Sunday, March 30, 2014

Dirty tricks claims resurface as Project Smoke is revealed

CLAIMS that British American Tobacco (BAT) has been involved in corporate espionage in South Africa first surfaced in 2002 when a high court judge granted an Anton Pillar search and seizure order on the company’s local office.
At that time, tobacco rival Apollo, run by millionaire Hennie Delport, claimed that BAT had bugged his office at least three times.
In 2008, a research paper titled “BAT and the insidious impact of illicit trade in cigarettes across Africa”, drew evidence from internal BAT documents to argue that the company had been involved in smuggling cigarettes across Africa while ostensibly campaigning against the illicit trade in tobacco products.
Business Times has obtained documents in which government intelligence officials, understood to be from the State Security Agency, set out their plans for setting up a covert operation, Project Smoke, intended to uncover whether BAT had broken any laws.
The Project Smoke memorandum, marked “Private and confidential”, said that “initial evidence shows that [BAT] has advanced its corporate interests by systematically exploiting strategic opportunities to supply contraband cigarettes throughout Africa”.
The memorandum laid out a plan for finding evidence of BAT’s “complicity ... in the illicit trade in cigarettes”.
“The most effective way to collect information and intelligence within [the] industry is to trade in the market,” it said.
State Security Agency agents “set up” tobacco-related organisations to report on what was going on in the industry.

Tuesday, March 25, 2014

Secret spy satellite to launch Tuesday

A powerful Atlas 5 rocket is being readied for launch Tuesday afternoon to place a clandestine payload into space, possibly headed for geosynchronous orbit 22,300 miles above the Earth.
The United Launch Alliance-operated vehicle is capable of delivering 7,800 pounds directly into this type of orbit used by eavesdropping intelligence spacecraft.
Liftoff from Complex 41 at Florida's Cape Canaveral Air Force Station is planned for 2:48 p.m. EDT Tuesday (1848 GMT). The day's launch period extends to 3:35 p.m. EDT. There is a 40 percent chance of acceptable weather due to cloud cover. The launch is known simply as NROL-67, a classified satellite-delivery flight for the U.S. National Reconnaissance Office. The NRO is the secretive government agency that controls the country's spy satellites.

Monday, March 24, 2014

Hospital hit by screen-grab Trojan that attempted to steal 5,400 patient records

A US hospital has admitted suffering a mysterious malware attack that grabbed screenshots containing the personal data of 5,400 patients from hospital PCs before hiding them in an encrypted folder for probable transmission to criminals.
In a statement, the small Valley View Hospital in Glenwood Springs Colorado said that it had discovered the attack in January 2014, after which a third-party forensics firm identified the malware as a screen grabber that stored the data in an encrypted cache.
Each of the 5,400 patients whose details has been accessed was allotted a sub-folder, inside of which were grabs revealing different amounts of personal data including addresses, dates of birth, social security numbers, credit card data, patient numbers and discharge dates, the hospital said.

This drone can steal what’s on your phone

NEW YORK (CNNMoney) — The next threat to your privacy could be hovering over head while you walk down the street.
Hackers have developed a drone that can steal the contents of your smartphone — from your location data to your Amazon password — and they’ve been testing it out in the skies of London. The research will be presented next week at the Black Hat Asia cybersecurity conference in Singapore.
The technology equipped on the drone, known as Snoopy, looks for mobile devices with Wi-Fi settings turned on.
Snoopy takes advantage of a feature built into all smartphones and tablets: When mobile devices try to connect to the Internet, they look for networks they’ve accessed in the past.
“Their phone will very noisily be shouting out the name of every network its ever connected to,” Sensepost security researcher Glenn Wilkinson said. “They’ll be shouting out, ‘Starbucks, are you there?…McDonald’s Free Wi-Fi, are you there?”
That’s when Snoopy can swoop into action (and be its most devious, even more than the cartoon dog): the drone can send back a signal pretending to be networks you’ve connected to in the past. Devices two feet apart could both make connections with the quadcopter, each thinking it is a different, trusted Wi-Fi network. When the phones connect to the drone, Snoopy will intercept everything they send and receive.
“Your phone connects to me and then I can see all of your traffic,” Wilkinson said.

Friday, March 21, 2014

BAE Systems Analyzes Snake Cyber-Espionage Campaign

BAE Systems Applied Intelligence unveiled the extent of the venomous nature of the complex cyber-espionage “Snake” operation which has been in development since 2005.

New research from BAE Systems Applied Intelligence revealed further details on how the recently disclosed Snake cyber-espionage toolkit operates. The research included descriptions of how the malware communicates, the distinctive architectures that have evolved over the years, the use of novel tricks to by-pass Windows security and how it hides from traditional defensive tools.
Comparable in complexity to the Stuxnet malware that was found to have disrupted Iran’s uranium enrichment program in 2010, Snake hit the headlines recently for its part in the Ukraine crisis.

According to widespread reports, Snake infected dozens of Ukrainian computer networks including government systems in one of the most sophisticated attacks in recent years. It appears Snake was deployed in Ukraine most aggressively since the start of 2013, ahead of protests that climaxed with the overthrow of Viktor Yanukovich’s government.

The origins of this attack remain unclear, but the UK’s Financial Times newspaper said the cyber weapon’s programmers appear to have developed it in a GMT+4 time zone -- which encompasses Moscow -- according to clues left in the code, parts of which also contain fragments of Russian text.

The malware has infected networks run by the Kiev government and other important organizations. Lithuanian systems have also been disproportionately hit by it.

Stealth malware sneaks onto Android phones, then “turns evil” when OS upgrades

A new form of Android malware could bypass one of the main warning systems built into Google’s smartphone and tablet OS – allowing malicious apps to ‘sneak’ onto a phone with a relatively innocuous list of ‘Permissions’, then add new, malicious abilities during phone upgrades, according to Indiana University researchers.
For instance, an innocuous looking game or app could remain in place until the phone or network forces an upgrade, and then could suddenly add permissions to access accounts and data within the phone – allowing it to work as a password stealer. The process would happen without the phone user even being aware, according to Cite World.  
The app would install with a low level of permissions (many Android users now inspect the list, as it can include security risks such as reading phone calls or sending premium messages, as reported by WeLiveSecurity here), and thus ‘pass under the radar’, according to CitEWorld’s report.
Writing in a blog post, the Indiana Univesity researchers found that it was possible to install apps with either no Permisssions – which an app reveals to a user as it installs, such as ‘(Access to SD Card) – or a few, innnocuous ones, then add more sinister functions when the operating system is upgraded.
On many Android phones, OS upgrades are pushed out by operators when available, and users are urged to update to the newest version for security reasons.

Thursday, March 20, 2014

25,000 UNIX servers hijacked by backdoor Trojan

The ESET security research team, in collaboration with CERT-Bund, the Swedish National Infrastructure for Computing and other leading agencies, has uncovered a widespread cybercriminal campaign involving a Backdoor Trojan which seized control of more than 25,000 UNIX servers worldwide.

Once infected, victims' systems are used to steal credentials, redirect web traffic to malicious content and send as many as 35 million spam messages per day.

"Windigo has been gathering strength, largely unnoticed by the security community, for more than two and a half years and currently has 10,000 servers under its control," said Pierre-Marc Bureau, security intelligence program manager, ESET. "This number is significant if you consider each of these systems have access to significant bandwidth, storage, computing power and memory."

The attack, which has been dubbed "Operation Windigo" by security experts, hijacks servers, infects the computers that visit them and steals information from victims. The infected servers are then used to redirect half a million web visitors to malicious content on a daily basis. Servers located throughout the U.S., Germany, France and the UK are all among those infected.

With more than 60 percent of the world's websites running on Linux servers, ESET researchers are warning webmasters and system administrators to check their systems to see if they have been compromised. The company published a detailed technical report today presenting the findings of the teams' investigations and malware analysis.

Read more here.

Ex-Microsoft Employee Charged With Trade Secret Theft

A former Microsoft Corp. (MSFT) employee was charged with stealing the software maker’strade secrets, including of a program to protect against copyright infringement, and leaking them to a blogger in France.
Alex Kibkalo, a Russian national, was arrested yesterday and ordered held without bail, according to federal court filings in Seattle. He admitted to Microsoft’s investigators that he provided the confidential information to the blogger, according to the criminal complaint filed by U.S. prosecutors.
Microsoft was alerted to the theft in 2012 by an individual, who asked that his identity wouldn’t be disclosed and who had been contacted by the blogger to help examine code for the Microsoft Activation Server Software Development Kit, a product developed for internal Microsoft use only, according to the complaint.
The company’s internal investigation traced the leaked information to Kibkalo, a seven-year employee who was working as a software architect in Lebanon, prosecutors said.

Wednesday, March 19, 2014


Researchers have discovered that a commercial Windows-based spy program now comes equipped with capabilities for spying on Android devices as well.
GimmeRAT, a secondary component of Win-Spy, was spotted during an investigation into a targeted attack against a financial institution in the United States. Win-Spy is generally deployed against home PC users for remote monitoring and administration, but has also popped up in two separate targeted attacks.
“The Android tool has multiple components allowing the victim’s device to be controlled by another mobile device remotely over SMS messages or alternatively through a Windows-based controller,” said researchers at security company FireEye who discovered GimmeRAT. “The Windows-based controller is simplistic and requires physical access to the device.”
Remote access Trojans for Android are nothing new; Dendroid and AndroRAT are two that have been in circulation for some time. But this is the first time that a multiplatform Windows RAT featuring Android capabilities has been discovered.

Tuesday, March 18, 2014

Cybersecurity: Breaching The Boardroom

When the President of the United States calls something “one of the gravest national security dangers that the United States faces,” it seems worthwhile to pay attention. The President’s statement, on February 12, 2014, was not referring to the dangers of war or terrorism, but to the threat of cyber attacks on the nation’s critical infrastructure and U.S. companies. Over the past couple of years, cybersecurity has become an important corporate governance issue, as recent cyber attacks, increased federal oversight, potential legal liability and economic risks have made paying attention certainly worthwhile.
Traditionally, cybersecurity has been a burden borne by management, but the board of directors of a company should also take an active role in implementing and coordinating reform. This article provides an overview of the current status of cybersecurity as it pertains to corporate governance, including regulations, policies, risks and recommendations for board action.

Monday, March 17, 2014

Aaron's Settles Computer Spying Charges

Aaron's Inc., a national rent-to-own retailer, settled Federal Trade Commission charges that it played a "direct and vital role" in its franchisees’ installation and use of software on rental computers that secretly monitored consumers, including taking webcam pictures of consumers in their homes.

Read more here.

Sunday, March 16, 2014

Undercover competitor: Modell’s CEO allegedly masquerades as Dick’ssporting goods executive, taking corporate espionage to a new level

Dick’s Sporting Goods has sued Modell’s Sporting Goods and its prominent fourth-generation CEO, Mitchell Modell, claiming Modell brazenly visited a Dick’s retail location and impersonated a Dick’s executive to unlawfully gain a competitive advantage.
Building off his 2012 acting performance on the CBS show “Undercover Boss,” where he transformed into his alter ego, rank and file Modell’s employee “Joey Glick”—complete with a shaved head, fake mustache and exaggerated New York accent—Mitchell Modell allegedly appeared at a Dick’s store in Princeton, New Jersey in February and identified himself to the store manager as “Joseph” (perhaps a derivation of Joey Glick?), a Dick’s Senior Vice President. According to the suit, Modell told store management that he was there to meet with Edward Stack, Dick’s Chairman and CEO, and while waiting for this supposed appointment, Modell requested and received access to the store’s private back-room and obtained Dick’s confidential and proprietary information and trade secrets.

Wednesday, March 5, 2014

FreedomPop launches "Snowden Phone" for anti-spying privacy phone

Wireless provider FreedomPop has offered a new-ish phone for people who care just as much about government surveillance and security as they do about apps and messaging. FreedomPop's Privacy Phone has encryption, privacy controls, and even Bitcoin payment.
The Privacy Phone, which FreedomPop also calls the "Snowden Phone" as a nod to government secret leaker Edward Snowden, features 128-bit encryption for voice calls and text messages. That won't prevent all monitoring practices, but it will shield users from intrusions on the content of their communication, according to FreedomPop. The phone also includes anti-malware and phishing protection, optional blocking of unsolicited calls and text messages from unknown sources, and confidential use of call history and message logs. FreedomPop uses VoIP to place phone calls and VPN for anonymous browsing, which makes it harder but not impossible to be monitored.

Read more here.

Android phones and tablets ship “pre-infected” with malware

Android phones and tablets from four different manufacturers are arriving with malware “pre-installed” – a bogus version of Netflix which sends password and credit card information to Russia, according to app security specialist Marble Security.
David Jevans, CTO and founder of the company said that he was alerted to the problem by a company testing his product, software to help organizations manage mobile devices, after it repeatedly flagged Netflix as malicious, according to PC World’s report.
Jevans’ team analysed the app, and found that it was bogus, using  tools including one that analyzed the app’s network traffic for signs of communication with known malicious servers. Jevans says, “This isn’t the real Netflix. You’ve got one that has been tampered with, and is sending passwords and credit card information to Russia.”
Jevans says that the customer informed him that the app had arrived pre-installed, according to Info World’s report. The company then investigated devices from other customers, and found the same malicious app installed on smartphones and tablets from four manufacturers.
“We suspect for most of them, it is preinstalled,” Jevans said.

Sunday, March 2, 2014

Cybersecurity: When It Comes To Protection, How Much Is Enough?

Note: Is Cyber TSCM part of your organizations Cybersecurity program? No? Never heard of Cyber TSCM? Then you already have a gaping hole in your organizations risk management program. Contact us we can help ~JDL
Cybersecurity concerns with our critical infrastructures are well known. In recent years, the Department of Homeland Security (DHS) and other authorities have encouraged critical infrastructure owners and operators to take steps to ensure cybersecurity for both their business and critical control system assets.
The American Petroleum Institute (API) was ahead of the game when, in October 2004, it issued API 1164, a voluntary industry standard specific to supervisory control and data acquisition (SCADA) systems designed to improve security within the oil and gas pipeline industry.
Most pipeline utilities have a security program implemented already, but in the changing landscape of attack threats and methodologies, the key question remains: Are current efforts enough? Cybersecurity risks to control systems range from pervasive malware designed by organized crime syndicates to insider threats and sophisticated, targeted attacks.
Information technology (IT) security teams are focused on preventing information theft: credit card numbers, contract details and intellectual property, for example.

Saturday, March 1, 2014

Spying 101: How to Figure Out Everything About Your Competition Online

From large corporations to small businesses, everybody is spying on their competitors in the digital realm. Everything from social media to email marketing and online advertising is being scrutinized. Not only does it provide insight into how competitors are promoting their business but also offers up ideas on untapped opportunities a business can implement.
If you are looking to get the scoop on your competitors, put your spy glasses on and keep reading.
Determine your most important online competitors. The best way to look for your competitors is to perform a Google search for your main keywords. Let’s examine the baby niche market.
A search for the keyword “baby” reveals the following results: