£3 Million scam rocks the Royal Protection Police

A former royal Protection officer Paul Page was found guilty on Friday of committing a £3 million scam revolving around an investment fund.

The really shocking thing here is that at least 20 SO14 (the police Royal Protection Command) officers were investing in the fund, yet none of them performed any due diligence or questioned how Page could pay cash returns on property investments that had not yet matured.

In a tale worthy of a Hollywood movie the court heard of brown envelopes of cash, bank transfers to strangers accounts and multiple death threats.

One would imagine Her Majesty was not amused.

more here...

Chateau Pétrus, Lafite-Rothschild and what you need to know about your alarm system vulnerabilities

A French wine thief has been caught during his second robbery on top Paris restaurants wine cellars.

Our interest in this story was almost lost in the copy but there is a very important bit on information for many people.

"Police found gloves and mobile telephone scramblers used to disable the restaurant's alarm systems."

"mobile telephone scramblers"... these are better known as jammers. Basically a small hand-held device that transmits radio noise on cellular frequencies causing the phones to drop to 'no service'. Why is this important, well an increasing number of our alarm systems are using GSM as a back-up to alert the police of an alarm (indeed a number of them advertise 'GSM protected' on their front panel!).

We have been advising our customers for a long time that this is a very poor method of alarm backup as it can be defeated by a £50 jammer which are freely available, although almost certainly illegal to turn on (info here, here, and here ).

I wonder when the alarm companies will take this seriously and stop just pushing product?

If you are concerned about asset protection be sure to engage a specialist independent audit of your systems and procedures.

more here...

ID's for sale - 4 million UK to the highest bidder

The Times are reporting that there is currently 4 million British ID's for sale to the highest bidder on the internet.

This problem is only going to get worse.

The best advice we can give for individuals to minimise the impact of credit-card theft is keep one credit card exclusively for use on-line. Set a low limit and monitor your statements closely.

If your business involves peoples personal data take your security seriously and contract external security experts (it is not reasonable any more to say 'I thought my IT guys took care of it'). Contact us if you need help.

more here...

Australian cops treating unprotected wifi networks as crime risks - plod-driving is born

In Queensland Australia police are hunting for unprotected wifi networks and advising owners as a crime-prevention measure.

more here...

Watch out for unknown and spoof wireless hot-spots

A good article from Fox news reminding us of the danger of unknown (or believed known) wireless hot-spots. If in doubt do not use.

more here...

UAE BlackBerry update full of Spyware!

The Etisalat network in the United Arab Emirates have pushed out a BlackBerry update that aparrently contains spyware that can intercept emails and messages.

Apart from the obovious concerns it make us wonder what happens if you are just visiting (and roaming) and then return to your home country. Will the UAE continue to get sent all your info?

RIM - are you going to comment?

more here...

IronKey USB Drives - the best just got better

If you care about the security of your mobile data we have yet to find a better solution that IronKey. These are the only USB drives we use and the only ones we recommend and we are not alone, take a look at this review.

Not wanting to sound like an advert but if your data is worth more that $100 get one.... or several, they have enterprise level software control.

more here...

SMS TXT message phishing - next big scam, you need to know about this.

You receive a text like this....

"This is a secure message from Abbey National. There has been some unusual activity on your account, please call our security team on 0845 123456"

You call the number and hear "Thank you for calling Abbey National, this call may be recorded for security and training purposes. We need to perform some security checks, please enter your card number followed by the hash key, please enter the 3 digit number on the back of your card followed by the hash key, please say your 'security' password......."

I think you get the idea.

The best way to protect yourself is to keep the real service numbers for your various accounts pre-programmed in your phone memory so if you receive a text you can call up the genuine security centre and validate (or not) the text.

more here...

New threat claimed, Keylogging via mains voltage emissions.

Two security consultants have claimed that they have developed a system for monitoring the variance in mains ground current to monitor keyboard strokes.

They say they can do this on a mains socket up to 15 meters away from the target computer for a hardware cost of $500. They are planning to demonstrate the device at the BlackHat 2009 conference at the end of July. We will report back on the results.

more here...

Shocking drive-by reading of RFID tags on passports, drivers licences, credit cards and more...

Clear and scary demos of how easy it is to read various RFID chip based devices in peoples pockets while driving or walking down the road.

This has very serious implications for cloning pass-cards (to gain entry to buildings) and tracking/identifying people on the move.

drive-by video here...

cloning video here...

electronic pick-pocketing here...

more here...

SpyPhone Software released for iphone 3GS

If you do not already know about SpyPhone software you need to take a look at our guide.

This software converts you mobile into a surveillance device and is designed to be invisible on the victims phone.

The latest phone to be effected is the iphone 3GS.

To protect your iphone go to settings/restrictions/installing apps and switch off. You do, of course, have your pass-code lock on.

If you are concerned you may already be infected back up your personal data (not apps) and perform a factory reset.

SpyPhone software guide here...

Story here...

Connectivity, the controversial mobile directory, is down but not out....apparently

The much debated 'Connectivity' mobile phone directory has been down pretty much since its launch.

A barrage of complaints about the opt-out only nature of their data (and a barrage of requests to de-list numbers) appear to have had an effect. Of course (and according too the company) this is nothing more that early technical problems and all will be well soon, we shall see.

We suspect this service will succeed or fail based on public opinion on what is (in any real-world translation) an opt-out system, at the moment it is not looking good.

more here...

70% of UK orgs hit by a data breach in the last 12 months

A new survey of 615 companies and public sector organisations has shown that 70% have experienced some kind of data breach in the last 12 months.

It appears (not surprisingly) that the biggest problem is lack of encryption.

Once again we say, encrypt all mobile storage now!

more here...

Trading system secrets stolen by former Goldman Sachs employees

In a rare example of public disclosure the FBI arrested an employee of Goldman Sachs who is accused of stealing computer code used for complex, high speed market trading.

The activity was detected by GS's automated monitoring systems that scan email for any transfer of code.

The suspect was on $400,000 a year, makes one wonder how much the code is worth?

Would you know if your employees were stealing data, if your answer is no, or don't know, contact us for help. Check out our Drilling info for some ideas.

more here...

UK ID cards to be optional for UK Nationals - govt U turn

So the next chapter in this farce unfolds. The new Home Secretary effectively destroyed the long lauded Labour plan for compulsory ID cards for all UK citizens.

Many (ourselves included) have opposed the scheme from the start but there are other issues here:

How much has this scheme cost so far?

How many SME's have geared up to bid and put forward products and now face financial difficulties?

more here...

The biggest single point of failure with laptop security - people

In another survey once again the common failings of laptop security revolve around users, not hardware.

A few numbers to get you thinking:

50% of business managers switch off encryption

12, 000 business laptops are left at Airports in the US every week

67% of left laptops are never reclaimed

For security to be successful a holistic approach, combined with staff training and buy-in are essential.

more here...

Russians accused of corporate espionage in Germany

Germany's counter-intelligence chief has openly accused the Russian intelligence services of corporate espionage, stealing commercial information to give Russian commerce an edge.

We see more and more state sponsored corporate espionage. If you are dealing with international bids or develop original ideas (hardware and software) contact FaberBrent for advice.

more here...

What happens to your old computers, they end up in a West African market stall.

A hard drive has turned up in a Ghanaian marketplace containing multi-million dollar deal info between the Pentagon and a military contractor.

If it can happen to a computer with confidential US defence data it can happen to you.

Do you have a policy in place for disposing of your old computers, do you rely on third-parties to recycle them, do you audit those third parties? If you need help with these questions contact FaberBrent.

more here...

FaberBrent's groundbreaking solicitors CPD infosec course gets glowing approval from the SRA

Not wanting to blow our own trumpet but we are delighted to go live with our new CPD course for solicitors.

"Holistic Information Security - Understanding the Threat, UK/EU Law and Practical Steps for Risk Reduction" is a 90min course providing practical, real-world information security advice and an update on EU/UK data law.

Full details here...

Shock horror - SpyPhone software exposed

We are always flattered when something we have been publicising makes an appearance and now spyphone software have reached the attention of Homeland security.

Shame they didn't see fit to tell you how to identify and avoid it (as we do).

more here...