Sunday, November 27, 2011

The passing of an Icon, Glenn Howard Whidden, RIP my friend...

In Memory


Glenn Howard Whidden

March 27, 1928 - November 24, 2011

Beloved Husband, Father, Mentor & Friend

On Thursday, November 24, 2011; Glenn Howard Whidden, 28 year veteran of The Central Intelligence Agency, President of The Espionage Research Institute (ERI), Passed this life. The beloved husband of Natalie Whidden; devoted father of David Whidden. He is also survived by many other relatives and friends. He will be greatly missed by all who had the honor to know him. 

All services and interment will take place in Manchester, NH.  Please Share your thoughts and memories about Glenn, in the guestbook here:


Of Fort Washington, MD died November 24, 2011 after a short illness. He is survived by his wife Natalie; three sons Mark, David, and Thomas; and numerous grandchildren. He will be buried in Manchester, NH in a private family service. 

Author of "The Attack on Axnan Headquarters"
Available at <>
Technical Services Agency, 

Whidden, Glenn H., The Ear: Volume I, Technical Services Agency the prestigious Technical Services Agency - Institute for Countermeasures Studies and Glenn Whidden (CIA-ret); the current President of BECCA 

OCCUPATION: President of Technical Services Agency Inc., a private firm that designs and markets electronic equipment for eavesdropping detection. Holder of five U.S. patents. Part-time instructor, World Institute of Security Enhancement, Greensboro, N.C. Author of A Guidebook for the Beginning Sweeper; The Russian Eavesdropping Threat -- Late 1993; The Axnan Attack; and five other books on the subject of countereavesdropping. 

BACKGROUND: Twenty-eight-year CIA veteran, retired 1974. Worked in 50 countries worldwide. Field experience in most types of espionage activity, including mail intercepts, surreptitious entry and electronic eavesdropping. "An operations type ." [audio 118k] 

EDUCATION: Self-taught electrical engineer, government training in clandestine operations. 

MOST INTRIGUING ASSIGNMENT: A few years ago Whidden returned to his former haunt, Moscow, to sweep the offices of a private business. He managed to ferret out a phone line bug, even though he worried -- unnecessarily, as it turned out -- that the eavesdroppers might be onto him. His host, in a misguided attempt at courtesy, had hired for Whidden a Russian driver, the sort who in the old days informed on tourists for the KGB.


Of Fort Washington, MD died November 24, 2011 after a short illness. He is survived by his wife Natalie; three sons Mark, David, and Thomas; and numerous grandchildren. He will be buried in Manchester, NH in a private family service. In lieu of flowers, memorial gifts may be made to Maryland Society, Sons of the American Revolution, c/o Barrett McKown, Treasurer; 3580 S River Terr; Edgewater, MD 21037.

Published in The Washington Post on November 29, 2011

Rest in Peace, my friend...~JDL

Thursday, November 24, 2011

Apple iTunes flaw 'allowed government spying for 3 years'
An unpatched security flaw in Apple’s iTunes software allowed intelligence agencies and police to hack into users’ computers for more than three years, it’s claimed.

A British company called Gamma International marketed hacking software to governments that exploited the vulnerability via a bogus update to iTunes, Apple's media player, which is installed on more than 250 million machines worldwide.
The hacking software, FinFisher, is used to spy on intelligence targets’ computers. It is known to be used by British agencies and earlier this year records were discovered in abandoned offices of that showed it had been offered to Egypt’s feared secret police.
Apple was informed about the relevant flaw in iTunes in 2008, according to Brian Krebs, a security writer, but did not patch the software until earlier this month, a delay of more than three years.
“A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet the company waited more than 1,200 days to fix the flaw,” he said in a blog post.
"The disclosure raises questions about whether and when Apple knew about the Trojan offering, and its timing in choosing to sew up the security hole in this ubiquitous software title."

Tuesday, November 22, 2011

Compliance vs. Security: The Multiple Dimensions of Corporate Espionage

You've spent months fixing the red items on an internal audit report and just passed a regulatory exam. You've performed a network vulnerability assessment and network pen test within the last year and have fixes in place. You've tightened up your information security policy and recently invested in a security information and event management (SIEM) solution. You're secure, right?
Put yourself in the shoes of a criminal. He knows that most security programs focus on regulatory compliance. He knows that IT departments have limited budgets. He also knows that you must defend against an almost unlimited number of attack vectors, while he just has to find one way in.
How do you protect against a sophisticated, motivated criminal? A professional spy who has targeted your company's trade secrets? A skilled insider with a specific purpose in mind? These types of people know that information comes in many forms, not just electronic, and they are trained to exploit any vulnerability. An effective information security program must incorporate more than just traditional pen tests and vulnerability assessments. 

Corporate espionage is on the rise for multiple reasons: the down economy, frequent job changes, and even governments that boost their economies through acquisition of trade secrets. In most cases, the end product is not as valuable as obtaining the means of production, the research and development, or the "know-how." This type of information will help to cut down on development costs and aid in the long-term production of a particular good. In the end, a company must get the best product to market first, at the best cost, through maneuvering around the competition.

Cyber attack on water utility an 'eye-opener' for security professionals

YARMOUTH, Maine—A cyber attack that apparently originated in Russia and targeted a water utility in Illinois may be the purview of IT security specialists, but it should be of concern to all security professionals with responsibilities over vital infrastructure, say utility security experts who spoke with Security Director News.
The cyber attack, which targeted the Curran-Gardner Township Public Water District, apparently took place on Nov. 8 and was traced to an IP address in Russia. By taking remote control of the Supervisory Control and Data Acquisition (SCADA) systems, the attackers were able to burn out a water pump. However, the event wasn't widely reported until Nov. 17, when Joe Weiss, a well-known expert on cyber security of utilities, wrote about the attack, citing a report from the Illinois Statewide Terrorism and Intelligence Center.
Though the cyber attack's only result was a burned-out pump at a small Illinois water utility, Allan Wick, security manager for the Tri-State Generation and Transmission Association and chairman of the ASIS Utilities Security Council, told Security Director News it's a very significant event. "This is the first documented instance in the United States of a SCADA system of a critical infrastructure being compromised," he said.
People have been talking about the potential for such an attack for years, Wick said, but not everyone in the utilities sector took the threat seriously. The event should be an "eye-opener" for security professionals with responsibility over vital infrastructure, Wick said. "Take the threat seriously," he said. "It's not someone crying wolf."

Wednesday, November 16, 2011

Attackers Get Sneakier With Encrypted Malware

Malware just got sneaky! Well, sneakier, that is. Attackers in Brazil have found a way to sneak around antivirus programs by using cryptography.
Recently Dmitry BestuzhevKaspersky Lab's Head of Global Research and Analysis Team for Latin America, was looking over some potentially malicious links from Brazil when he discovered some files with .jpeg filename extensions. At first glance, Bestuzhev thought that they were some form ofsteganography--the art and science of hiding messages. But upon further inspection, the reseacher discovered that they were actually more like .bmp (bitmap) files, than JPEGs.
The data contained within the files themselves was obviously encrypted and contained some kind of malware; Bestuzhev later discovered that the data was in the form of block ciphers--a cryptographic method that encrypts 128-bit blocks of plain text in to 128-bit blocks of cipher text. Since block ciphers can only be composed of 128-bit blocks, they must break up the message into several blocks and encrypt each one individually. A process called modes of operationallows a cryptographer to repeatedly use block ciphers to encrypt an entire program--or piece of malware, in this case.

Fox-IT and TNO to Work on System for Detecting Digital Espionage

Delft, The Netherlands (PRWEB) November 16, 2011
The threat of targeted cyber attacks, especially digital espionage is increasing rapidly. The current security measures against cybercrime focus primarily on the detection of massive and indiscriminate attacks. To protect businesses and governments against cyber espionage Fox-IT and TNO are developing the Cyber Attack Detector (CAD).
Analyzing a large number of digital espionage indicators will allow users to be instantly alerted when there are activities that indicate fraud or espionage. The Ministry of Economic Affairs, Agriculture and Innovation in The Netherlands has granted €800,000 via the “Innovation for Public Security” program for the development of this joint solution.
Digital espionage threat is increasing, protection lagging
The social and economic impact of cybercrime is increasing, as is the demand for an effective protection against cybercrime. The attack methods of the digital spy have become more sophisticated, with increasing reports of very specific and targeted attacks. Traditional protective equipment such as intrusion detection systems, firewalls, virus scanners, and log analyzers offer inadequate protection.


Facebook Hacked: Porn and Graphic Material Floods Users' Accounts

Facebook has been under heavy attack the last two or three days as the popular social networking site has become the victim of a severe hacking spree affecting nearly every user on the site.

The hacks do not seem to have specific targets but happen at random with some user’s newsfeeds being littered with objectionable content and others not seeing anything.
Some of the hacks happen in the form of "click' spam being sent out. A popular spam involves Kim Kardashian with a link to a video. It will say something like "After watching this video I lost all respect for Kim." Upon clicking, the link takes the unsuspecting person nowhere, and hacks the account sending the same spam to all of the user’s friends.
Other spams include mass messages and tagged photos leading people to believe they are in the link or involved with it because it is not personalized. Those will also have the same result, and continue the spamming of others walls.

Monday, November 14, 2011

I spy... something beginning with adultery

The woman in her early forties staring at the laptop couldn’t quite believe what she was seeing. Live pictures beamed to her computer showed her husband having a romantic meal in a restaurant in Esher in Surrey with another woman.
The images, recorded by a hidden camera placed in an unmarked white van, were transmitted live back to the married couple’s drawing room deep in the Surrey stockbroker belt. The private investigator sat with the spurned spouse as they stared at the screen, surrounded by expensive antiques and original artworks. “Give him a call,” said the investigator. The woman – let’s call her Claire – picked up her phone.
“Darling,” she said, “I was just wondering where you were?” Her husband, a senior executive in the City, who by now had stepped out of the restaurant and was standing on the pavement, in clear view of the camera, replied: “I’m stuck in the office. I’ll be home late.”
The wife’s worst fears had been confirmed. Like increasing numbers of husbands and wives, Claire had turned to a private investigator to discover if her partner was cheating. The surveillance, which had lasted a week and culminated in her husband being caught red-handed, had cost her £3,000. She told the investigator later that it was money well spent. One firm that sells tracking devices told The Sunday Telegraph it had seen a huge spike in sales, mainly to suspicious wives.
The use of private detectives and the hi-tech methods they employ to catch out unfaithful spouses is a subject rarely discussed in the polite circles of suburban Britain but it emerged out of the murky shadows last week. Dr Diletta Bianchini, 35, a doctor working at the Royal Marsden Hospital in London, hired a detective agency to place a GPS tracking device beneath the car of her husband William Sachiti, convinced that rather than working late he was conducting an illicit liaison.

Saturday, November 12, 2011

Suspicious wife causes bomb scare after bugging husband's car

Note: Don't try this at home...;-)  ~JDL
 A suspicious wife's attempt to prove her husband was having an affair backfired spectacularly when a tracking device fitted to his car was mistaken for a bomb.
Diletta Bianchini had employed a private detective after her husband William Sachiti began working unusual hours.
Unbeknown to her the investigator fixed a tracker, roughly the size of a cigarette packet, to the petrol tank of Mr Sachiti's £40,000 silver Lexus using magnets.
And when the husband - a security consultant and entrepreneur - spotted the device flashing he feared the worst.
He rushed to alert police, who blocked off a busy high street, evacuated a coffee shop and scrambled the bomb squad, fire engines and ambulances.
Mr Sachiti, who as an entrepreneur once appeared on BBC programme Dragons' Den, said: "When I first saw the device it was after I had my car washed. It was in Morrisons' car park. At first I didn't know what to do.
"I called a friend and they were concerned it could be something dangerous.


Thursday, November 3, 2011

U.S. Calls Out China and Russia for Cyber Espionage Costing Billions


Hey, China and Russia, get off of our clouds.
That's the warning from a new U.S. national intelligence director's report to Congress released Thursday that states China and Russia are the biggest perpetrators of economic espionage through the Internet. 
The report, Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, also warns that the efforts to calculate the cost of lost research and development is nearly impossible to calculate but could be costing up to $398 billion. As mobile devices proliferate, it's only going to get easier for spies to steal.

Analysts note that this is the first time the U.S. government report has so openly blamed countries that support cyber attacks and espionage at the national and state level.
"The computer networks of a broad array of U.S. government agencies, private companies,
universities, and other institutions -- all holding large volumes of sensitive economic information -- were targeted by cyber espionage; much of this activity appears to have originated in China," reads the report.
Drawing on data from 13 agencies, including the CIA and FBI, over the past two years, the report concludes that attacks against U.S. government networks and military contracts are on the rise. But one of the most worrying trends is the growing number of attacks on businesses that are smaller than the Fortune 500 companies.
Additionally, the report states that China's intelligence services -- as well as private companies and other entities -- are exploiting Chinese citizens or others with family ties in China who have "insider access to corporate networks to steal trade secrets using removable media devices or e-mail."


Note: Worried about Cyber Espionage? Contact us, we can help. ~JDL

SpearTip Announces Strategic Alliance With ComSec

St. Louis, Missouri (PRWEB) November 03, 2011
SpearTip, LLC CEO Jarrett Kolthoff announced that SpearTip has formed a strategic alliance with ComSec, LLC, of Virginia Beach, VA, which provides professional technical surveillance counter measure (TSCM) services nationwide. ComSec’s expertise includes electronic eavesdropping detection, bug sweeps, counterespionage consulting, counter surveillance, cyber TSCM, and anti-surveillance services for businesses and individuals.
Kolthoff said the alliance continues SpearTip’s geographic growth to the eastern seaboard as well as adding skill sets and technical capabilities to SpearTip’s existing cyber counterespionage arsenal.
ComSec is headed by CEO/President J.D. LeaSure, a countersurveillance practitioner in defense and industrial sectors since 1984. LeaSure has extensive training, knowledge, and experience covering eavesdropping devices, detection methods and other surveillance tactics employed by those seeking to steal information. The SpearTip alliance expands ComSec’s capabilities in cyber counterespionage and computer forensics.
“We believe this combination of talents and expertise will strengthen the unique service SpearTip offers clients,” Kolthoff said. “We are able to offer the broadest range of countersurveillance protection of anyone in the industry.”  

Wednesday, November 2, 2011

DC convention helps governments spy on citizens

Representatives from governments across the globe gathered in Washington DC last month, but it wasn’t international affairs that they were there to discuss.

The meeting, rather, was an annual conference where figureheads far and wide come together to discuss the latest and greatest ways to spy on their own citizens.

At this year’s Intelligence Support Systems (ISS) World Americas conference, the only consumers were the governments of great nations far and wide who came together in DC last month to go over the newest achievements in “lawful interception” methods, reveals an article published this week in the UK’s Guardian. According to their filing, international figureheads came together on American soil to find the freshest ways to carry out clandestine surveillance on their own citizens back home by hacking smart phones, laptops and anything else with a circuit.

The actual roster from this year’s guest list is kept top-secret, much like the information inside the exclusive DC conference room, but past reports suggest it reads like a who’s who of foreign nations. In 2008, for examples, the Spanish biometrics company Agnito said they were proud to be a participant in that year’s conference, which it describes on their website as a meeting-place that focuses on Intelligence Gathering. As the worldwide leader in voice biometrics, Agnito’s list of clients includes the Spanish Ministry of Defense, the national police of France, the prosecutor’s office of South Korea and some of the biggest banks in Spain. Don’t let that list of “friendly” nations let you think that nothing is amiss here, however. In The Guardian’s article, Jerry Lucas, president of TeleStrategies, says that the manufacturers of surveillance technologies are free to pitch products to any nation they want.

"The surveillance that we display in our conferences, and discuss how to use, is available to any country in the world,"Lucas tells The Guardian. "Do some countries use this technology to suppress political statements? Yes, I would say that's probably fair to say. But who are the vendors to say that the technology is not being used for good as well as for what you would consider not so good?"

Tuesday, November 1, 2011

How the FBI Busted Anna Chapman and the Russian Spy Ring

Anna Chapman is a television star and lingere model back in Moscow now, but before she and other Russian spies were caught by the FBI last year, they came dangerously close to accomplishing a portion of their undercover mission in the United States.

“This group was well on their way to penetrating foreign policy circles.  They had befriended a friend of a sitting Cabinet official,” FBI Counter Intelligence Assistant Director Frank Figliuzzi said. “They wanted to get their hands on the most sensitive data they could get their hands on, but we took this thing down before classified information changed hands.”
In a wide-ranging interview with ABC News, Figliuzzi said the red-headed Chapman was much more than a seductive “femme fatale.”
“This is a highly-trained intelligence officer — Chapman is new breed of illegal operative,”  Figliuzzi said, describing her as “tech savvy” and capable of spying in plain sight. Chapman and her comrades were “the cream of the crop, handpicked out of the Russian intelligence academy, because of their fluency in languages, and their ability to acclimate into another society,” he said.
FBI hidden camera surveillance videos of the spies’ operations give a fascinating look into Russian spy tradecraft as employed by Chapman and the other Russian agents.   The videos show, among other things,  the Russian infiltrators hiding messages under bridges, secretly trading information, money and contact information via “brush passes,” and digging for buried payoff money in the woods.