Saturday, December 31, 2011

Internet Crime Complaint Center's (IC3) Scam Alerts December 29, 2011

This report, which is based upon information from law enforcement and complaints submitted to the IC3, details recent cyber crime trends, new twists to previously-existing cyber scams, and announcements.


An Internet site who manages passwords recently posted an article pertaining to the lack of secure passwords being utilized which may be a factor in data breaches — past, present, and future. One reason for the lack of security is the amount of passwords a user is required to remember to access the many databases, applications, multiple networks, etc., used on a daily basis. Sharing passwords among users in a workplace is becoming a common theme to continue the flow of operations. Users have prioritized convenience over security when establishing passwords.
The article provided a list of millions of stolen passwords posted on-line by hackers and ranked the top 25 common passwords.
  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  1. dragon
  2. baseball
  3. 111111
  4. iloveyou
  5. master
  6. sunshine
  7. ashley
  8. bailey
  9. passw0rd
  1. shadow
  2. 123123
  3. 654321
  4. superman
  5. qazwsx
  6. michael
  7. football

Friday, December 30, 2011

Cameramaker Red claims espionage
In a saga worthy of a Hollywood thriller, allegations of email hacking and industrial espionage have surfaced in the camera industry in a lawsuit filed by digital camera maker Red against rival Arri.
In the suit filed Dec. 21 in federal court in Orange County, Calif., Red accuses Arri of stealing technical details and development plans for Red cameras, giving Arri an unfair advantage.
Much of Red's complaint rests on facts revealed in an August plea deal between federal prosecutors and former Arri executive Michael Bravin, who is also a defendant in the suit. Bravin pleaded guilty to a misdemeanor charge of email hacking, admitting as part of the deal that he accessed the email account of Band Pro chief executive Amnon Band.
Bravin, who according to his LinkedIn profile worked for Band Pro for more than 16 years, resigned as Band Pro's chief technology officer to become Arri's VP of market development for digital camera products in January 2010.
From around December 2009 through June 2010, Bravin had access to Amnon Band's email account, as Bravin has admitted. Under his plea deal, he was to serve two months in jail and pay $20,000 in restitution to Band Pro as well as legal costs. Bravin now lists himself on LinkedIn as principal at the Digital Picture Co.
In its complaint, Red asserts that during the time Bravin was hacking Band's email account, Band Pro and Red were discussing a possible joint venture. Red says Band's emails contained detailed descriptions of the technology used in Red's cameras and Red's plans for introducing new models and features.
Red alleges that Bravin passed that information to Arri, giving Arri an unfair competitive advantage, especially with respect to the launch and marketing of the Arri Alexa camera. The Alexa was released in 2010 and is seen as a direct competitor to Red's Epic.

Wiretap suits OKd against U.S., not telecoms

The nation's telecommunications companies can't be sued for cooperating with the Bush administration's secret surveillance program, but their customers can sue the government for allegedly intercepting their phone calls and e-mails without a warrant, a federal appeals court ruled Thursday.
In a pair of decisions, the Ninth U.S. Circuit Court of Appeals in San Francisco upheld a 2008 law immunizing AT&T and other companies for their roles in wiretapping calls to alleged foreign terrorists, but revived a suit that accused the government of illegally intercepting millions of messages from U.S. residents.
That lawsuit was partly based on testimony in 2003 by former AT&T technician Mark Klein about equipment in the company's office on Folsom Street in San Francisco that allowed Internet traffic to be routed to the government.

'Dragnet' surveillance

The Electronic Frontier Foundation, a privacy-rights organization representing AT&T customers, claimed the company had similar installations in other cities and used them for "dragnet" surveillance of everyday e-mails and phone calls, which the National Security Agency purportedly screened electronically for connections to terrorism.
"We look forward to proving the program is an unconstitutional and illegal violation of the rights of millions of ordinary Americans," said Cindy Cohn, the foundation's legal director.
Justice Department spokesman Dean Boyd declined comment.


Monday, December 26, 2011

U.S. Headed For Cyberwar Showdown With China In 2012

The new year is likely to bring a distinct shift in U.S. national security priorities, as the Obama Administration and Congress sharpen their response to China’s continuous assault on U.S. information networks.  Although intelligence-community analysts believe the most sophisticated intrusions are being executed by a relatively small number of agents linked to the general staff of China’s Peoples Liberation Army, the damage they are inflicting on U.S. security and economic competitiveness is judged to be extensive.

Thus far, China’s cyber campaign consists mainly of espionage aimed at stealing military secrets and intellectual property.  However, Gen. Keith Alexander, head of the Pentagon’s joint Cyber Command established to counter such campaigns, said in November that, “We see a disturbing track from exploitation to disruption to destruction.”  Alexander wasn’t talking just about the Chinese, but there’s little doubt among intelligence analysts that Beijing is the biggest and most persistent perpetrator of cyber crimes.
The question is what to do about it.  To date, U.S. cyber efforts have been focused mainly on defensive measures, seeking to repel network intruders in a fashion that Alexander likens to the famously failed Maginot Line.  The National Security Agency and other U.S. security organizations are known to have developed their own network-attack capabilities, but former White House cyber-security advisor Richard Clarke has warned that it would be dangerous for the U.S. to step up its own campaign against Chinese networks while U.S. safeguards against retaliation are so weak.

2012 Will See Rise in Cyber-Espionage and Malware, Experts Say

The security industry expects the number of cyber-espionage attacks to increase in 2012 and the malware used for this purpose to become increasingly sophisticated.

In the past two years there has been a surge in the number of malware-based attacks that resulted in sensitive data being stolen from government agencies, defense contractors, Fortune 500 companies, human rights organizations and other institutions. (See also "How to Remove Malware From Your Windows PC.")
"I absolutely expect this trend to continue through 2012 and beyond," said Rik Ferguson, director of security research and communication at security firm Trend Micro. "Espionage activities have, for hundreds of years, taken advantage of cutting-edge technologies to carry out covert operations; 2011 was not the beginning of Internet-facilitated espionage, nor will it be the end," he added.
Threats like Stuxnet, which is credited with setting back Iran's nuclear program by several years, or its successor, Duqu, have shocked the security industry with their level of sophistication. Experts believe that they are only the beginning and that more highly advanced malware will be launched in 2012.

Wednesday, December 21, 2011

Chinese Computer Hackers Hit U.S. Chamber of Commerce


A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.
The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. The complex operation, which involved at least 300 internet addresses, was discovered and quietly shut down in May 2010.
It isn't clear how much of the compromised data was viewed by the hackers. Chamber officials say internal investigators found evidence that hackers had focused on four Chamber employees who worked on Asia policy, and that six weeks of their email had been stolen.

It is possible the hackers had access to the network for more than a year before the breach was uncovered, according to two people familiar with the Chamber's internal investigation.
One of these people said the group behind the break-in is one that U.S. officials suspect of having ties to the Chinese government. The Chamber learned of the break-in when the FBI told the group that servers in China were stealing its information, this person said. The FBI declined to comment on the matter.
A spokesman for the Chinese Embassy in Washington, Geng Shuang, said cyberattacks are prohibited by Chinese law and China itself is a victim of attacks. He said the allegation that the attack against the Chamber originated in China "lacks proof and evidence and is irresponsible," adding that the hacking issue shouldn't be "politicized."


Chinese hackers hit Boston Scientific
Boston Scientific is one of 760 firms hit by China-based cyber attacks.
Med-tech titan Boston Scientific (NYSE:BSX) was one of 760 companies hit by Chinese cyber attacks that also targeted U.S. government agencies, research universities and Internet providers.
It's not clear whether the Natick, Mass.-based medical device maker lost any sensitive information in the attack.
"We're talking about stealing entire industries," Scott Borg, director of the U.S. Cyber Consequences Unit, told the news service. "This may be the biggest transfer of wealth in a short period of time that the world has ever seen."
The attacks were aimed at the medical device, biotechnology, clean energy, advanced semiconductor, high-end manufacturing and information technology industries, according toBloomberg
Along with BSX, Abbott Laboratories (NYSE:ABT) and pharmaceutical giant Pfizer's (NYSE:PFE) Wyeth subsidiary were victims. The Chinese government is denying responsibility for the attacks.
The cyber-warfare is just the latest item in a string of bad luck for Boston Scientific, which got hit with a half-billion-dollar tax bill from the U.S. Internal Revenue Service last week.
The latest tab, for $581 million plus interest and penalties, comes out of an IRS audit of Boston Scientific's 2006 acquisition of pacemaker firm Guidant Corp.

Sunday, December 18, 2011

The Spy Who Hacked Me

James Bond was more of a jock than a nerd, and he probably wouldn’t have known how to use a computer, says Danny Bradbury. How things have changed…

It was perhaps the first time that evidence had publicly emerged linking the Chinese with specific cyberwarfare and espionage practices. A Chinese documentary, The Internet Storm Is Coming, recently became available online. Buried in the program around 11 minutes in was B-roll footage of a tool enabling users to attack selected websites via a distributed denial-of-service technique. The clip, later pulled by the Chinese government, gave even more credence to the idea that the state was deliberately involved in cyberwarfare and espionage.
We’ve come a long way from Cold War espionage, when microdots, miniature cameras, and drop zones defined the shady world of spying. Today, misappropriating information from your enemies is more often than not an online affair. But the origins of cyber espionage stretch back to the Cold War.
Markus Hess, a German citizen employed by the KGB, was convicted of hacking his way into US government systems to find information about the Strategic Defense Initiative and other nuclear programs. Hess used the ARPANET, a precursor to the modern internet, but was captured after Clifford Stoll, a systems administrator at the Lawrence Berkeley National Laboratory, was asked to investigate a small accounting error in the usage billing for the laboratory’s computer system. Stoll wrote up the resulting investigation, involving a complex honeypot operation designed to trap Hess and reveal his identity, in a book called The Cuckoo’s Egg.

Saturday, December 17, 2011

China ‘Incredibly Aggressive’ in Cyber Theft
China is stealing online information from the United States and feeding the data to homegrown companies for commercial benefit, Michael Hayden, Former Director of the Central Intelligence Agency said at the Black Hat Technical Security Conference in Abu Dhabi on Wednesday.

He pointed out that as an intelligence officer, he was "impressed" with the sophistication of Chinese cyber espionage, although spying in cyber space is an activity that all states, including the United States, take part in.
According to Hayden, "We steal secrets, you bet. But we steal secrets that are essential for American security and safety. We don't steal secrets for American commerce, for American profit. There are many other countries in the world that do not so self limit."
Despite the difficulty in tracing the origins of cyber attacks, Hayden believes China is the culprit behind various incidents of data theft.
"The body of evidence makes me quite comfortable and confident in saying that there's an incredibly large amount of this cyber activity coming from China," he told CNBC on the sidelines of the conference.
The retired general, who also served as the Director of the National Security Agency, added that, "I have come to the conclusion that the Chinese, the Chinese state and others in China are incredibly aggressive in the cyber domain, when it comes to the theft of property: state on state or against commercial targets."

Government Investigates Cellphone Wiretapping
As the government begins an investigation into Carrier IQ's cell phone-tracking software, memories of its own wiretapping scandal resurface

"Spy on unsuspecting Americans? That's our job," you can imagine federal officials indignantly declaring as they investigate cell-phone tracking by the mobile software company, Carrier IQ. The National Security Agency began secret, illegal surveillance of our phone calls and Internet activities in 2001, as we belatedly learned in 2005. Yes, 2005 is a long time ago these days, when yesterday seems like old news; but the NSA scandal deserves to be remembered, especially when the government presumes to be outraged by telecom spying.  

When it began spying on us after 9/11, the Bush Administration enlisted the assistance of telecoms willing to engage in illegal activities at its behest. (Former Qwuest CEO Joseph Nacchio later claimed that after he declined to cooperate with the surveillance program, in 2001, the government retaliated, denying the company lucrative contracts. In 2007, Nacchio was convicted of insider trading.) After the NSA program was exposed, complicit telecoms faced the risks of losing expensive civil suits. AT&T, in particular, was badly exposed, thanks to incriminating documents released by a whistleblower and a lawsuit filed by the Electronic Frontier Foundation. But not surprisingly, Congress intervened. In 2007, it retroactivelyimmunized the companies for illegal activities authorized by the president. As the late, disgraced Richard Nixon explained, prematurely, "when the President does it, it's not illegal." Voting in favor of telecom immunity, then candidate and Senator Obama apparently agreed.


Sunday, November 27, 2011

The passing of an Icon, Glenn Howard Whidden, RIP my friend...

In Memory


Glenn Howard Whidden

March 27, 1928 - November 24, 2011

Beloved Husband, Father, Mentor & Friend

On Thursday, November 24, 2011; Glenn Howard Whidden, 28 year veteran of The Central Intelligence Agency, President of The Espionage Research Institute (ERI), Passed this life. The beloved husband of Natalie Whidden; devoted father of David Whidden. He is also survived by many other relatives and friends. He will be greatly missed by all who had the honor to know him. 

All services and interment will take place in Manchester, NH.  Please Share your thoughts and memories about Glenn, in the guestbook here:


Of Fort Washington, MD died November 24, 2011 after a short illness. He is survived by his wife Natalie; three sons Mark, David, and Thomas; and numerous grandchildren. He will be buried in Manchester, NH in a private family service. 

Author of "The Attack on Axnan Headquarters"
Available at <>
Technical Services Agency, 

Whidden, Glenn H., The Ear: Volume I, Technical Services Agency the prestigious Technical Services Agency - Institute for Countermeasures Studies and Glenn Whidden (CIA-ret); the current President of BECCA 

OCCUPATION: President of Technical Services Agency Inc., a private firm that designs and markets electronic equipment for eavesdropping detection. Holder of five U.S. patents. Part-time instructor, World Institute of Security Enhancement, Greensboro, N.C. Author of A Guidebook for the Beginning Sweeper; The Russian Eavesdropping Threat -- Late 1993; The Axnan Attack; and five other books on the subject of countereavesdropping. 

BACKGROUND: Twenty-eight-year CIA veteran, retired 1974. Worked in 50 countries worldwide. Field experience in most types of espionage activity, including mail intercepts, surreptitious entry and electronic eavesdropping. "An operations type ." [audio 118k] 

EDUCATION: Self-taught electrical engineer, government training in clandestine operations. 

MOST INTRIGUING ASSIGNMENT: A few years ago Whidden returned to his former haunt, Moscow, to sweep the offices of a private business. He managed to ferret out a phone line bug, even though he worried -- unnecessarily, as it turned out -- that the eavesdroppers might be onto him. His host, in a misguided attempt at courtesy, had hired for Whidden a Russian driver, the sort who in the old days informed on tourists for the KGB.


Of Fort Washington, MD died November 24, 2011 after a short illness. He is survived by his wife Natalie; three sons Mark, David, and Thomas; and numerous grandchildren. He will be buried in Manchester, NH in a private family service. In lieu of flowers, memorial gifts may be made to Maryland Society, Sons of the American Revolution, c/o Barrett McKown, Treasurer; 3580 S River Terr; Edgewater, MD 21037.

Published in The Washington Post on November 29, 2011

Rest in Peace, my friend...~JDL

Thursday, November 24, 2011

Apple iTunes flaw 'allowed government spying for 3 years'
An unpatched security flaw in Apple’s iTunes software allowed intelligence agencies and police to hack into users’ computers for more than three years, it’s claimed.

A British company called Gamma International marketed hacking software to governments that exploited the vulnerability via a bogus update to iTunes, Apple's media player, which is installed on more than 250 million machines worldwide.
The hacking software, FinFisher, is used to spy on intelligence targets’ computers. It is known to be used by British agencies and earlier this year records were discovered in abandoned offices of that showed it had been offered to Egypt’s feared secret police.
Apple was informed about the relevant flaw in iTunes in 2008, according to Brian Krebs, a security writer, but did not patch the software until earlier this month, a delay of more than three years.
“A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet the company waited more than 1,200 days to fix the flaw,” he said in a blog post.
"The disclosure raises questions about whether and when Apple knew about the Trojan offering, and its timing in choosing to sew up the security hole in this ubiquitous software title."

Tuesday, November 22, 2011

Compliance vs. Security: The Multiple Dimensions of Corporate Espionage

You've spent months fixing the red items on an internal audit report and just passed a regulatory exam. You've performed a network vulnerability assessment and network pen test within the last year and have fixes in place. You've tightened up your information security policy and recently invested in a security information and event management (SIEM) solution. You're secure, right?
Put yourself in the shoes of a criminal. He knows that most security programs focus on regulatory compliance. He knows that IT departments have limited budgets. He also knows that you must defend against an almost unlimited number of attack vectors, while he just has to find one way in.
How do you protect against a sophisticated, motivated criminal? A professional spy who has targeted your company's trade secrets? A skilled insider with a specific purpose in mind? These types of people know that information comes in many forms, not just electronic, and they are trained to exploit any vulnerability. An effective information security program must incorporate more than just traditional pen tests and vulnerability assessments. 

Corporate espionage is on the rise for multiple reasons: the down economy, frequent job changes, and even governments that boost their economies through acquisition of trade secrets. In most cases, the end product is not as valuable as obtaining the means of production, the research and development, or the "know-how." This type of information will help to cut down on development costs and aid in the long-term production of a particular good. In the end, a company must get the best product to market first, at the best cost, through maneuvering around the competition.

Cyber attack on water utility an 'eye-opener' for security professionals

YARMOUTH, Maine—A cyber attack that apparently originated in Russia and targeted a water utility in Illinois may be the purview of IT security specialists, but it should be of concern to all security professionals with responsibilities over vital infrastructure, say utility security experts who spoke with Security Director News.
The cyber attack, which targeted the Curran-Gardner Township Public Water District, apparently took place on Nov. 8 and was traced to an IP address in Russia. By taking remote control of the Supervisory Control and Data Acquisition (SCADA) systems, the attackers were able to burn out a water pump. However, the event wasn't widely reported until Nov. 17, when Joe Weiss, a well-known expert on cyber security of utilities, wrote about the attack, citing a report from the Illinois Statewide Terrorism and Intelligence Center.
Though the cyber attack's only result was a burned-out pump at a small Illinois water utility, Allan Wick, security manager for the Tri-State Generation and Transmission Association and chairman of the ASIS Utilities Security Council, told Security Director News it's a very significant event. "This is the first documented instance in the United States of a SCADA system of a critical infrastructure being compromised," he said.
People have been talking about the potential for such an attack for years, Wick said, but not everyone in the utilities sector took the threat seriously. The event should be an "eye-opener" for security professionals with responsibility over vital infrastructure, Wick said. "Take the threat seriously," he said. "It's not someone crying wolf."

Wednesday, November 16, 2011

Attackers Get Sneakier With Encrypted Malware

Malware just got sneaky! Well, sneakier, that is. Attackers in Brazil have found a way to sneak around antivirus programs by using cryptography.
Recently Dmitry BestuzhevKaspersky Lab's Head of Global Research and Analysis Team for Latin America, was looking over some potentially malicious links from Brazil when he discovered some files with .jpeg filename extensions. At first glance, Bestuzhev thought that they were some form ofsteganography--the art and science of hiding messages. But upon further inspection, the reseacher discovered that they were actually more like .bmp (bitmap) files, than JPEGs.
The data contained within the files themselves was obviously encrypted and contained some kind of malware; Bestuzhev later discovered that the data was in the form of block ciphers--a cryptographic method that encrypts 128-bit blocks of plain text in to 128-bit blocks of cipher text. Since block ciphers can only be composed of 128-bit blocks, they must break up the message into several blocks and encrypt each one individually. A process called modes of operationallows a cryptographer to repeatedly use block ciphers to encrypt an entire program--or piece of malware, in this case.

Fox-IT and TNO to Work on System for Detecting Digital Espionage

Delft, The Netherlands (PRWEB) November 16, 2011
The threat of targeted cyber attacks, especially digital espionage is increasing rapidly. The current security measures against cybercrime focus primarily on the detection of massive and indiscriminate attacks. To protect businesses and governments against cyber espionage Fox-IT and TNO are developing the Cyber Attack Detector (CAD).
Analyzing a large number of digital espionage indicators will allow users to be instantly alerted when there are activities that indicate fraud or espionage. The Ministry of Economic Affairs, Agriculture and Innovation in The Netherlands has granted €800,000 via the “Innovation for Public Security” program for the development of this joint solution.
Digital espionage threat is increasing, protection lagging
The social and economic impact of cybercrime is increasing, as is the demand for an effective protection against cybercrime. The attack methods of the digital spy have become more sophisticated, with increasing reports of very specific and targeted attacks. Traditional protective equipment such as intrusion detection systems, firewalls, virus scanners, and log analyzers offer inadequate protection.


Facebook Hacked: Porn and Graphic Material Floods Users' Accounts

Facebook has been under heavy attack the last two or three days as the popular social networking site has become the victim of a severe hacking spree affecting nearly every user on the site.

The hacks do not seem to have specific targets but happen at random with some user’s newsfeeds being littered with objectionable content and others not seeing anything.
Some of the hacks happen in the form of "click' spam being sent out. A popular spam involves Kim Kardashian with a link to a video. It will say something like "After watching this video I lost all respect for Kim." Upon clicking, the link takes the unsuspecting person nowhere, and hacks the account sending the same spam to all of the user’s friends.
Other spams include mass messages and tagged photos leading people to believe they are in the link or involved with it because it is not personalized. Those will also have the same result, and continue the spamming of others walls.

Monday, November 14, 2011

I spy... something beginning with adultery

The woman in her early forties staring at the laptop couldn’t quite believe what she was seeing. Live pictures beamed to her computer showed her husband having a romantic meal in a restaurant in Esher in Surrey with another woman.
The images, recorded by a hidden camera placed in an unmarked white van, were transmitted live back to the married couple’s drawing room deep in the Surrey stockbroker belt. The private investigator sat with the spurned spouse as they stared at the screen, surrounded by expensive antiques and original artworks. “Give him a call,” said the investigator. The woman – let’s call her Claire – picked up her phone.
“Darling,” she said, “I was just wondering where you were?” Her husband, a senior executive in the City, who by now had stepped out of the restaurant and was standing on the pavement, in clear view of the camera, replied: “I’m stuck in the office. I’ll be home late.”
The wife’s worst fears had been confirmed. Like increasing numbers of husbands and wives, Claire had turned to a private investigator to discover if her partner was cheating. The surveillance, which had lasted a week and culminated in her husband being caught red-handed, had cost her £3,000. She told the investigator later that it was money well spent. One firm that sells tracking devices told The Sunday Telegraph it had seen a huge spike in sales, mainly to suspicious wives.
The use of private detectives and the hi-tech methods they employ to catch out unfaithful spouses is a subject rarely discussed in the polite circles of suburban Britain but it emerged out of the murky shadows last week. Dr Diletta Bianchini, 35, a doctor working at the Royal Marsden Hospital in London, hired a detective agency to place a GPS tracking device beneath the car of her husband William Sachiti, convinced that rather than working late he was conducting an illicit liaison.

Saturday, November 12, 2011

Suspicious wife causes bomb scare after bugging husband's car

Note: Don't try this at home...;-)  ~JDL
 A suspicious wife's attempt to prove her husband was having an affair backfired spectacularly when a tracking device fitted to his car was mistaken for a bomb.
Diletta Bianchini had employed a private detective after her husband William Sachiti began working unusual hours.
Unbeknown to her the investigator fixed a tracker, roughly the size of a cigarette packet, to the petrol tank of Mr Sachiti's £40,000 silver Lexus using magnets.
And when the husband - a security consultant and entrepreneur - spotted the device flashing he feared the worst.
He rushed to alert police, who blocked off a busy high street, evacuated a coffee shop and scrambled the bomb squad, fire engines and ambulances.
Mr Sachiti, who as an entrepreneur once appeared on BBC programme Dragons' Den, said: "When I first saw the device it was after I had my car washed. It was in Morrisons' car park. At first I didn't know what to do.
"I called a friend and they were concerned it could be something dangerous.


Thursday, November 3, 2011

U.S. Calls Out China and Russia for Cyber Espionage Costing Billions


Hey, China and Russia, get off of our clouds.
That's the warning from a new U.S. national intelligence director's report to Congress released Thursday that states China and Russia are the biggest perpetrators of economic espionage through the Internet. 
The report, Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, also warns that the efforts to calculate the cost of lost research and development is nearly impossible to calculate but could be costing up to $398 billion. As mobile devices proliferate, it's only going to get easier for spies to steal.

Analysts note that this is the first time the U.S. government report has so openly blamed countries that support cyber attacks and espionage at the national and state level.
"The computer networks of a broad array of U.S. government agencies, private companies,
universities, and other institutions -- all holding large volumes of sensitive economic information -- were targeted by cyber espionage; much of this activity appears to have originated in China," reads the report.
Drawing on data from 13 agencies, including the CIA and FBI, over the past two years, the report concludes that attacks against U.S. government networks and military contracts are on the rise. But one of the most worrying trends is the growing number of attacks on businesses that are smaller than the Fortune 500 companies.
Additionally, the report states that China's intelligence services -- as well as private companies and other entities -- are exploiting Chinese citizens or others with family ties in China who have "insider access to corporate networks to steal trade secrets using removable media devices or e-mail."


Note: Worried about Cyber Espionage? Contact us, we can help. ~JDL

SpearTip Announces Strategic Alliance With ComSec

St. Louis, Missouri (PRWEB) November 03, 2011
SpearTip, LLC CEO Jarrett Kolthoff announced that SpearTip has formed a strategic alliance with ComSec, LLC, of Virginia Beach, VA, which provides professional technical surveillance counter measure (TSCM) services nationwide. ComSec’s expertise includes electronic eavesdropping detection, bug sweeps, counterespionage consulting, counter surveillance, cyber TSCM, and anti-surveillance services for businesses and individuals.
Kolthoff said the alliance continues SpearTip’s geographic growth to the eastern seaboard as well as adding skill sets and technical capabilities to SpearTip’s existing cyber counterespionage arsenal.
ComSec is headed by CEO/President J.D. LeaSure, a countersurveillance practitioner in defense and industrial sectors since 1984. LeaSure has extensive training, knowledge, and experience covering eavesdropping devices, detection methods and other surveillance tactics employed by those seeking to steal information. The SpearTip alliance expands ComSec’s capabilities in cyber counterespionage and computer forensics.
“We believe this combination of talents and expertise will strengthen the unique service SpearTip offers clients,” Kolthoff said. “We are able to offer the broadest range of countersurveillance protection of anyone in the industry.”  

Wednesday, November 2, 2011

DC convention helps governments spy on citizens

Representatives from governments across the globe gathered in Washington DC last month, but it wasn’t international affairs that they were there to discuss.

The meeting, rather, was an annual conference where figureheads far and wide come together to discuss the latest and greatest ways to spy on their own citizens.

At this year’s Intelligence Support Systems (ISS) World Americas conference, the only consumers were the governments of great nations far and wide who came together in DC last month to go over the newest achievements in “lawful interception” methods, reveals an article published this week in the UK’s Guardian. According to their filing, international figureheads came together on American soil to find the freshest ways to carry out clandestine surveillance on their own citizens back home by hacking smart phones, laptops and anything else with a circuit.

The actual roster from this year’s guest list is kept top-secret, much like the information inside the exclusive DC conference room, but past reports suggest it reads like a who’s who of foreign nations. In 2008, for examples, the Spanish biometrics company Agnito said they were proud to be a participant in that year’s conference, which it describes on their website as a meeting-place that focuses on Intelligence Gathering. As the worldwide leader in voice biometrics, Agnito’s list of clients includes the Spanish Ministry of Defense, the national police of France, the prosecutor’s office of South Korea and some of the biggest banks in Spain. Don’t let that list of “friendly” nations let you think that nothing is amiss here, however. In The Guardian’s article, Jerry Lucas, president of TeleStrategies, says that the manufacturers of surveillance technologies are free to pitch products to any nation they want.

"The surveillance that we display in our conferences, and discuss how to use, is available to any country in the world,"Lucas tells The Guardian. "Do some countries use this technology to suppress political statements? Yes, I would say that's probably fair to say. But who are the vendors to say that the technology is not being used for good as well as for what you would consider not so good?"

Tuesday, November 1, 2011

How the FBI Busted Anna Chapman and the Russian Spy Ring

Anna Chapman is a television star and lingere model back in Moscow now, but before she and other Russian spies were caught by the FBI last year, they came dangerously close to accomplishing a portion of their undercover mission in the United States.

“This group was well on their way to penetrating foreign policy circles.  They had befriended a friend of a sitting Cabinet official,” FBI Counter Intelligence Assistant Director Frank Figliuzzi said. “They wanted to get their hands on the most sensitive data they could get their hands on, but we took this thing down before classified information changed hands.”
In a wide-ranging interview with ABC News, Figliuzzi said the red-headed Chapman was much more than a seductive “femme fatale.”
“This is a highly-trained intelligence officer — Chapman is new breed of illegal operative,”  Figliuzzi said, describing her as “tech savvy” and capable of spying in plain sight. Chapman and her comrades were “the cream of the crop, handpicked out of the Russian intelligence academy, because of their fluency in languages, and their ability to acclimate into another society,” he said.
FBI hidden camera surveillance videos of the spies’ operations give a fascinating look into Russian spy tradecraft as employed by Chapman and the other Russian agents.   The videos show, among other things,  the Russian infiltrators hiding messages under bridges, secretly trading information, money and contact information via “brush passes,” and digging for buried payoff money in the woods.

Monday, October 31, 2011

Cyber spy campaign targets chemical industry: Symantec

SAN FRANCISCO — US Internet security firm Symantec on Monday exposed a cyber spying campaign targeting trade secrets at top chemical firms and linked the industrial espionage to a man in China.
At least 48 companies, including some that make advanced materials for military vehicles, were targeted in a campaign Symantec dubbed "Nitro" given the type of information at risk.
"Attacks on the chemical industry are merely their latest attack wave," Symantec security response team members Eric Chien and Gavin O'Gorman said in a report released on Monday.
The attacks targeted NGOs supporting human rights from late April to early May before switching to the motor industry, according to the report.
Major chemical firms, mainly in the United States, Britain, and Bangladesh, came under fire by cyber spies from late July to mid September, Symantec said.
Nitro was aimed at stealing intellectual property for competitive advantage, according to Chien and O'Gorman.
Attackers researched firms, sending selected workers booby-trapped emails that, once opened, secretly infected computers with malicious "Poison Ivy" software designed to steal information.
While various ruses were used to trick workers into opening email attachments to unleash spy software in machines, a typical pretext was to fake a meeting invitation from an established business partner.
Another tactic used by cyber spies was to send employees email purporting to be a security software update that needed to be installed in computers, according to Symantec.
Poison Ivy code was written by a Chinese speaker and Nitro attacks were traced to a server located in the United States but owned by a "20-something male" in the Hebei region of China, the report said.