Thursday, December 11, 2014

3D Printing and Industrial Espionage..

The full extent of industrial espionage is surely more prevalent than reports indicate, and the advent of additive manufacturing with its electronic file-based design processes is a frontier in an ongoing series of skirmishes in technological border wars.

The news that a former employee of United Technologies Corp. was recently placed under arrest by federal authorities for allegedly trying to shuttle sensitive, military aerospace-related documents to China was surely the least of the possible problems facing companies and governments as they increasingly move their design and development work to digital realms.

Federal authorities say Yu Long, who once worked on additive manufacturing and casting processes for Pratt & Whitney, had a history of involvement on projects like the F119 engine, a highly sophisticated powerplant used in the F-22 Raptor, and on the F135 engine which powers the F-35 Lightning II Joint Strike Fighter.

Long was arrested in Ithaca, NY, and the feds say they also found documents in his possession which were deemed to be “critical in the development of technologically advanced titanium for use in advanced aircraft.”

Read more here.

Wednesday, November 26, 2014

Cyber-Roach! Mic-Equipped Bugs

Remote-controlled cyborg cockroaches could one day be among the first responders at disaster scenes to help locate survivors.

A team of researchers at North Carolina State University has created a swarm of cyborg cockroaches, nicknamed "biobots," that are equipped with microphones to pick up sounds and trace them to their sources. The researchers hope the biobots could one day be used in disaster-relief situations to locate survivors.

Each cockroach has a tiny circuit board "backpack" attached to it that researchers can use to control the bug's movement. Some of the biobots have a single microphone that can capture sounds at a disaster scene and send them back to personnel. Others have a series of microphones that can pinpoint the source of a sound and then steer the bug toward it. 

Read more here.

ACLU ally in battle against phone spying

In a new court filing, the American Civil Liberties Union (ACLU) has jumped into the criminal case of a man who federal prosecutors allege orchestrated a murder-for-hire earlier this year in Baltimore, Maryland.

Specifically, in its 29-page amicus (friend of the court) brief filed on Tuesday, the ACLU supports the defendant’s earlier motion that the government be required to disclose information about how it used a stingray, or cell-site simulator, without a warrant, and therefore the court should suppress evidence gathered as a result of its use.

"It is not rare for police to use stingrays in investigations, but it is rare for them to disclose that to defense attorneys, and even more rare for [those attorneys] to understand the implications and even more rare for us to know about it and weigh in," Nate Wessler, an ACLU attorney who authored the amicus brief, told Ars.

The ACLU has not been involved in a stingray case since Daniel David Rigmaiden, an Arizona man convicted of tax fraud who took a plea deal and was released on time served in April 2014. The ACLU hopes that through its assistance to the defendant and his lawyer, the public will be able to learn more about the secretive surveillance devices.

Read more here.

Sony Pictures hacked, computer system reportedly unusable

Reports that Sony Pictures has been hacked have been trickling in this morning, after a thread appeared on Reddit claiming all computers at the company were offline due to a hack.
According to the Reddit thread, an image appeared on all employee’s computers reading “Hacked by #GOP” and demanding their “requests be met” along with links to leaked data.

The Reddit user that posted the thread posted a year ago that they worked at Sony Pictures.

The ZIP files mentioned in the images contain a list of filenames of a number of documents pertaining to financial records along with private keys for access to servers. The message shown on computers mentions “demands” that must be met by November 24th at 11:00PM GMT or the files named will be released.
A source within Sony has anonymously confirmed to TNW that the hack and image that have appeared on computers inside Sony Pictures is real. They said that “a single server was compromised and the attack was spread from there.”
According to our source, everyone was going home following the hack: “We’re all going to work from home. Can’t even get on the internet.”

Read more here.

Wednesday, October 15, 2014

Someone Might Be Spying On Your WebEx Meetings

Cisco has sent a warning to its customers to protect their WebEx meetings after Brian Krebs from KrebsOnSecurity found that almost 50 big players left their online meetings vulnerable and open for all.

Krebs said that he found several organizations did not password protect their WebEx meetings, thus allowing anyone to join and get information about their internal planning. The schedule of these meetings was available through the WebEx Event Center. WebEx is an online conferencing system from Cisco.

These issues were present with audio and video based meetings as well. There are options for companies to password protect their sessions, but many companies do not follow the best practices for online meetings, and thus allow any malicious entity to join the daily conferences and gather details regarding management related topics.

Read more here.

Tuesday, October 14, 2014

Dropbox: We weren’t hacked!

NEW YORK (CNNMoney) — A group of anonymous hackers claims to have stolen nearly 7 million Dropbox username and password combinations. But Dropbox denied that it was hacked.
The hackers have posted several hundred email addresses and passwords so far on Pastebin.com, releasing more logins as they receive more bitcoin donations.
“Your stuff is safe,” Dropbox said in a blog post. “The usernames and passwords … were stolen from unrelated services, not Dropbox.”
It’s not clear which service or services the passwords were stolen from. Some third-party apps allow people to manage their Dropbox files, but a Dropbox spokesman wouldn’t name any potential culprit.
It’s possible that some people used the same login information for Dropbox that they used for the third-party app.

Read more here.

Wednesday, September 24, 2014

FBI Warns of Rise in Disgruntled Employees Stealing Data

 Wall Street Journal (09/23/14) Barrett, Devlin

The FBI said Tuesday that it has seen a spike in the number of disgruntled employees who steal company information, sometimes as part of an effort to extort money from previous employers.
 There have been cases in which individuals used their access to destroy data, steal software, obtain customer data, make unauthorized purchases, and gain a competitive edge at a new job, the FBI said. A common way to steal information, the FBI noted, is to use cloud storage accounts and personal e-mail. Sometimes, terminated employees still have remote access to the company's system.

Organizations that have recently been victimized by data theft have suffered losses of $5,000 to $3 million. The FBI reports that some employees have attempted to extort their employer by restricting access to company Web sites, disabling certain functions in content management systems, or conducting distributed denial-of-service attacks. Companies are advised to quickly end departed employees' access to computer systems, and change administrative passwords after IT personnel quit or are terminated.

Read more here.