The New Face of Corporate Espionage

asiaworldmedia.com

Over the past five years, a highly sophisticated team of operatives have stealthily infiltrated more than 70 U.S. corporations and organizations to steal priceless company secrets. They did it without ever setting foot in any victim’s office. Sitting at undisclosed computers, they could be anywhere in the world.

This is the new face of corporate espionage. Thieves whose identities are safely obscured by digital tradecraft rather than a ski mask, are robbing companies of the ideas that are the source of American ingenuity.

We now rely on the Internet to do business, supply communities with power and water, communicate with loved ones and support our troops on the battlefield. Our digital infrastructure is part of our country’s lifeblood. Individual consumers, government agencies and small and large businesses are all increasingly vulnerable to growing threats.

However, there is another reason to care about Internet security that is less known: protecting U.S. competitiveness and jobs in the global economy.

In the coming weeks, Congress has an opportunity to do just that. As we mark National Consumer Protection Week — a time for consumer advocacy groups, private organizations and agencies at every level of government to highlight the ways individuals and families can protect themselves from scams, fraud and abuse — we are reminded of the role we each play in defending ourselves from online attacks and in securing cyberspace.

U.S. companies use information networks to create and store their unique ideas. The ideas power our economic growth. Every day, the networks of these companies, from large corporations to small businesses, are targeted by criminal organizations and nation-state thieves for these trade secrets.

More...

The Complicated World of Corporate Espionage

asiasentinel.com
Corporate espionage used to be rather straightforward – as the typical Coke-Pepsi textbook example illustrates, in which each tries to steal the other’s recipe for sugared water. It is a crime when someone steals company data/trade secrets and passes it to a business rival. 

Well, yes -- but not quite, in the case a series of court decisions in the United States that complicate the issue considerably. One involves a former Goldman Sachs computer programmer, Sergey Aleynikov, a Russian who immigrated to the United States in 1991 and who was arrested by FBI agents on July 3, 2009, at Newark International Airport. 

Aleynikov was subsequently jailed in December 2010 for stealing code from Goldman Sachs’ high-frequency trading platform, a lucrative new segment of Wall Street that uses complex computer algorithms to convert minute price discrepancies into quick profits through rapid fire trades. He had served one year of his eight-year sentence when he was freed by the Court of Appeals for the Second Circuit in New York in mid-February.

The court offered no explanation for overturning his conviction other than stating an opinion would be issued “in due course,” according to The New York Times.

Aleynikov allegedly stole the source code used in driving those high frequency trades at his employer prior to joining a new competitor, with plans to set up a similar trading platform – he allegedly uploaded the code onto a computer server in Germany, encrypted and downloaded it into his home computer, laptop and memory stick and took the data with him when he joined the new company.


More...

NATO Commander Facebook Pages Used In Spying Attempt

redorbit.com

A fake Facebook account set up in the name of NATO’s supreme allied commander was allegedly used by spies in an attempt to swipe personal information from military personnel and various other top secret information, according to multiple news reports published over the weekend.

According to Nick Hopkins of The Observer, falsified social networking pages supposedly belonging to Admiral James Stavridis is believed to have been coordinated by Chinese espionage agents who had hoped to trick his friends and family members into revealing private information — either about him or about themselves.

Telegraph Investigations Editor Jason Lewis reported Saturday that senior British military officers and members of the UK Ministry of Defense are believed to have been among those to accept “friend requests” from a fake Stavridis Facebook account.

“They thought they had become genuine friends of NATO’s Supreme Allied Commander — but instead every personal detail on Facebook, including private email addresses, phone numbers and pictures were able to be harvested,” he continued, adding that while officials are “reluctant” to identify the source of the espionage attempt, that the Telegraph “has learned that in classified briefings, military officers and diplomats were told the evidence pointed to ‘state-sponsored individuals in China.’”

More...

Revealed: Technical Surveillance Threats

Revealed: Technical Surveillance Threats


Spy Cam 101

Not long ago while on assignment, I was asked "How many times do you actually find technical surveillance threats?"
My answer was "Well, I would tell you but then I would have to...." Just kidding,  The real answer is more often than you would think..
Although, not every technical surveillance threat involves finding a device. It can also can mean discovering a technical surveillance vulnerability. Like for instance, the allowance of cellular devices (w/ cameras) or iPads in conference rooms and during high level meetings. Or, the allowance of digital recorders within these areas, just to name a few.

It's not always "James Bond" spy gear that turns up during a sweep.

But every now and then, I still discover a "surprise" that may (or may not) have been left behind...on purpose.

For example, take this pen & pencil holder discovered during the wee hours of the morning while sweeping the "Presidential Suite" of one of our clients facilities.

Plain looking enough, but take a closer look... Through our Thermal Imaging Camera... Notice that hot spot? So did we...It turned out to be a hardwired Spy cam, with audio....Here's another look..

This was only one of the technical surveillance threats found during this assignment. Yes, you heard me right, only one of several threats found...

So, the short answer is YES, technical surveillance threats (although crude) like the above are used for intel collection purposes by your adversaries. i.e.; disgruntled employee, competitor, corp spy, eavesdropper, etc.
So be aware, these types of surveillance threats could be lurking closer than you might think...

If you don't mind me asking, When was your last TSCM Sweep?  Not Sure?  Contact Me here. I can help.

Stay tuned for the next "reveal"....JDL

Unmasking the world’s most wanted hacker

foxnews.com

EXCLUSIVE: It was one of the hottest days of the year and evening temperatures were still sweltering when two FBI agents wearing bulletproof vests under their dark suits climbed the stairs of the Jacob Riis housing complex in New York’s Lower East Side on June 7, 2011. Drenched in sweat, they knocked on the steel door of a sixth-floor unit. It swung open to reveal a man in his late twenties wearing jeans and a white T-shirt.

“I’m Hector,” he said.

The agents were suddenly face-to-face with “Sabu,” the computer genius they had stalked for months, a quarry so elusive they hadn’t pinned down his identity and location until just weeks before. The suspected ringleader of the Anonymous offshoot group LulzSec, Hector Xavier Monsegur and his web minions had just completed a month-long reign of terror, hacking the CIA, Fox, Sony and several financial institutions, causing, according to some estimates, billions of dollars in damage around the world.

The nondescript public housing unit seemed an unlikely nerve center for one of the world’s most wanted criminal masterminds, but the 28-year-old Monsegur himself is a study in such contradictions. An unemployed computer programmer, welfare recipient and legal guardian of two young children, Monsegur did not go to college and is a self-taught hacker. Although his skills and intellect could command a lucrative salary in the private sector, those who know him say he is lazy, an underachiever complacent with his lifestyle.

More...

NASA lost 'full control' to hackers, pwned 13 times last year

theregister.co.uk

Cybercrooks broke into NASA's computer systems 13 times last year gaining "full functional control" of important systems in the worse cases, according to the testimony before the US Congress by the space agency's inspector general.

Paul Martin told a Congressional panel on information security at the space agency that NASA spent $58m of its $1.5bn annual IT budget on cyber security. The space agency has long been a prestige target for hackers of various skill levels and motivations, including profit-motivated malware distributors (cybercrooks) and intruders thought to be in the pay of foreign intelligence services.

Poorly implemented security policies mean that these attacks were often successful. In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorised access to its systems, Martin testified (PDF) before the US House Committee on Science, Space and Technology last Wednesday.

Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7m.

In the most serious of these incidents, hackers gained control of systems at NASA's Jet Propulsion Laboratory. The attack was traced back to IP addresses in China, Martin explained. Another of the most serious APT (advanced persistent threats) that hit NASA last year resulted in the extraction of user credentials from 150 space agency workers.