Tuesday, December 31, 2013

NSA can turn iPhones into spying tool

LONDON: A well-known privacy advocate has given the public an unusually explicit peek into the intelligence world's tool box, pulling back the curtain on the National Security Agency's arsenal of high-tech spy gear. 

Independent journalist and security expert Jacob Appelbaum told a hacker conference in Germany that the NSA could turn iPhones into eavesdropping tools and use radar wave devices to harvest electronic information from computer even if they weren't online. 

Appelbaum told hundreds of computer experts gathered at Hamburg's Chaos Communications Conference that his revelations about the NSA's capabilities "are even worse than your worst nightmares."  

"What I am going to show you today is wrist-slittingly depressing," he said.

Even though in the past six months there have been an unprecedented level of public scrutiny of the NSA and its methods, Appelbaum's claims -- supported by what appeared to be internal NSA slideshows -- still caused a stir.

One of the slides described how the NSA can plant malicious software onto Apple's iPhone, giving American intelligence agents the ability to turn the popular smartphone into a pocket-sized spy.

Monday, December 30, 2013

Six HTC Employees Accused of Leaking Trade Secrets and Accepting Kickbacks Worth $1.1 Million

Six HTC employees, including Thomas Chien, former vice president for product design at HTC have been accused and charged for leaking company trade secrets, accepting kickbacks of $1.1 million and creating false expense reports.

The accusations have been made by The Taipei District Prosecutors Office. According to a Wall Street Journal report , the accused leaked the design for an upcoming HTC smartphone interface to unauthorized suppliers. The employees reportedly planned to use the un-launched design to start their own smartphone company in China and Taiwan. The external suppliers are yet to be identified.

Taipei Times revealed the identities of the five accused employees to be HTC research and development director Wu Chien-hung, HTC senior manager of design and innovation Huang Kuo-ching, senior manager of design and innovation Huang Hung-yi, manufacturing design department manager Hung Chung-yi, and employee Chen Shih-tsou.

"The company expects employees to observe and practice the highest levels of integrity and ethics," Taipei Times quoted HTC as saying in a statement. "Protecting the company's proprietary and intellectual properties, privacy and security is a core fundamental responsibility of every employee. The company does not condone any violation."

Read more here.

Singapore's IME audited for spying

Singapore says US officials invited to inspect the work of a local research institute to probe spy claims have been 'satisfied' with the audit findings.

The state-linked Institute of Microelectronics (IME) was first thrust into the spotlight in February when the London-based Financial Times cast doubt on the apparent suicide of one of its former researchers - US electronics engineer Shane Todd, who was found hanged in his Singapore flat in June 2012.
It said his family suspected he was murdered because of his work on a joint IME project with Huawei Technologies involving gallium nitride, a semiconductor material with military and commercial applications. Singapore's foreign ministry said in a statement on Monday that US officials had completed a 'process audit' at the IME, after being invited to do so following allegations it was involved in an improper transfer of technology with Huawei.

'The US officials who came for the audit were satisfied with the audit,' the ministry said in the short statement.

Huawei - accused by US officials of involvement in espionage - and IME said they had only held preliminary talks on a potential project with commercial applications, but had not gone further.
A state coroner subsequently ruled in July that 31-year-old Todd took his own life during a bout of depression, debunking his family's conspiracy theory.

The family attended the coroner's inquest in May but angrily walked out after six days and flew home, saying they had 'lost faith' in the proceedings.

Read more here.

Sunday, December 29, 2013

Documents Reveal Top NSA Hacking Unit

The NSA's TAO hacking unit is considered to be the intelligence agency's top secret weapon. It maintains its own covert network, infiltrates computers around the world and even intercepts shipping deliveries to plant back doors in electronics ordered by those it is targeting.

In January 2010, numerous homeowners in San Antonio, Texas, stood baffled in front of their closed garage doors. They wanted to drive to work or head off to do their grocery shopping, but their garage door openers had gone dead, leaving them stranded. No matter how many times they pressed the buttons, the doors didn't budge. The problem primarily affected residents in the western part of the city, around Military Drive and the interstate highway known as Loop 410.

In the United States, a country of cars and commuters, the mysterious garage door problem quickly became an issue for local politicians. Ultimately, the municipal government solved the riddle. Fault for the error lay with the United States' foreign intelligence service, the National Security Agency, which has offices in San Antonio. Officials at the agency were forced to admit that one of the NSA's radio antennas was broadcasting at the same frequency as the garage door openers. Embarrassed officials at the intelligence agency promised to resolve the issue as quickly as possible, and soon the doors began opening again.

Friday, December 27, 2013

N.Y. judge rules NSA phone surveillance legal

NEW YORK — A federal judge on Friday found that the National Security Agency's bulk collection of millions of Americans' telephone records is legal and a valuable part of the nation's arsenal to counter the threat of terrorism and "only works because it collects everything."

U.S. District Judge William Pauley said in a written opinion that the program "represents the government's counter-punch" to eliminate al-Qaida's terror network by connecting fragmented and fleeting communications.

"This blunt tool only works because it collects everything," Pauley said. "The collection is broad, but the scope of counterterrorism investigations is unprecedented."

He said the mass collection of phone data "significantly increases the NSA's capability to detect the faintest patterns left behind by individuals affiliated with foreign terrorist organizations. Armed with all the metadata, NSA can draw connections it might otherwise never be able to find."

He added that such a program, if unchecked, "imperils the civil liberties of every citizen" and he noted the lively debate about the subject across the nation, in Congress and at the White House.
Read more here.

Thursday, December 19, 2013

NSA Spying Just Cost Boeing 4-5 Billion Worth of Fighter Jets

The NSA spying scandal Edward Snowden revealed to the world has upset lots of people and even a few countries. Now it’s a US company that looks set to suffer billions in lost revenue because of it.
Boeing is a heavyweight in the field of aircraft, and when a large contract comes up for new fighter jets you’d expect them to be at the top of the list for securing the work. But that’s not the case in Brazil where the company just failed to win a contract worth at least $4.5 billion.
Brazil needs to replace its fighter jet fleet and has been negotiating a contract to do so for over a decade. Boeing was the company expected to win the contract, but apparently that all changed with the NSA revelations. After that, and according to a Brazilian government source, Boeing didn’t have a chance because the trust had gone as they were an American company.
The contract was instead awarded to Swedish company Saab who will supply 36 Gripen NG fighter jets to Brazil, which are set to be delivered by 2020.The Gripen NG (or Super Gripen) is actually an upgraded version of the JAS 39 Gripen that has been in service since 1997. Modifications include a new powerplant, a significant boost to fuel capacity, and the addition of an active electronically scanned array radar.

Cryptolocker Ransomware Being Described As ‘The Perfect Crime’

BOSTON (CBS) — It is being called the perfect crime and it has law enforcement around the globe baffled.

It all starts with a simple email.
“They are scared and they are angry. It is a real terrible experience for them.”

Joe Ruthaford is talking about computer users who mistakenly launched a potent internet phishing scheme.

He recently saw one of those ravaged computers in his Beacon Hill repair shop.

“It is extremely damaging. It is one of the worst ones.” It’s called cryptolocker ransomware.

Kevin Swindon is with the FBI in Boston. “I would think about this particular type of malware as what would happen if your computer was destroyed,” Swindon said.

In the past 90 days, thousands of people worldwide have opened a seemingly innocuous link to track a holiday package. Suddenly, all the files on their computer are encrypted.

Joan Goodchild is the editor of “CSO,” Chief Security Officer magazine based in Framingham.

“This is a criminal operation. They are holding your folders and files ransom. We call this ransomware because that is exactly what it is. You need to pay in order to have access to them once again.”

And that is exactly what happened last month at the Swansea Police Department.

Target: Hack may have hit 40 million accounts

Consumers who shopped at Target stores between November 27 and December 15 -- right in the thick of the high-volume holiday shopping season -- should check their credit card statements for any unusual activity.
On Thursday, the retail chain acknowledged of a hack that obtained the names, credit or debit card numbers, expiration dates, and three-digit security codes of store customers who purchased items over the past few weeks, including the Black Friday weekend. Around 40 million credit and debit card accounts may have been affected by the attack.
The issue that let the hacker gain access to customer data has been identified and resolved, according to Target. The company said that it's working with law enforcement officials to track down those responsible for the attack and has hired a third-party forensic team to investigate the incident.
In an FAQ to customers potentially affected, Target explained that the data breach is a concern for those who made purchases at a Target store in the US between November 27 and December 15. People who bought items through Target's Web site or at a retail store in Canada are safe, according to the company. Target Redcard holders who suspect a fraudulent charge on their card should contact Target; other customers should call their bank, Target advised.

Computers Can Be Hacked Using High-Frequency Sound

(ISNS)—Using the microphones and speakers that come standard in many of today's laptop computers and mobile devices, hackers can secretly transmit and receive data using high-frequency audio signals that are mostly inaudible to human ears, a new study shows.
Michael Hanspach and Michael Goetz, researchers at Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently performed a proof-of-concept experiment that showed that "covert acoustical networking," a technique which had been hypothesized but considered improbable by most experts, is indeed possible.
Their findings, detailed in a recent issue of the Journal of Communications, could have major implications for electronic security.
"If you have a high demand for information security and assurance, you would need to prepare countermeasures," Hanspach wrote in an email to Inside Science.

Monday, December 9, 2013

NSA, GCHQ 'planted agents' into World of Warcraft, Second Life to spy on gamers

The NSA and the UK’s GCHQ spying agencies have collected players’ charts and deployed real-life agents into online World of Warcraft and Second Life games, a new leak by whistleblower Edward Snowden has revealed.

An NSA document from 2008, titled “Exploiting Terrorist Use of Games & Virtual Environments,” was published Monday by The Guardian in partnership with The New York Times and ProPublica.

In the report, the agency warned of the risk of leaving games communities under-monitored and described them as a "target-rich communications network" where intelligence targets could “hide in plain sight.”

The document showed that the US and UK spy agencies were collecting large amounts of data in the Xbox Live console network, which has more than 48 million players.

Real-life agents have been deployed into the World of Warcraft multiplayer online role-playing game and the virtual world of Second Life, in which people interact with each other through avatars.

The NSA and GCHQ also tried to recruit potential informants among the gamers, the report said.

Car hacking: Remote possibility, looming fear

WASHINGTON -- In a world in which hackers track computer keystrokes to steal credit card numbers and the government snoops on phone calls and e-mails, it's not so hard to imagine a laptop-wielding bad guy remotely wresting control of a car and wreaking havoc.
Car hacking has become a staple of Hollywood action movies, such as this year's Fast & Furious 6, in which the villains take over cars' electronics in order to crash them. It is also becoming an obsession on Capitol Hill, even though there has never been a documented case of a car being maliciously hacked in the real world.
That kind of spotlight from Congress and the media could prod the industry to take the threat of hacking more seriously, but it could just as well terrify the public before the industry has a chance to do much about it.
That would be bad news for automakers, which over the next few years want to create a unified mobile communications network, a so-called Internet of cars, to help prevent crashes and deliver a host of new in-vehicle services.
Read more.

Thursday, December 5, 2013

Hackers secretly redirecting web traffic around the world

Internet experts say huge chunks of sensitive web traffic have been routinely hijacked by hackers and diverted to foreign computers, compromising the data of victims in at least 150 cities worldwide.

Researchers at New Hampshire-based global internet intelligence company Renesys say that they’ve witnessed a complex type of Man-in-the-Middle attack occur on computer networks no fewer than 60 days this year already, the likes of which they say should never have happened.

In incidents described in a report released by Renesys last month, the firm claims that web data from major financial institutions, government agencies and Internet Service Providers (ISPs) alike were all compromised when unidentified hackers exposed a rarely-discussed vulnerability in order to almost silently divert that information away from its intended destinations, and instead route it abroad to be collected, read and then re-sent to the rightful recipient.

The method of attack exploits a vulnerability in the Border Gateway Protocol, or BGP, and takes advantage of the fact that much of the information routed through the global system of networks considered to be the backbone of the internet is exchanged based off of little more than trust among administrators.

BGP is "essentially the glue that holds the disparate parts of the Internet together," Jennifer Rexford, a computer science professor at Princeton University, told the Washington Post’s Andrea Peterson last month.

2 million Facebook, Google and other accounts compromised

Security experts say passwords for more than 2 million Facebook, Google and other accounts have been compromised and circulated online, just the latest example of breaches involving leading Internet companies.
Some services including Twitter have responded by disabling the affected passwords. But there are several things you can do to minimize further threats — even if your account isn't among the 2 million that were compromised.
Here are some tips to help you secure your online accounts:
One Thing Leads to Another
When a malicious hacker gets a password to one account, it's often a stepping stone to a more serious breach, especially because many people use the same passwords on multiple accounts. So if someone breaks into your Facebook account, that person might try the same password on your banking or Amazon account. Suddenly, it's not just about fake messages being posted to your social media accounts. It's about your hard-earned money.

iSPY: How the internet buys and sells your secrets

You probably have no idea how much of yourself you have given away on the internet, or how much it’s worth. Never mind Big Brother, the all-seeing state; the real menace online is the Little Brothers — the companies who suck up your personal data, repackage it, then sell it to the highest bidder. The Little Brothers are answerable to no one, and they are every-where.
What may seem innocuous, even worthless information — shopping, musical preferences, holiday destinations — is seized on by the digital scavengers who sift through cyberspace looking for information they can sell: a mobile phone number, a private email address. The more respectable data-accumulating companies — Facebook, Google, Amazon — already have all that. Even donating money to charity by texting a word to a number means you can end up on databases as a ‘giver’ — and being inundated with phone calls from other noble causes. Once your details end up on a list, you can never quite control who will buy them.
As you surf the web, thousands of ‘third-party cookies’ track your browsing habits. Then there’s your smartphone, which can log information every waking and sleeping moment. Quintillions — yes that really is a number — of pieces of data are being generated by us, about us. Look at Facebook. In a typical week, its users upload 20 billion items of content — pictures, names, preferences, shopping habits and other titbits: all information that can be stored and later employed to help advertisers.

Tuesday, December 3, 2013

Huawei decides to exit the US market over cyber espionage concerns

Chinese networking and telecommunications equipment provider Huawei is calling it quits in the US. CEO Ren Zhengfei recently told French news site Les Echos that it wasn’t worth it for his company to get in the middle of US / China relations and as such, they have decided to exit the US market.
In a statement on the matter, a Huawei spokesperson more or less dodged the question by saying they are committed to their customers, investments and operations with more than $1 billion in sales in the US. The message concluded by saying they stand ready to deliver additional competition and innovative solutions as desired by their customers.
Zhengfei is of course referring to the ongoing dispute between the two nations on the technology front. Specifically, many US officials believe the company is an unambiguous security threat to the US. These people suspect Huawei may be working with the Chinese military to conduct cyber espionage against the US and other countries.

Wednesday, November 27, 2013

Tips for Selecting the Best Technical Surveillance Counter Measures Cyber TSCM Expert

Selecting the services provided by a competent, trust-worthy Technical Surveillance Counter Measures, Cyber TSCM Service Provider, can be a difficult decision. But, equipped with the right information, you can be assured to identify the right candidate for your assignment.

How can you identify the best TSCM service provider for your needs? Below you will find a few useful questions that you always need to ask, in order to make the correct decision:

● Ask for verifiable information on the candidates’ training & experience. If you are trying to protect highly sensitive information at all costs, then you definitely need to hire a Cyber TSCM expert with years of professional experience in this field of activity, who has already verifiably demonstrated his/her skills both on a national and global level. Always ask for proof of training & experience, training certificates and references. Counterintelligence training is a definite plus, or professional TSCM training at one of the very few recognized schools or institutions, for example. This will ensure you select the most skilled candidate for your needs.

● After completing this phase, it is crucial to find out if the service provider you have chosen is both licensed & insured. Opt for a candidate who can show you his/her valid business license, and professional liability insurance. Don’t make any kind of compromises that you might end up regretting.

More here.

NSA Spying May Cost U.S. Companies $35 Billion

Network spying could discourage $35 billion in cloud-computing sales through 2016

International concern about digital spying by the National Security Agency could make it difficult for U.S. companies to gain customers in the growing cloud-computing business, and could cost them up to $35 billion through 2016.
European cloud computing businesses could gain customers by portraying themselves as less vulnerable to data requests and spying than U.S. companies, according to a report from the Information Technology and Innovation Foundation, which called for greater transparency about government monitoring to combat this perception.
If the U.S. loses about 10 percent of foreign business to European or Asian competitors and keeps its projected domestic market share, American cloud-computing providers might lose $21.5 billion over the next three years, explained Daniel Castro, the senior analyst at ITIF who wrote the report.
"On the high end, U.S. cloud computing providers might lose $35.0 billion by 2016," Castro said in the report. "This assumes the U.S. eventually loses 20 percent of the foreign market to competitors and retains its current domestic market share."

Egypt says it nabbed espionage ring

CAIRO, Nov. 27 (UPI) -- Egypt said it arrested 17 suspects, including diplomats, who allegedly spied for the United States and Mossad, Israel's intelligence agency, officials said.
Seventeen suspects who allegedly belonged to three spy networks were recently captured, Egyptian intelligence sources told the Arabic language Ma'an News Agency Tuesday.
The suspects include foreign diplomatic staff that operated out of their countries' embassies in Cairo, the report said. Some of the suspects are European passport holders of African descent. Some of the information gathered by suspects was sent via diplomatic mail back to their countries.
The suspects compiled information on the political and economic situation in Egypt as well as details of the army's movements, including photographs of military installations and locations where the military is deployed, the sources alleged.
Some of those arrested claimed they were conducting research in the country and denied carrying out espionage, the report said. However, Egyptian authorities alleged phone records of some of the suspects proved otherwise.

More here.

The SBU's white eavesdropping mini-van

The Security Service of Ukraine, the nation’s intelligence agency, has its white mini-van back, courtesy of the Berkut anti-riot police officers.
Demonstrators seized the van during a protest rally on the evening of Nov. 25, suspecting that it contained sophisticated equipment for eavesdropping on telephone conversations of protest leaders.
The taking of the van prompted clashes last night between police and protesters. After a 30-minute standoff, punctuated by fighting, the demonstrators recovered evidence from the van and the police reclaimed it.
Opposition lawmaker Mykola Kniazhytsky posted a picture of a passport, car tag numbers and what he said were technical listening devises found in the van on his Facebook page. Opposition leaders promised to analyze the recordings and release their findings.
Equipment believed to be listening devices found in the white mini-van that 
SBU officers were using while parked near European Square.

That left officials trying to explain what the van was doing at the protest site.
Kyiv’s Interior Ministry said they received an emergency call alleging that the van of the SBU, as the intelligence agency is known, was mined with an explosive device. It would be ironic, since the SBU said the van’s purpose at the rally was to check for bombs. However, in a separate statement, the SBU on Nov. 26 said their officers were using equipment inside the van to check for radio channels that could be used to set off a bomb in the crowd. They also said that five agents were working inside.

Tuesday, November 26, 2013

Spies worry over "doomsday" cache stashed by ex-NSA contractor Snowden

(Reuters) - British and U.S. intelligence officials say they are worried about a "doomsday" cache of highly classified, heavily encrypted material they believe former National Security Agency contractor Edward Snowden has stored on a data cloud.
The cache contains documents generated by the NSA and other agencies and includes names of U.S. and allied intelligence personnel, seven current and former U.S. officials and other sources briefed on the matter said.
The data is protected with sophisticated encryption, and multiple passwords are needed to open it, said two of the sources, who like the others spoke on condition of anonymity to discuss intelligence matters.
The passwords are in the possession of at least three different people and are valid for only a brief time window each day, they said. The identities of persons who might have the passwords are unknown.
Spokespeople for both NSA and the U.S. Office of the Director of National Intelligence declined to comment.
One source described the cache of still unpublished material as Snowden's "insurance policy" against arrest or physical harm.
U.S. officials and other sources said only a small proportion of the classified material Snowden downloaded during stints as a contract systems administrator for NSA has been made public. Some Obama Administration officials have said privately that Snowden downloaded enough material to fuel two more years of news stories.

"The worst is yet to come," said one former U.S. official who follows the investigation closely.

Monday, November 25, 2013

Mavis Batey dies at 92; renowned code-breaker for Britain in WWII

MAVIS BATEY, 1921 - 2013
Renowned British code-breaker

Among Bletchley Park's brilliant decoders, Mavis Batey stood out. Her work led to a British victory over the Italian navy, and she was the first to crack the German spy service's code.
Fifty miles north of London lies Bletchley Park, a railway town during World War II that had few, if any, sights to recommend it. It was here, to a rundown estate on the other side of the tracks, that 19-year-old Mavis Batey was dispatched in the spring of 1940.
As Hitler's forces advanced across Europe, encoded messages from Panzer divisions, U-boats and even the German high command were being intercepted and relayed to the men and women at Bletchley Park, whose job was to break the German code and help Britain and its allies outwit the Axis powers.

Batey, a college student studying German linguistics, became one of Bletchley Park's nimblest decoders. She decrypted a message that led to a stunning British victory over the Italian navy in the Mediterranean. 
She also was the first to crack the secret messages of the Abwehr, the German intelligence service, a breakthrough that helped ensure the success of the D-day landings.

"She was the last of the great break-in experts…who broke codes or ciphers that no one else had ever broken," said British historian Michael Smith, who wrote several books on Bletchley Park. "She was a remarkable woman and someone I will never forget, nor will anyone who ever met her."

More here.

NSA infected 50,000 computer networks with malicious software

The American intelligence service - NSA - infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this.
A management presentation dating from 2012 explains how the NSA collects information worldwide. In addition, the presentation shows that the intelligence service uses ‘Computer Network Exploitation’ (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware, malicious software.
One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. For a number of years the British intelligence service - GCHQ – has been installing this malicious software in the Belgacom network in order to tap their customers’ telephone and data traffic. The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.

Saturday, November 23, 2013

How Edward Snowden Escalated Cyber War With China

For more than a decade, a relentless campaign by China to steal valuable, confidential information from United States corporations flourished with barely a peep from Washington. And now it might never be stopped.
The secret online assault was well-understood by the last two administrations. The program's scope was confirmed in a 2009 classified inquiry that discovered Chinese hackers - many of them traced to facilities connected to the People's Liberation Army - had penetrated not only all of the corporate computer networks analyzed, but also every examined computer system used by state or federal agencies.
Still, the State Department warned - as it had for years - that publicly confronting China over its online economic warfare would damage relations with Beijing, so American government statements about the hacking did not disclose the scope of China's efforts. It was not until October 2011 that the Obama administration pulled back the curtain a bit on a single page of a little-noticed public report by the Office of the National Intelligence Executive. But that muted warning bell did nothing to slow the hacking or to create greater concern on Capitol Hill, and Washington's demands that China rein in its hacking continued to be delivered quietly in diplomatic tête-à-têtes.

Friday, November 22, 2013

Chinese hackers spying on American cloud

With the National Security Agency spying on pretty much everyone inside and out of this country, we can't be too surprised, or offended, to find out that other countries are spying on us.
Besides, the cloud is such a tempting target.
According to the U.S.-China Economic and Security Review Commission's annual report to Congress, "strong evidence has emerged that the Chinese government is directing and executing a large-scale cyber espionage campaign against the United States."
The 465-page report goes on to explain that these practices "may present cybersecurity risks for U.S. users and providers of cloud computing services." China's willingness to combine commerce with spying "represents a potential espionage threat to foreign companies that might use cloud computing services…the Chinese government one day may be able to access data centers outside China through Chinese data centers."
The report also explains that "China’s Ministry of State Security (MSS), the country’s main foreign intelligence collection agency, is closely connected with the Chongqing Special Cloud Computing Zone." This relationship "represents a potential espionage threat to foreign companies that might use cloud computing services provided from the zone or base operations there."
Yet according to a Bloomberg article by Chris Strohm, "The report fails to cite any examples of the Chinese government using [cloud] technology in attacks."

Thursday, November 21, 2013

Spooky Business: A New Report on Corporate Espionage Against Non-profits

WASHINGTONNov. 20, 2013 /PRNewswire-USNewswire/ -- Giant corporations are employing highly unethical or illegal tools of espionage against nonprofit organizations with near impunity, according to a new report by Essential Information.  The report, titled Spooky Business, documents how corporations hire shady investigative firms staffed with former employees of the Central Intelligence Agency (CIA), National Security Agency (NSA), US military, Federal Bureau of Investigations (FBI), Secret Service and local police departments to target nonprofit organizations.
"Corporate espionage against nonprofit organizations is an egregious abuse of corporate power that is subverting democracy," said Gary Ruskin, author of Spooky Business. "Who will rein in the forces of corporate lawlessness as they bear down upon nonprofit defenders of justice?"
Many of the world's largest corporations and their trade associations -- including the U.S. Chamber of Commerce, Walmart, Monsanto, Bank of America, Dow Chemical, Kraft, Coca-Cola, Chevron, Burger King, McDonald's, Shell, BP, BAE, Sasol, Brown & Williamson and E.ON –  have been linked to espionage or planned espionage against nonprofit organizations, activists and whistleblowers.
Many different types of nonprofit organizations have been targeted with corporate espionage, including environmental, anti-war, public interest, consumer, food safety, pesticide reform, nursing home reform, gun control, social justice, animal rights and arms control groups. 

Friday, November 15, 2013

SC DJJ employee charged with wiretapping

 — A woman who works at the S.C. Department of Juvenile Justice was charged with wiretapping after she is alleged to have secretly recorded a conversation in the DJJ’s Inspector General’s office that she was not a party to, the State Law Enforcement Division reported Thursday.
Leann Cudd, 29, of Irmo was working as an administrative assistant Sept. 23 when she allegedly slipped her iPhone under the closed door of the Inspector General’s office and recorded a conversation between two DJJ employees, according to a SLED news release.
According to SLED, Cudd admitted making the recording. No details about the topic or motive for the act was given.
Cudd was being held at the Alvin S. Glenn Detention Center Thursday.
From Staff ReportsMore here.

Read more here: http://www.thestate.com/2013/11/14/3098475/sc-djj-employee-charged-with-wiretapping.html#storylink=cpy

Tuesday, November 12, 2013

Samsung, Nokia say they don’t know how to track a powered-down phone

Privacy International still awaits answers from Apple, BlackBerry, and others.

Back in July 2013, The Washington Post reported that nearly a decade ago, the National Security Agency developed a new technique that allowed spooks to “find cellphones even when they were turned off. JSOC troops called this ‘The Find,’ and it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq, according to members of the unit.”
Many security researchers scratched their heads trying to figure out how this could be so. The British watchdog group Privacy International took it upon itself to ask eight major mobile phone manufacturers if and how this was possible in August 2013. On Monday, the group published replies from the four firms that have responded thus far: Ericsson, Google, Nokia, and Samsung. (Apple, HTC, Microsoft, and BlackBerry have not yet sent in a response.)
A research officer at the organization, Richard Tynan, wrote that “two themes stood out among the companies that replied: hardware manufacturers claim that they strive to switch off almost all their components while the phone is powered down, and if tracking occurs it is likely due to the installation of malware onto the phone.” Here are a few of the responses:

Saturday, November 9, 2013

Corporate espionage: The spy in your cubicle

Even as business crimes decrease, many firms fear industrial espionage more than ever. While the NSA may give them headline-grabbing grounds for feeling that way, the perpertrator is most likely on the company's payroll.

At a trade fair, the head of a company discovers a machine developed by his own employees - but at the stand of a competitor, where the new item is proudly displayed. Looking through his company's inventory, he sees four new printers, even though he in fact ordered five. And to top things off, he's having problems with the state prosecutors, who say his firm is implicated in a bribery charge. His company, in short, has fallen victim to industrrial espionage - three times over.
Since 2001, some 61 percent of German companies have fallen prey to these or similar crimes. In 2013, by comparison, just 45 percent of German firms were entangled in such an affair. Those were the conclusions of a study conducted by business consulting giant PricewaterhouseCoopers (PCW) together with Martin Luther University in Halle-Wittenberg (MLU). For the study, more than 600 German companies, each with at least 500 employees, were examined every two years.

Thursday, November 7, 2013

Fear of bugging prompts tablet ban in British Cabinet meetings

iPads were plucked from users' hands at the British Cabinet meeting last week, because of fears that they might be bugged by foreign intelligence agencies.

The Daily Mail on Sunday reported that the Ministers were using the devices for a presentation by Cabinet Office Minister Francis Maude and Mike Bracken, who's in charge of the Government Digital Service.

The talk was on the topic of saving the economy close to £2bil (RM10.2bil) a year within the next four years.

Typically, the Cabinet isn't particularly generous about applause for presentations, the Daily Mail said, but this time, when the talk wrapped up, Ministers clapped.

That's when the government's security team pounced, the Mail reports, whisking all iPads out of the room to avoid careless talk reaching the wrong ears.

It doesn't stop there, The Telegraph subsequently reported.

Given the security force's fear that foreign intelligence agencies have developed the ability to turn mobile devices into eavesdropping bugs without their owners' knowledge, all tablet computers - which, one assumes, covers all manufacturers' gadgets, and not just Apple's - are now banned from Cabinet meetings.

Monday, November 4, 2013

Singapore boosts cyber defences after 'Anonymous' threat

The Singapore government said Monday it was on "heightened vigilance" following threats from the activist hackers' group Anonymous, but denied that any of its websites had already been compromised.

The statement by the Infocomm Development Authority (IDA) came as Singapore's biggest publisher confirmed users were having difficulty accessing some of its online sites, although no group has claimed responsibility for the incidents.
A person claiming to be from Anonymous last Friday hacked a reporter's blog on the  of the pro-government Straits Times newspaper, and warned of further attacks as it demanded greater Internet freedom in the strictly governed city-state.
In a video clip posted on YouTube on Thursday, a masked person claiming to represent Anonymous also warned the Singapore government it faced cyber attacks from the group unless it scrapped new rules requiring annual licences for news websites.
"The Singapore government takes cyber security and threats to its ICT (information and communication technology) infrastructure very seriously," the IDA said in a statement.
"Government agencies have been on heightened vigilance and have enhanced the security of their IT (information technology) systems in response to the declared threats against the government's ICT infrastructure."

Read more here.

Thursday, October 31, 2013

Bugs that scan wi-fi devices found in imported kitchen gadgets

Russian investigators claim to have found household appliances imported from China which contain hidden microchips that pump spam data and malware into wi-fi networks, it has been reported.

Authorities in St Petersburg allegedly discovered 20 to 30 kettles and irons with 'spy microchips that send some data to the foreign server'.

The revelation comes just as the EU launches an investigation into claims that Russia itself bugged gifts to delegates at last month's G20 summit in an attempt to retrieve data from computers and telephones.

This has led to speculation that the chips allegedly found in the home appliances may also have the ability to steal data and send it back to Chinese servers.

The allegations against the Chinese were made in St Petersburg news outlet Rosbalt, which quotes a source from customs broker Panimport, but does not detail what data was being sent or to where.

According to The Register, which translated the article, it would be possible to build a malicious microchip - sometimes referred to as a spambot or spybot - small enough to hide in a kettle.

Wednesday, October 30, 2013

NSA secretly tapped Google, Yahoo data centers worldwide

Massive cloud networks from companies like Google and Yahoo cache and serve up much of the data on the Internet -- and the NSA has secretly tapped into the unencrypted links behind those company’s enormous servers, according to a new report from the Washington Post.
By tapping into that link, the NSA can collect data at will from hundreds of millions of user accounts, the Post reported -- including not just foreign citizens and “metadata” but emails, videos and audio from American citizens.

Operation MUSCULAR, a joint program of the NSA and its British equivalent GCHQ, relies on an unnamed telecommunications provider outside of the U.S. to offer secret access to a cable or switch through with Google and Yahoo pass unencrypted traffic between their servers. The massive servers run by the company are carefully guarded and strictly audited, the companies say; according to Google, buildings housing its servers are guarded around the clock by trained personnel, and secured with heat-sensitive cameras, biometric verification, and more.

Two engineers with close ties to Google exploded in profanity when they saw a drawing of the NSA’s hack revealed by Edward Snowden; the drawing includes a smiley face next to the point at which the agency apparently was able to tap into the world’s data.

Tuesday, October 29, 2013


Commemorative gifts distributed by the Russian government meant to celebrate the G20 Summit in St. Petersburg last September are infected with data-stealing malware, according to analysis.
The gifts, which included USB drives and phone chargers emblazoned with the G20 Summit logo, were distributed to world leaders at the event. EU Council President Herman Van Rompuy turned his over to German researchers for analysis, and it was determined that the units contained malware designed to exfiltrate sensitive data from cell phones and computers if users plugged them in to their devices according to a report by La Stampa.
EU authorities are conducting an investigation to determine if the attendees were being targeted in an attempted espionage operation, and have warned other nations who participated in the conference of the potential threat to security.