Ivanti Attacks Part of Deliberate Espionage Operation

Researchers warn the previously unknown actor has developed custom malware designed to maintain persistent access on targeted networks and evade detection.

The threat actor behind the monthlong exploitation of Ivanti Connect Secure VPN is conducting an espionage campaign using custom malware with the goal of maintaining continued access to the appliances, according to research released Thursday by Google Cloud’s Mandiant unit. 

Multiple suspected APT actors have used similar methods with appliance-specific malware in order to engage in post-exploitation threat activity and evade detection. However, Mandiant researchers said, at the moment, this exact activity is not linked to a known actor and they don’t have enough information yet to pinpoint the origin. more

Spybuster Tip #629: Delete Apps that are 'Spying' Using 'One Day Rule'

Security experts have explained how your phone apps track and collect your data even if they remain unused, but there's a handy hack to avoid data harvesting and potential spying...

The rule involves simply deleting one unused app a day which the expert says can massively improve your phone efficiency and free up your storage space. Doing this will help you manage how your data is used and stop it from being harvested...

To delete an app on the iPhone, find the app on your home screen, touch and hold down the icon and tap "Remove app." If you are an Android user, go to the Google Play store, tap the profile icon in the top right, and go to Manage Apps and Devices > Manage. Tap the name of the app you want to delete and choose to uninstall. more

Download a Free 2024 Chinese Espionage Calendar

Looking for that perfect addition for your office? 

A year long reminder of the threat? 

Download and print a 2024 Chinese Espionage Calendar for that special counterintelligence or insider threat specialist. 

Complementary. (No info requested.)

Provided by Shinobi Enterprises, LLC.

Eavesdrops on Retail Workers Through Walkie-Talkie

TikTok user Michael (@mister_twister_55) is known for listening in on various stores’ walkie-talkie systems and sharing those conversations with his 67,000 Followers...

Previously, he filmed himself using a walkie-talkie to eavesdrop on Kohl’s employees talking about their co-workers. Before that, he tapped into Target’s walkie-talkie system, capturing employees uncovering a potential thief.

Now, in another viral video with over 176,000 views, the infamous TikToker has camped in the parking lot of a strip of retail stores, including the Express Factory Outlet and an Old Navy, capturing employees talking about customers.

The video begins with the TikToker sharing, “Retail worker complains about annoying customer on walkie.” ... As the conversation unfolds, it is apparent that the first employee has contacted the second employee to check on backstock, additional inventory that is not on the store floor, on behalf of the customer, but they are both hesitant because of the customer’s behavior.

“I want to say we do have them in the back but…” says the second employee before trailing off. The first employee, chimes in, “If you do find the jacket back there, or whatever they are looking for, I wouldn’t even bring it out .. because they pissed me off.” more

5 Steps for Preventing & Mitigating Corporate Espionage

via Evan Gibbs, Will Taylor, Partners, Troutman Pepper
There has been a steady increase in the volume of incidents involving corporate espionage, especially matters in which an insider is the bad actor. In an era when such risks are escalating, protection of sensitive corporate information has become paramount.

Here are five key strategies companies should implement to prevent and mitigate corporate espionage. (summary...)

1. Insist on Nondisclosure Agreements
2. Know and Control Your Trade Secrets
3. Perform Due Diligence
4. Train Your Employees and Independent Contractors
5. Promptly Investigate Suspected Activity

Preventing and mitigating corporate espionage requires a multifaceted approach. By implementing rigorous legal safeguards, conducting thorough due diligence, using secure communication practices, providing comprehensive employee training, and responding promptly and effectively to suspected activity, companies can significantly enhance their protection against corporate espionage and safeguard their assets. more

UnitedHealth Group Sues Ex-Executives Over Alleged Corporate Espionage

In a twist of corporate intrigue, health care entrepreneurs from Minnesota, Ken Ehlert and Mark Pollman, find themselves locked in a legal duel with their former employer, UnitedHealth Group... 

The lawsuit alleges that Pollman managed to secure a hard drive crammed with sensitive files during an informal lunch rendezvous with a former subordinate... 

The lawsuit states that the former executives amassed 500,000 emails and files, brimming with confidential information and trade secrets, and leveraged them to conceive a suite of corporate entities. more

Spybuster Tip # 823: Store Your Car Key Fobs in a Metal Can

Thieves have perfected the art of stealing the code from that key fob sitting on a kitchen counter or hung on a hook by the door. And tools that make theft fast and easy can be purchased on the internet. Worse, the latest theft devices allow criminals to amplify a vehicle's radio signal so that thieves can better access and copy the key fob signal to steal a vehicle...

The Relay Attack, a two-person attack, is when a thief walks up to the victim’s home with a piece of equipment that captures the signal from the key fob and then transmits the signal from a car key fob. "An accomplice waits nearby at the car door, usually with another device, to open the car when the signal is received," the AARP website said. The copied signal can fool the car into starting the ignition.

Spybuster Tip #823: Store your car key fobs in a metal container when not in use.

Your other fobs are at risk too. Learn more here.

Disney’s AI CCTV

Disney wants to know what you’re up to in the “Happiest Place on Earth.”

The company wants to patent a system for “predicting need for guest assistance,” which would track guests’ behavior at Disney properties using machine learning analysis of video data. Disney’s filing lays out an AI-based system which determines whether or not a guest’s behavior is normal, and uses that to predict if they need something. 

Disney’s system would work in tandem with CCTV systems collecting a constant stream of video data. That data is fed to a deep learning model to determine if a guest’s actions differ from a predetermined set of “normal guest behaviors.”

If a guest’s behavior is deemed abnormal, the system will alert the operator that they may need some kind of assistance.

Your Smartphone: More Attentive Than Your Spouse?

via Joshua Brustein - Bloomberg Tech Daily

Eavesdropping ads: People have been telling me for years that their phones are listening to their conversations and sending them ads based on what they say. I've dutifully told them there’s no evidence this is a thing, which often turns into a long argument.

So I appreciated 404 Media’s scoop that Cox Media Group tells clients it actually can tap into the microphones of mobile devices to target ads. 

This sounds like the worst idea ever. But I’m at least looking forward to helping confirm my friends’ worst fears rather than trying to dissuade them.

A Corporate New Year's Resolution - Detect Espionage Easily

Intelligence collection is a leisurely process. Enemies quietly collect long before they use. 

Until they use what they have gathered, no harm is done. Knowing this gives you the edge.

• Electronic Surveillance is not the goal. It is a means to an end.
• Electronic Surveillance is a key component of intelligence gathering.
• Electronic Surveillance is the one spy trick which is easily detectable, if you look for it.

Protection Requires Detection
Technical Surveillance Countermeasures (TSCM) audits exploit weaknesses inherent in electronic surveillance. Knowing you are being targeted provides you with time to counter - before your information is used against you; before harm is done.

All businesses need TSCM as their canary in the mine shaft. 

Click here to learn more... counterespionage.com

Smart Device Eavesdropping: The Santa Clause

Fact,  fiction, or prediction. You decide.
Marketer sparks panic with claims it uses smart devices to eavesdrop on people...

Makers of microphone-equipped electronics sometimes admit to selling voice data to third parties (advertisers). But that's usually voice data accumulated after a user has prompted their device to start listening to them...

But a marketing company called CMG Local Solutions sparked panic recently by alluding that it has access to people's private conversations by tapping into data gathered by the microphones on their phones, TVs, and other personal electronics, as first reported by 404 Media on Thursday. The marketing firm had said it uses these personal conversations for ad targeting.

CMG's Active Listening website starts with a banner promoting an accurate but worrisome statement, "It's true. Your devices are listening to you." more

Recent Spy News

• Iran is saying it has executed an Israeli Mossad spy in the country’s southeast, state TV reported Saturday. The report said the spy was linked to foreign intelligence services, including Mossad, and charged with involvement in releasing classified information. The judiciary body executed the person in a prison in Zahedan, the capital of the southeastern province of Sistan and Baluchistan. The report did not identify the person. more

• Amazon is still selling the clothes hook spy cameras it's being sued over. more  antidote

• German Spy Official Goes on Trial Accused of Selling Secrets to Russia. more

• A top-secret Chinese spy satellite just launched on a supersized rocket. more

• UK spy agency releases annual Christmas puzzle challenge for students: Can you solve it? more

• Man Accused Of Being Spy Admits He’s Russian After Years Posing As Academic In Norway, Canada more

• He’s Wanted for Wirecard’s Missing $2 Billion. He’s Now Suspected of Being a Russian Spy. more

• Ukraine weapons treason case throws light on Russian spy threat to Germany. more

• Former FBI spy hunter sentenced to 4 years for taking money from Putin crony in Russia sanctions case. more

• Congress Clashes Over the Future of America’s Global Spy Program more

• Accused Spy for Cuba Lived the American Dream more

Channel 1 - Ultimate Fake News, or Edison Carter Gets Max'ed

The world's first news network entirely generated by artificial intelligence is set to launch next year.
Channel 1 released a promotional video [VERY realistic] explaining how the service will provide personalized news coverage to users from international affairs, finance and entertainment. The outlet said how their team of AI generated reported can offer a global perspective 24/7.

The reporters in the video appear to be human but are actually made from the scan of a real person. With digitally generated voices and zero human emotion, the reporters can tell the news in any language. Users users will be able to access the network through the services Crackle or Tubi. more

For news anchors it gives a whole ne meaning to, "You can be replaced."

Harry Hacking: Payout in Phone-Hacking Case Against Mirror Publisher

Prince Harry has won 15 claims in his case accusing Mirror Group Newspapers of unlawfully gathering information for stories published about him. A judge has ruled in his favour on almost half of the sample of 33 stories used in his claims of phone hacking and other methods.

High Court ruling found evidence of "widespread and habitual" use of phone hacking at the Mirror newspapers... He was awarded £140,600 in damages... more

Mind-reading BrainGPT Converts Thought-of Words into Text

There may be new hope for stroke victims and other "locked-in" people who are unable to communicate by conventional means. It comes in the form of the experimental new BrainGPT system, which is able to read users' thoughts and convert them into readable text...

Currently being developed by a team of scientists at the University of Technology Sydney, it simply requires users to wear an EEG (electroencephalogram) cap that's connected to a computer. No eye-tracking cameras or other additional hardware is required.

The custom DeWave software utilized by BrainGPT was trained by recording and analyzing the electrical signals produced by a total of 29 volunteers' brains as they silently read passages of text.

Putting it simply, DeWave's AI-based algorithms learned which specific EEG signals corresponded to which written words and phrases. more  video

The future of eavesdropping marches on.