Security Tip: Why it Always Pays to Hire The Best.

Following the revelation that the The National Enquirer had obtained intimate texts and images between Amazon CEO Jeff Bezos and Lauren Sanches, Bezos ordered an investigation into who was behind the data breach.

In a post on The Daily Beast, Bezos’ security consultant Gavin De Becker says that his team of investigators have “concluded with high confidence that the Saudis had access to Bezos’ phone...” more

That Loud Burp You Hear Today is History Repeating Itself

The upstart nation was a den of intellectual piracy. One of its top officials urged his countrymen to steal and copy foreign machinery. Across the ocean, a leading industrial power tried in vain to guard its trade secrets from the brash young rival.

In the late 18th and early 19th centuries, the rogue nation was the United States. The official endorsing thievery was Treasury Secretary Alexander Hamilton. And the main victim was Britain.

How times have changed...

Now, the United States accuses China of the very sort of illicit practices that helped America leapfrog European rivals two centuries ago and emerge as an industrial giant. more

A proposed solution.

Protecting Confidential Information - The Japanese Model

Japan - The government is making every effort to keep information on the new Imperial era name secret until its announcement Monday and officials are even checking plants inside the Prime Minister’s Office for possible bugging devices...

The government will ask members of the expert panel, parliamentary leaders and Cabinet ministers not to bring any recording devices, including smartphones, into the rooms where the new era name will be presented and not to leave there before the announcement.

The government plans to check the belongings of panel members before they enter the Prime Minister’s Office and have government personnel escort them to restrooms so they will not make any contact with outsiders. more

Inside Info Discussed Outside is a Big Deal... killer

Careless talk costs dollars. That’s the lesson from a case heard last week by one of France’s financial regulators.

Lazard Ltd. dealmaker Vincent Le Stradic spent two and a half hours aboard a Eurostar train from London to Paris in 2014 working on a $15 billion takeover bid by Iliad SA for T-Mobile US Inc.

He was oblivious to the fact that the casually dressed man sitting next to him was Alexandre Zaluski, a UBS Group AG banker, who passed the information to a colleague, ultimately resulting in the bank pitching to Iliad to help finance the deal...

It’s an open secret in the media industry that some of the best scoops can be picked up by eavesdropping in lawyers and banker hangouts, from London’s Ye Olde Cheshire Cheese and Michael’s in Midtown Manhattan to Hong Kong’s Captain’s Bar and Mumbai’s Willingdon Sports Club. more

Working on a takeover, merger or acquisition? 
Put an information security consultant on your team.

FutureWatch - Spying on What Drones Spy

Should you worry about drone jacking if your business relies on taking aerial video footage? Probably. For one thing, camera drones are one of the juiciest targets for cybercriminals around. They know that companies using these vehicles tend to install high-quality cameras and accessories, in order to capture the best possible footage. So camera drones are a prime target - if only due to their resale value. 

But the data captured by camera drones could be even more attractive. Security experts have shown that it's relatively simple to steal the login credentials of pilots, providing total awareness of flight paths, footage, and any other data. This can be sold on to third parties, , or just exploited for personal use.

When unedited footage leaks, it can be a huge reputational risk for the company that captured it, as well as a loss of valuable proprietary data. So it makes sense to secure your footage as much as possible, but how can you do so? more

This Week in Corporate Espionage

HONDA
Calling corporate espionage a threat to its competitive advantage in the all-terrain vehicle market, Honda of South Carolina is going to court to find out who posted unauthorized photos of its Talon side-by-side vehicles on the Internet...

...photos and detailed, confidential information about the Talon models started showing up on Internet sites hondasxs.com and HondaProKevin.com.

According to Honda’s complaint, someone using the screen name “hondasecrets” posted photos of Talons taken inside the factory. Another using the name “HondaTalon” posted specifications “regarding the horsepower, maximum speed, and measurements, which Honda had not yet released to the public,” the complaint states. more

-----

TESLA
Tesla Inc. accused one of its former engineers of stealing highly confidential autopilot information before bolting to the Tesla of China, Xpeng Motors, eight months after one of Apple Inc.’s ex-employees was charged with taking sensitive robocar secrets to a new job with Xpeng.

Allegations that a second Silicon Valley giant (see below) was betrayed by one of its own workers bound for the same Chinese startup come amid a major U.S. crackdown on Chinese corporate espionage. more

-----

APPLE
A former hardware engineer (Zhang Xiaolang) for Apple’s autonomous vehicle development team who went to work for Xpeng is facing criminal charges brought by the U.S. Justice Department. He has pleaded not guilty...

Zhang told Apple he wanted to be closer to his ailing mother in China just before revealing to his supervisor that he intended to work for Xpeng. Apple grew more suspicious after seeing his increased network activity and visits to the office before he resigned, prosecutors said in a criminal complaint. He was arrested after he passed through the security checkpoint at Silicon Valley’s San Jose International Airport to board a flight to China. more

Spybuster Tip #471 - Block People Who Track You via Email

Ugly Email is a Gmail / Firefox plug-in. When a tracker is detected, it shows the icon of an eyeball in the subject line to alert you that a tracker is hidden inside the email.

Blocked trackers include:

• MailChimp
• SendGrid
• Drip
• Mailgun
• Streak
• Bananatag
• Yesware
• Postmark
• Sidekick
• TinyLetter
• MixMax
• MailTrack
• toutapp
• Litmus
• Boomerang
• ContactMonkey
• Cirrus Insight
• Polymail
• YAMM
• GetResponse
• phpList
• Close.io
• Constant Contact
• Marketo
• Return Path
• Outreach
• Intercom
• Mailjet
• Nethunt

...and Ulgy Email is soliciting suggestions for other email spies to add to the list. Ugly Email claims it does not store, transfer, transmit or save any of your data.

Student Newspaper Accused of Bugging an On-Campus Apartment

Ireland - A student newspaper accused of “bugging” an on-campus apartment in its investigation into an alleged initiation ceremony has been defended by the National Union of Journalists.

A referendum will be held in Trinity College Dublin in April about whether to strip The University Times of most of the funding it receives from the student’s union over the reporting methods used for a story on the Knights of the Campanile, an all-male sporting society.

The referendum was triggered when 500 students signed a petition calling on the student’s union to reconsider its funding. Reporters left a recording device outside the apartment of Ben Arrowsmith, a student and captain of the society. The paper reported this month that they heard “groaning, gagging and retching... more

The Case of The Very Dumb Spycam Man

CA - A detective identified the man charged with filming dozens of cops in a police station restroom by recognizing his shoes, according to newly revealed court documents that allege his spying was more widespread than previously known...

He took note of the distinctive dress shoes in the stall next to him, and later that day, detectives confronted Sergio Nieto, the clerk who was wearing them, according to the documents.

Nieto admitted he’d been filming officers as they used the toilet and said he’d also spied on people in the bathroom of a 24 Hour Fitness at The Promenade at Downey shopping center. more

Corporate Romper Room - Don't Bee a Slack Slacker

More than 10 million people use Slack every day, mostly to communicate with co-workers. The app has gained so much popularity in the five-plus years since its launch that private investors value the company at over $7 billion.

“I love my people, but they never shut up on Slack,” said the CEO of a security company who asked not to be named so he could speak openly about his concerns. “It’s very good for productivity, but the problem is we’re working on security, so we have to be careful about what we say.”

Employees communicate on Slack using “channels” to focus conversations on various topics specific to different departments. It followed corporate chat tools from Microsoft, Google and Cisco as well as a plethora of start-ups, but none gained Slack’s level of adoption or had so much success in pulling workers away from email and into messaging groups. more

Information Security and Cryptography Seminar - June 17-19, 2019

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience. This includes the foundations needed to understand the different approaches, a critical look at the state-of-the-art, and a perspective on future security technologies.

The material is presented at three different levels. At the highest level, the basic concepts are presented in detail, but abstractly (e.g., as black boxes), without mathematics. No background is required to follow at this level. At an intermediate level, the most important concrete schemes, models, algorithms, and protocols are presented as well as their applications. Here some minimal mathematical and systems background is assumed. At the deepest level, which is not required to understand the higher levels, different special topics, requiring some mathematical background, are discussed.

Lecturers:
Prof. David Basin and Prof. Ueli Maurer
Advanced Technology Group GmbH
Grundgasse 13
9500 Wil
Switzerland
F: +41 (0)44 632 1172

Seminar Location: 
Marriott Courtyard Zurich North
Max-Bill-Platz 19
CH-8050 Zurich
Switzerland
more

Security Director Alert: Check for These Bug-Like Products at Your Location

Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions.

A series of both unauthenticated and authenticated remote code-execution vulnerabilities have been uncovered in a variety of Grandstream products for small to medium-sized businesses, including audio and video conferencing units, IP video phones, routers and IP PBXs.

Attackers can also use the vulnerabilities to gain access to cameras and microphones to turn them into listening devices. “The most notable aspect of the vulnerabilities is what you can do simply by using the programs that get shipped on the device,” Brendan Scarvell, senior security consultant at Trustwave SpiderLabs, told Threatpost in an interview.

“This includes playing audio through the speakers, recording conversations through the microphone, activating cameras and taking photos, installing custom software/malware etc. This is pretty bad for places such boardrooms or executive offices where confidential conversations frequently happen. more

Many common office products have information security vulnerabilities. A Technical Surveillance Countermeasures (TSCM) survey, conducted by a competent consultant, will discover them for you.

College Student Pleads Guilty to Illegal Wiretapping

A Maryland university student has pleaded guilty to illegally wiretapping a congressional staffer and putting the conversation on Facebook Live without consent...

Prosecutors say Burdett, a 21-year-old advocate for Maryland Marijuana Justice, took part in a rally in front of Rep. Andy Harris' office in Salisbury, Maryland, in October. Then he and others met with a member of the congressman's staff in his office.

Harris' staff told the group not to record the meeting, citing office policy, but prosecutors say Burdett recorded and streamed it on Facebook Live without the staffer's consent. more

FutureWatch - Who Really Lives in that Apartment

NY - A Brooklyn landlord intends to install facial recognition technology at the entrance of a roughly 700-unit rent-stabilized complex, raising alarm among tenants and housing rights attorneys about what they say is a far-reaching and egregious form of digital surveillance...

“We don’t want to be tracked,” said Icemae Downes, a longtime tenant. “We are not animals. This is like tagging us through our faces because they can’t implant us with a chip.” more

Korea - Molka Means Spycam - Government Creates a Handbook for Women

The Seoul Metropolitan Government on Monday distributed guidelines on how to respond to spycam crimes for victims and law enforcement officers, amid a growing epidemic of spycam porn in the country. 

Divided into two parts -- for civilians and police officers -- the handbook was designed to raise awareness of what constitutes secondary damage to victims of spycam porn and how police officers and victims can handle such cases, according to the Seoul city government.

For example, the guidelines recommend that victims secure evidence -- such as a hidden camera -- if possible and remember the perpetrator’s appearance. If illegally filmed videos have already been distributed, the advice is to copy the links and obtain screenshots. Then the victims should report the situation to the police and ask the website or social media companies to remove the videos, the handbook says. more

-----

The (K-Pop) scandal magnifies the proliferation of hidden camera porn in South Korea — an issue which drove 22,000 women to the streets last June in the largest women’s demonstration in the nation’s history. Known as molka, meaning “spycam”, hidden camera porn has become an increasingly visible issue in South Korea, as the distribution of footage from secret, tiny cameras — often depicting women in sexual or intimate circumstances without their consent — has grown in recent years. From 2013 to 2017, police estimate nearly 6,000 cases of spycam porn each year. more