Thursday, June 8, 2023

Notable US Spies Fast Facts

Timeline Summaries* of Spies Who Failed

Aldrich Ames
1962 - Aldrich Ames, son of a CIA analyst, joins the agency as a low-level documents analyst. 

David Boone
1970-1991 - David Boone serves in the US Army as a signals intelligence analyst. During the late 1980s, he is assigned to the National Security Agency as a senior cryptologic traffic analyst. 

Peter Rafael Dzibinski Debbins
1996 - Peter Rafael Dzibinski Debbins makes visits to Russia to meet with their intelligence agents. He is given a code name and signs a settlement “attesting that he wanted to serve” them.

Noshir Gowadia
1968-1986 - Noshir Gowadia is employed by Northrop Grumman where he works on technology relating to the B-2 Spirit Bomber, aka the “Stealth” bomber.

Robert Hanssen
January 12, 1976 - Robert Hanssen joins the FBI.

Ana Montes
1984 - Ana Montes is recruited to spy for Cuba. She is never paid for her spying.

Walter Kendall Myers
1977 - Walter Kendall Myers begins working for the US State Department on contract, as an instructor.

Harold James Nicholson
1980 - Harold Nicholson joins the CIA after serving in the United States Army.

Ronald Pelton
1965-1979 - Ronald Pelton works for the National Security Agency, with top-level security clearance.

Earl Pitts
1983-1996 - Earl Edwin Pitts works at the FBI.

Jonathan Pollard
1979 - Pollard is hired to work at the Navy Field Operational Intelligence Office. He had been rejected previously from employment at the CIA due to drug use. His specialty is North America and the Caribbean.

George Trofimoff
1969-1994 - George Trofimoff, a naturalized American citizen of Russian parentage, works as a civilian for the US Army at the Joint Interrogation Center in Nuremberg, Germany. He also attains the rank of colonel in the Army reserve.     *Complete timelines for each spy.
---
And, one successful spy hero...
VA - The local FBI agent who cracked the notorious Walker spy ring in the 1980s has died. Robert "Bob" Hunter was the lead investigator in the 1985 arrest of master spy John Walker, who led what U.S. officials called the most damaging espionage case in American history. The Walker spy ring operated for nearly two decades, spanning five presidencies, stealing top-secret information from the Navy and selling it to the Soviet Union. In 1999, Hunter wrote a book about his experiences: "Spy Hunter: Inside the FBI Investigation of the Walker Espionage Case.more

America’s ‘Most Damaging’ Soviet Spy Dies in Prison

America’s “most damaging spy”, who spied for Russia over more than two decades during and after the Cold War, has been found dead in prison. Robert Hanssen, 79, was found unresponsive at a maximum-security facility in Florence, Colorado, where he was serving a life sentence. more

Cuba to Host Secret Chinese Spy Base Focusing on U.S.

Beijing agrees to pay Havana several billion dollars for eavesdropping facility...

China and Cuba have reached a secret agreement for China to establish an electronic eavesdropping facility on the island, in a brash new geopolitical challenge by Beijing to the U.S., according to U.S. officials familiar with highly classified intelligence. 

An eavesdropping facility in Cuba, roughly 100 miles from Florida, would allow Chinese intelligence services to scoop up electronic communications throughout the southeastern U.S., where many military bases are located, and monitor U.S. ship traffic. 

Officials familiar with the matter said that China has agreed to pay cash-strapped Cuba several billion dollars to allow it to build the eavesdropping station, and that the two countries had reached an agreement in principle. more

Cautionary Tale: Commercial Espionage - Bugging of Business Meetings

The billionaire owners of the Telegraph newspapers say their businesses are in good shape following claims they are on the cusp of receivership...

The sale of the Ritz hotel in London in 2020 exposed a bitter rift between the two families of the twins, with claims of commercial espionage over the bugging of business meetings.

At the centre of the affair was CCTV footage allegedly showing Sir Frederick's nephew handling a device. It saw the billionaire and his daughter, Amanda, sue three of Sir David's sons for invasion of privacy...

One person close to the talks said the banking group's patience over the debt was "running out", the FT said. more  previous coverage

Thursday, June 1, 2023

Corporate TSCM Information Security Inspections - Myths, Excuses & Reality


There are some myths and excuses that really need to be debunked.
(Not sure what a TSCM inspection is. Check here first.) 

TSCM SECURITY INSPECTION MYTHS and EXCUSES


Espionage is a Covert Act
Excuse: “I don’t see that we have a problem. No one is bugging our offices and boardroom.” 
 
Reality: The first rule of espionage is, “Be invisible.” You won’t know if you are being eavesdropped on if you never check.

Fear of being Labeled Paranoid
Myth: Peer pressure from upper management. 
 
Reality: Most top management appreciate proactive security thinking from their staff.

Lack of Awareness
Excuse: Yes. 
 
Reality: A lack of awareness of the risks associated with electronic eavesdropping, or the need for TSCM security inspections is common. Management may be unaware of TSCM as an available countermeasure.

Cost
Myth: TSCM inspections can be expensive. The costs involved in hiring a professional TSCM specialist, or purchasing specialized equipment, and conducting regular inspections can be a deterrent to scheduling TSCM inspections. 
 
Reality: Espionage losses are more expensive, much more. Hiring a TSCM specialist is very cost-effective, if you hire a competent firm. TSCM inspections are cheap insurance. Actually, better than insurance; TSCM can prevent the loss in the first place.

Perception of Low Risk
Excuse: Some businesses may believe that the risk of electronic eavesdropping is low in their industry or specific workplace. They might assume that their organization does not hold valuable or sensitive information that would attract eavesdroppers. 
 
Reality: Being “in business” means having a competitive advantage, and others do want it.

Lack of In-House Expertise
Excuse: Conducting TSCM inspections requires specialized knowledge and equipment. If a business does not have the expertise in-house they may choose not to pursue these inspections. 
 
Reality: Hiring an information security consultant–who has TSCM as their speciality–is the solution.

 

More TSCM Security Inspection Myths & Excuses


Fear of Disruption
Myth: TSCM security inspections can temporarily disrupt normal business operations. The process involves sweeping the premises, potentially causing interruptions or inconveniences to employees or ongoing activities. Some businesses might be reluctant to undergo such disruptions. 
 
Reality: Most inspections are conducted after business hours. When necessary, a TSCM team will assume the same dress and demeanor as employees, have a plausible reason for being in the area, and will work around employees so as not to disturb them.

Trust in Existing Security Measures
Excuse: Businesses may have confidence in their existing security measures, such as physical security, cybersecurity, or access controls. They might believe that these measures are sufficient to protect against eavesdropping and thus forego TSCM security inspections. 
 
Reality: Experience has shown that do-it-yourself security measures are never sufficient to protect against eavesdropping and other forms of information loss. TSCM inspections always identify vulnerabilities and provide recommendations for improvement.

Lack of Legal or Regulatory Requirements
Excuse: Depending on the industry or geographical location, there may be no legal or regulatory obligations that mandate TSCM inspections. In the absence of such requirements, businesses may choose not to prioritize these inspections. 
 
Reality: The financial success of a business should be a more effective motivator than a legal requirement.

Perception of Invasion of Privacy
Myth: TSCM security inspections are invasive or a breach of employee privacy. They might fear that conducting such inspections could harm employee morale or create an atmosphere of distrust. 
 
Reality: Employees appreciate security measures which protect their livelihood and personal privacy. When an employer demonstrates care for information security, employees will act more carefully too.

Limited Resources
Excuse: Small businesses or those with resource constraints may prioritize other operational needs over TSCM security inspections. They might allocate their limited resources to other critical areas or invest in measures they perceive as more immediate concerns. 
 
Reality: Defense is mandatory for survival. Budget waste and misallocation can usually fund TSCM security inspections without added expense, once corrected.

Overconfidence
Excuse: Some businesses might have a sense of overconfidence in their security measures, believing that they are already adequately protected against electronic eavesdropping. This false sense of security can lead to complacency and a disregard for TSCM inspections. 
 
Reality: These businesses are at-risk.

Carefully assess the risks in your workplace. Schedule TSCM security inspections, because… corporate espionage is not a myth.

###

Murray Associates is an independent technical information security consulting firm. They provide electronic surveillance detection and counterespionage services to business, government and at-risk individuals.

Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.

Wednesday, May 31, 2023

Ring to pay $5.8M - Staff & Contractors - Snooping on Videos

Ring, the Amazon-owned maker of video surveillance devices, will pay $5.8 million over claims brought by the Federal Trade Commission that Ring employees and contractors had broad and unrestricted access to customers’ videos for years.

The settlement was filed in the U.S. District Court for the District of Columbia on Wednesday. The FTC confirmed the settlement a short time later. News of the settlement was first reported by Reuters.

The FTC said that Ring employees and contractors were able to view, download, and transfer customers’ sensitive video data for their own purposes as a result of “dangerously over-broad access and lax attitude toward privacy and security.”

According to the FTC’s complaint, Ring gave “every employee — as well as hundreds of Ukraine-based third-party contractors — full access to every customer video, regardless of whether the employee or contractor actually needed that access to perform his or her job function.” The FTC also said that Ring staff and contractors “could also readily download any customer’s videos and then view, share, or disclose those videos at will.”

The FTC alleged on at least two occasions Ring employees improperly accessed the private Ring videos of women. In one of the cases, the FTC said the employee’s spying went on for months, undetected by Ring. more

Taiwan Raids 8 Companies for Alleged Tech Espionage

The Ministry of Justice Investigation Bureau (MJIB) raided eight technology companies
with ties to China between May 22-25 for allegedly seeking to steal technology from Taiwanese companies and poach IT staff.

To counter attempts by China to engage in industrial espionage, the MJIB sent 112 investigators to raid eight companies allegedly posing as firms backed by Taiwanese or foreign investors, reported CNA. After investigators searched 25 locations in Taipei City, New Taipei City, Hsinchu City, Hsinchu County, Chiayi County, and Taichung City, a total of 49 individuals were taken in for questioning...

The bureau vowed to continue cracking down on the illegal poaching of talent and theft of trade secrets to maintain the country's competitive advantage. more

Delete Alert - Android App iRecorder has Morphed Into Spyware

A screen recording app available in the Google Play store that was installed over 50,000 times functioned normally for months before it started spying on users, researchers say.


The app, iRecorder – Screen Recorder, was first uploaded to the Google Play store on September 19, 2021, according to Lukas Stefanko, a malware researcher with cybersecurity firm ESET.

Stefanko said that the app had no harmful features until a later update changed the code, likely in August 2022. After that date, malicious code allowed bad actors to make secret audio recordings and secretly transfer images, videos, saved web pages, and other files off of devices, according to ESET. 

Anyone who had downloaded the app before August 2022, might still have been exposed if they updated the app manually or automatically. It’s not yet clear if the developer or another actor is responsible for the update that converted the app into a Trojan horse.

The app is no longer available in the Google Play store, TechCrunch reports, but if you already have it on your phone you should uninstall it and clear the app’s files. more

White House Plumbers...

...A Delightfully Funny Retelling of the Watergate Scandal

The Watergate scandal is not exactly new territory for screenwriters. From the 1976 classic All the President’s Men to, just last year, the excellent Gaslit, the story of the bungled covert operations that led to the resignation of President Richard Nixon in 1974 has been raked over time and time again.

So White House Plumbers, created by Alex Gregory and Peter Huyck – two writers who have previously worked on Veep and David Letterman’s 90s Late Show – needed to be pretty good to justify its existence. Thankfully, it was.

The five-episode comedy drama focuses on E Howard Hunt (Woody Harrelson) and G Gordon Liddy (Justin Theroux), ex CIA and FBI agents respectively, who were hired by Nixon’s White House to run a dirty tricks unit. more

Deepfake Social Engineering Scams

Deepfake social engineering scams have become an increasingly scary trend among cybercriminals to socially engineer victims into submission. 

The threat actors are using Artificial Intelligence (AI) and Machine Learning (ML) voice cloning tools to disperse misinformation for cybercriminal scams. 

It doesn’t take much for an audio recording of a voice – only about 10 to 20 seconds – to make a decent reproduction. The audio clip extracts unique details of the victim’s voice. A threat actor can simply call a victim and pretend to be a salesperson, for example, to capture enough of the audio to make it work. more

Here are some actual deepfake audio recordings – some humorous, some cool, but all that in some form can be used maliciously:
• CNN reporter calls his parents using a deepfake voice. (CNN)
• No, Tom Cruise isn’t on TikTok. It’s a deepfake. (CNN)
• Twenty of the best deepfake examples that terrified and amused the internet. (Creative Bloq)

Alleged Russian 'Spy' Whale Spotted in Sweden

An alleged former Russian spy whale has been spotted off the coast of Sweden... 

Having spent years travelling slowly southwards from Norway's far north, the whale has sped up his movements out of Norwegian waters in recent months. 

OneWhale said the reason behind his sudden hastiness was unclear... 

He was discovered wearing a harness fitted with a GoPro camera mount and clips bearing the inscription "Equipment of St Petersburg". more

Spying in Alaska

Chinese citizens posing as tourists but suspected of being spies have made several attempts in recent years to gain access to military facilities in this vast state studded with sensitive bases, according to U.S. officials...

Many of the encounters have been chalked up to innocent mistakes by foreign visitors intent on viewing the Northern Lights and other attractions in Alaska, officials say. Other attempts to enter U.S. military bases, however, seem to be probes to learn about U.S. military capabilities in Alaska, according to multiple soldiers familiar with the incidents but who were not authorized to speak publicly about them.

Not everyone who appear to be tourists in Alaska, are, in fact tourists, one Army officer said. Instead, they are foreign spies. more

Wednesday, May 3, 2023

Spies: The Epic Intelligence War Between East and West (book)

Coming, June 6th, 2023
SPIES, by  Calder Walton  (pre-order)
Spies is the history of the secret war that Russia and the West have been waging for a century. Espionage, sabotage, and subversion were the Kremlin’s means to equalize the imbalance of resources between the East and West before, during, and after the Cold War. There was nothing “unprecedented” about Russian meddling in the 2016 US presidential election. It was simply business as usual, new means used for old ends.

The Cold War started long before 1945. But the West fought back after World War II, mounting its own shadow war, using disinformation, vast intelligence networks, and new technologies against the Soviet Union. Spies is an inspiring, engrossing story of the best and worst of mankind: bravery and honor, treachery and betrayal. The narrative shifts across continents and decades, from the freezing streets of St. Petersburg in 1917 to the bloody beaches of Normandy; from coups in faraway lands to present-day Moscow were troll farms, synthetic bots, and weaponized cyber-attacks being launched on the woefully unprepared West. It is about the rise and fall of eastern superpowers: Russia’s past and present and the global ascendance of China.

Mining hitherto secret archives in multiple languages, Calder Walton shows that the Cold War started earlier than commonly assumed, that it continued even after the Soviet Union’s collapse in 1991, and that Britain and America’s clandestine struggle with the Soviet government provides key lessons for countering China today. This fresh reading of history, combined with practical takeaways for our current great power struggles, make Spies a unique and essential addition to the history of the Cold War and the unrolling conflict between the United States and China that will dominate the 21st century. more

Tuesday, May 2, 2023

Australian Spy Camera Ads from the 1880's

Not very covert by today's standards, but interesting.

The Dog Cam... Send the dog into an area by himself, blow the dog whistle, dog wags tail connected to the shutter. Fingers crossed, you got the shot.

















The Pot Shot... or, The Detective Camera. Lens peeks through a buttonhole. The bull taking a shot at the photographer, taking a shot of the kangaroo is a bit of a non sequitur. 



Spy News: Qatar Deep Six'es Sub Company & Some Employees

Qatar Shuts Down Submarine Company Dahra After Alleged Espionage
The submarine was shut down by Qatar due to many of its employees being accused of spying for Israel in August 2022. Reports say that 75 employees have been impacted, most of which were former Indian Navy officials, were asked to go home. more
But not all...
Qatar Is Sentencing Eight Officials Of This Submarine Company To Death
The investigation into Dahra Global commenced last August when Qatari intelligence agencies detained eight ex-Indian Navy personnel holding senior positions within the company...Qatari authorities claim to possess electronic evidence supporting their allegations of wrongdoing. more