Wednesday, April 27, 2011

10 Most Notorious Acts of Corporate Espionage
There’s no end to the skullduggery that businesses will get involved in with the aim of making a quick buck, or trying to keep up with their competitors. Of course, their fellow companies aren’t beyond their schemes, either. There’s a war going on out there, folks, and spying is part of the game – criminal or not. Corporate espionage was a normal way of doing business back in days gone by, before copyright and patent protection brought the long arm of the law into play, but some companies still engage in the practice of acquiring trade secrets and business information by any means necessary. Here are 10 infamous cases of industrial espionage.


Apple Doesn't Spy, Vows to Fix Spying
NEW YORK (TheStreet) -- Apple(AAPL_) denied, confessed to and then said it will change its iPhone tracking practices that have created a swirl of outcry about potential privacy invasion.

In classic Apple fashion, the company issued a press release Wednesday consisting of 10 questions the company asked itself. In addition to the 10 answers, the company said it is preparing a software update that changes the way it collects data about iPhone locations.

First came the denial.

"Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so," said the release.

Next came the explanation.

The short version: Apparently Apple doesn't track iPhones -- it collects the data from WiFi and cell tower antennas that track iPhones.

The long version: In order to find your location faster, Apple said it uses a database of antennas in a given area. This ready cache of antenna info can quickly pinpoint you on a map -- that's a lot faster than if you had to wait only for a GPS satellite report.

While Apple says this offers fast, accurate and secure location services, "users are confused" because the company has "not provided enough education about these issues to date."

So it's not your fault for being confused and angered about location snooping. It's Apple's -- among others' -- fault for not explaining how awesome the system is.

Apple also blamed bugs in the system.


Tuesday, April 26, 2011

Millions of Sony Playstation users hit by massive data theft
Sensitive personal details of tens of millions of internet users have been stolen by hackers in one of the biggest ever cases of data theft, it has emerged.

Fraudsters have obtained data on millions of online video gamers – including three million Britons - after targeting Sony’s PlayStation Network.

The electronics giant is contacting around 70 million customers warning that details including their names, addresses, dates of birth, passwords and security questions have been stolen.

Sony also admitted that the hackers may have gained access to people’s credit card details.

The network provides online video gaming services and allows streaming of films and music via the internet.

It requires members to submit credit card and personal details to subscribe.


Saturday, April 23, 2011

Protecting Your Country While Protecting Your Clients

Think your small business customers are too small to be of interest to international spies looking to steal trade secrets and intellectual property? Think again. Corporate espionage is a real threat. Here's how you can help.

Recently I was surprised to learn how far espionage has moved from the traditional Cold War spying that focused on the Russians stealing our government secrets, to a new type of espionage designed to steal trade secrets and intellectual property. The targets aren’t all multi-national corporations, but include small businesses like the ones we service. Most of the threats come from China.

Brett Kingstone’s 80-person fiber-optic lighting company, Super Vision, was targeted by a Chinese government shell company which bribed one of Kingstone’s key employees to steal designs and process secrets. The Chinese then set up a company to duplicate Super Vision’s products and offer them at low prices, since the cost of stealing was a fraction of the cost of Super Vision’s research and development.

In his book, The Real War Against America (Specialty Publishing Company, 2005) Kingstone describes how he was challenged by his distributors when they found his company’s products being offered for much lower prices. Kingstone was confused until he was able to get samples, which matched Super Vision’s products in every way. Through a spy-thriller ordeal that included bribes, threats, shredded evidence, stolen equipment, fraudulent bankruptcy filings, an FBI investigation, and private investigators posing as Arab sheiks, Kingstone was able to get a $33.1 million civil judgment even though the culprits avoided criminal prosecution.


Industrial espionage has a new bogeyman
Former cyber-security adviser to White House accuses China of systematically stealing trade secrets; detractors say he's just trying to sell his book on the subject.

THE man who once advised the White House on cyber security has accused the Chinese government of condoning and probably helping to fund the stealing of trade secrets and research from other countries.

This startling assertion, which could invite a sharp response from China, has divided experts in the field. Some accuse Richard A Clarke of deliberate sensationalism while others say there could be some truth in his allegations.

Mr Clarke, who is currently chairman of corporate risk management firm Good Harbor Consulting, resigned in 2003 after 30 years in the US government.

Notably, he spent 11 years in the White House holding posts including special adviser to the president for cyber security and national coordinator for security and counterterrorism.

During a stopover in Singapore last week to speak at an Infocomm Development Authority (IDA) seminar, Mr Clarke said: 'There is evidence that the government of China is complicit in systematic international industrial espionage on a very large scale.'


When Wiretapping Runs Wild

Despite voluminous restrictions on when they can and can’t be used, government wiretaps are still a blunt instrument.

While they can be used to land powerful evidence against insider-trading suspects, recent case have raised fresh questions about when government surveillance crosses a line into unwarranted invasion of privacy.

The WSJ’s Michael Rothfeld provides a look at the issues in this story, out Friday.

It seems that more than 40 secret recordings played for jurors at the trial of Galleon Group founder Raj Rajaratnam, which will head to the jury on Monday, have contained stretches of dialogue that appear exclusively personal.

Yes, personal. In other words: snippets of dialogue that focus on marriages and alleged extramarital affairs, social visits and vacations.

There’s a limit, it seems, to just how much personal information a judge will allow the government to tape. In a ruling on Wednesday, a judge overseeing a different but related insider-trading case excoriated the government for monitoring intimate calls between trader Craig Drimal and his wife about their marriage, which had nothing to do with the case.

The FBI is supposed to stop monitoring conversations that aren’t relevant to an investigation or involve relationships that legally are privileged, such as those with a spouse, attorney, doctor or clergy member. They are allowed, however, to tune back in periodically to make sure the discussion hasn’t changed.


Candidate Catches Hidden Camera

Jessica Tetreau is outraged.

She’s a candidate for Brownsville City Commissioner District Two.

She’s also a mother, afraid a surveillance camera is spying on her and her children.

Tetreau discovered the camera Friday.

It’s hidden inside the broken window of a neighbor’s home, pointing at the house of her estranged husband.

Tetreau is separated from her husband, but says she still spends a lot of time at his home.

“This is a very well known area where children play,” said Tetreau.

Tetreau said the discovery of the camera confirmed her fear that she and her children were being watched.

"I had already seen a man taking pictures of my children,” said Tetreau.

Whether the camera is an attempt to sabotage Tetreau, she said she doesn't know.

"It would be very disgusting and disturbing if that's why it was set up,” said Tetreau.

Watch Video...

Thursday, April 21, 2011

CIA reveals invisible ink recipes used by WWI spies
World War I spies engraved messages on toe-nails and used lemon juice to write invisible letters, classified documents released by the CIA reveal.

The six documents, amongst the oldest secret papers to be held by the agency, disclose a number of spying techniques.

The nearly century-old records include instructions "to suspect and examine every possible thing".

Recent advancements in technology have made it possible to release the documents, the CIA said.

One document suggests soaking a handkerchief, or any other starched substance, in nitrate, soda and starch, in order to make a portable invisible ink solution.

Putting the treated handkerchief in water would release a solution that could then be used to write secret messages, the records say. A document written in 1914 in French, exposes a German formula for making secret ink, suggesting that French spies had managed to crack the enemy's code.


Tuesday, April 19, 2011

Snooping: It's not a crime, it's a feature

Cellphone users say they want more privacy, and app makers are listening.

No, they're not listening to user requests. They're literally listening to the sounds in your office, kitchen, living room and bedroom.

A new class of smartphone app has emerged that uses the microphone built into your phone as a covert listening device -- a "bug," in common parlance.

But according to app makers, it's not a bug. It's a feature!

The apps use ambient sounds to figure out what you're paying attention to. It's the next best thing to reading your mind.

Your phone is listening

The issue was brought to the world's attention recently on a podcast called This Week in Tech. Host Leo Laporte and his panel shocked listeners by unmasking three popular apps that activate your phone's microphone to collect sound patterns from inside your home, meeting, office or wherever you are.


Sunday, April 17, 2011

CIA brain drain: Top staff go to private sector

In the decade since the attacks of Sept. 11, 2001, private intelligence firms and security consultants have peeled away veterans from the top reaches of the CIA, hiring scores of longtime officers in large part to gain access to the burgeoning world of intelligence contracting.

At least 91 of the agency's upper-level managers have left for the private sector in the past 10 years, according to data compiled by The Washington Post. Several of the top positions have turned over multiple times in that period: In addition to three directors, the CIA has lost four of its deputy directors for operations, three directors of its counterterrorism center and all five of the division chiefs who were in place the day of the Sept. 11 attacks.

In many quarters in Washington, government officials decamp for the private sector as a matter of course. Defense consultancies routinely hire generals retiring from the Pentagon; the city's lobbying firms are stacked with former members of Congress and administration officials.


Thursday, April 14, 2011

Self-wiping hard drives from Toshiba
Toshiba announces a family of self-encrypting hard disk drives (HDDs) engineered to automatically invalidate protected data when connected to an unknown host. The new Toshiba Self-Encrypting Drive (SED) models enable OEMs to configure different data invalidation options that align with various end-user scenarios.

Designed to address the increasing need for IT departments to comply with privacy laws and regulations governing data security, the drives are ideally suited for PC, copier and multi-function printer, and point-of-sale systems used in government, financial, medical, or similar environments with an acute need to protect sensitive information.


Monday, April 11, 2011

On The Internet, No One Watches The Wiretappers

Note: Heads up, this just in from our friend "Mike"...JDL
When Twitter revealed in January that it had received a Department of Justice order to hand over information on three users associated with WikiLeaks, the real surprise wasn’t that an Internet company had been asked to secretly spill user data for a criminal investigation. It was that, for once, the firm didn’t kept quiet about it.

Chris Soghoian, a privacy researcher at Indiana University and the Center for Applied Cybersecurity Research, has been following that Twitter case closely as a potentially precedent-shaping test for how and when the government can nab users’ online information. And now he’s released a paper that puts the case in context, outlining just how little Americans are told about the extent of government surveillance on the Internet.


Sunday, April 10, 2011

Electronic Bug Sweep Video

French probe industrial espionage at defense firm unit

PARIS (Reuters) - France's intelligence services have unearthed a case of suspected industrial espionage at an engine subsidiary of French aerospace and defense firm Safran, Le Monde newspaper said in its weekend edition.

A Safran spokeswoman declined to comment on Sunday when contacted by Reuters about the report, which spoke of a Chinese link.

The newspaper said investigators had placed about 10 people in custody as they dig for information about a 2010 attack on the computer networks of Safran subsidiary Turbomeca, which makes helicopter engines.

It said hackers broke into the computer networks and gained access to sensitive information about propeller systems at Turbomeca, as well as Safran documents containing information about billing and the cost of various company projects.

The computer break-ins took place during the first eight months of 2010 and may have involved help from company insiders, Le Monde reported it was told by an unnamed judicial source.


Competitive Intelligence: How to Spot a Liar

"Deception detection" experts—often former CIA agents—are used by banks and hedge funds to assess the honesty of CEOs. In his recent book, Broker, Trader, Lawyer, Spy, Eamon Javers shares some tricks of the trade:

1. Fidgeting
Aside from true sociopaths, people aren't natural liars, and saying one thing while thinking something else can actually cause physical discomfort. That's what causes people to squirm.

2. Weasel Words
Expected to, probably, basically, should be...
These kinds of qualifiers crop up when someone is trying to obscure doubts or worries.

3. Detour Phrases
Think, As I said before. Liars try to circumvent a direct answer by referencing past answers to different questions.


Lawsuit Filed Over Listening Devices
A lawsuit involving two dozen plaintiffs and 18 defendants has been filed over alleged illegal wiretapping at the Newton Falls Police Department.

The lawsuit was filed Friday in Trumbull County Common Pleas Court by an attorney with the Fraternal Order of Police on behalf of employees, mostly police officers, and citizens of Newton Falls. Defendants include current and former city officials who "have approved the expenditures for the installation and upkeep of the illegal wiretapping system."

The lawsuit claims oral communications were illicitly recorded by hidden microphones placed in public and private areas of the police department. The suit alleges that former Police Chief Robert Carlson had the devices installed and intercepted conversations during contract talks to negotiate less beneficial contracts.

The new chief, John Kuivila, has said he found the devices in May of 2009.

Carlson, who is now retired, said he never intercepted any conversations and said he has done nothing wrong.


US dragging its feet on wiretapping rules
Citing the need to protect intellectual property and consumer information like the emails that were leaked in this week's massive Epsilon hack, the Senate Judiciary Committee called a hearing Wednesday to update the Electronic Communications Privacy Act.

Committee member Sen. Sheldon Whitehouse (D-RI) emphasized that while amending the law and taking the time to define privacy took time, that is time that U.S. cyber security remains vulnerable.

"It's thousands of attacks a minute, not thousands of attacks a day," he said. "It's a necessary process, but it's one that's not without peril and it's not one without cost."

However, ECPA, more familiarly known as the wiretapping law, will probably not see a change in the immediate future. The Judiciary Committee called a hearing for the same reasons last year, and the process has been languishing since then. Without an official position from President Obama's administration, the amendment process will not move forward. Raw Story


DOJ To Congress: We Shouldn’t Need A Warrant To Snoop Through Gmail

For years, privacy advocacy groups have been trying to make sure digital data has the same kinds of search and seizure protections that physical documents have. In recent times, even some major companies like Microsoft (NSDQ: MSFT) and AT&T (NYSE: T) have joined together in the Digital Due Process coalition, which wants to modernize the nation’s out-of-date wiretapping laws. Those corporations want law enforcement agents to get a warrant issued by a judge before they are able to tap into sources of data stored in the cloud, such as web email. It’s been an uphill fight—to say the least—and today, the Department of Justice took a position that’s going to make their quest even harder.

According to a report from CNET, a DOJ lawyer told a Senate committee that if cops are required to get a search warrant to tap into email stored online, it could have an “adverse impact” on investigations. “Speed is essential,” he said. “If Congress slows down the process, this would have real-life consequences, particularly where human life is involved.”


Friday, April 8, 2011

Square or Dare? You be the judge...

Today is a wake-up call to consumers and the payments industry. Last year, a start-up named Square introduced a credit card reader for smartphones with the goal of making it very easy for anyone to accept credit cards through a mobile device. Seems like a great idea, but there is a serious security flaw that Square has overlooked that places consumers in dire risk.

In less than an hour, any reasonably skilled programmer can write an application that will "skim" – or steal – a consumer's financial and personal information right off the card utilizing an easily obtained Square card reader. How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this.

Let me explain how easy it is to exploit the vulnerability.


Thursday, April 7, 2011

China and Russia fingered in German industrial espionage alert

Berlin - Industrial espionage by China and Russia is becoming easier thanks to computer hacking, officials warned German business leaders on Thursday, adding that police need data logs to track computer break-ins.

A conference heard that the annual cost to German companies of data theft was at least 20 billion euros (nearly 30 billion dollars).

However it is often easier to simply buy corporate secrets from disloyal employees.

Ole Schroeder, a senior Interior Ministry official, said that in 70 per cent of known cases, staff who hated their employer or were angry that they were likely to lose their jobs were behind the leaks.


Sunday, April 3, 2011

Corporate spying goes unreported

SANTA MONICA, Calif. (MarketWatch) — International industrial espionage is on the rise as cyber criminals shift their activities to stealing trade secrets from taking personal data and information.

A new research report from McAfee, the Internet security firm, says, “Globalization and the commoditization of information technology have driven businesses to store increasing amounts of precious corporate data in the cloud. As this shift has taken place, cyber criminals have discovered new ways to target this precious data, both from inside and outside the organization.”

The report, “Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency,” also says many companies are reluctant to thoroughly investigate cyber breaches for fear of publicity and because investigations are costly.

Companies worldwide are estimated to lose more than $1 trillion due to data leaks, costs of remediation and reputational damage.


Social-media tools used to target corporate secrets

Not long after airstrikes began in Libya last month, certain attorneys at four U.S. law firms, known for having high-profile clients in the oil industry, each received a personally addressed email message.

Each message carried an Adobe PDF attachment, purportedly an analyst report describing the effect of Libya's uprising on oil futures. Each lawyer clicked on the attachment.

But the PDF was actually pre-set to deliver a quick-acting computer intrusion, says Chris Day, chief security architect at data security company Terremark, who watched the attack unfold. Within a few seconds, the PC of each attorney who clicked on the attachment began sending a silent beacon to a command server controlled by the intruders.

Terremark alerted law enforcement, and the law firms were notified, cutting off yet another persistent intrusion - a distinctive type of hack that has quietly become a staple of the cyberunderground.

Hidden Camera Found In School Locker Room

Police said a group of eighth-grade girls discovered a video camera rolling at Atchison County Junior-Senior High School in Effingham.Students and parents throughout the district said they are embarrassed, angry and scared. They are worried about what kind of images exist and who might have seen them.Residents said Effingham is a typical small town where everyone knows each other and word travels fast. And that only serves to heighten the uneasy feeling among students, they said."Was I in that video and has anybody seen it?" Principal Mark Preut asked, voicing the concerns of the students.Kendra Myers works at Effingham's only sit-down restaurant and has a niece at the junior high."I think the first thing that comes to everybody's minds, parents, children, everything is the Internet, like is this all over the Internet?" Myers said.Preut said everything that could contain exploitative images went straight to Kansas City's Regional Crime Lab. So even local, law enforcement don't know what was captured or how far it went.


Friday, April 1, 2011

Bugged cuckoo clock scandal rocks government

The Swiss government has been accused of hiding surveillance systems in cuckoo clocks and then giving them as official gifts to at least 30 embassies.

The foreign ministry has yet to comment officially on the claims, made in United States diplomatic cables released last week by the WikiLeaks whistle-blowing website.

The alleged bugging came to light in cables sent in September 2006 from the US embassy in Bern to the US State Department.

In it, an unnamed official expressed security concerns about the cuckoo clock – a pendulum-driven “Chalet” model with music box – which had been presented to the ambassador the previous month as part of Swiss National Day celebrations.

“The latest addition to the living room is proving to be a good conversation piece, but I’m not sure we should be holding conversations around it,” the official wrote on September 14.

“The bird came out at midnight yesterday and I swear something flashed.”