Monday, January 25, 2016

World's Largest Bugging Device Hears What You Can't... and it may save our butts!

This desolate outpost in remotest Greenland is home to one of the world's most high-tech listening devices, tasked with saving humanity from itself.

Located along the coastline just outside the village of Qaanaaq – which bears the additional distinction of being the world's most northerly palindrome – the sole purpose of Infrasound station IS18 consists of listening to the planet's groans that occur at frequencies too low for the human ear to detect, occurring within the range of 20 Hz down to 0.001 Hz.

Click to enlarge.
Qaaanaaq's eight-element array is divided into two sub-arrays bolstered by wind reduction technology, all of which are linked to a Central Processing Facility (or CPF) that churns out data around-the-clock to a central terminal in Qaanaaq proper. But why put such an extremely space-age device in a village accessible only by helicopter, whose locals subsist largely on narwhal, seals, and polar bears?

In its most practical application, IS18 is part of a network of highly specialized sensors charged with monitoring the globe for atomic blasts, as set forth by the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO). Around the clock, the array monitors the entire world for distinctive blast patterns produced by such explosions, as their unique pattern of ultra-low frequency sound waves persist even when ricocheting through the Earth's surface. more
Posted by at
Labels: , ,

Saturday, January 23, 2016

Fibre Optic Eavesdropping Tap Alarm

Allied Telesis, announced that it has released an innovative security measure to prevent eavesdropping on fibre communications, 

Active Fiber Monitoring. The patent-pending technology can detect when a cable is being tampered with, and will raise an alarm to warn of a possible security breach.

Fibre-optic links are used extensively for long-range data communications and are also a popular choice within the LAN environment. One of the perceived advantages of fiber is that eavesdropping on traffic within the cable is not possible. However, it is now possible to acquire devices that can snoop traffic on fiber cables; and even more disturbing is that these devices are readily available and very easy to use.

Active Fiber Monitoring, a technology that detects small changes in the amount of light received on a fibre link. When an intrusion is attempted, the light level changes because some of the light is redirected by the eavesdropper onto another fibre. As soon as this happens, Active Fiber Monitoring detects the intrusion and raises the alarm. The link can either be shut down automatically, or an operator can be alerted and manually intervene. more
Posted by at
Labels: , , , ,

VoIP Software Used to Eavesdrop

The backdoor could allow agents, employers or third parties to listen in on conversations...

The GCHQ has developed VoIP encryption tools with a built-in backdoor, allowing both authorities and third parties to listen in on conversations.

The backdoor is embedded into the MIKEY-SAKKE encryption protocol and has a 'key escrow' built in, allowing those with authority - whether an employer or government agency - to access it if a warrant or request is made.

The backdoor was uncovered by Dr Steven Murdoch, a security researcher from the University of London, who wrote a blog about the potential snooping tool. more
Posted by at
Labels: , , , , , ,

Ex-San Diego Mayor Bob Filner alleges his office was bugged...

Former San Diego Mayor Bob Filner, in an interview this week, denied having sexually harassed women and claimed that his City Hall office had been bugged...

...later in the interview, he said he had "found a bug" in his office that he claimed was planted there by the city attorney. "We asked the police to look at it and they didn't want to or didn't do it," he said.

Former Police Chief Bill Lansdowne disputed that claim Tuesday, saying Filner's chief of staff approached him with the concern that there might be a recording device in the mayor's office.

Lansdowne worked with the department's intelligence unit, hired an outside company to sweep Filner's office for bugs and came up empty-handed, the former police chief said.

"We had that office checked and we came back negative. They did not find anything," Lansdowne said. more

Posted by at
Labels: , , ,

The Top Private Investigators on Twitter in 2015

via PINow.com...
We are happy to release the Top Private Investigators on Twitter in 2015! We received a lot of nominations and saw plenty of excitement, so thank you for your participation!

Twitter is a great tool for interacting with peers, sharing legislation updates, related news, business tips, promoting associations, and more. We present this list every year to recognize those in the industry who have proved to be valuable resources to their peers, specifically on the topic of investigations. Congratulations to all 2015 list-makers!

The list is ranked based on a variety of criteria, including nominations, scores on social media sites like Retweetrank, Klout, and StatusPeople, and on scores for content, consistent activity, and more.

Thank you!
Kevin
Posted by at
Labels: , , ,

Wednesday, January 20, 2016

Why an RFID-blocking Wallet is Something You Don't Need

via Roger A. Grimes
You don't need a tinfoil hat, either. Opportunists have exploited consumer fears to create an industry that doesn't need to exist...

(summary)
First and foremost, does your credit card actually have an RFID transmitter? The vast majority does not. Have you ever been told you can hold up your credit card to a wireless payment terminal, and without inserting your card, pay for something? For most of my friends, and the world in general, the answer is no...

If you look at the number of credit cards with RFID, you can’t even represent it statistically. It’s not 0 percent, but it’s so far below 1 percent that it might as well be 0 percent...

On top of that, most of the world is going to wireless payments using your mobile device...

But did that bad guy ever sit on the corner in the first place? Sure, I’ve seen the demos, but I’ve yet to hear of one criminal who was caught using an RFID sniffer or who admitted to stealing credit card info wirelessly. We know about all sorts of cyber crime. Why not the theft of RFID credit card information if the risk is so high?

Here's why: It would be a lousy use of a criminal mastermind’s time. Today’s smart criminals break into websites and steal hundreds of thousands to tens of millions of credit cards at a time. Why would a criminal go to the effort and expense of stealing credit card info one card at a time when you can steal a million in one shot?  more

Posted by at
Labels: , , , ,

Tuesday, January 19, 2016

Did Your Lame Password Make the Top 25 List for 2015?

Here are the most popular passwords found in data leaks during the year, according to SplashData:
  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars 
    more 
Posted by at
Labels: , ,

Your Old Wi-Fi Router May Be Security Screwed

...starting from the day you bought it.
 
The reason: A component maker had included the 2002 version of Allegro’s software with its chipset and hadn’t updated it. Router makers used those chips in more than 10 million devices. The router makers said they didn’t know a later version of Allegro’s software fixed the bug.
 
The router flaw highlights an enduring problem in computer security: Fixing bugs once they have been released into the world is sometimes difficult and often overlooked. The flaw’s creator must develop a fix, or “patch.” Then it often must alert millions of technically unsophisticated users, who have to install the patch.

The chain can break at many points: Patches aren’t distributed. Users aren’t alerted or neglect to apply the patch. Hackers exploit any weak link. more
Posted by at
Labels: , ,

Four Textbook Business Espionage Case Histories

This past year, the FBI has observed a stark increase (53%!) in the amount of corporate espionage cases within the United States... the FBI has pointed out that a major concern in corporate espionage today are “insider threats” – essentially, employees who are knowledgeable of confidential matters are being recruited by competitor companies, and foreign governments in exchange for large amounts of money at much higher rates than ever before. 

Walter Liew vs. DuPont – “titanium dioxide”
In July 2014, Walter Liew, a chemical engineer from California, pleaded guilty to selling DuPont’s super secret pigment formula that makes cars, paper, and a long list of other everyday items whiter to China.

Starwood vs. Hilton
In 2009, Starwood Hotels accused Hilton Hotels of recruiting executives out from under them and stealing confidential materials... Starwood alleged that the ex-employees had stolen more than 10,000 documents and delivered them to Hilton – the worst part being that Starwood didn’t even notice that the documents were missing until after the indictment.

Microsoft vs. Oracle
In June 1999, Oracle hired a detective agency called Investigative Group International (IGI) to spy on Microsoft – it was headed by a former Watergate investigator, if that says anything... IGI, following Oracle’s orders, sifted through Microsoft’s trash (a practice also known as Dumpster Diving)...

The following May, the same happened. This time, IGI focused its investigations on the Association for Competitive Technology, a trade group; IGI arranged for a random woman to bribe ACT’s cleaning crew with $1,200 in exchange for bringing any office trash to an office nearby – of course, the office was a front for IGI.

Steven Louis Davis vs. Gillette
In 1997, Steven Louis Davis, an engineer helping Gillette develop its new shaving system, was caught faxing and emailing technical drawings to four of Gillette’s competitors...

Sadly, these economic espionage cases aren’t shocking to most corporate executives; it’s not uncommon for rivalry companies to dumpster dive, hack, bribe, and hire away key employees. In a rush to push out new products, major corporations will do just about anything to defame their competitors. And, although a few of these cases stem from the 1990s, their spirit still holds today – as the FBI has noted that corporate espionage is no where near slowing downmore
Posted by at
Labels: , , , ,

Workplace Surveillance is Sparking a Cyber Rebellion

GPS jammers in vans, FitBits strapped to dogs — employees are fighting back.

...Worksnaps is a piece of software that takes regular screenshots of a worker’s computer screen (with their full knowledge), counts their mouse and keyboard clicks each minute, and even offers the option of capturing webcam images. The customer testimonials are worth reading. One small business owner enthuses that she was able to “find and weed out” workers who were chatting on Facebook even though she was in the US and they were in the Philippines...

There are the drivers who plug cheap GPS jammers from China into the cigarette lighter slots in their vans to confuse their companies’ tracking systems. Or the workers who strap their employer-provided Fitbits on to their dogs to boost their “activity levels” for the day. Remember the business owner who used Worksnaps to monitor her workers in the Philippines? She found they were using programs to fool the software into thinking they were working. Worksnaps had to design a tool to identify the cheaters. more
Posted by at
Labels: , , ,

Estranged Husband Goes Under House to Bug Wife

Australia - A Wilsonton man who suspected his ex-wife was seeing another man "bugged" her home to spy on her, Toowoomba Magistrates Court heard.

The couple had been in a relationship for six years but separated last year, the court heard.

In early October, the woman had started receiving text messages from her 48-year-old estranged husband that she took as threatening and intimidating, police prosecutor Tim Hutton told the court...

...toward the end of the offending period, the victim noticed some of the text messages contained information that only she and a few people close to her knew including the sale of a horse and other private matters, Sergeant Hutton said...

When police spoke with the man on October 24, he readily admitted to having planted a recording device attached to an air-conditioning duct underneath his ex-wife's home which was connected through the floor to a microphone in the woman's bedroom, Sgt Hutton told the court. more
Posted by at
Labels: , , ,

Monday, January 18, 2016

Cyber Crime Costs Projected To Reach $2 Trillion by 2019

‘Crime wave’ is an understatement when you consider the costs that businesses are suffering as a result of cyber crime. ‘Epidemic’ is more like it. IBM Corp.’s Chairman, CEO and President, Ginni Rometty, recently said that cyber crime may be the greatest threat to every company in the world...

In 2015, the British insurance company Lloyd’s estimated that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts over the past year put the cybercrime figure as high as $500 billion and more...

The World Economic Forum (WEF) says a significant portion of cybercrime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot. [Especially when electronic surveillance and classic corporate espionage techniques are used.] Those crimes would arguably move the needle on the cyber crime numbers much higher.

For anyone who wants to tally their own bill from cyber crime, check out Cyber Tab from Booz Allen. It is an anonymous, free tool that helps information security and other senior executives understand the damage to companies inflicted by cyber crime and attacks. more
Posted by at
Labels: , , ,

CBS 60 Minutes - The Great Brain Robbery... and what to do about it.

The following is a script from "The Great Brain Robbery" which aired on Jan. 17, 2016 by CBS. Lesley Stahl is the correspondent. Rich Bonin, producer.

If spying is the world's second oldest profession, the government of China has given it a new, modern-day twist, enlisting an army of spies not to steal military secrets but the trade secrets and intellectual property of American companies. It's being called "the great brain robbery of America."

The Justice Department says that the scale of China's corporate espionage is so vast it constitutes a national security emergency, with China targeting virtually every sector of the U.S. economy, and costing American companies hundreds of billions of dollars in losses -- and more than two million jobs.

John Carlin: They're targeting our private companies. And it's not a fair fight. A private company can't compete against the resources of the second largest economy in the world. more

Part of the problem (worldwide) are the victims themselves. Many companies view taking steps to protect themselves an expensive annoyance. Corporate espionage is truly a national security issue, for many countries. Countering it requires an enhanced response. The old "punish the spy" solution is lopsided and ineffective. Check here for a new solution. Please spread the word.
Posted by at
Labels: , , , ,

Illya Kuryakin Writes a Spy Novel - Welcome back to the genre!

David McCallum — yes, actor of “The Man from U.N.C.L.E.” 
and “NCIS” fame — confidently embarks on a second career in his highly entertaining debut that mixes the espionage novel with the mystery thriller, Once a Crooked Man.

McCallum, 82, is no John le Carre, nor does his “Once a Crooked Man” hero, Harry Murphy, resemble George Smiley or Illya Kuryakin, the role that made the Scottish actor famous. But McCallum respects the genres’ tenets, supplying the right amount of intrigue, violence and sex for a well-plotted, action-packed tale. more
Posted by at
Labels: ,

Thursday, January 14, 2016

Do You Have an IoT in the Workplace Policy? (you need one)

via Rafal Los 
It’s the beginning of the year, and for many of us that means hauling in some new gear into the office. Santa continues to bring more widgets and gizmos, and some of that stuff comes to the office with you. I think this is as good a time as any to think about the Internet of Things (IoT) and what it means for your CISO.

We’ve had an Amazon Echo at my house for a while now, since I couldn’t help myself but get on the early adopters list long ago. Truth be told, I love it. Alexa tells me the weather, keeps the twins’ Raffi albums close at hand, and reminds me to buy milk. But since my daughter has discovered her inner spider monkey, she likes to climb up on the cabinet where Alexa lives and likes to talk to her… and pull on the power cable. Also, she once turned the volume up all the way so that when I asked Alexa the weather at 6:30 a.m. I woke up the entire house…whoops. So long story short, Alexa has been unplugged, and I thought … why not take it to the office?

The find.
Here’s the issue — Echo is “always listening” so there’s that question of how welcome she would be in my office where confidential and highly sensitive conversations are a-plenty. Furthermore, Echo streams music and would need my credentials to get wireless network access. I suppose I could just use my personal Wi-Fi hotspot, but that seems like a waste. In case you’re wondering, I opted to not test my CISO’s good will, and Alexa will just have to live with my twins’ abuse. more

This is not a theoretical, I found an Echo in a top executive's office last year. He said it was a gift.

Add an IoT policy to your BYOD policy, and have us check for technical surveillance items and information security loopholes periodically. ~Kevin
Posted by at
Labels: , , , , , ,
Subscribe to: Posts (Atom)