Tuesday, January 9, 2018

What Becomes of Industrial Espionage?

Ever wonder what happens to all the intellectual property that is collected by corporate espionage snoops? An article in Wired Magazine gives some clues in Tesla's Latest Chinese Competitor Takes Screens to an Extreme...

Chinese car startup Byton unveiled an SUV... if the company manages to sell for the quoted $45,000 price, will excite people who can’t wait for a Tesla Model 3...

What’s significant here is they seem to have done a thorough job of answering all the questions,” said Stephanie Brinley, Senior Analyst at IHS Markit, as we pushed through the crowds trying to take pictures of the crazy interior through the windows. “They seem to have learnt from some of the others who had more ideas, and less detail.”...

The SUV should be good for over 300 miles of range from a 71- or 95-kwh battery back, quite similar to what Tesla offers. The battery can be fast charged to 80 percent in 30 minutes, totally plausible with current technology. It will come with single, or dual motors, just like Tesla cars.
Ostensibly, this is an article about a new car, but the espionage undertones are obvious.

Keep an eye out to see where your intellectual property is popping up. Better yet, keep an eye out for the easiest-to-spot, early warning sign you are under attack, electronic eavesdropping.

Smart businesses conduct regularly scheduled Technical Surveillance Countermeasures bug sweeps, aka TSCM. It's a standard security practice. You can learn more about it, here.

Sunday, January 7, 2018

Corporate Espionage Alert - Whale Phishing in 2018

Phishing scams are becoming ever more sophisticated...

We need to focus on people patching and the human firewall,” said Anthony Dagostino, global head of cyber risk at Willis Towers Watson. “This requires more effective training and awareness campaigns to make sure people aren’t clicking on things...


We will see more whale phishing in 2018, where cyber criminals will target individuals based on things like their LinkedIn or Facebook profiles,” Dagostino told Insurance Business. “General counsel, chief financial officers and even board members are being very specifically targeted just for hackers to get certain information they have.

“It doesn’t necessarily have to be for a data breach – it’s really corporate espionage driven. They either want to get information on an up-coming acquisition, or future business plans that they can use for insider trading.” more


UPDATE - PA State Police Investigating Possible Wiretapping... of them.

A New Milford man suspected of listening in to phone calls in the Gibson barracks had an assault-style rifle and bombs at home, state police said.  

Nathan J. Grover, 28, 512 Old Route 11, is sought on charges of weapons of mass destruction, prohibited weapons and drug-related crimes. Capt. Christopher Paris, commander of Troop R, which includes the Gibson barracks, confirmed Friday that Grover was not in custody.

State police became aware that Grover, who worked for North-Eastern Pennsylvania Telephone Co., may have been using his position to listen to phone calls at the Gibson barracks, according to a criminal complaint filed Thursday by Sgt. Michael Joyce...

Anyone with information on his whereabouts should contact the Gibson barracks at 570-465-3154. more

Amazon Echo ‘Drop In’ Feature - Easy Eavesdropping?



As voice-based “personal assistants” are becoming ubiquitous in modern, connected American homes, so is the feeling they might be listening in on people when they least expect it or want it.

Amazon Echo, Dot and Show users know that Alexa is always listening. With a simple command she can turn on your lights, play music and even order pizza.

But do you know who else might be listening in to everything going on in your home? more

Saturday, January 6, 2018

Workplace Spycam Man Pleads Guilty

PA - A Douglass man faces court supervision after he admitted to invading the privacy of a female co-worker by planting a camera under her desk and recording her at their Montgomery Township workplace.

Anthony Joseph DePaul, 35, of the 100 block of Chalet Road, was sentenced in Montgomery County Court to four years’ probation after he pleaded guilty to misdemeanor charges of invasion of privacy in connection with the incidents...

Lens on a typical key-fob spy camera.
The device was attached to the bottom of her desk with Velcro and was pointed in the direction of her chair,” Montgomery Township Police Officer James T. Matlack alleged in the criminal complaint...

The device, which was provided to police, was small with a lens at one end, court documents indicate...several employees stated they had observed DePaul near the desk of the female victim in the weeks leading up to the discovery of the camera...

When detectives interviewed DePaul about the matter he admitted to placing the camera under the woman’s desk four to five times and to recording the victim as she sat at her desk, according to the criminal complaint. more

Friday, January 5, 2018

Counter-Espionage For Business Travelers Course

The Counter-Espionage for Business Travelers Course is a two-day seminar designed to educate those individuals in your organization who may become targets of espionage, whether knowingly or unknowingly, from an economic competitor or a hostile intelligence service.

Unfortunately, most business travelers are untrained, and thus unprepared, to handle even the most common espionage tactics, such as:
  • Elicitation
  • Bribery
  • Blackmail
  • Extortion
  • Electronic Surveillance
  • Electronic Exploitation
  • Physical Surveillance
  • Hotel/Office Covert Intrusions
A small sample of the topics covered include:
  • Economic vs. Industrial Espionage
  • Foreign Intelligence Collection Methods
  • How to Recognize Elicitation and Recruiting Techniques
  • Operational Security (OPSEC) Awareness
  • Communication Security (COMSEC) Awareness
  • Data Attack and Intrusion Methodologies
  • How to become an "Invisible Traveler"
  • Surveillance Detection Techniques
If you can't go for the course, at least go for some good books on the subject:

Among Enemies: Counter Espionage for the Business Traveler by Luke Bencie.

Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World by Edward L. Lee


Court Rules: Agricultural Spying is Free Speech

A federal appeals court panel says Idaho’s ban on spying at farms, dairies and slaughterhouses violates free speech rights. 

The 9th U.S. Circuit Court of Appeals on Thursday ruled that sections of the law illegally targeted free speech and investigative journalism. However, the panel also ruled the law correctly criminalized those who made false statements to obtain records at an agricultural facility.

Idaho lawmakers passed the law making it a crime to surreptitiously videotape agriculture operations in 2014 after the state’s $2.5 billion dairy industry complained that videos of cows being abused at a southern Idaho dairy unfairly hurt their businesses. more

Digital Spying And Divorce In The Smartphone Age

Typical magnetic mount GPS tracker.
...from a lengthy, well written, NPR report...

It was the summer of 2016, and M was worried her ex-husband was stalking her. She would get out of town and stay with friends. But, as she noted in court documents, her ex seemed to know exactly where she was and whom she visited — down to the time of day and street...

Welcome to divorce in the 21st century — when what it means to be safe and how much privacy you're entitled to are open questions.

M's case is not unique. NPR talked with dozens of marital experts. They say digital spying is changing divorce as we know it. The tools are abundant. Clients use it in an effort to stay in control after a separation or to gather evidence of extra-marital affairs or drug abuse. But the laws are murky, and law enforcement is lagging far behind. more

Multiple Bathroom Spy Cameras = 30 Days in Jail

Typical air freshener spy camera.
A man charged after “multiple covert and hidden” cameras were found inside bathrooms of a Maine vacation home he rented with family and friends has been sentenced to 30 days in jail.

Joseph J. McGrath, 32, of East Longmeadow, Mass., was charged in September with 10 counts of violation of privacy after police in York were called to the home, where hidden cameras – some disguised as air fresheners – were found in four bathrooms, according to the York Police Department...

The cameras allegedly placed by McGrath targeted both children and adults staying at the home while on vacation with him, police said. more

Thursday, January 4, 2018

The White House West Wing Bans Personal Mobile Phones

The White House is banning its employees from using personal mobile phones while at work in the West Wing... White House chief of staff John Kelly imposed the ban, citing security concerns...

There are too many devices connected to the White House wireless network, and personal phones aren’t as secure as those issued by the federal government, said an official who spoke on condition of anonymity to discuss an internal White House matter.

Aides who opposed the ban said they cannot use their work phones for personal use, and that work phones can’t accommodate texting. They believe the ban will be a hardship because texting is often the easiest way for their families to reach them in the middle of a busy day of meetings. more

"How are they going to enforce that!" I hear you say. 
 Most likely with AirPatrolTM for Security

TV Producer Accused of Using Unauthorized Camera

NY - A Pleasantville CNBC-TV producer accused of spying on his teenage nanny with a secret camera he placed in the bathroom of his home is due to appear in village court Tuesday evening.
From a Walmart on-line ad.
Dan Switzen, 44, who was arrested by Pleasantville Police in November, allegedly hid a camera inside a tissue box on the counter of the bathroom, according to authorities.

The camera was discovered when his 18-year-old live-in nanny and two friends discovered the camera and took it to police. more

PA State Police Investigating Possible Wiretapping... of them.

PA - Newswatch 16 has learned state police in Susquehanna County have been investigating a possible case of eavesdropping on their own barracks.

The man they've been investigating was one of the lead network techs at the phone company until recently.

At the Gibson state police barracks in Susquehanna County, all kinds of calls come in and out, and many of the phone conversations relate to active criminal investigations.

Back in September, troopers were investigating an alleged assault at Nathan Grover's home near New Milford. That's when someone told them Grover, 28, a self-proclaimed hacker, was eavesdropping on state police...

There are questions over two suspicious "trouble tickets" found during NEP Telephone's internal investigation. One was a request that didn't come from troopers that could essentially route a phone call made to state police anywhere.

Another was trouble on a phone line registered to a man near Nicholson that somehow was connected to the Gibson barracks account. more

Wednesday, January 3, 2018

Counterespionage Tip # 022: The Encryption & Password Mistake

An excerpt from the Forever 21 press release last week...
...After receiving a report from a third party in mid-October 2017 suggesting there may have been unauthorized access to data from payment cards that were used at certain Forever 21 stores, we immediately began an investigation. We hired leading payment technology and security firms to assist. The investigation determined that the encryption technology on some point-of-sale (POS) devices at some stores was not always on... more
The setting to enable encryption may never have been set to on. If it was, the setting may not have been password protected, thus allowing the encryption to be turned on and off.  Costly mistakes.

This happens frequently on devices which are introduced after the initial set-up of similar devices. It's similar to the not changing the default password syndrome.

Counterespionage Tip # 022: When installing new devices:
  1. Change the default password.
  2. Review all the settings. Turn off all the eavesdropper and espionage friendly settings.
  3. Pay particular attention to security-related settings.
  4. Enable encryption.
  5. Change the administrator's password if the device has one.
  6. Deter physical access to internal memory and components using security tape. Check often for tampering.
Removing an unencrypted printer drive for covert duplication.
Murray Associates case history photo.
You may be surprised how many devices offer password protection and encryption these days...
  • Point-of-sale (POS) devices.
  • Wi-Fi Access Points.
  • Audio and video teleconferencing equipment.
  • Networked print centers.
  • Stand-alone printers with Wi-Fi capabilities.
  • VoIP telephone systems.
  • Interactive white boards.
  • Fax machines with memory vaults.
  • Computers, tablets, mobile phones.
  • Manufacturing equipment.
  • Medical devices.
  • CCTV cameras and recording systems.
Your list of vulnerable devices may have additional items. All are hacker/espionage/criminal catnip. 

Security settings on items in your environment should be checked periodically. A knowledgeable Technical Surveillance Countermeasures (TSCM) team can do this for you. It should be part of their inspection for electronic surveillance devices and information security loopholes. 

If you don't have a TSCM team already, or are not sure of their capabilities, give me a call. ~Kevin

Carl Størmer - 1890's Spy Cam Man

These days, when it's so easy to sneak a hidden photo with your phone, we can forget just how unusual candid photography was during the 19th century. 

With technological limitation, our first photographs are mainly seated posed images that somehow give the impression that everyone in the 1800s was elegant and composed. But, thanks to one clever Norwegian student, we have a hidden glimpse of life in the 1890s.

Carl Størmer (1874-1957) was a young student of mathematics when he purchased his first hidden camera. It was so small that the lens fit through the buttonhole in his vest with a cord that led down to his pocket, allowing him to secretly snap away.

In his biography for the Fellows of the Royal Society, he revealed it was actually a secret crush that led him toward photography. “When he was a young man at Oslo University he fell in love with a lady whom he did not know and with whom he was too bashful to become acquainted,” writes his biographer. “Wishing at least to have a picture of her, he decided that this was possible only by taking a photograph of her himself, without her knowing.more

Tuesday, January 2, 2018

Stop Your Apps from Spying on Your TV Viewing

That innocent-looking mobile game you just downloaded might just have an ulterior motive. Behind the scenes, hundreds of different apps could be using your smartphone's microphone to figure out what you watch on TV, a new report from The New York Times reveals...

Basically, a bunch of apps with innocuous names like "Pocket Bowling 3D" include extra software that's designed to listen for recognizable audio from your TV, including specific shows and commercials...

All of these apps need to get your permission before they can record in the background. So the easiest way is just to deny that permission. However, it's possible that you might approved the request without realising it, or your kid might do it while playing with your phone. In that case, switching it off is pretty easy...

Just head into Settings on your device and check the permissions for the app in question. If the app has microphone access when it doesn't need to (why would a bowling game need to use your microphone?), just toggle that permission off. more