warning: Sensationalist Reporting)
The terrifying cockroach robo-SPY that could soon perform reconnaissance missions for the Russian military...
Researchers have created insect bots, inspired by the Blaberus giganteus species of roach, capable of scanning rooms and tracking their surroundings.
Fitted with sensors, these mechanical bugs can cover 12 inches (31cm) a second and the technology has already piqued the interest of the Russian military.
Researchers have created a robotic cockroach (pictured main), inspired by the Blaberus family of roaches (B. craniifer shown on top of the robot), capable of scanning rooms and tracking its surroundings. The mechanical bug can cover 12 inches a second
The bionic cockroaches were designed by engineers Danil Borchevkin and Aleksey Belousov at Kaliningrad's Kant University.
Each robot is 4-inches (10cm) long and fitted with photosensitive sensors, as well as sensors that detect contact, meaning they can constantly look out for obstacles. more
- Robot is fitted with photosensitive sensors to track its surroundings
- The 4-inch (10cm) mechanical roach moves like the Blaberus giganteus
- A sample of the robo-bugs is being planned for Russian armed forces
- Future models will be able to camouflage themselves, spy on people with portable cameras and carry out reconnaissance missions
Researchers have created insect bots, inspired by the Blaberus giganteus species of roach, capable of scanning rooms and tracking their surroundings.
Fitted with sensors, these mechanical bugs can cover 12 inches (31cm) a second and the technology has already piqued the interest of the Russian military.
Researchers have created a robotic cockroach (pictured main), inspired by the Blaberus family of roaches (B. craniifer shown on top of the robot), capable of scanning rooms and tracking its surroundings. The mechanical bug can cover 12 inches a second
The bionic cockroaches were designed by engineers Danil Borchevkin and Aleksey Belousov at Kaliningrad's Kant University.
Each robot is 4-inches (10cm) long and fitted with photosensitive sensors, as well as sensors that detect contact, meaning they can constantly look out for obstacles. more
Man Admits Wiretapping, Harassment of Judge... and DUI
PA - An East Goshen man who secretly recorded telephone conversations with his ex-wife, her attorney’s office, two police officers and others, and who also made profane telephone calls to a Common Pleas Court judge and officials in the Chester County Domestic Relations Office, has admitted his culpability in those crimes.
On Wednesday, William Robert Wheeler pleaded guilty to charges of wiretapping and harassment, as well as driving under the influence, before Judge Patrick Carmody, who deferred formal sentencing to allow Wheeler to apply for the county’s alternative sentencing program for repeat DUI offenders. more
On Wednesday, William Robert Wheeler pleaded guilty to charges of wiretapping and harassment, as well as driving under the influence, before Judge Patrick Carmody, who deferred formal sentencing to allow Wheeler to apply for the county’s alternative sentencing program for repeat DUI offenders. more
Spying Coffee Cup Lid Worthy of James Bond
This may look like an ordinary coffee cup.
But the innocent-looking container could soon become a potent new weapon in the fight against criminals, fraudsters and enemy spies.
The plastic lid is similar to those handed out by coffee chain giants, such as Starbucks and Costa.
The lid, which looks like it could have been devised by James Bond's gadget guru Q, has been created by Bodmin-based LawMate UK.
Inside, it is fitted with hi-definition filming equipment and an eavesdropping device that can listen in and record conversations, even in a room full of people.
Investigators will be able to use the device to gather crucial evidence, and can activate it by pressing the letter H – which stands for Hot – on the lid.
The firm, based at the Mid-Cornwall town's Callywith industrial estate, has already sold more than 100 of the gadgets, which are designed to fit any takeaway cup in the UK. more
The plastic lid is similar to those handed out by coffee chain giants, such as Starbucks and Costa.
The lid, which looks like it could have been devised by James Bond's gadget guru Q, has been created by Bodmin-based LawMate UK.
Inside, it is fitted with hi-definition filming equipment and an eavesdropping device that can listen in and record conversations, even in a room full of people.
Investigators will be able to use the device to gather crucial evidence, and can activate it by pressing the letter H – which stands for Hot – on the lid.
The firm, based at the Mid-Cornwall town's Callywith industrial estate, has already sold more than 100 of the gadgets, which are designed to fit any takeaway cup in the UK. more
U.S., China Vow Not to Engage in Economic Cyberespionage
President Obama and Chinese leader Xi Jinping pledged Friday...
that neither of their governments would conduct or condone economic espionage in cyberspace in a deal that sought to address a major source of friction in the bilateral relationship.
But U.S. officials and experts said that it was uncertain whether the accord would lead to concrete action against cybercriminals. more
----
Question from a reporter...
Without government assistance, what can private sector organizations do to protect themselves more effectively from China stealing their IP?
Answer...
#1 - Realize that computer hacks are not perpetrated solely by someone sitting at a remote computer exploiting a software glitch they just discovered. A close look at many cases shows other elements of espionage in the path to the hack... social engineering, sloppy security practices, lack of oversight, multiple forms of classic electronic surveillance, blackmail, infiltration of personnel, etc.
The misconception that "this is an IT security problem" has lead to a morphing of corporate information security budgets into a lopsided IT-centric security budget. Thus, pretty much ignoring that most information in their computers was available elsewhere before it was ever converted into data! This situation is like having a building with one bank vault door, while the rest of the entrances are screen doors.
Here is what the private sector can do for themselves...
• View information security holistically. Spread the budget out. Cover all the bases.
- Provide information security training to all employees.
- Create stiff internal controls. Enforce them.
- Conduct independent information security audits quarterly for compliance, discovery of new loopholes. Technical Surveillance Countermeasures (TSCM) is the foundation element of the audit. A TSCM sweep is conducted to discover internal electronic surveillance (audio, video, data), and verify security compliance of wireless LANs (Wi-Fi), etc.
~Kevin
But U.S. officials and experts said that it was uncertain whether the accord would lead to concrete action against cybercriminals. more
----
Question from a reporter...
Without government assistance, what can private sector organizations do to protect themselves more effectively from China stealing their IP?
Answer...
#1 - Realize that computer hacks are not perpetrated solely by someone sitting at a remote computer exploiting a software glitch they just discovered. A close look at many cases shows other elements of espionage in the path to the hack... social engineering, sloppy security practices, lack of oversight, multiple forms of classic electronic surveillance, blackmail, infiltration of personnel, etc.
The misconception that "this is an IT security problem" has lead to a morphing of corporate information security budgets into a lopsided IT-centric security budget. Thus, pretty much ignoring that most information in their computers was available elsewhere before it was ever converted into data! This situation is like having a building with one bank vault door, while the rest of the entrances are screen doors.
Here is what the private sector can do for themselves...
• View information security holistically. Spread the budget out. Cover all the bases.
- Provide information security training to all employees.
- Create stiff internal controls. Enforce them.
- Conduct independent information security audits quarterly for compliance, discovery of new loopholes. Technical Surveillance Countermeasures (TSCM) is the foundation element of the audit. A TSCM sweep is conducted to discover internal electronic surveillance (audio, video, data), and verify security compliance of wireless LANs (Wi-Fi), etc.
~Kevin
Wednesday, September 16, 2015
Ex-Spies Join Cybersecurity Fight
Firms turn to cloak-and-dagger tactics to infiltrate hacker groups and pre-empt attacks.
Their job: Befriend hackers to find out about attacks before they even happen.
Last year, Black Cube, an Israel-based firm that specializes in gathering intelligence online, asked one of its bank clients for access to some of its internal HR and payroll data—sensitive enough to look like the spoils of a real cyber theft, but not enough to affect operations.
When Black Cube accessed the information, it left a digital trail that made it look like it had broken into the bank’s networks and stolen the data. By dangling this bait, Black Cube operatives posing as hackers infiltrated a group of cyber thieves that had been circling the bank, according to a person familiar with the sting, helping thwart an attack.
With the pace and severity of corporate cyberattacks increasing, a growing number of small cybersecurity and business intelligence firms like Black Cube are deploying the same sort of cloak-and-dagger moves that governments and police have long used to penetrate spy rings or break up terrorist cells. more
Their job: Befriend hackers to find out about attacks before they even happen.
When Black Cube accessed the information, it left a digital trail that made it look like it had broken into the bank’s networks and stolen the data. By dangling this bait, Black Cube operatives posing as hackers infiltrated a group of cyber thieves that had been circling the bank, according to a person familiar with the sting, helping thwart an attack.
With the pace and severity of corporate cyberattacks increasing, a growing number of small cybersecurity and business intelligence firms like Black Cube are deploying the same sort of cloak-and-dagger moves that governments and police have long used to penetrate spy rings or break up terrorist cells. more
Android Apps Get Graded for Privacy - What's App on Your Phone?
A team of researchers from Carnegie Mellon University have assigned privacy grades to Android apps based on some techniques they to analyze to their privacy-related behaviors. Learn more here or browse their analyzed apps.
Grades are assigned using a privacy model that they built. This privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior.
For example, according to
studies they conducted, most people don't expect games like Cut the Rope to use location data, but
many of them actually do. This kind of surprise is represented in their privacy model as a penalty to an
app’s overall privacy grade. In contrast, most people do expect apps like Google Maps to use location
data. This lack of surprise is represented in their privacy model as a small or no penalty. more
Concerned about Android spyware, click here.
Grades are assigned using a privacy model that they built. This privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior.
Concerned about Android spyware, click here.
Tuesday, September 15, 2015
Sports TSCM: Manchester United Searched Hotel for Bugging Devices
UK - Manchester United reportedly organised for their hotel to be searched for bugging devices prior to Saturday's match against arch rivals Liverpool...
According to the Manchester Evening News, security men used devices to check a meeting room at the Lowry Hotel before Van Gaal discussed tactics for the game.
The report adds that the Premier League giants have been checking hotels for more than a year after a bugging device was found in a meeting during the 2013-14 season. more
The report adds that the Premier League giants have been checking hotels for more than a year after a bugging device was found in a meeting during the 2013-14 season. more
Police: Fired Officer Used Drone to Spy on Neighbors
GA - A Valdosta police officer was out of a job as of Monday evening after being arrested for reportedly using a drone to eavesdrop on a neighbor.
Officer Howard Kirkland, 53, of Ray City, was fired Monday morning, Valdosta Police Chief Brian Childress confirmed.
He had been on suspension since September 4th. He was arrested at the police department by Lanier County Sheriff's Deputies on September 10th. The sheriff's office had been conducting an investigation for about a week. more
Officer Howard Kirkland, 53, of Ray City, was fired Monday morning, Valdosta Police Chief Brian Childress confirmed.
He had been on suspension since September 4th. He was arrested at the police department by Lanier County Sheriff's Deputies on September 10th. The sheriff's office had been conducting an investigation for about a week. more
Subscribe to:
Posts (Atom)