Electronic Eavesdropping & Wiretapping: Two More Reasons Businesses Need TSCM Inspections

There are two different types of wiretapping threats that can harm startups and established businesses alike -- especially if they house proprietary, confidential information.

When espionage hits. It feels like this.

First, there's government wiretapping. You might assume the simplest way to eliminate this threat is to abide by the law, but you’d be forgetting that, aside from the U.S. government, there are plenty of countries that have proven they’re willing to use Big Brother-style surveillance tactics to compromise private companies. If you work with an opposition party or in a sensitive industry in another country, your client’s government might target your business. 

Then, there's old-fashioned corporate espionage. If a competing company is desperate to get an edge over your business, it may use wiretapping to steal your information or otherwise compromise your company to gain an advantage. more

Murray's TSCM Tip # 623 - Hiding in Plain Sight - The USB Microphone

USB microphones have many legitimate uses, students recording lectures, for example. Much more sensitive than a laptop's built-in microphone, they are perfect for that application. They also make eavesdropping on co-workers very easy.

The Plausible Deniability Bonus... Hey, it's not a bug. It's a legitimate piece of office equipment.

If you see one of these in a laptop, always assume it is recording. Some USB microphones have a red tally light, but a dot of black paint (or a piece of electrical tape) can cripple that tip-off. 

From the seller...
"This microphone is capable of picking up all of the sounds in large room (range of approximately 80 feet) or it can pick up small area its up to you, because you control the amplifier power! It's small size makes it perfect for situations where you don't want to draw attention to the fact that you are recording audio right into your computer."

Visit counterespionage.com to learn more about what you can do to detect and deter electronic eavesdropping.

Security Researchers: Amazon Echo Can be Turned Into a Spying Device

Security researchers have recently shown that the popular Amazon Echo speaker can be hacked to eavesdrop on conversations without permission.

Security firm MWR InfoSecurity claims it was able to exploit a vulnerability which turns the Alexa-fueled device into a “wiretap” without altering its standard functionalities.

But before you get all alarmed, let us tell you the vulnerability was found to affect only 2015 and 2016 versions of the Amazon Echo. On top of that, in order to successfully hack the speaker, a hacker would need to have physical access to it. So you might want to lock your Amazon Echo away when your computer wiz cousin comes over for a visit. more

National Private Investigator Day - Birthday of Eugene Francois Vidocq

Today, July 24, marks National Private Investigator (PI) Day. National PI Day is a time dedicated to celebrate the contributions of licensed Private Investigators. It also provides an opportunity to demonstrate the value of professional Private Investigators to the public. After all, Private Investigators provide a fundamental and vital role in society today.

The July 24 holiday commemorates the birth year of Eugene Francois Vidocq, the very first Private Investigator who founded the first known detective agency in 1833. Vidocq’s birthday is on July 24. His legendary reputation is credited greatly with shaping the way law enforcement and investigations are carried out today.

More than 80,000 Private Investigator professionals across the United States will observe the holiday. These professional in the United States will also be joined by their international Private Investigator colleagues. Today, we say THANK YOU to all those who have made the commitment to serve as a Private Investigators.

Professional Private Investigators often find themselves working with attorneys, families, law enforcement officials, insurance companies, business owners and others. Their scope of services can vary greatly, but can include conducting background checks, finding missing persons, reuniting families, preventing fraud and abuse, and more. more

OSS 75th Anniversary - Awarded Congressional Gold Medal

This year marks the 75th anniversary of the Office of Strategic Services, an espionage unit that was crucial in winning World War II. And in time with the occasion, the agency is being awarded one of the nation’s highest civilian honors — Congressional Gold Medal. 

Before there was the CIA there was the OSS. The Office of Strategic Services was the predecessor to CIA and U.S. Special Operations Command that includes the Navy SEALs and the Green Berets.

The agency was created after the attack on Pearl Harbor and when it became apparent that Hitler was a threat to the world.

“The actual date is June 13th, 1942 when President Roosevelt signed the executive order 69 that created the OSS and named then Col. Donovan as its director. [Donovan] eventually became a two-star general,” said Charles Pinck, president of the OSS Society. Pinck’s father was part of the OSS who went behind enemy lines in China, which was occupied by the Japanese...

“They were out of the box thinkers. They were daring, they were extraordinary,” said Patrick O’Donnell, author of four books on the OSS and an expert on special operations history. more

Extra Credit - Spy Gadgets of World War II

Business Espionage: Half of German Firms Hit by Spying Last Two Years

More than half the companies in Germany have been hit by spying, sabotage or data theft in the last two years, the German IT industry association Bitkom said...

Some 53 per cent of companies in Germany have been victims of industrial espionage, sabotage or data theft in the last two years, Bitkom found – up from 51 per cent in a 2015 study...

Arne Schoenbohm, president of Germany’s BSI federal cyber agency, said many big companies and especially those operating critical infrastructure were generally well-prepared for cyber attacks. But many smaller and medium-sized companies did not take the threat seriously enough, he said...

Some 62 per cent of companies affected found those behind the attacks were either current or former employees. Forty-one per cent blamed competitors, customers, suppliers or service providers for the attacks, Bitkom said...

The BSI urged companies in Europe’s largest economy to make information security a top priority... more

Spy House for Sale

MONTCLAIR, N.J. (AP) — A New Jersey home that has been vacant since the FBI arrested a family of undercover Russian spies living there is heading for sale.

Vladimir and Lydia Guryev lived in the home in Montclair under the names Richard and Cynthia Murphy before they were arrested in 2010 along with eight other spies accused of leading double lives, complete with false passports, secret code words, fake names, invisible ink and encrypted radio.

The parents of two young daughters had pleaded guilty to conspiring to act as an unregistered agent of a foreign country and were deported to Russia in exchange for four people convicted of betraying Moscow to the West being let out of prison there.

Their story partially inspired the FX drama “The Americans,” about two undercover Russian spies that live in the U.S. with two young children. more

The Case for Corporate Counterintelligence

Excellent article explaining why corporations need a Counterintelligence Program. Make sure your program is holistic. Round it out by adding in Technical Surveillance Countermeasures (TSCM), and technical information security elements. 

Q: I am trying to garner support for creating a corporate counterintelligence (CI) program within our security organization; we are an international company with people and facilities in multiple countries. What does a “good” corporate CI program look like?

A: ...For its lifeblood, does your organization rely on: Patented or copyrighted products? Trade secrets? Proprietary information, technology, services or processes? Are supply chain vendors/subcontractors hired to support any of those areas? Is research and development a core capability? Does your organization provide goods or services not provided by anyone else? Are foreign nationals employed in the organization (domestically or internationally)? Are US citizen employees assigned to facilities outside the US? If you answered yes to any of these, then your organization is a viable candidate for a dedicated CI program... more

Eavesdropping Comes Out of the Closet – Gets Job as Reality Show

There are some people who love to eavesdrop — they can't help themselves. Then there are others who not only love to listen in, but also have a strong case of schadenfreude and take pleasure in the hardship of others. For these special individuals, there's a podcast that will be their newest obsession: Where Should We Begin.

Couples therapist and author Esther Perel hosts this addictive series, and it's better than reality TV, because you know these drama-filled conversations aren't scripted. During each session, strangers can listen in on private therapy sessions with the psychologist from Belgian. Although the names and identifying characteristics are left out, everything else is fair game in the episodes. more
 

Amazing $1.00 Gadget for Savvy Investigators

I recently came across this gadget on eBay.

It's a Bluetooth wireless remote control for smartphones (iOS & Android). Basically made for the selfie crowd, investigators will find applications for it as well. Not bad for a buck.

It comes with a battery. No instructions needed. Just flip the side switch, and pair it with your phone.

You can now be up to 30 feet away from your phone and snap photos, or take movies.

How can you go wrong for $1.00? Did I mention shipping was FREE! The catch... it will take about a month to arrive. Mine came from Thailand, probably via message in a bottle.

Need one quicker, a California ebay'er has them for $4.20, Free shipping.

Yet Another Caught on Open Microphone

Off-topic comments between OJ Simpson and his lawyer were caught on a hot mic as the parole board returned to tell him their decision. 

Among the things discussed were cookies, ice cream, President Donald Trump and former Associated Press Special Correspondent Linda Deutsch, who covered Simpson’s double murder trial.

“My best to my favorite lady, you know who I’m speaking of,” he said. “Tell her I wanted to call her but I don’t call anybody from here other than my family.” more

People are caught on open microphones quite often.
Rule #1 - If you see a microphone assume it is on. Watch what you say.
Rule #2 - If you don't see a microphone, don't assume one is not there and listening. Watch what you say, until you have had the area swept by a competent Technical Surveillance Countermeasures (TSCM) team.

How to Get Away with Spying for the Enemy

If you like real-life, bizarre, spy stories, this may really interest you.

How does someone get away with helping a foreign adversary? We dig into the gonzo story of an American acquitted of spying for the Soviets—even after he confessed to it.

The founder of an investment firm in Hawaii, Rewald lived like a Master of the Universe, traveling the world, driving expensive cars, staying in expensive hotels and throwing expensive parties.

Smith, by contrast, was a Mormon who lived in Utah with his wife and four children. A former case officer in intelligence with the United States Army, he had resigned from his job at the start of the 1980s to spend more time with his family. Smith sought to make a new life for himself as an entrepreneur; when VHS tapes were still cutting-edge, he began a service to make video diaries and testimonials for families to pass down from one generation to the next.

The common thread between Reward and Smith was espionage... more

Yet Another Caught on Open Microphone

Israel's Benjamin Netanyahu caught on microphone slamming EU in Budapest...
Conference organizers quickly cut his microphone when they realized his closed-door comments were broadcast... Netanyahu was inadvertently picked up by a live microphone on Wednesday calling the European Union "crazy" and admitting to missile strikes in Syria... After a few minutes it became clear that journalists could hear the comments and the sound was cut. more

People are caught on open microphones quite often.
Rule #1 - If you see a microphone assume it is on. Watch what you say.
Rule #2 - If you don't see a microphone, don't assume one is not there and listening. Watch what you say, until you have had the area swept by a competent Technical Surveillance Countermeasures (TSCM) team.

Information Security's Curse - The Ostrich Effect

A new study by OneLogin has revealed that a large proportion of businesses fail to adequately protect their networks from the potential threat posed by ex-employees.

The firm surveyed more than 600 IT decision-makers in the UK and found respondents were aware that over half (58%) of former employees are still able to access corporate networks even after they’ve left a company...



“Our study suggests that many businesses are burying their heads in the sand when it comes to this basic, but significant, threat to valuable data, revenue and brand image,” said Alvaro Hoyos, chief information security officer at OneLogin. more

Corporate Espionage in Mining