Sunday, February 26, 2012

Apps are reading your texts and emails and even looking at your pictures..

dailymail.com


The small print included with many mobile phone apps is giving their developers the right to rifle through users' phone books, text messages and emails.
By agreeing to little-read terms and conditions documents, phone users are giving developers the right to inspect their personal information and even find out who they are talking to.

In many shocking cases, users are even giving apps the right to collect whatever images the camera happens to be seeing, as well as the phone's location.

Facebook, Yahoo!, Flickr and Badoo all admitted to reading users' text messages through their Android smartphone apps, the Sunday Times reported.Academics are now warning the many apps are little more than 'fronts' to allow companies to hoover up personal data and pass them on to advertisers for a fee.

And many other apps from less well-known developers, many of them available for free, are also including the rights to access your personal data in their terms and conditions.But the revelations also make clear that the wealth of data collected by the new generation of smartphones could pose a serious risk to users' privacy.

More...

Thursday, February 23, 2012

Smartphone security gap exposes location, texts, email, expert says


latimes.com
Just as U.S. companies are coming to grips with the threats to their computer networks emanating from cyber spies based in China, a noted expert is highlighting what he says is an even more pernicious vulnerability in smartphones.

Dmitri Alperovitch, the former McAfee cyber security researcher who is best known for identifying a widespread China-based cyber espionage operation he dubbed "Shady Rat," has used a previously unknown hole in smartphone browsers to deliver an existing piece of China-based malware that can commandeer the device, record its calls, pinpoint its location and access user texts and emails. He conducted the experiment on a phone running Google's Android operating system, although he says Apple's iPhones are equally vulnerable.
"It's a much more powerful attack vector than just getting into someone's computer," said Alperovich, who just formed a new security company, called Crowdstrike, with former McAfee chief technology officer George Kutz.
Alperovich, who has consulted with the U.S. intelligence community, is scheduled to demonstrate his findings Feb. 29 at the RSA conference in San Francisco, an annual cyber security gathering. The Shady Rat attack he disclosed last year targeted 72 government and corporate entities for as long as five years, siphoning off unknown volumes of confidential material to a server in China.

IT and espionage on Wall Street

economist.com

An overturned conviction creates uncertainty about what constitutes a crime


ASK a programmer at an investment bank where he works, and the answer will often simply be “Wall Street”. Isolated from clients and—it was once thought—assets with proprietary value, technologists bounce from firm to firm, from one high-rise building to another.
To this footloose community, the case of Sergey Aleynikov, a Goldman Sachs programmer, came as a shock. Mr Aleynikov was convicted in December 2010 of stealing code tied to Goldman’s lucrative high-speed proprietary-trading operations for use by a new employer. On February 16th, after he had spent nearly a year in prison, three judges in a federal appeals court unanimously reversed his conviction in a hearing that lasted just a single morning. Their written opinion is now eagerly awaited.
Mr Aleynikov admitted to taking code with him on his way out of Goldman, but argued successfully that this did not constitute a crime, or, to be more specific, a federal crime. He benefited from the help of a thorough lawyer, who adroitly knocked down two key claims. Because the computer trading system was not licensed or offered for sale, claimed Kevin Marino, the defendant’s lawyer, it was not a product to be bought or sold for interstate commerce, a key provision for a federal case. Because computer coding constitutes intangible intellectual property, Mr Marino said, it did not qualify under the goods, wares or merchandise components that are protected under the corporate-espionage act.

Saturday, February 18, 2012

COMSEC AUDIO JAMMER APP for iPHONE


itunes.apple.com

COMSEC AUDIO JAMMER

Keep your private conversations private!

The COMSEC AUDIO JAMMER protects your sensitive room conversations by generating a random masking sound, which desensitizes any near-by microphone. Effective against any microphone based eavesdropping device including tape recorders, RF transmitters, hard-wired microphones (including contact type) and shotgun microphones. It also protects against microwave or laser reflection pickups (when used correctly).
COMSEC AUDIO JAMMER uses specially designed audio speech patterns to mask your conversations from hidden microphones & eavesdroppers.
The speech patterns are randomly designed and generated to mask normal conversations from eavesdroppers. 


More...get the app here.

Thursday, February 16, 2012

Securing Corporate Data in a Law Office's Computer Network

Note: An excellent article, and a serious subject... When is the last time your law firm had a Cyber TSCM sweep? Ever? Contact me, I can help. ~JDL

law.com

The dramatic rise in electronic economic espionage against U.S. corporations came into full view with a report on the trend issued by the U.S. government last November. That same month, the Federal Bureau of Investigation held a meeting in New York City with some of the weaker links in the online spy game: law firms.

It’s an issue that should be getting the attention of in-house counsel, especially as they share sensitive--and potentially valuable--data with outside counsel.

Rich with client information, law firms are often much less equipped to fend off cyberattacks than the corporations they represent. Ergo “a hacker can hit a law firm and it’s a much, much easier quarry,” Mary Galligan, head of the cyber division in the FBI’s New York City office told Bloomberg. Likewise, in a series of blog posts on this issue currently running in Forbes, cybersecurity expert Alan Paller says: “The important files relating to clients’ international activities are usually much easier to find in the law firms’ files than in the corporate files.”

Digital risk consultancy Stroz Friedberg has advised both law firms and corporate clients on this growing problem. Firms need to take a risk-oriented approach to protecting client information, says company co-president Eric Friedberg, a former federal prosecutor and an expert in cybercrime response. At the same time, he says, there are important questions in-house counsel can ask about how their files will be protected (seeCounsel’s Dozen list below).

“Attackers go where the money is,” says Friedberg. These days, law firms should assume that hackers will infiltrate their network, and they should identify which digital assets are most at risk and put the most security around those areas, he says.


More...

Chinese Telecoms May Be Spying on Large Numbers of Foreign Customers

theatlantic.com
A U.S. Congressional probe is investigating whether China's state-linked firms, which built much of the communications infrastructure in several Asian countries, is using its access for snooping.

Two Chinese telecommunications giants are under scrutiny by a US congressional committee. The outcome of the probe could have revealing implications for Central Asian states, which have used these companies to modernize their telecom sectors.
US legislators have expressed concern that Huawei and ZTE act as front companies for the Chinese government, and represent a grave "cyber-security threat." The chairman of the House Permanent Select Committee on Intelligence, Michigan Republican Mike Rogers, asserted during a congressional hearing last October that China is engaged in the "brazen and wide-scale theft of intellectual property from foreign commercial competitors."
"Attributing this espionage isn't easy, but talk to any private sector cyber analyst, and they will tell you there is little doubt that this is a massive campaign being conducted by the Chinese government," he added.

More...

Wednesday, February 15, 2012

Texas constable admits ordering bugging

chron.com


DALLAS (AP) — A small-town Texas constable told the FBI he secretly bugged other officials' offices after they were accused of illegally forcing motorists to forfeit their cash, according to a search warrant affidavit.
The affidavit, based on interviews conducted by FBI agents and Texas Rangers, quotes Shelby CountyConstable Fred Walker as saying he authorized the installation of hidden surveillance cameras and digital recorders even though he didn't have legal authority. It also includes a statement from a witness who claims Walker helped organize a scheme to sell drugs seized from suspects.
It's just another chapter in a longtime drama in Tenaha, a town of 1,160 near the Louisiana border, where seizures of cash from motorists stopped for traffic violations along U.S. Highway 59 — a well-known drug route that runs from the U.S.-Mexico border to Canada — have led to lawsuits and a federal criminal investigation.
Walker, 53, was Tenaha's city marshal at the time the alleged bugging occurred. He was elected constable in 2010.
In a brief phone interview, Walker said he knew nothing about the affidavit, filed in U.S. District Court in Lufkin on Feb. 6. When asked if he arranged to have offices bugged, he hung up.
Walker's attorney, Bassey Akpaffiong of Houston, said prosecutors have told him to expect an indictment. Akpaffiong said Walker was never involved in selling drugs and never told the FBI he authorized the installation of secret listening devices.
Malcolm Bales, U.S. attorney for the Eastern District of Texas, declined to comment.

Caught spying

thestandard.com.hk

Bosses are being warned about breaking the law by using hidden miniature cameras to spy on staff.

For the use of "pinhole" cameras is in sharp focus after Privacy Commissioner Allan Chiang Yam-wang took a subsidiary of Sun Hung Kai Properties to task for snooping.

Chiang found after an investigation that management subsidiary Hong Yip Service Co breached the privacy ordinance by its "unlawful and unfair collection of personal information."

But Chiang said he will not be penalizing the company as it has dismantled the eye-spy gear.

And Hong Yip bosses continue to claim they were not spying on employees by mounting a camera outside a changing room at a housing estate, and that it was to pick up trespassers in the car park. Still, two security guards had been fired as a result of their snooping.

"Covert monitoring is generally regarded as highly privacy-intrusive," Chiang said. "Employers should not adopt covert monitoring unless it is justified by special circumstances." Reasons can include matters like the theft of confidential data - but only as a last resort.

Warning against secret monitoring of employees, Chiang said overt devices such as CCTV cameras offer a legal alternative that in most cases is just as effective as secret cameras.

Tuesday, February 14, 2012

Traveling Light in a Time of Digital Thievery

Note: Having recently traveled to China, I can attest to Mr. Lieberthal's concerns....Do yourself (and your company) a favor, Just accept the fact that you "will" be collected against...and take Mr. Lieberthal's advice...very seriously.  JDL

nytimes.com

SAN FRANCISCO — When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.
He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”
What might have once sounded like the behavior of a paranoid is now standard operating procedure for officials at American government agencies, research groups and companies that do business in China and Russia — like Google, the State Department and the Internet security giant McAfee. Digital espionage in these countries, security experts say, is a real and growing threat — whether in pursuit of confidential government information or corporate trade secrets.


More...

The reality of digital espionage and defending against it

fiercecio.com


The New York Times has an article that talked about the reality of digital espionage and spying conducted against companies and government officials in the United States. As was widely reported late last year, things came to a head when Chinese hackers succeeded in infiltrating the U.S. Chamber of Commerce, siphoning at least six weeks' worth of email belonging to four Chamber employees.
The Times article quoted Joel F. Brenner, a former top counterintelligence official in the office of the director of national intelligence who summed up the situation this way: "If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated."
The best defense against potential digital snooping or espionage, it appears, entails leaving one's mobile phone and laptop at home. Only loaner devices devoid of company data should be brought to high risk countries, and which are also promptly wiped clean upon return. And if that's not adequate, security vendor McAfee goes a step further: If any employee's device was inspected at the Chinese border, the device will never again be allowed to plug into McAfee's network, reports the Times.

Nortel faced corporate espionage from China-based hackers for more than a decade

thestar.com


Fallen telecommunications giant Nortel was the subject of international industrial espionage for more than a decade, according to reports obtained by the Wall Street Journal.
Hackers thought to be based out of China downloaded research and development reports, business plans and employee emails from Nortel’s corporate computer network since 2000.
The corporation, now in the process of selling itself off bit by bit after filing for bankruptcy in 2009, was breached by the hackers when seven passwords of top Nortel executives were stolen.
The hackers also placed spyware so deep into some employee computers it escaped detection. The Journal reports that some of those computers may have been moved to the companies that bought up Nortel assets.
Parts of the company now belong to Avaya Inc., Ciena Corp, Telefon AB L.M. Ericsson and Genband Corp.
Nortel did not take the threat of a security breach seriously, said Brian Shields, a former senior advisor in security systems at Nortel who conducted an internal investigation into the matter.
Shields told the Journal that Nortel that the hackers “had access to everything… They had plenty of time. All they had to do was figure out what they wanted.”
His report says Nortel also failed to determine whether its products were compromised by hackers, and did not disclose the security breach to investors or the buyers snapping up parts of the firm.

Businesses bugged by end point security risks

news.techeye.net


Businesses are not doing enough to protect against software security flaws according to a report, effectively leaving the doors wide open to cyber criminals.
The latest Yearly Report from security outfit Secunia has shown that more should be done in the software industry to ensure that patching strategies are in place, with end point vulnerabilities on the rise.
The problem is  stemming from third party non-Microsoftprograms, with the number of vulnerabilities on end points increasing from 45 percent in 2006 to 78 percent last year.  Third party programs are considered to be more difficult to keep updated, but the report highlighted how the majority of vulnerability disclosures were released on the day of discovery by firm responsible. 
Despite this the report showed that there are considerably more problems emanating from third party software than from operating systems.   Operating systems accounted for 12 percent of vulnerabilities, while Microsoft programs were accountable for just 10 percent.
However this still meant an increase to over 800 vulnerabilities according to the Secunia report, meaning that the number has increased threefold in just a few years.   Of these over half were considered to be ‘Highly’ or ‘Extremely’ critical

Thursday, February 9, 2012

Chinese espionage cases touch DuPont, Motorola

reuters.com


Feb 8 (Reuters) - U.S. prosecutors expanded a criminal case over the alleged theft of industrial secrets from chemical giant DuPont, securing an indictment against a Chinese company on economic espionage-related charges.
A Northern California grand jury indicted Pangang Group for conspiracy to commit economic espionage and other charges including conspiracy to steal trade secrets, according to court documents unsealed on Wednesday.
Pangang, a state-owned steel manufacturer in Sichuan province, allegedly worked with a California businessman and others to obtain several valuable trade secrets from DuPont, the indictment says.
Separately, a former engineer for Motorola Inc was found guilty on Wednesday of stealing trade secrets from the company but cleared of economic espionage for China.
The latest developments in the two cases come as Chinese Vice President Xi Jinping is scheduled to visit the United States next week on a range of economic, trade, regional and global issues.

Tuesday, February 7, 2012

HTC devices bugged and exposing Wi-Fi passwords

technobloom.com


A news report released today shows that some HTC devices might actually be exposing your Wi-Fi network password without you knowing about it, but the company said today that a fix is on the way.  The bug was noticed yesterday and allows some applications with basic Wi-Fi permissions to see the password and the name of your network, or SSID.  An alert from the US Computer Emergency Readiness Team was issued yesterday.  In the event that your HTC device was bugged an attacker could be using an application can potentially retrieve and store the information available to hack into the user’s home network.

Sunday, February 5, 2012

Anons' FBI Phone Snooping Casts Long Shadow on Cybersecurity

technewsworld.com

Members of Anonymous managed to tap into an FBI conference call recently, after which they put a recording of the call on the open Web. The news has raised concern in many corners of the security industry. "The odds are that cybersecurity at the FBI and Scotland Yard is on par with, or superior to, security at most corporations," Abrams said.

The hacker community Anonymous on Friday landed another blow in its war with the United States Federal Bureau of Investigation (FBI).
It posted an internal memo from the law enforcement agency about an upcoming international call to discuss hackers. Anonymous also put up a recording of the call itself onYouTube.
"The information was intended for law enforcement officers only and was illegally obtained," the FBI said in a statement sent to TechNewsWorld by spokesperson Jenny Shearer. "A criminal investigation is underway to identify and hold accountable those responsible." 
The recorded call was a conversation between the FBI and Scotland Yard regarding tracking Anonymous members and other digital activists. It also involved other details about the efforts against such groups.