The New Face of Corporate Espionage

asiaworldmedia.com

Over the past five years, a highly sophisticated team of operatives have stealthily infiltrated more than 70 U.S. corporations and organizations to steal priceless company secrets. They did it without ever setting foot in any victim’s office. Sitting at undisclosed computers, they could be anywhere in the world.

This is the new face of corporate espionage. Thieves whose identities are safely obscured by digital tradecraft rather than a ski mask, are robbing companies of the ideas that are the source of American ingenuity.

We now rely on the Internet to do business, supply communities with power and water, communicate with loved ones and support our troops on the battlefield. Our digital infrastructure is part of our country’s lifeblood. Individual consumers, government agencies and small and large businesses are all increasingly vulnerable to growing threats.

However, there is another reason to care about Internet security that is less known: protecting U.S. competitiveness and jobs in the global economy.

In the coming weeks, Congress has an opportunity to do just that. As we mark National Consumer Protection Week — a time for consumer advocacy groups, private organizations and agencies at every level of government to highlight the ways individuals and families can protect themselves from scams, fraud and abuse — we are reminded of the role we each play in defending ourselves from online attacks and in securing cyberspace.

U.S. companies use information networks to create and store their unique ideas. The ideas power our economic growth. Every day, the networks of these companies, from large corporations to small businesses, are targeted by criminal organizations and nation-state thieves for these trade secrets.

More...

The Complicated World of Corporate Espionage

asiasentinel.com
Corporate espionage used to be rather straightforward – as the typical Coke-Pepsi textbook example illustrates, in which each tries to steal the other’s recipe for sugared water. It is a crime when someone steals company data/trade secrets and passes it to a business rival. 

Well, yes -- but not quite, in the case a series of court decisions in the United States that complicate the issue considerably. One involves a former Goldman Sachs computer programmer, Sergey Aleynikov, a Russian who immigrated to the United States in 1991 and who was arrested by FBI agents on July 3, 2009, at Newark International Airport. 

Aleynikov was subsequently jailed in December 2010 for stealing code from Goldman Sachs’ high-frequency trading platform, a lucrative new segment of Wall Street that uses complex computer algorithms to convert minute price discrepancies into quick profits through rapid fire trades. He had served one year of his eight-year sentence when he was freed by the Court of Appeals for the Second Circuit in New York in mid-February.

The court offered no explanation for overturning his conviction other than stating an opinion would be issued “in due course,” according to The New York Times.

Aleynikov allegedly stole the source code used in driving those high frequency trades at his employer prior to joining a new competitor, with plans to set up a similar trading platform – he allegedly uploaded the code onto a computer server in Germany, encrypted and downloaded it into his home computer, laptop and memory stick and took the data with him when he joined the new company.


More...

NATO Commander Facebook Pages Used In Spying Attempt

redorbit.com

A fake Facebook account set up in the name of NATO’s supreme allied commander was allegedly used by spies in an attempt to swipe personal information from military personnel and various other top secret information, according to multiple news reports published over the weekend.

According to Nick Hopkins of The Observer, falsified social networking pages supposedly belonging to Admiral James Stavridis is believed to have been coordinated by Chinese espionage agents who had hoped to trick his friends and family members into revealing private information — either about him or about themselves.

Telegraph Investigations Editor Jason Lewis reported Saturday that senior British military officers and members of the UK Ministry of Defense are believed to have been among those to accept “friend requests” from a fake Stavridis Facebook account.

“They thought they had become genuine friends of NATO’s Supreme Allied Commander — but instead every personal detail on Facebook, including private email addresses, phone numbers and pictures were able to be harvested,” he continued, adding that while officials are “reluctant” to identify the source of the espionage attempt, that the Telegraph “has learned that in classified briefings, military officers and diplomats were told the evidence pointed to ‘state-sponsored individuals in China.’”

More...

Revealed: Technical Surveillance Threats

Revealed: Technical Surveillance Threats


Spy Cam 101

Not long ago while on assignment, I was asked "How many times do you actually find technical surveillance threats?"
My answer was "Well, I would tell you but then I would have to...." Just kidding,  The real answer is more often than you would think..
Although, not every technical surveillance threat involves finding a device. It can also can mean discovering a technical surveillance vulnerability. Like for instance, the allowance of cellular devices (w/ cameras) or iPads in conference rooms and during high level meetings. Or, the allowance of digital recorders within these areas, just to name a few.

It's not always "James Bond" spy gear that turns up during a sweep.

But every now and then, I still discover a "surprise" that may (or may not) have been left behind...on purpose.

For example, take this pen & pencil holder discovered during the wee hours of the morning while sweeping the "Presidential Suite" of one of our clients facilities.

Plain looking enough, but take a closer look... Through our Thermal Imaging Camera... Notice that hot spot? So did we...It turned out to be a hardwired Spy cam, with audio....Here's another look..

This was only one of the technical surveillance threats found during this assignment. Yes, you heard me right, only one of several threats found...

So, the short answer is YES, technical surveillance threats (although crude) like the above are used for intel collection purposes by your adversaries. i.e.; disgruntled employee, competitor, corp spy, eavesdropper, etc.
So be aware, these types of surveillance threats could be lurking closer than you might think...

If you don't mind me asking, When was your last TSCM Sweep?  Not Sure?  Contact Me here. I can help.

Stay tuned for the next "reveal"....JDL

Unmasking the world’s most wanted hacker

foxnews.com

EXCLUSIVE: It was one of the hottest days of the year and evening temperatures were still sweltering when two FBI agents wearing bulletproof vests under their dark suits climbed the stairs of the Jacob Riis housing complex in New York’s Lower East Side on June 7, 2011. Drenched in sweat, they knocked on the steel door of a sixth-floor unit. It swung open to reveal a man in his late twenties wearing jeans and a white T-shirt.

“I’m Hector,” he said.

The agents were suddenly face-to-face with “Sabu,” the computer genius they had stalked for months, a quarry so elusive they hadn’t pinned down his identity and location until just weeks before. The suspected ringleader of the Anonymous offshoot group LulzSec, Hector Xavier Monsegur and his web minions had just completed a month-long reign of terror, hacking the CIA, Fox, Sony and several financial institutions, causing, according to some estimates, billions of dollars in damage around the world.

The nondescript public housing unit seemed an unlikely nerve center for one of the world’s most wanted criminal masterminds, but the 28-year-old Monsegur himself is a study in such contradictions. An unemployed computer programmer, welfare recipient and legal guardian of two young children, Monsegur did not go to college and is a self-taught hacker. Although his skills and intellect could command a lucrative salary in the private sector, those who know him say he is lazy, an underachiever complacent with his lifestyle.

More...

NASA lost 'full control' to hackers, pwned 13 times last year

theregister.co.uk

Cybercrooks broke into NASA's computer systems 13 times last year gaining "full functional control" of important systems in the worse cases, according to the testimony before the US Congress by the space agency's inspector general.

Paul Martin told a Congressional panel on information security at the space agency that NASA spent $58m of its $1.5bn annual IT budget on cyber security. The space agency has long been a prestige target for hackers of various skill levels and motivations, including profit-motivated malware distributors (cybercrooks) and intruders thought to be in the pay of foreign intelligence services.

Poorly implemented security policies mean that these attacks were often successful. In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorised access to its systems, Martin testified (PDF) before the US House Committee on Science, Space and Technology last Wednesday.

Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7m.

In the most serious of these incidents, hackers gained control of systems at NASA's Jet Propulsion Laboratory. The attack was traced back to IP addresses in China, Martin explained. Another of the most serious APT (advanced persistent threats) that hit NASA last year resulted in the extraction of user credentials from 150 space agency workers.

Apps are reading your texts and emails and even looking at your pictures..

dailymail.com


The small print included with many mobile phone apps is giving their developers the right to rifle through users' phone books, text messages and emails.
By agreeing to little-read terms and conditions documents, phone users are giving developers the right to inspect their personal information and even find out who they are talking to.

In many shocking cases, users are even giving apps the right to collect whatever images the camera happens to be seeing, as well as the phone's location.

Facebook, Yahoo!, Flickr and Badoo all admitted to reading users' text messages through their Android smartphone apps, the Sunday Times reported.Academics are now warning the many apps are little more than 'fronts' to allow companies to hoover up personal data and pass them on to advertisers for a fee.

And many other apps from less well-known developers, many of them available for free, are also including the rights to access your personal data in their terms and conditions.But the revelations also make clear that the wealth of data collected by the new generation of smartphones could pose a serious risk to users' privacy.

More...

Smartphone security gap exposes location, texts, email, expert says

latimes.com
Just as U.S. companies are coming to grips with the threats to their computer networks emanating from cyber spies based in China, a noted expert is highlighting what he says is an even more pernicious vulnerability in smartphones.

Dmitri Alperovitch, the former McAfee cyber security researcher who is best known for identifying a widespread China-based cyber espionage operation he dubbed "Shady Rat," has used a previously unknown hole in smartphone browsers to deliver an existing piece of China-based malware that can commandeer the device, record its calls, pinpoint its location and access user texts and emails. He conducted the experiment on a phone running Google's Android operating system, although he says Apple's iPhones are equally vulnerable.

"It's a much more powerful attack vector than just getting into someone's computer," said Alperovich, who just formed a new security company, called Crowdstrike, with former McAfee chief technology officer George Kutz.

Alperovich, who has consulted with the U.S. intelligence community, is scheduled to demonstrate his findings Feb. 29 at the RSA conference in San Francisco, an annual cyber security gathering. The Shady Rat attack he disclosed last year targeted 72 government and corporate entities for as long as five years, siphoning off unknown volumes of confidential material to a server in China.

More...

IT and espionage on Wall Street

economist.com

An overturned conviction creates uncertainty about what constitutes a crime

ASK a programmer at an investment bank where he works, and the answer will often simply be “Wall Street”. Isolated from clients and—it was once thought—assets with proprietary value, technologists bounce from firm to firm, from one high-rise building to another.

To this footloose community, the case of Sergey Aleynikov, a Goldman Sachs programmer, came as a shock. Mr Aleynikov was convicted in December 2010 of stealing code tied to Goldman’s lucrative high-speed proprietary-trading operations for use by a new employer. On February 16th, after he had spent nearly a year in prison, three judges in a federal appeals court unanimously reversed his conviction in a hearing that lasted just a single morning. Their written opinion is now eagerly awaited.

Mr Aleynikov admitted to taking code with him on his way out of Goldman, but argued successfully that this did not constitute a crime, or, to be more specific, a federal crime. He benefited from the help of a thorough lawyer, who adroitly knocked down two key claims. Because the computer trading system was not licensed or offered for sale, claimed Kevin Marino, the defendant’s lawyer, it was not a product to be bought or sold for interstate commerce, a key provision for a federal case. Because computer coding constitutes intangible intellectual property, Mr Marino said, it did not qualify under the goods, wares or merchandise components that are protected under the corporate-espionage act.

More...

COMSEC AUDIO JAMMER APP for iPHONE

itunes.apple.com

COMSEC AUDIO JAMMER

Keep your private conversations private!

The COMSEC AUDIO JAMMER protects your sensitive room conversations by generating a random masking sound, which desensitizes any near-by microphone. Effective against any microphone based eavesdropping device including tape recorders, RF transmitters, hard-wired microphones (including contact type) and shotgun microphones. It also protects against microwave or laser reflection pickups (when used correctly).
COMSEC AUDIO JAMMER uses specially designed audio speech patterns to mask your conversations from hidden microphones & eavesdroppers.
The speech patterns are randomly designed and generated to mask normal conversations from eavesdroppers. 


More...get the app here.

Securing Corporate Data in a Law Office's Computer Network

Note: An excellent article, and a serious subject... When is the last time your law firm had a Cyber TSCM sweep? Ever? Contact me, I can help. ~JDL

law.com

The dramatic rise in electronic economic espionage against U.S. corporations came into full view with a report on the trend issued by the U.S. government last November. That same month, the Federal Bureau of Investigation held a meeting in New York City with some of the weaker links in the online spy game: law firms.

It’s an issue that should be getting the attention of in-house counsel, especially as they share sensitive--and potentially valuable--data with outside counsel.

Rich with client information, law firms are often much less equipped to fend off cyberattacks than the corporations they represent. Ergo “a hacker can hit a law firm and it’s a much, much easier quarry,” Mary Galligan, head of the cyber division in the FBI’s New York City office told Bloomberg. Likewise, in a series of blog posts on this issue currently running in Forbes, cybersecurity expert Alan Paller says: “The important files relating to clients’ international activities are usually much easier to find in the law firms’ files than in the corporate files.”

Digital risk consultancy Stroz Friedberg has advised both law firms and corporate clients on this growing problem. Firms need to take a risk-oriented approach to protecting client information, says company co-president Eric Friedberg, a former federal prosecutor and an expert in cybercrime response. At the same time, he says, there are important questions in-house counsel can ask about how their files will be protected (seeCounsel’s Dozen list below).

“Attackers go where the money is,” says Friedberg. These days, law firms should assume that hackers will infiltrate their network, and they should identify which digital assets are most at risk and put the most security around those areas, he says.


More...

Chinese Telecoms May Be Spying on Large Numbers of Foreign Customers

theatlantic.com
A U.S. Congressional probe is investigating whether China's state-linked firms, which built much of the communications infrastructure in several Asian countries, is using its access for snooping.

Two Chinese telecommunications giants are under scrutiny by a US congressional committee. The outcome of the probe could have revealing implications for Central Asian states, which have used these companies to modernize their telecom sectors.
US legislators have expressed concern that Huawei and ZTE act as front companies for the Chinese government, and represent a grave "cyber-security threat." The chairman of the House Permanent Select Committee on Intelligence, Michigan Republican Mike Rogers, asserted during a congressional hearing last October that China is engaged in the "brazen and wide-scale theft of intellectual property from foreign commercial competitors."
"Attributing this espionage isn't easy, but talk to any private sector cyber analyst, and they will tell you there is little doubt that this is a massive campaign being conducted by the Chinese government," he added.

More...

Texas constable admits ordering bugging

chron.com

DALLAS (AP) — A small-town Texas constable told the FBI he secretly bugged other officials' offices after they were accused of illegally forcing motorists to forfeit their cash, according to a search warrant affidavit.

The affidavit, based on interviews conducted by FBI agents and Texas Rangers, quotes Shelby CountyConstable Fred Walker as saying he authorized the installation of hidden surveillance cameras and digital recorders even though he didn't have legal authority. It also includes a statement from a witness who claims Walker helped organize a scheme to sell drugs seized from suspects.

It's just another chapter in a longtime drama in Tenaha, a town of 1,160 near the Louisiana border, where seizures of cash from motorists stopped for traffic violations along U.S. Highway 59 — a well-known drug route that runs from the U.S.-Mexico border to Canada — have led to lawsuits and a federal criminal investigation.

Walker, 53, was Tenaha's city marshal at the time the alleged bugging occurred. He was elected constable in 2010.

In a brief phone interview, Walker said he knew nothing about the affidavit, filed in U.S. District Court in Lufkin on Feb. 6. When asked if he arranged to have offices bugged, he hung up.

Walker's attorney, Bassey Akpaffiong of Houston, said prosecutors have told him to expect an indictment. Akpaffiong said Walker was never involved in selling drugs and never told the FBI he authorized the installation of secret listening devices.

Malcolm Bales, U.S. attorney for the Eastern District of Texas, declined to comment.

More...

Caught spying

thestandard.com.hk

Bosses are being warned about breaking the law by using hidden miniature cameras to spy on staff.

For the use of "pinhole" cameras is in sharp focus after Privacy Commissioner Allan Chiang Yam-wang took a subsidiary of Sun Hung Kai Properties to task for snooping.

Chiang found after an investigation that management subsidiary Hong Yip Service Co breached the privacy ordinance by its "unlawful and unfair collection of personal information."

But Chiang said he will not be penalizing the company as it has dismantled the eye-spy gear.

And Hong Yip bosses continue to claim they were not spying on employees by mounting a camera outside a changing room at a housing estate, and that it was to pick up trespassers in the car park. Still, two security guards had been fired as a result of their snooping.

"Covert monitoring is generally regarded as highly privacy-intrusive," Chiang said. "Employers should not adopt covert monitoring unless it is justified by special circumstances." Reasons can include matters like the theft of confidential data - but only as a last resort.

Warning against secret monitoring of employees, Chiang said overt devices such as CCTV cameras offer a legal alternative that in most cases is just as effective as secret cameras.

More...

Traveling Light in a Time of Digital Thievery

Note: Having recently traveled to China, I can attest to Mr. Lieberthal's concerns....Do yourself (and your company) a favor, Just accept the fact that you "will" be collected against...and take Mr. Lieberthal's advice...very seriously.  JDL

nytimes.com

SAN FRANCISCO — When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.
He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”
What might have once sounded like the behavior of a paranoid is now standard operating procedure for officials at American government agencies, research groups and companies that do business in China and Russia — like Google, the State Department and the Internet security giant McAfee. Digital espionage in these countries, security experts say, is a real and growing threat — whether in pursuit of confidential government information or corporate trade secrets.


More...

The reality of digital espionage and defending against it

fiercecio.com

The New York Times has an article that talked about the reality of digital espionage and spying conducted against companies and government officials in the United States. As was widely reported late last year, things came to a head when Chinese hackers succeeded in infiltrating the U.S. Chamber of Commerce, siphoning at least six weeks' worth of email belonging to four Chamber employees.

The Times article quoted Joel F. Brenner, a former top counterintelligence official in the office of the director of national intelligence who summed up the situation this way: "If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated."

The best defense against potential digital snooping or espionage, it appears, entails leaving one's mobile phone and laptop at home. Only loaner devices devoid of company data should be brought to high risk countries, and which are also promptly wiped clean upon return. And if that's not adequate, security vendor McAfee goes a step further: If any employee's device was inspected at the Chinese border, the device will never again be allowed to plug into McAfee's network, reports the Times.

More...

Nortel faced corporate espionage from China-based hackers for more than a decade

thestar.com

Fallen telecommunications giant Nortel was the subject of international industrial espionage for more than a decade, according to reports obtained by the Wall Street Journal.

Hackers thought to be based out of China downloaded research and development reports, business plans and employee emails from Nortel’s corporate computer network since 2000.

The corporation, now in the process of selling itself off bit by bit after filing for bankruptcy in 2009, was breached by the hackers when seven passwords of top Nortel executives were stolen.

The hackers also placed spyware so deep into some employee computers it escaped detection. The Journal reports that some of those computers may have been moved to the companies that bought up Nortel assets.

Parts of the company now belong to Avaya Inc., Ciena Corp, Telefon AB L.M. Ericsson and Genband Corp.

Nortel did not take the threat of a security breach seriously, said Brian Shields, a former senior advisor in security systems at Nortel who conducted an internal investigation into the matter.

Shields told the Journal that Nortel that the hackers “had access to everything… They had plenty of time. All they had to do was figure out what they wanted.”

His report says Nortel also failed to determine whether its products were compromised by hackers, and did not disclose the security breach to investors or the buyers snapping up parts of the firm.

More...

Businesses bugged by end point security risks

news.techeye.net

Businesses are not doing enough to protect against software security flaws according to a report, effectively leaving the doors wide open to cyber criminals.

The latest Yearly Report from security outfit Secunia has shown that more should be done in the software industry to ensure that patching strategies are in place, with end point vulnerabilities on the rise.

The problem is  stemming from third party non-Microsoftprograms, with the number of vulnerabilities on end points increasing from 45 percent in 2006 to 78 percent last year.  Third party programs are considered to be more difficult to keep updated, but the report highlighted how the majority of vulnerability disclosures were released on the day of discovery by firm responsible. 

Despite this the report showed that there are considerably more problems emanating from third party software than from operating systems.   Operating systems accounted for 12 percent of vulnerabilities, while Microsoft programs were accountable for just 10 percent.

However this still meant an increase to over 800 vulnerabilities according to the Secunia report, meaning that the number has increased threefold in just a few years.   Of these over half were considered to be ‘Highly’ or ‘Extremely’ critical

More...

Chinese espionage cases touch DuPont, Motorola

reuters.com

Feb 8 (Reuters) - U.S. prosecutors expanded a criminal case over the alleged theft of industrial secrets from chemical giant DuPont, securing an indictment against a Chinese company on economic espionage-related charges.

A Northern California grand jury indicted Pangang Group for conspiracy to commit economic espionage and other charges including conspiracy to steal trade secrets, according to court documents unsealed on Wednesday.

Pangang, a state-owned steel manufacturer in Sichuan province, allegedly worked with a California businessman and others to obtain several valuable trade secrets from DuPont, the indictment says.

Separately, a former engineer for Motorola Inc was found guilty on Wednesday of stealing trade secrets from the company but cleared of economic espionage for China.

The latest developments in the two cases come as Chinese Vice President Xi Jinping is scheduled to visit the United States next week on a range of economic, trade, regional and global issues.

More...

HTC devices bugged and exposing Wi-Fi passwords

technobloom.com

A news report released today shows that some HTC devices might actually be exposing your Wi-Fi network password without you knowing about it, but the company said today that a fix is on the way.  The bug was noticed yesterday and allows some applications with basic Wi-Fi permissions to see the password and the name of your network, or SSID.  An alert from the US Computer Emergency Readiness Team was issued yesterday.  In the event that your HTC device was bugged an attacker could be using an application can potentially retrieve and store the information available to hack into the user’s home network.

More...

Anons' FBI Phone Snooping Casts Long Shadow on Cybersecurity

technewsworld.com

Members of Anonymous managed to tap into an FBI conference call recently, after which they put a recording of the call on the open Web. The news has raised concern in many corners of the security industry. "The odds are that cybersecurity at the FBI and Scotland Yard is on par with, or superior to, security at most corporations," Abrams said.

The hacker community Anonymous on Friday landed another blow in its war with the United States Federal Bureau of Investigation (FBI).

It posted an internal memo from the law enforcement agency about an upcoming international call to discuss hackers. Anonymous also put up a recording of the call itself onYouTube.

The attacks are part of a concerted hacker effort against the FBI.

"The information was intended for law enforcement officers only and was illegally obtained," the FBI said in a statement sent to TechNewsWorld by spokesperson Jenny Shearer. "A criminal investigation is underway to identify and hold accountable those responsible." 

The recorded call was a conversation between the FBI and Scotland Yard regarding tracking Anonymous members and other digital activists. It also involved other details about the efforts against such groups.

More...

Bugging equipment found in Mexico lawmaker offices

philstar.com

MEXICO CITY (AP) — A search of several Mexican lawmakers' offices turned up recording equipment, leading legislators to believe they have been spied on for years, a congressman said Wednesday.
Congressman Armando Rios said security personnel found microphones and other devices that seemed to have been installed years ago.

"Some of the equipment has newer technology, but other devices are from a long time ago, which leads us to believe they were installed years ago," said Rios, a member of the leftist Democratic Revolution Party, or PRD

Rios said the offices of key committees and of several lawmakers from different political parties were bugged.

"What is at stake is the vulnerability of the legislature, of one of the powers of the union," Rios said.

Congress president Guadalupe Acosta, also of the PRD, on Tuesday filed a complaint with federal prosecutors, who opened an investigation.

Acosta wouldn't identify the lawmakers who were being spied on or who he thinks was behind the espionage. Rios blamed the government of President Felipe Calderon, who belongs to the conservative National Action Party, or PAN.
Interior Secretary Alejandro Poire denied Rios' accusations and said the government has done nothing illegal.

Mexico's main intelligence agency allegedly spied on the government's political opponents during the 71 years of rule by the Institutional Revolutionary Party, or PRI.

After PAN candidate Vicente Fox won the 2000 presidential election, he announced that the agency, the Center for National Security and Investigation, would no longer spy on political opponents. But in 2008, under Calderon, the agency hired a private company to monitor the activities of legislators.

Legislators complained they were being spied on but the government said it was simply collecting public information.

More...

DARPA-Funded Hacker's Tiny $50 Spy Computer Hides In Offices, Drops From Drones

forbes.com

Even more embarrassing than a student discovering your GPS tracking device on his car, as the FBI found out last year, is having to ask him to give the expensive piece of equipment back.

So security researcher Brendan O’Connor is trying a different approach to spy hardware: building a sensor-equipped surveillance-capable computer that’s so cheap it can be sacrificed after one use, with off-the-shelf parts that anyone can buy and assemble for less than fifty dollars.

At the Shmoocon security conference Friday in Washington D.C., O’Connor plans to present the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the hardware in a commercially-available PogoPlug mini-computer, a few tiny antennae, eight gigabytes of flash memory and some 3D-printed plastic casing, the F-BOMB serves as 3.5 by 4 by 1 inch spy computer. And O’Connor has designed the cheap gadgets to dropped from a drone, plugged inconspicuously into a wall socket, thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wifi network. With PogoPlugs currently on sale at Amazon for $25, O’Connor built his prototypes with gear that added up to just $46 each.

“If some target is surrounded by bad men with guns, you don’t want to have to retrieve this, but you also don’t want to have to pay four or five hundred dollars for every use,” says O’Connor. “The idea is that it’s as close to free as possible. So you can throw a bunch of these sensors at a target and get away with losing a couple nodes in the process.”

More...