Thursday, February 11, 2016

Bugging & Wiretapping History - "The Eavesdroppers"

In July 1956, the Pennsylvania Bar Association Endowment (PBAE) commissioned a comprehensive study of "wiretapping practices, laws, devices, and techniques" in the United States... The man appointed to direct the study was Samuel Dash... The result of Dash's efforts was The Eavesdroppers, a 483-page report co-authored with Knowlton and Schwartz. Rutgers University Press published it as a standalone volume in 1959. The book uncovered a wide range of privacy infringements on the part of state authorities and private citizens, a much bigger story than the PBAE had anticipated...

The eavesdropping threat loomed large during the 1950s and 1960s: in the work of state and local law enforcement agencies, who wiretapped extensively in criminal investigations; in the exploits of private investigators and eavesdropping specialists, who capitalized on technological innovations to expand their industry's reach; and, perhaps most importantly, in the contradictions of state and federal lawmakers, who sent conflicting messages about the legitimacy of eavesdropping practices that had dogged the nation's communications infrastructure for more than a century...

Wiretapping is as old as wired communication. Civil War generals traveled with professional telegraph tappers in the 1860s, law enforcement agencies began planting telephone taps in the 1890s, and corporate communications giants tacitly sanctioned state and federal eavesdropping programs of various sorts for most of the twentieth century. Somewhat surprisingly, this wasn't a drama that played out in the shadows of American life. Police eavesdropping garnered front-page headlines during the 1920s, when the telephone tap emerged as an effective tool in the enforcement of Prohibition laws...

Eavesdropping technologies of various sorts have been around for centuries. Prior to the invention of recorded sound, the vast majority of listening devices were extensions of the built environment. Perhaps nodding to the origins of the practice (listening under the eaves of someone else's home, where rain drops from the roof to the ground), early modern architects designed buildings with structural features that amplified private speech. The Jesuit polymath Athanasius Kircher (1601-1680) devised cone-shaped ventilation ducts for palaces and courts that allowed eavesdroppers to listen to other people's conversations. Catherine de' Medici (1519-1589) is said to have installed similar structures in the Louvre to keep tabs on individuals who might have plotted against her. Architectural listening systems weren't always a product of intentional design. Domes in St. Paul's Cathedral in London and the U.S. Capitol building still serve as inadvertent "whispering galleries," enabling prying ears to hear conversations held on the other side of the room. Archaeologists have discovered acoustical arrangements like these dating back to 3000 B.C.E. Many were used for eavesdropping...

Click to enlarge.
The earliest electronic eavesdropping technologies functioned much like architectural listening systems. When installed in fixed locations—under floorboards and rugs, on walls and windows, inside desks and bookcases—early-twentieth-century devices like the Detectifone, a technological cousin to the more common Dictaphone, proved surprisingly effective...

The devices that we now think of as "bugs" emerged much later. During the late 1940s, electronic innovations made it possible for eavesdroppers to miniaturize listening technologies like the Detectifone. This made them easier to hide. It also freed them from the strictures of the built environment, dramatically expanding their reach. Reports of an American bugging epidemic began circulating in the early 1950s—first, as glimpses of the man-made miracle of electronics miniaturization began to appear in national newspapers, popular magazines, and Hollywood films, and later as congressional subcommittees revealed scandalous tools of the eavesdropping trade on the floor of the United States Senate. more

Tuesday, February 9, 2016

More Eavesdropping Resistant than a Brick S-House

By replacing the limestone and sand
typically used in concrete with a mineral called magnetite, Tuan has shown that the mixture can also shield against electromagnetic waves.

The electromagnetic spectrum includes the radio-frequency waves transmitted and received by cellphones, which Tuan said could make the concrete mixture useful to those concerned about becoming targets of industrial espionage.

Using the magnetite-embedded concrete, researchers have built a small structure in their laboratory that demonstrates the material's shielding capabilities. more

Monday, February 8, 2016

Employee Bugs Boss, or Bad Hair Day Beef

A labor dispute in a city hair salon 

became criminal when an employee made an audio recording of her boss, without the boss' knowledge, said Acting Deputy Police Chief Frank Warchol.

The employee, Nichole Brock, 35, of 89 Linden St. Unit B, Exeter, was arrested Monday on a misdemeanor count of wiretapping, police reported. Warchol said the law prohibits recording anyone without consent from all parties being recorded and that Brock's recording was made secretly. He said the underlying dispute was not criminal, but the recording was. more

Stealing White - How a corporate spy swiped plans for DuPont’s billion-dollar color formula

At first, you’re like: Why are they stealing the color white?

I had to Google it to figure out what titanium dioxide even was,” says Dean Chappell, acting section chief of counterespionage for the FBI. “Then you realize there is a strategy to it.”

You can’t even call it spying, adds John Carlin, the assistant attorney general in charge of the U.S. Department of Justice’s national security division. “This is theft. And this—stealing the color white—is a very good example of the problem. It’s not a national security secret. It’s about stealing something you can make a buck off of. It’s part of a strategy to profit off what American ingenuity creates.”

Most trade-secret theft goes unreported. Companies worry that disclosing such incidents will hurt their stock prices, harm relationships with customers, or prompt federal agents to put them under a microscope. Theft of trade secrets also rarely results in criminal charges because the cases are time-consuming and complicated, and it’s often difficult to win a conviction for conspiracy to commit espionage. more

Extra Credit...

This Week in Business Espionage

XPO Logistics Inc. charges that rival YRC Worldwide Inc. went to illegal extremes as XPO bought Con-way Inc. last year, the WSJ’s Loretta Chao writes, raiding the less-than-truckload carrier for executives and trade secrets on its operations and its customers. YRC won’t comment on the charges... XPO’s allegation of what amounts to corporate espionage comes at a critical time for the company. more

• One of the UK’s largest companies, British American Tobacco (BAT) is facing demands that it be investigated by the US Department of Justice, following allegations that it engaged in widespread bribery of politicians and policymakers in Africa... There are also claims that the company engaged in corporate espionage and the sabotage of competitors in Kenya. more

• Barcelona (soccer team) say they are “oblivious” to allegations of industrial espionage brought against them and former President Sandro Rosell. The Spanish Press reported on Friday that communications group Mediapro had taken Barca and Rosell to court, with its owner Jaume Roures accusing the ex-patron of e-mail theft, divulging business secrets and invading his privacy. more

• If American businesses want to curb the theft of their trade secrets and intellectual property by other countries, they are going to have to do it themselves. The good news for the American private sector is that machine learning (ML) and behavioral analytics, are offering some promise of detecting hackers before they start exfiltrating trade secrets and intellectual property (IP)... The not so good news is that those businesses are not going to be getting much help from the government. more

...and from "The World is a Strange Place" files...
• A U.S. law firm specializing in cross-border matters has opened its first office in China recently, aiming to assist local companies with legal issues against the background of a spate of spying charges against Chinese nationals. The law firm, Alston & Bird, opened its Beijing office on January 27, marking the first overseas branch of the law firm. The firm has served as counsel to a number of Chinese clients, including Tianjin University's Professor Zhang Hao, who was charged in the U.S. with economic espionage and theft of trade secrets. more


Another Bad Week for Spies

• Saudi Arabia places 27 on trial for spying for Iran more

• Hamas armed wing executes member 'for spying for Israel' more

• North Korea detains American citizen for allegedly spying more

• Iran holding several dual citizens on charges of spying more

• Four arrested 'spies' of postal dept suspended more

• Spy row officer lodges complaint against her superior more

and, to make spy image matters worse...
• Gabriel Kahane Wears Sunglasses Inside to Look Like a Spy and Sings About It on 'The Fiction Issue' more


Thursday, February 4, 2016

15,000+ People Get Paid by Their Eavesdropper

People will turn their smartphones into spying devices for just $5/month

Symphony Advanced Media, founded in 2010, has recruited over 15,000 people to be part of its “panel of media insiders.”

They downloaded an app from Symphony that collects a ton of information from their smartphones, and turns on their microphones every minute for 5-6 seconds to see what they’re watching on their TV or computer. Here’s how Symphony describes on its website what it knows about each individual in its panel:

Click to enlarge.
The data sucked up from panelists’ phones includes where they are; their Internet traffic; their search keywords; which mobile apps they use and for how long; how many calls, emails and texts they send; and, of course, what they’re watching on network or digital TV. In exchange for having everything they do on their phone spied on, panelists are paid $5/month—not in cash, but in the form of points on Perks.com. more

Amateur Eavesdroppers in the News This Week

MA - Brianne St. Peter McMahon, 36, was indicted Wednesday by a Plymouth County Grand Jury on charges including wiretapping and misleading a police investigation, according to the office of Plymouth District Attorney Timothy J. Cruz.

In October 2015, McMahon allegedly slipped her cellphone into the pocket of a witness, who was set to appear before a grand jury at Brockton Superior Court, to record the proceedings and interviews related to the murder of 45-year-old Robert McKennacq, according to Cruz’s office.

Later that afternoon, State Police seized the phone from the witness, a friend of McMahon’s who was unaware the device had been placed in her pocket, according to the indictment. more

---

MA - Three employees at Wyman-Gordon company in Grafton, Massachusetts, are facing felony wiretapping charges for setting up a hidden camera with audio to record their coworker inside their workplace, reports CBS Boston. more

---

S. Africa - An electronics expert testified in court on Monday that he planted a “bugging” device in the Pietermaritzburg advocates’ chambers and helped put a GPS tracker on an advocate’s car at the request of KZN advocate Penny Hunt.

Houston Wayne Impey said he had, at Hunt’s request, also removed the CCTV hard drive installed at the advocates’ chambers to copy the footage captured on the system.

Hunt had told him to plant the bugging device in the ceiling of the advocates’ chambers so she could listen to, and record, conversations in her secretary’s office, because she suspected her of leaking confidential information, he said. more

Monday, February 1, 2016

FutureWatch - Another Step Closer to the Future of Eavesdropping

...a new experiment at the University of Washington may be bringing ESP closer to the realm of reality.

According to University of Washington computational neuroscientist Rajesh Rao and UW Medicine neurosurgeon Jeff Ojemann, the combination of a brain implant and a complex algorithm has given researchers the ability to predict human thoughts with unprecedented speed and accuracy. In fact, the duo says, they’re able to track what we’re thinking as we’re thinking it, bringing us closer to mind reading than ever before...

 “We were trying to understand, first, how the human brain perceives objects in the temporal lobe, and second, how one could use a computer to extract and predict what someone is seeing in real time,” explained Rao to the UW NewsBeat. “Clinically, you could think of our result as a proof of concept toward building a communication mechanism for patients who are paralyzed or have had a stroke and are completely locked-in,” he said. more

FutureWatch - Keep Your Eye on IoT - The Encryption Debate is a Distraction

...products, ranging from “toasters to bedsheets, light bulbs, cameras, toothbrushes, door locks, cars, watches and other wearables,” will give the government increasing opportunities to track suspects and in many cases reconstruct communications and meetings. more

...from "Don’t Panic: Making Progress on the ‘Going Dark’ Debate"
The audio and video sensors on IoT devices will open up numerous avenues for government actors to demand access to real-time and recorded communications.

A ten-year-old case involving an in-automobile concierge system provides an early indication of how this might play out. The system enables the company to remotely monitor and respond to a car’s occupants through a variety of sensors and a cellular connection. At the touch of a button, a driver can speak to a representative who can provide directions or diagnose problems with the car. During the course of an investigation, the FBI sought to use the microphone in a car equipped with such a system to capture conversations taking place in the car’s cabin between two alleged senior members of organized crime.

In 2001, a federal court in Nevada issued ex parte orders that required the company to assist the FBI with the intercept. The company appealed, and though the Ninth Circuit disallowed the interception on other grounds, it left open the possibility of using in-car communication devices for surveillance provided the systems’ safety features are not disabled in the process.

Such assistance might today be demanded from any company capable of recording conversations or other activity at a distance, whether through one’s own smartphone, an Amazon Echo, a baby monitor, an Internet-enabled security camera, or a futuristic “Elf on a Shelf” laden with networked audio and image sensors. more

Attention Attorneys - Time to Sweep for Electronic Surveillance Devices

With attention growing on the use of shell companies in high-end real estate, an activist organization released a report Sunday night that said several New York real estate lawyers had been caught on camera providing advice on how to move suspect money into the United States. 

The report is the result of an undercover investigation carried out in 2014 by Global Witness, a nonprofit activist organization that has been pushing for stricter money-laundering rules.

The lawyers featured in the report include a recent president of the American Bar Association. more video sweep service

Friday, January 29, 2016

Business Espionage: Corn Spy Pops

Security for Dupont Pioneer’s cornfields in Iowa suspected something when they detected men crawling around in the cornfields, and alerted the FBI two years ago. 

Now, one man — Chinese citizen Mo Hailong — has admitted to attempted kernel theft.
Mo was a part of a conspiracy to smuggle U.S. corn from producers Dupont Pioneer and Monsanto in Iowa and ship it to China, where scientists would attempt to replicate the corn’s genetic properties. Prosecutors accused Mo of working with others in the group Kings Nower Seed, a subsidiary of the Beijing Dabeinong Technology Group, the Associated Press reports. more

Spies Accused of Winging It, or A Very Sordid Sortie

Israel Nature and Parks Authority officials are pleading for the release of a vulture after residents of a southern Lebanese town captured the bird, claiming it was being used for spying. 

Lebanese media reported that the bird – allegedly carrying Israeli spy equipment -- was caught Tuesday to prevent it from attacking citizens in the town of Bint Jbail, according to the Jerusalem Post...

Israeli officials said the bird was released in the Gamla Nature Reserve about a month ago after arriving from Spain in 2015. The bird, outfitted with a transmitter, was brought to Israel in hopes to increase its local population, the officials added. more

P.S. They came to their senses and released the vulture.

Even Antiquarian Book Shops are Less Suspicious

A Canadian citizen who ran a coffee shop near the sensitive China-North Korea border has been charged with spying by Beijing after being kept in detention for more than a year.


Kevin Garratt... “has been accused of spying and stealing China's state secrets”, state news agency Xinhua said, citing “authorities”.

"During the investigation, Chinese authorities also found evidence which implicates Garratt in accepting tasks from Canadian espionage agencies to gather intelligence in China," Xinhua reported. more

The Defend Trade Secrets Act of 2015

Prepared Statement by Senator Chuck Grassley of Iowa
Chairman, Senate Judiciary Committee
Executive Business Meeting

The next bill on the agenda is S.1890, the Defend Trade Secrets Act of 2015, introduced by Senators Hatch and Coons.

As we learned in a recent Committee hearing, while state trade secret laws provide U.S. companies many protections, at times these laws are inadequate.

The threats trade secret owners face are coming from thieves who are able to quickly travel across state lines and who use technology to aid their misappropriation. In many cases, the existing patch-work of state laws governing trade secret theft presents difficult procedural hurdles for victims who must seek immediate relief.

Further, the pace of trade secret theft is mounting and federal law enforcement authorities don’t have the bandwidth to prosecute but a fraction of cases. This means that victims of trade secret theft cannot rely on criminal enforcement, making a civil cause of action an effective way to go after the perpetrators.

The Defend Trade Secrets Act would amend the Economic Espionage Act of 1996 to create a federal civil remedy for trade secret misappropriation, allowing for a uniform national standard without preempting state law. The bill would provide clear rules and predictability for trade secret cases. Victims will be able to move quickly to federal court, with certainty of the rules, standards, and practices to stop trade secrets from being disseminated and losing their value. By improving trade secret protection, this bill will also help to incentivize future innovation.

Additionally, Ranking Member Leahy and I will be offering an amendment to help protect whistleblowers. more

Tuesday, January 26, 2016

Security Director Alert: Check your board and conference rooms for equipment made by AMX

Lots of companies -- and even the White House -- use a conference calling system that could possibly be tapped by hackers, according to new research.

On Thursday, cybersecurity experts at SEC Consult revealed a secret doorway that's built into a popular conference calling product built by a company called AMX.

AMX makes tablet panels used to control conference calls for businesses, government agencies and universities.

The company hard-coded backdoor access into its system. AMX created a "secret account" with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.

It's a glaring security hole. more

Murray Associates Recommendation
A firmware update is available for products and systems incorporating the NetLinx NX Control platform:

NX Series Controllers
NX-4200 FG2106-04
NX-3200 FG2106-03
NX-2200 FG2106-02
NX-1200 FG2106-01
Massio® ControlPads
MCP-106 FG2102-06X-X
MCP-108 FG2102-08-X
Enova® DVX All-in-One Presentation Switchers
DVX-3256HD FG1906-22/24
DVX-3255HD FG1906-16/18
DVX-3250HD FG1906-15/17
DVX-2250HD FG1906-11/13
DVX-2255HD FG1906-12/14
DVX-2210HD FG1906-07/09

Firmware downloads require a current login and password for the AMX Account Center to access the protected Technical Documentation and Support Materials sections of the AMX by HARMAN website. Technical Support Staff within End User organizations should contact their authorized AMX Dealer or HARMAN Professional representative for assistance.

Monday, January 25, 2016

More Banksy Art, from Artsy

I received this email today and thought you might like to know...

Hi - my name is Oliver, and I work at Artsy. While researching Banksy, I found your page: http://spybusters.blogspot.com/2014_06_01_archive.html. I wanted to briefly tell you about Artsy's Banksy page, and about our mission.

Click to enlarge.
We strive to make all of the world’s art accessible to anyone online. Our Banksy page, for example, provides visitors with Banksy's bio, over 150 of his works, exclusive articles, as well as up-to-date Banksy exhibition listings. The page even includes related artist & category tags, plus suggested contemporary artists, allowing viewers to continue exploring art beyond our Banksy page.

Glad to help!
Here is another Banksy anti-surveillance piece of art.

Radar Rat, 2004
Spray paint and silkscreen on paper
14 × 14 in
35.6 × 35.6 cm
Gallery Nosco
Sold
£20,000 - 30,000 ($28,500 - $42,800)

World's Largest Bugging Device Hears What You Can't... and it may save our butts!

This desolate outpost in remotest Greenland is home to one of the world's most high-tech listening devices, tasked with saving humanity from itself.

Located along the coastline just outside the village of Qaanaaq – which bears the additional distinction of being the world's most northerly palindrome – the sole purpose of Infrasound station IS18 consists of listening to the planet's groans that occur at frequencies too low for the human ear to detect, occurring within the range of 20 Hz down to 0.001 Hz.

Click to enlarge.
Qaaanaaq's eight-element array is divided into two sub-arrays bolstered by wind reduction technology, all of which are linked to a Central Processing Facility (or CPF) that churns out data around-the-clock to a central terminal in Qaanaaq proper. But why put such an extremely space-age device in a village accessible only by helicopter, whose locals subsist largely on narwhal, seals, and polar bears?

In its most practical application, IS18 is part of a network of highly specialized sensors charged with monitoring the globe for atomic blasts, as set forth by the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO). Around the clock, the array monitors the entire world for distinctive blast patterns produced by such explosions, as their unique pattern of ultra-low frequency sound waves persist even when ricocheting through the Earth's surface. more

Saturday, January 23, 2016

Fibre Optic Eavesdropping Tap Alarm

Allied Telesis, announced that it has released an innovative security measure to prevent eavesdropping on fibre communications, 

Active Fiber Monitoring. The patent-pending technology can detect when a cable is being tampered with, and will raise an alarm to warn of a possible security breach.

Fibre-optic links are used extensively for long-range data communications and are also a popular choice within the LAN environment. One of the perceived advantages of fiber is that eavesdropping on traffic within the cable is not possible. However, it is now possible to acquire devices that can snoop traffic on fiber cables; and even more disturbing is that these devices are readily available and very easy to use.

Active Fiber Monitoring, a technology that detects small changes in the amount of light received on a fibre link. When an intrusion is attempted, the light level changes because some of the light is redirected by the eavesdropper onto another fibre. As soon as this happens, Active Fiber Monitoring detects the intrusion and raises the alarm. The link can either be shut down automatically, or an operator can be alerted and manually intervene. more

VoIP Software Used to Eavesdrop

The backdoor could allow agents, employers or third parties to listen in on conversations...

The GCHQ has developed VoIP encryption tools with a built-in backdoor, allowing both authorities and third parties to listen in on conversations.

The backdoor is embedded into the MIKEY-SAKKE encryption protocol and has a 'key escrow' built in, allowing those with authority - whether an employer or government agency - to access it if a warrant or request is made.

The backdoor was uncovered by Dr Steven Murdoch, a security researcher from the University of London, who wrote a blog about the potential snooping tool. more

Ex-San Diego Mayor Bob Filner alleges his office was bugged...

Former San Diego Mayor Bob Filner, in an interview this week, denied having sexually harassed women and claimed that his City Hall office had been bugged...

...later in the interview, he said he had "found a bug" in his office that he claimed was planted there by the city attorney. "We asked the police to look at it and they didn't want to or didn't do it," he said.

Former Police Chief Bill Lansdowne disputed that claim Tuesday, saying Filner's chief of staff approached him with the concern that there might be a recording device in the mayor's office.

Lansdowne worked with the department's intelligence unit, hired an outside company to sweep Filner's office for bugs and came up empty-handed, the former police chief said.

"We had that office checked and we came back negative. They did not find anything," Lansdowne said. more

The Top Private Investigators on Twitter in 2015

via PINow.com...
We are happy to release the Top Private Investigators on Twitter in 2015! We received a lot of nominations and saw plenty of excitement, so thank you for your participation!

Twitter is a great tool for interacting with peers, sharing legislation updates, related news, business tips, promoting associations, and more. We present this list every year to recognize those in the industry who have proved to be valuable resources to their peers, specifically on the topic of investigations. Congratulations to all 2015 list-makers!

The list is ranked based on a variety of criteria, including nominations, scores on social media sites like Retweetrank, Klout, and StatusPeople, and on scores for content, consistent activity, and more.

Thank you!
Kevin

Wednesday, January 20, 2016

Why an RFID-blocking Wallet is Something You Don't Need

via Roger A. Grimes
You don't need a tinfoil hat, either. Opportunists have exploited consumer fears to create an industry that doesn't need to exist...

(summary)

First and foremost, does your credit card actually have an RFID transmitter? The vast majority does not. Have you ever been told you can hold up your credit card to a wireless payment terminal, and without inserting your card, pay for something? For most of my friends, and the world in general, the answer is no...

If you look at the number of credit cards with RFID, you can’t even represent it statistically. It’s not 0 percent, but it’s so far below 1 percent that it might as well be 0 percent...

On top of that, most of the world is going to wireless payments using your mobile device...


But did that bad guy ever sit on the corner in the first place? Sure, I’ve seen the demos, but I’ve yet to hear of one criminal who was caught using an RFID sniffer or who admitted to stealing credit card info wirelessly. We know about all sorts of cyber crime. Why not the theft of RFID credit card information if the risk is so high?

Here's why: It would be a lousy use of a criminal mastermind’s time. Today’s smart criminals break into websites and steal hundreds of thousands to tens of millions of credit cards at a time. Why would a criminal go to the effort and expense of stealing credit card info one card at a time when you can steal a million in one shot?  more

Tuesday, January 19, 2016

Did Your Lame Password Make the Top 25 List for 2015?

Here are the most popular passwords found in data leaks during the year, according to SplashData:
  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars 
    more 

Your Old Wi-Fi Router May Be Security Screwed

...starting from the day you bought it.
 
The reason: A component maker had included the 2002 version of Allegro’s software with its chipset and hadn’t updated it. Router makers used those chips in more than 10 million devices. The router makers said they didn’t know a later version of Allegro’s software fixed the bug.
 
The router flaw highlights an enduring problem in computer security: Fixing bugs once they have been released into the world is sometimes difficult and often overlooked. The flaw’s creator must develop a fix, or “patch.” Then it often must alert millions of technically unsophisticated users, who have to install the patch.

The chain can break at many points: Patches aren’t distributed. Users aren’t alerted or neglect to apply the patch. Hackers exploit any weak link. more

Four Textbook Business Espionage Case Histories

This past year, the FBI has observed a stark increase (53%!) in the amount of corporate espionage cases within the United States... the FBI has pointed out that a major concern in corporate espionage today are “insider threats” – essentially, employees who are knowledgeable of confidential matters are being recruited by competitor companies, and foreign governments in exchange for large amounts of money at much higher rates than ever before. 

Walter Liew vs. DuPont – “titanium dioxide”
In July 2014, Walter Liew, a chemical engineer from California, pleaded guilty to selling DuPont’s super secret pigment formula that makes cars, paper, and a long list of other everyday items whiter to China.

Starwood vs. Hilton
In 2009, Starwood Hotels accused Hilton Hotels of recruiting executives out from under them and stealing confidential materials... Starwood alleged that the ex-employees had stolen more than 10,000 documents and delivered them to Hilton – the worst part being that Starwood didn’t even notice that the documents were missing until after the indictment.

Microsoft vs. Oracle
In June 1999, Oracle hired a detective agency called Investigative Group International (IGI) to spy on Microsoft – it was headed by a former Watergate investigator, if that says anything... IGI, following Oracle’s orders, sifted through Microsoft’s trash (a practice also known as Dumpster Diving)...

The following May, the same happened. This time, IGI focused its investigations on the Association for Competitive Technology, a trade group; IGI arranged for a random woman to bribe ACT’s cleaning crew with $1,200 in exchange for bringing any office trash to an office nearby – of course, the office was a front for IGI.

Steven Louis Davis vs. Gillette
In 1997, Steven Louis Davis, an engineer helping Gillette develop its new shaving system, was caught faxing and emailing technical drawings to four of Gillette’s competitors...

Sadly, these economic espionage cases aren’t shocking to most corporate executives; it’s not uncommon for rivalry companies to dumpster dive, hack, bribe, and hire away key employees. In a rush to push out new products, major corporations will do just about anything to defame their competitors. And, although a few of these cases stem from the 1990s, their spirit still holds today – as the FBI has noted that corporate espionage is no where near slowing downmore

Workplace Surveillance is Sparking a Cyber Rebellion

GPS jammers in vans, FitBits strapped to dogs — employees are fighting back.

...Worksnaps is a piece of software that takes regular screenshots of a worker’s computer screen (with their full knowledge), counts their mouse and keyboard clicks each minute, and even offers the option of capturing webcam images. The customer testimonials are worth reading. One small business owner enthuses that she was able to “find and weed out” workers who were chatting on Facebook even though she was in the US and they were in the Philippines...

There are the drivers who plug cheap GPS jammers from China into the cigarette lighter slots in their vans to confuse their companies’ tracking systems. Or the workers who strap their employer-provided Fitbits on to their dogs to boost their “activity levels” for the day. Remember the business owner who used Worksnaps to monitor her workers in the Philippines? She found they were using programs to fool the software into thinking they were working. Worksnaps had to design a tool to identify the cheaters. more

Estranged Husband Goes Under House to Bug Wife

Australia - A Wilsonton man who suspected his ex-wife was seeing another man "bugged" her home to spy on her, Toowoomba Magistrates Court heard.

The couple had been in a relationship for six years but separated last year, the court heard.

In early October, the woman had started receiving text messages from her 48-year-old estranged husband that she took as threatening and intimidating, police prosecutor Tim Hutton told the court...

...toward the end of the offending period, the victim noticed some of the text messages contained information that only she and a few people close to her knew including the sale of a horse and other private matters, Sergeant Hutton said...

When police spoke with the man on October 24, he readily admitted to having planted a recording device attached to an air-conditioning duct underneath his ex-wife's home which was connected through the floor to a microphone in the woman's bedroom, Sgt Hutton told the court. more

Monday, January 18, 2016

Cyber Crime Costs Projected To Reach $2 Trillion by 2019

‘Crime wave’ is an understatement when you consider the costs that businesses are suffering as a result of cyber crime. ‘Epidemic’ is more like it. IBM Corp.’s Chairman, CEO and President, Ginni Rometty, recently said that cyber crime may be the greatest threat to every company in the world...

In 2015, the British insurance company Lloyd’s estimated that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts over the past year put the cybercrime figure as high as $500 billion and more...

The World Economic Forum (WEF) says a significant portion of cybercrime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot. [Especially when electronic surveillance and classic corporate espionage techniques are used.] Those crimes would arguably move the needle on the cyber crime numbers much higher.

For anyone who wants to tally their own bill from cyber crime, check out Cyber Tab from Booz Allen. It is an anonymous, free tool that helps information security and other senior executives understand the damage to companies inflicted by cyber crime and attacks. more

CBS 60 Minutes - The Great Brain Robbery... and what to do about it.

The following is a script from "The Great Brain Robbery" which aired on Jan. 17, 2016 by CBS. Lesley Stahl is the correspondent. Rich Bonin, producer.

If spying is the world's second oldest profession, the government of China has given it a new, modern-day twist, enlisting an army of spies not to steal military secrets but the trade secrets and intellectual property of American companies. It's being called "the great brain robbery of America."

The Justice Department says that the scale of China's corporate espionage is so vast it constitutes a national security emergency, with China targeting virtually every sector of the U.S. economy, and costing American companies hundreds of billions of dollars in losses -- and more than two million jobs.

John Carlin: They're targeting our private companies. And it's not a fair fight. A private company can't compete against the resources of the second largest economy in the world. more

Part of the problem (worldwide) are the victims themselves. Many companies view taking steps to protect themselves an expensive annoyance. Corporate espionage is truly a national security issue, for many countries. Countering it requires an enhanced response. The old "punish the spy" solution is lopsided and ineffective. Check here for a new solution. Please spread the word.

Illya Kuryakin Writes a Spy Novel - Welcome back to the genre!

David McCallum — yes, actor of “The Man from U.N.C.L.E.” 
and “NCIS” fame — confidently embarks on a second career in his highly entertaining debut that mixes the espionage novel with the mystery thriller, Once a Crooked Man.

McCallum, 82, is no John le Carre, nor does his “Once a Crooked Man” hero, Harry Murphy, resemble George Smiley or Illya Kuryakin, the role that made the Scottish actor famous. But McCallum respects the genres’ tenets, supplying the right amount of intrigue, violence and sex for a well-plotted, action-packed tale. more

Thursday, January 14, 2016

Do You Have an IoT in the Workplace Policy? (you need one)

via Rafal Los 
It’s the beginning of the year, and for many of us that means hauling in some new gear into the office. Santa continues to bring more widgets and gizmos, and some of that stuff comes to the office with you. I think this is as good a time as any to think about the Internet of Things (IoT) and what it means for your CISO.

We’ve had an Amazon Echo at my house for a while now, since I couldn’t help myself but get on the early adopters list long ago. Truth be told, I love it. Alexa tells me the weather, keeps the twins’ Raffi albums close at hand, and reminds me to buy milk. But since my daughter has discovered her inner spider monkey, she likes to climb up on the cabinet where Alexa lives and likes to talk to her… and pull on the power cable. Also, she once turned the volume up all the way so that when I asked Alexa the weather at 6:30 a.m. I woke up the entire house…whoops. So long story short, Alexa has been unplugged, and I thought … why not take it to the office?

The find.
Here’s the issue — Echo is “always listening” so there’s that question of how welcome she would be in my office where confidential and highly sensitive conversations are a-plenty. Furthermore, Echo streams music and would need my credentials to get wireless network access. I suppose I could just use my personal Wi-Fi hotspot, but that seems like a waste. In case you’re wondering, I opted to not test my CISO’s good will, and Alexa will just have to live with my twins’ abuse. more

This is not a theoretical, I found an Echo in a top executive's office last year. He said it was a gift.

Add an IoT policy to your BYOD policy, and have us check for technical surveillance items and information security loopholes periodically. ~Kevin

American Textile Industry - Woven from Espionage

Samuel Slater, who established the United States' first textile mill in 1793, is widely regarded as the father of America's industrial revolution, having received that very accolade from Andrew Jackson. But American industry may owe as much to his fantastic memory and legally questionable sneakiness as his skill as a machinist and manager. This is the story of how the industrial pioneer earned his other title: "Slater the Traitor."

The ninth of 13 children, Samuel Slater was born in Belper, England in 1768. At age 14, he entered a seven-year apprenticeship agreement with mill owner Jedediah Strutt. He proved a clever, talented young man and quickly became Strutt’s “right hand.” During Slater’s apprenticeship, he learned a great deal about cotton manufacturing and management. He had the opportunity to work on the machines, and saw how Richard Arkwright’s spinning frame—the first water-powered textile machine—was used in large mills. Unfortunately for the ambitious Slater, Strutt had several sons of his own. As a result, Slater would not have a path to advance in the business.

In 1790, Slater decided to leave Strutt’s employment after coming across a Philadelphia newspaper that offered a “liberal bounty” (£100) to encourage English textile workers to come to the United States... Once he arrived in Rhode Island, legend has it that it took him just one year to build the complicated Arkwright machines from memory. Soon they had plenty of thread to sell and Slater’s reputation was secure. In 1793, the newly established Almy, Brown, and Slater company built the mill that would usher in the American industrial revolution. The rest is history. more

EU Law - Yes, the boss can spy on you... and what you can do about it. (updated)

The European Court of Human Rights has ruled that your boss has the right to spy on you at work.

Europe’s top human rights court ordered the handover of transcripts of private conversations by a Romanian worker on Yahoo Messenger. In this case, the employer had warned staff in its company policy that their devices were only to be used for work.

They argued: “It proved that he had used the company’s computer for his own private purposes during working hours.”

But lawyers told the Independent that your employer doesn't have to give you warning before monitoring your private correspondence. "Within the UK you can conduct monitoring without employee consent," said Paula Barrett, partner, head of privacy, at Eversheds. more

UPDATE - No, the European Court of Human Rights did NOT just greenlight spying on employees
The press has got itself carried away with a European court ruling on a labour dispute: workers' private communications are safe. more

Read both articles and decide for yourself. ~Kevin 

Your New IoT Ding-Dong Can Open Your Wi-Fi... to hackers

Getting hacked is bad, but there’s something worse than that: getting hacked because of your own smart doorbell. 

Ring is a popular smart doorbell that allows you to unlock your door from your phone, as well as see and hear visitors via a webcam.

Unfortunately for Ring, that same doorbell meant you could have had your Wi-Fi password stolen in a few minutes if someone cracked into the physical doorbell...

According to Pen Test Partners, the attack was relatively trivial... more

Wednesday, January 13, 2016

What Makes a Trade Secret a Trade Secret?

Article 39 of the Trade-Related Aspects of Intellectual Property Rights Agreement (TRIPS) provides general guidance on necessary conditions for trade secrets:
  • The information must be secret (i.e. it is not generally known among, or readily accessible to, circles that normally deal with the kind of information in question);
  • It must have commercial value because it is a secret; and
  • It must have been subject to reasonable steps by the rightful holder of the information to keep it secret (e.g., through confidentiality agreements, non-disclosure agreements, etc.). more
The "etc." part also includes providing extra security for the information, and the areas where it is generated, stored and used. Periodic Technical Surveillance Countermeasures inspections (TSCM) are a very important part of these conditions. Contact me for more information about this.

The Unofficial World's Record for Arresting Wiretappers Goes to...

Turkey - Thirty people alleged to have illegally wiretapped hundreds of Turkish officials, politicians and journalists were detained in simultaneous operations across the country early Tuesday. 

Suspects are accused of illegally wiretapping the communications of 432 people, including businessmen, journalists and politicians from the ruling Justice and Development (AK) Party, Republican People’s Party Party and the Nationalist Movement Party. more

Today in Spying - Bad Day for Spies

Iran Seizes U.S. Sailors Amid Claims of Spying more

Kuwait sentences two to death for 'spying for Iran' more

North Korea holding U.S. citizen for allegedly spying more

Senior officer quizzed on 'police spying' more

Former Skidmore security guard admits spying on woman more

Indian man sentenced to five years in prison for spying in UAE more

Man accused of spying on female neighbor with homemade selfie stick pleads guilty more

From those wonderful people who like back doors...

US - A hacker appears to have broken into personal accounts of the nation’s top spy chief.

The reported teenager is part of the group that hacked into CIA Director John Brennan’s personal emails last year and is using the new access for pro-Palestinian activism. According to Vice Motherboard, which broke the news on Tuesday, the hacker claimed to have broken into a personal email and phone account of Director of National Intelligence James Clapper and his wife. more

Sunday, January 10, 2016

Business Espionage: The Hoverboard Knockoff

The hoverboard hubbub at CES in Las Vegas Thursday was something straight out of a corporate espionage movie...

US marshals raided a booth set up by Chinese company Changzhou First International Trade. It was promoting its Trotter electronic skateboard—what Bloomberg describes as looking "like a seesaw with one big wheel in the middle."

The problem: Silicon Valley startup Future Motion says the product is a knockoff of its own Onewheel skateboard, invented and designed by Kyle Doerksen.

"When we got word that a company was exhibiting a knock-off product, we engaged in the formal process, which involved sending a cease and desist letter and ... getting a restraining order ... then enforced by the US marshals," Doerksen tells the BBC. more

Business Espionage: Employee's Steal Bends Steel Company With Her Bare Hands

Australia - On the day long-serving BlueScope software development manager Chinnari Sridevi "Sri" Somanchi was to be made redundant in June 2015, she was suddenly busy on the phone.

For the next two hours her redundancy meeting was delayed while Ms Somanchi was locked on the lengthy call, as her manager circled her desk trying to get her attention.

What the company did not know at the time, and now alleges, was Ms Somanchi was spending those precious hours downloading a cache of company secrets so financially important to BlueScope it has launched emergency legal action in the Federal Court of Australia and Singapore, where she is now based, to stop the information falling into the hands of its competitors.

The case of alleged international espionage has left the company reeling.

Ms Somanchi has been accused this week of downloading a trove of company documents – about 40 gigabytes – over a four-year period, including the codes she allegedly downloaded just before her redundancy meeting.

BlueScope is now trying desperately to retrieve "highly sensitive and commercially valuable" information allegedly stolen by Ms Somanchi, who it describes as a disgruntled former employee...

The case of alleged international espionage has left the company reeling and urgently seeking a judge's help to find and destroy trade secrets before they fall into the hands of competitors.

Losing its customized software to a rival firm would so badly damage BlueScope that it was not seeking penalties because "it is difficult to see how damages could adequately compensate BlueScope for the loss",
a senior manager's affidavit said. The business unit at risk generates $US45 million in turnover each year. more

Business Espionage: Former Cardinals Executive Pleads Guilty To Hacking Astros

Chris Correa, the former scouting director of the St. Louis Cardinals, has pleaded guilty to five criminal charges in connection with unauthorized access of the Houston Astros' database.

Correa appeared before a U.S. district court judge in Houston on Friday and had his sentencing hearing scheduled for April 11.

The maximum penalty for each of the five counts, The Houston Chronicle reported, is up to five years in prison, a fine of up to $250,000 and restitution. more

Buy Banksy Spy Art - Get a free House

Consider yourself a bargain hunter with a penchant for modern art? Well why not buy a Banksy mural for just £210,000 ($304,900 UDS) and to sweeten the deal the owner will throw in a three-bedroom house.

A property in Cheltenham, Gloucestershire, featuring the artist's Spy Booth piece is on the market after its stressed owner said he was sick of the circus caused by the mural.

Spy Booth shows three 1950s-style agents, wearing brown trench coats and trilby hats, using devices to tap into conversations at a telephone box. more - with video
click to enlarge


Monday, January 4, 2016

"Official? Nah, I'm just hanging out here."

UK government wants to send tech companies officials to jail 

for disclosing snooping details on users.

Under a new sweeping law, many tech companies like Twitter, Yahoo and Google may face prison if they tip off their customers about spying operations by police and the security services.

These tech giants have a policy of notifying users when it’s suspected that a state-level actor is attempting to hack into their account. Twitter, Facebook and Google had previously assured their users that they would also warn them of any potential government spying. more

Surveillance Cameras Get Twittered

There is an air of mystery when you first notice @FFD8FFDB...

The Twitter bot tweets a grainy, context-free picture escorted by a line of peculiarly formatted gibberish every few minutes.

Only after you begin digging into the actual working of the bot that it becomes clear that the project is developed on a profoundly disquieting foundation that throws light on one of the major privacy escapes in the modern telecommunication set-up.

Basically, the software behind @FFD8FFDB browses the Internet for webcams whose operators have left them unsafe, taking screenshots from the feeds, and then tweets them. more

Time to check your surveillance cameras for password protection. ~Kevin

Et tu Earhart?

A new book about Amelia Earhart contains the controversial claim that she wasn’t really killed when her plane crashed in the middle of the Pacific in 1937 but instead was taken prisoner by the Japanese as a spy...

...she and navigator Fred Noonan vanished without a trace during an attempt to circumnavigate the globe.

What happened to the duo and their twin-engine aircraft during the round-the-world bid has remained one of aviation’s enduring mysteries.


Now ‘Amelia Earhart: Beyond the Grave,’ by WC Jameson, which is published tomorrow, January 5, makes the controversial claim that Earhart was actually sent to the South Pacific on a surveillance operation that had been authorized by United States President Franklin D. Roosevelt.

Mr Jameson claims that her plane was fitted with cameras with which to film Japanese military outposts and that she was actually shot down and taken prisoner.

He also claims that she was released in 1945 and returned to the United States under an assumed identity.

This flies in the face of the long-standing official theory that the pair ran out of fuel and crash landed in the middle of the Pacific Ocean near Howland Island. more

A Tale of Two Spy Cams

Despite the fast-moving pace of technology, there is one thing that's fairly uncommon, and that is a USB-powered speaker.


It's something that just simply isn't seen very often, and for fairly obvious reasons. Now, why am I pointing this out? Well, if you happen to encounter what looks like a normal computer speaker and there's a USB cord coming out the back of it, you should probably be a little suspicious about the speaker's true intentions.


After removing the back... That white thing is not a speaker -- it's actually a web cam. Someone created this unique spy speaker with bad intentions. more

Sometimes, spycams pose as legitimate web cams. 

I came across this recently...

Clue. Legitimate web cams don't need infrared LEDs positioned around the lens.  ~Kevin