US Man Charged With Theft Of Trade Secrets

If you want to know how to protect your company against industrial espionage contact us.

LEE, who is a naturalized U.S. Citizen of Chinese descent, abruptly resigned his employment with Valspar on March 16th of this year, just two weeks after returning from a business trip to the People’s Republic of China.  At the time of his resignation, LEE relinquished both his company issued laptop computer and AT&T Blackberry wireless device.

A subsequent examination of the laptop computer by Valspar network analysts discovered that all of the temporary files had been deleted, suggesting that LEE had taken steps to “clean” the computer’s history. Additional examination of the laptop discovered a hidden file, which contained unauthorized software programs, including a data copying program.  It was also discovered that approximately 44 gigabytes of data, including Valspar trade secret information, had been downloaded to LEE’s computer without authorization. more...

Pigeons fly mobile phones to Brazilian prisoners

For those of you that don't know elicit mobile phones are a big problem in prisons worldwide. Gotta love the innovation here.

Brazilian inmates have turned to carrier pigeons in their quest for communication with the outside world.

Guards have intercepted two carrier pigeons carrying mobile phones to detainees at a prison in Sorocaba, 62 miles from Sao Paolo, a spokesman for the state penitentiary system said. more...

Big Brother is watching: surveillance box to track drivers is backed

This kind of thing was always on the cards.  Also a little concerning if this follows the speed-camera model of guilty unless you can prove your innocence. Still for every signal there is a jammer so the innocent will have their privacy invaded and the guilty will bypass the system.

The government is backing a project to install a "communication box" in new cars to track the whereabouts of drivers anywhere in Europe, the Guardian can reveal.

Under the proposals, vehicles will emit a constant "heartbeat" revealing their location, speed and direction of travel. The EU officials behind the plan believe it will significantly reduce road accidents, congestion and carbon emissions. A consortium of manufacturers has indicated that the router device could be installed in all new cars as early as 2013. more...

19,000 UK credit card details posted on the Net...and accessible on Google

What is really frustrating here is that Google failed to remove the data even after the breach had become public.

A good idea for online shopping: Use only one credit card for all your online transactions, don't use it for anything else and keep a modest spending limit. It is then easy to check your statement and fraud should be very obvious.

The credit card details of up to 19,000 British shoppers were published on the internet - where they could be found using a simple search on Google.

The details apparently originated from the website of a criminal gang in the Far East.

he list, obtained by the Mail, includes the names, home addresses and full card details of thousands of Visa, Mastercard and American Express customers. more...

Spy chiefs fear Chinese cyber attack

Anyone see a pattern emerging here?

INTELLIGENCE chiefs have warned that China may have gained the capability to shut down Britain by crippling its telecoms and utilities.

They have told ministers of their fears that equipment installed by Huawei, the Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies. more...

Vast Spy System Loots Computers in 103 Countries

TORONTO — A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.

In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved. more...

The House of Commons IT systems has reportedly been infected by the infamous Conficker superworm

Several problems here:

One - Why is there not sufficient procedures, policy and systems in place to prevent this kind of virus?

Two  - Why is there not sufficient procedures, policy and systems in place to prevent this kind of report being leaked?

Three - Why are you allowed to connect an MP3 player to the House of Commons IT system? 

The House of Commons IT systems has reportedly been infected by the infamous Conficker superworm, which has previously infected millions of Windows PCs and affected the operation of hospitals, military and large corporate systems.

Political blog Dizzy Thinks first reported that a memo (below) sent out to parliamentary IT network users on Tuesday night warned that Conficker had disrupted the operation of parliamentary systems.

The infection has reportedly prompted a clean-up operation as well as a temporary ban on the use of mass storage devices, including MP3 players, on parliamentary systems. more...

UK Police Identify 200 Children As Potential Terrorists

Parents - please love your children.....

Two hundred schoolchildren in Britain, some as young as 13, have been identified as potential terrorists by a police scheme that aims to spot youngsters who are “vulnerable” to Islamic radicalisation.

The number was revealed to The Independent by Sir Norman Bettison, the chief constable of West Yorkshire Police and Britain’s most senior officer in charge of terror prevention. more...

New Chatham House report, Cyberspace and the National Security of the United Kingdom

FaberBrent were at Chatham House last night for the launch of this important new report.

It was comforting to hear Rex Hughes (via web link from the US) state that we need to see a convergence of traditional security and information security for effective defence. Sounds like holistic security to us.

This report provides a general overview of the problem of cybersecurity. The aim of the report is to inform debate and to make the case for a more coherent, comprehensive and anticipatory policy response, both nationally and internationally. more...

Download the paper here

TelTech intros pay-as-you-use lie detector phone service

I wonder if it actually provides any consistent data as voice analysis is only a small component of lie detection. This compounded with the reduced audio quality of a signal bounced over several phone-lines and i wonder how effective it can really be?

TelTech has launched what appears to be the industry's first pay-as-you-use telephone voice analysis (lie detection) service.

The service, appropriately named `LiarCard,' requires users to route a phone call via a US toll-free number, with onward dialling to the required party whose voice is to be analysed for truthfulness and other stress issues. more...

Cybercrime revenues exceeding drug trafficking?

Now this is quite a statement. I wonder when the cybercrime enforcement agencies are going to get the same budget as the DEA?

Testimony from AT&T's Chief Security Officer Edward Amoroso, in which he told a US Senate Commerce Committee that revenues from cybercrime - at $1 trillion annually - are now exceeding those of drug crime, have been confirmed by Finjan, the business Internet security expert.

"Our latest research suggests that, whilst the economic downturn is reducing the income of drug traffickers, cybercriminals are becoming ever more innovative in the ways they extract money from companies and individual," said Yuval Ben Itzhak, Finjan's Chief Technology Officer. more...

Madoff data is exempt from data protection law and can be exported, rules High Court

Public interest.....

Data which is protected by the Data Protection Act can be transferred to the US to help in the investigation of companies run by Bernard Madoff, the High Court has said. The transfer would usually be barred but is justified in this case, the Court said. more...

Councils used 'snooper's charter' more than 10,000 times

Still more Council abuse of RIPA. The really shocking information here is just 9% of these investigations led to a successful prosecution, so 91% of their snooping could be described as unfounded.

Surveillance powers originally designed to counter the threat of terrorism and safeguard national security have been used by local councils more than 10,000 times over the past five years - often for “crimes” as minor as littering, it emerged today.

Details disclosed under the Freedom of Information Act showed that councils in England and Wales used powers under the Regulation of Investigatory Powers Act (Ripa) to investigate offences ranging from dog fouling to taxi overcharging. more...

Canadian cops cry for BlackBerry wiretap

So this story demonstrates the dichotomy of information security. Blackberry's are (on the whole) pretty secure so this is a problem for the security services.

It has recently dawned on Canadian officials that communications sent with the BlackBerry are among the hardest mobile messages to eavesdrop on. But rather than congratulate the Waterloo, Ontario-based Research in Motion on a job well done, they're calling for laws that would force service providers to use only technology that can be tapped. more...

London health authority put on notice over data breach

I find it unforgivable that public bodies (that we have to provide personal data to) still do not take it's protection seriously. This is a systematic failure and a lack of staff awareness. 

For those of you that do not yet know, data on hard drives (the device in your computer that stores all the information) lives forever. You must have a process for disposing of any computers (business and personal), if you need help contact us.

A north London health authority has been given until the end of the month to improve its information security policies following an embarrassing information security blunder last year.

The Information Commissioner's Office has given Camden Primary Care Trust until the end of the month to pull up its socks following a breach of the Data Protection Act. The ICO's enforcement order comes after PCs containing 2,500 patients' names, addresses and medical histories were dumped beside a skip inside the grounds of St Pancras Hospital last August. more...

US phone identity look-up site

This is a pretty scary tool. It is only working in the US but allows you to reveal the owner details and location of any phone line; land or mobile.

Fortunately it would be illegal in the UK but watch out across the pond.

To give it a try go to http://tirs.us/ and put in the US number after the slash on the address line.

The commercial version is here http://www.reversephonedetective.com/

Read more here TIRS Allows Info Mining For Cell Phones

Employees see work laptops as personal property

I think this is a fair reflection of how we see our work laptops and mobile phones. If you are providing laptops and phones and not providing real-world guidelines and activating system controls, you are putting you data at risk. If you need help finding a balance contact us.

Work laptops and mobile phones are increasingly being treated as personal property outside the office, potentially exposing businesses to security threats.

A survey by Vodafone found that nearly half of business people use their work laptop to access the internet outside the office, whilst a similar number considered their work issued laptops or mobile devices as their own property whilst away from the office. more...

Lawyer-client privilege can't stop surveillance, says House of Lords

The UK's highest court ruled that spy law the Regulation of Investigatory Powers Act (RIPA) allows lawyers' conversations to be bugged. This is a very significant ruling for all in the legal profession and anyone involved in a legal dispute. 

If you are in the legal profession or involved in litigation contact us now for advice and services to help maintain your privacy. It is worth remembering that it is not just the government that uses covert surveillance during litigation.

The state is allowed to bug communication between lawyers and their clients, the House of Lords has said. more...

The ruling in full...

Should we be worried about Google Street View?

An interesting take on Google Street view and our civil liberties.

Simon Brew offers his personal take on the launch of Google Street View. And he’s a worried man. more...

Visa chief risk officer says that the recession is creating more identity criminals

Unfortunately we know that when things get tough there is an increase in crime. Anything that will provide an advantage is more likely to happen.  Corporate espionage, identity theft and general theft will all increase. Look out for the signs and do not become a victim.

The dire world economy is one of the biggest threats to payment security, according to the chief enterprise risk officer for Visa. 

Ellen Richey said at the Visa Security Summit in Washington, DC that it was common sense that a poor economy and bleak job market would increase the desperation and creativity of would-be data thieves. more...

Hidden Video Recorders

All of these items are fully functional digital audio/video recorders with hidden cameras. These kind of devices are being produced in the millions in the Far East and most are available for less than £100. Be aware the threat landscape has shifted and what was once the realm of James Bond is now available on the high street. Checkout Maplin, Ebay or Amazon to see how prolific these devices are.

For a real eye-opener take a look at one of the manufacturers site. click here...

 

Right to privacy broken by a quarter of UK's public databases, says report

Pretty strong stuff but perhaps the first honest appraisal of our major databases. We are at the adolescence stage of our understanding of mass data storage and must maintain vigilance as we learn this process. If you loose your house keys you can always change your door lock. If we loose all our personal information (NI numbers, passport numbers, bank details, date of birth, place of birth, DNA, medical history, children's school info, criminal history etc) it is a bit harder to 'just fit a new lock'.

A quarter of all the largest public-sector database projects, including the ID cards register, are fundamentally flawed and clearly breach Europeandata protection and rights laws, according to a report published today.

Claiming to be the most comprehensive map so far of Britain's "database state", the report says that 11 of the 46 biggest schemes, including the national DNA database and the Contactpoint index of all children in England, should be given a "red light" and immediately scrapped or redesigned. more...

Complaints force Google to remove Street View images

If you haven't seen Google Earth with Street View in action you need to. the amount of information is quite shocking - especially when you are looking at a picture of your own curtains!

Google was forced to remove hundreds of pictures from Street View, its mapping service, within hours of its launch after complaints from people who said that the system breached their privacy. more...

Mobile users at risk of ID theft

This is one of those threats that is only going to get worse. many of us store huge amounts of personal information on our phones and mobile devices. We are humans and we will loose these devices from time to time so a few basic rules are essential.

1. Always have a power-on and key-lock password activated
2. Always have a voicemail password activated
3. Don't save a number or address called 'home'
4. Do not give out your passwords to unsolicited calls
5. Do not leave your phone unattended
6. Back-up your phone data

You might also want to watch out for Spyphone software.

A survey of London commuters suggests that 4.2m Britons store data on their mobiles that could be used in identity theft in the event they are stolen.

Only six in 10 use a password to limit entry into the phones, according to the survey by security firm Credant. more...

U.K. to monitor, store all social-network traffic?

It is always worth remembering that nearly everything we say in the electronic arena (emails, sms messages, IM conversations, Twitter twits, IM conversations, Facebook posts etc.) is stored somewhere. It is nearly always traceable to the user. If you shouldn't say it certainly do not say it electronically.

The U.K. government is considering the mass surveillance and retention of all user communications on social-networking sites, including Facebook, MySpace, and Bebo. more...

Credit card skimming malware targeting ATMs

It seems like such an obvious target it makes me wonder if this is the first time ATM's have been compromised or just the first time it has become public? Ultimately most malicious code is intended to generate revenue for criminals and ATM's are, in essence, computers full of cash!

From time to time, because they know I work for SophosLabs, my friends ask me about different malware types and forward me warnings of alleged malware outbreaks, which often turn out to be just standard hoax emails. more...

UK companies spurn encryption

This survey suggests too many of us are taking the 'head-in-the-sand' approach to data security. If you want some practical, real-world advice contact us.

Fewer than half of UK companies use encryption technology to secure their data, according to a survey.

Despite the lack of encryption, UK IT managers claim their corporate data is safe and almost two-thirds (65 percent) said the data breach at HM Revenue & Customs (HMRC) will not change their IT spending priorities, according to a survey of 140 senior IT staff in UK public and private companies by security software specialist Check Point. more...

Finn creates USB 'finger drive'

More anatomy modification.

A Finnish computer programmer who lost one of his fingers in a motorcycle accident has made himself a prosthetic replacement with a USB drive attached. more...

Two million households now have spy devices in their bins

Following on from an earlier post we see the march of the council powers continue.

Figures released using the Freedom of Information Act show 42 local authorities have installed the 'spy' devices in rubbish containers to record how much residents are throwing away. more...

Bogus bomb, somewhere near you

This scam targets our fear to trick us into clicking onto a dangerous site. Always be aware and check before you click on any unsolicited material. Worth remembering you computer broadcasts your approximate geographical location.

Security labs have discovered a variant of malicious spam that is engineered to report an exploded bomb within the recipient’s vicinity.

The ‘waledac’ variant, containing an apparent link to a Reuters website, shows the geolocation of the explosive as corresponding to the users IP address. more...

Bishop of Manchester silenced by computer virus

Public and communal orginisations have considrable challenge maintaining the balance between accessabliity and security. If you are a public or NFP orginisation and need help contact us.

THE Bishop of Manchester has been forced to take a vow of email silence after his computer was crippled by a virus.

The Rt Rev Nigel McCulloch has been unable to send or receive messages for nearly 10 days, it has emerged. more...

Sentex keypads have a mastercode!

Sentex are a worldwide brand of electronic entry systems. It has been discovered that there is a master code across many of their products allowing anyone to enter who knows the code. This raises the question of other access control systems, have yours been checked and tested?

It has a master key:

 

Here's a fun little tip: You can open most Sentex key pad-access doors by typing in the following code: more...

World Wide Web creator Sir Tim Berners-Lee fell victim to online fraud

Be careful out there - even the man who invented the web can become a victim of on-line fraud. Be sensible and do not click on anything unsolicited.

Sir Tim, who dreamt up the web 20 years ago, said he bought a Christmas present from an online shop. It was only when the present didn't arrive that he realised he had been conned.

He is one of an increasing number of victims of online cyber crime. Around one in four internet users in the UK have fallen victim to online phishing scams that attempt to steal people's financial details while one in six have fallen victim to other types of online fraud. more...

Film-maker turns into 'eyeborg' with camera in eye socket

The stuff of sci-fi films becomes reality. 

NB - there has been a golf-ball sized covert DVR (Digital Video Recorder) on the market for over a year....watch out at the 19th hole.

A film-maker is putting a mini video camera in his prosthetic eye to record a documentary highlighting the issues of privacy and the surveillance society.

Rob Spence, 36, says he will secretly record people for his "Eyeborg" project using a tiny camera, battery and wireless transmitter hidden inside his false eye. more...

Google Docs leaks out private data

The big dilemma. If you store all your data locally you are the single point of failure but on the whole you are in control. If you sent your data to the 'cloud' you are at the mercy of third parties..... still if you want to hide a tree put it in a forest.

The security rating of cloud computing has taken a battering with news that users of Google's online word processing service - Google Docs - may have shared their data with unauthorised users.

A security flaw in the Google Docs software meant that the documents of some users were flagged as collaborative items, allowing third party users of the service to access - and amend - the files. more...

Two men have been convicted for their part in trying to pull off a £229m heist at the Sumitomo Mitsui Bank in London.

This is a classic. By utilising key logger technology they were able to retrieve account numbers, passwords and user info to commit a huge fraud. If your company has assets and information to protect you need to be aware of these threats.

Two men have been convicted for their part in trying to pull off a £229m heist at the Sumitomo Mitsui Bank in London.

In one of the biggest attempted bank thefts in Britain, they used hi-tech equipment to try to steal money from the accounts of big businesses. more...

Google ad service raises privacy fears

Do you know how much information Google has on you. Do you know how much of it is available to others. Do you need help maintaining a balance between on-line presence and personal privacy, contact us.

Google knows more about you than any organisation in human history. It can give you a bird’s eye view of your house, allow friends and family to track your every move through their mobile phones, and through its search engine - knows your likes, dislikes and even your vices. more...

BBC team exposes cyber crime risk

Controversial but enlightening BBC Click documentary on Bot armies and cyber-crime. If you are not familiar with this problem watch and learn - essential viewing. 

Software used to control thousands of home computers has been acquired online by the BBC as part of an investigation into global cyber crime.

The technology programme Click has demonstrated just how at risk PCs are of being taken over by hackers.

Almost 22,000 computers made up Click's network of hijacked machines, which has now been disabled. more...

SEC: Magical stock brokering software was a fraud

If we have learnt anything it is that things that look to good to be true probably are. Have you performed Due Diligence wherever you have significant exposure?

US trade regulators are accusing two California men of orchestrating a multi-million dollar ponzi scheme by convincing clients they owned a special stock option trading computer program with a near-flawless record for choosing winners. more...

Investigation information stored on a USB drive has been lost by Lothian and Borders Police.

Once again a simple failure to employee rules surrounding the use of USB memory sticks. In this case there could be more than information at stake if this data falls into the wrong hands.

Once again - Some basic procedures make a world of difference:

1. Use a Hardware encrypted USB key... something like this
   
2. Don't carry a USB key unless you need to 
   
3. Overwrite delete all data once no longer required

A USB drive is missing from Lothian and Borders Police with details of hundreds of police investigations.

A police spokesman confirmed to IT PRO that Lothian and Borders Police are “unable to locate this ‘memory stick,’ which contains information on vehicle registration marks and other details used for police analysis”. more...

British pair charged in 'industrial espionage' row

Corporate espionage is alive and well. If you have commercial secrets you should implement a workable policy regarding mobile phone usage. Remember most phones are effectively remote audio and video transmitters with fully functioning cameras and plenty of data storage. If you need help to find a workable balance contact us.

A leading British manufacturer has been caught up in an industrial espionage row after two engineers used a mobile telephone to photograph a secret piece of equipment at an American factory. more...

Despite official ban, spyware is hot seller in China

There are literally millions of effective spy devices being produced in China each year. These devices are flooding the western world. They are cheap and effective.

Try a few EBay searches to get the idea:

EBay wireless GSM Spy Device Search

EBay Covert Video Recorder Search

BEIJING — The Chinese government doesn't have a monopoly on spying here anymore. Despite an official ban on James Bond-like hidden surveillance tools such as cameras disguised as pens or buttons, sales of such products in China are soaring. more...