Shhh… BadUSB Evil Accessories

Think thrice next time before you plug in USB devices like keyboard, flash memory, webcam, speakers, hub, mice, etc, into your computer as the occasional virus scan and install is no longer safe.

ToyUSB

Several reports have now emerged that hackers could now load malicious software onto cheap petite chips that control the functions inside these devices which have nothing to shield against any tampering of their code.

In other words, these so called BadUSB are reprogrammed into a new form of covert weapons to spoof and take control of a computer, smuggle out data and also spy on the user.

Karsten Nohl, chief scientist with Berlin’s SR Labs will demonstrate these findings in a Black Hat security conference in Las Vegas scheduled 2-7 August 2014.

 

When the Boss Hacks

Hot Mails

There is an unspoken underlying tension in the workplace on privacy matters relating to office telephones, computers, emails, documents, CCTV cameras, etc. Employers like to think they reserve the right to probe what they consider their property while employees believe their turf is clear from invasion.

This tension is nowhere better exemplified than by reports last Thursday that operatives with US tech giant Microsoft Inc. hacked into a blogger’s Hotmail account in the course of an investigation to try to identify an employee accused of stealing Microsoft trade secrets.

And it is not uncommon in my business to encounter client complaints about potential espionage and other alleged misconduct by their employees, leading to their consideration to search the (company-owned) computers, emails, phone records, etc.

Find out more from my latest column here and there.

Coping With Offline Snoops

Latest NSA Revelations Not the End of the World

The latest NSA revelations about their ability to penetrate into computers that are not even connected to the Internet may have caused deep concerns but there are at least 2 defensive measures one can undertake.

You can find out more from my latest column here.

Security Lapse at the EU Summit

Security officials leave an easily tapped device in closed-door conferences of European leaders

In photos made public of several closed-door bilateral meetings between various European leaders last week, there were two common denominators. One was the presence of the French President Francois Hollande. The other was the VoIP phone on the desk. The question is: What is that phone doing there?

In the middle of a major brouhaha over charges that the US National Security Agency had allegedly monitored the phone conversations of foreign diplomats, the officials in those photos were speaking to each other in the presence of this easily-tapped device.

What these these photos highlight is a security lapse, thus generating many questions: What else have European countries missed and not done to better protect their leaders from American or any eavesdropping?

You can find the entire column here and there.

The Demise of the Cloud

NSA Snooping Compromises the Cloud Computing Industry

Facebook CEO Mark Zuckerberg complained last week that trust in social networks and Internet companies has dived ever since cyber snooping and spying activities by the US National Security Agency began to make global headlines earlier this year.

It is no surprise. In fact, as fugitive former NSA operative Edward Snowden pointed out, the encryption system adopted by the International Organization for Standardization and its 163 member countries were actually written by the NSA, convincing proof that online platforms being used by Internet companies and the commercial world, including banks, could in fact be easily compromised by the NSA.

In other words, the NSA designed their own secret back door into the global encryption system for their convenience. So until the encryption system has been overhauled and taken away from NSA’s control, no server and no cloud service provider is secure enough to be entrusted with any confidential data.

So why then are blindly trusting companies still moving ever more data into the cloud and onto servers, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances, etc., is available to the US snoops?

You can find the entire column here.

Was Edward Snowden A Spy?

Or was Dick Cheney looking for a cheap excuse to play politics?

Edward Snowden with his sudden departure from Hong Kong for Moscow and eventually elsewhere, possibly a country hostile to the US, would reignite the question if he’s a spy or double agent.

But the allegations made last week by former US vice president Dick Cheney that the National Security Agency whistle-blower Edward Snowden could be a spy for China is off track, and he knows it, and are a deliberate public distraction as the Obama administration searches for scapegoats in the midst of defending the NSA surveillance programs with their one and only trump card.

Snowden left with his passport annulled, a warrant on his head plus criminal charges of espionage, theft and communicating classified intelligence to unauthorized persons.

But here is the dichotomy: While the corporate world is still coping with US regulations on better corporate governance practices, where does the notion of whistleblowing stand right now?

Please read the entire column here.

The Spying Game

Spies in the newsroom? Or spying on newsrooms? There’s far too much of both

(The Inside Story of the Bloomberg Spying Scandal – and Snooping on the Associated Press – and Some Remedies.)

I often get strange, tough questions from the clients of my business intelligence and commercial investigation firm, but the recent bombardments highlight a new trend: bloated or irrational paranoia, depending on your take.

Should I stop using emails? Would you recommend a personal VPN? Is it safer to discuss in person than over an electronic device?

Just last week, one client pondered whether he should be using the Bloomberg terminal and another questioned if his phone, video and Skype calls were safe. I can’t blame them. Just look at the headline news the past week alone…

Please read the full column here.

Big Brother Meets Big Data

The Security Assault on Social Networks

Forget hacking. It works but it’s illegal.

Big data mining is the future of cyber espionage. It is not illegal as long as the data is open source and in the public domain. And all that data on “open” social networking Web sites are most vulnerable.

Two recent commercially developed software packages could soon be giving your government and employer and possibly anyone else who is interested – ways to spy on you like never before, including monitoring your words, your movements and even your plans now and into the future.

Please read the full column here and there.

DIY Counter Espionage

Spying on Spies

The FBI probe into the scandal involving former CIA director David Petraeus and his mistress may have stolen global headlines the past week.

But there is something else the FBI knows that should warrant more attention. Something closer to those of us less exalted than the boss of the world’s most famous spy agency.

The FBI is known to have video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.

There were recent media reports of similar incidents. The FBI is now showing the clip as a warning to corporate security experts of major US companies.

The FBI also warned some months ago about the risks of using hotel wi-fi networks and recommended all government officials, businessmen and academic personnel take extra caution when traveling abroad.

Whilst the corporate world is often most at risks, the average citizens are also highly vulnerable, especially to electronic surveillance on home and foreign soil.

So what can one do to protect the personal data and business secrets on the computers, especially when traveling abroad?

Please read full article here and there.

How to Beat the CIA and Protect Your Data

A little secret and long overdue column – as I have promised some weeks ago.

How about leading a cyber lifestyle without the risks of compromising your computer, privacy and precious confidential data… ie. your life?!

There’s an easy solution and you do not have to be a computer expert. But the CIA, MI6, etc, wouldn’t want you to know the trick… because you can beat those spies and hackers by going online and leaving no trace.

Read the full article here.

Shhh… Spying on Journalists

The Pentagon’s recent sworn: They won’t spy on journalists.

(Yeah right…. Yes, I hear you at the back.)

The US Defense Secretary Leon Panetta gave an order July 19 to clampdown on classified leaks from the Pentagon and “monitor all major, national level reporting”.

This raised immediate concerns amongst the press as journalists wondered: is the Pentagon planning to spy on their very act of reporting or simply to conduct wide-sweeping news scans for supposedly leaked information? The former, left to one’s imagination, could include wiretapping, surveillance and various forms of intrusive acts.

The Pentagon press secretary George Little reportedly replied in writing:

“The secretary and the chairman both believe strongly in freedom of the press and encourage good relations between the department and the press corps.” (Read this).

Meanwhile, a true story, I know a journalist who was spied upon by a Chinese intelligence agent.

The agent apparently tried to recruit the reporter by offering “huge rewards” if he cooperates and collects information about certain individuals under the pretense of combing background data for potential stories.

This journo friend declined outright but not long after, he suspected his phones were bugged and asked for help.

My advice?

Quite simply though cumbersome: buy and replace regularly several low-value, use-and-dispose SIM cards, several used cellular phones (the pre-smartphone days type like those good old Nokia, Ericsson, Motorola, etc) and used laptops.

In short, change your phone and cyber lifestyle – at least for the time being (Refer to my earlier commentary: Shhh… How to Beat the CIA and Protect Your Data).

Shhh… Spies Boundary

I just picked up 2 interesting reports on surveillance matters.

It was reported that the FBI claimed its surveillance on those involved in the Occupy movement is within legal boundaries and did not cause “unnecessary intrusions into the lives of law-abiding people.”

This came after the American Civil Liberties Union used the Freedom of Information Act to secure FBI surveillance documents on the movement in a lawsuit and asked why the agency withheld two-thirds of its records and subsequently cited national security as a reason for the nondisclosure (Read this).

On the other side of the Atlantic Ocean, the civil rights group Liberty used the UK Data Protection Act to represent a disabled woman in a legal action against a commercial security firm and its undercover surveillance “usual practice” which, as part of their investigative works for insurance companies, send agents disguised as delivery men to spy on the sick and disabled in their homes (Read this).

These are just going to lead to endless debates. Watch this space, I might post a column on this topic.

 

Shhh… Counting Spies

Interesting spy updates over the past few days.

Question: where do you think is the spy capital of the world?

Hint: Starts with letter B.

Did someone say Bei….?

Answer: Brussels.

Say what, Brussels?! Well, that’s according to Belgian intelligence chief Alain Winants, who added that spies usually pretend to be diplomats, journalists, lobbyists, businessmen or students (Read this – and please see my previous columns about spies pretending to be businessmen in China and students in US campus in Spy vs Spy and Espionage on Campus, respectively).

Now speaking of diplomats, the well known intelligence historian and collector of spy gadgets H. Keith Millon reportedly claimed “there are more spies at the United Nations than diplomats” (Read this).

The latter piece is not surprising but much depends on one’s definition of spy. But then again, given Million’s reputation in the intelligence trade…

Spies and the Airport Screening Machine

The US works out a free ride for its spooks

I have always fancied having a smorgasbord of passports, each bearing a different name, country of citizenship and photo — just like the spies as we know them, or at least as we understand them from spy fiction and movies like James Bond and CIA agent Jason Bourne in the Bourne Trilogy movies.

However, airport security checks and immigration clearance must be a nightmare for real spies, undercover agents and intelligence officials these days as governments, increasingly wary of the growing sophistication of terrorists, have invented new technologies to try to detect them. Hence the increased tight security measures at airports over the world have created lots of inconvenience for the intelligence community. And the pseudo passports probably don’t even work, given the facial recognition checks on top of the fingerprint hassles that have become commonplace at immigration checkpoints across the globe.

The spymasters know and they care, and they set out to do something about it.

So in late July, the US Transportation Security Administration (TSA) – the agency within the US Department of Homeland Security that exercises authority over the security of the traveling public in America – reportedly put procedures in place to allow the employees of three US intelligence agencies to pass un-scrutinized through airport security checks with convenience… (Read the entire column here and there).

Shhh… The Safest Place to Hide Your Data

… is possibly in your mouth?!

I’m glad I have not gone that far yet but nevertheless happy to read this piece of news article. I always advised my friends not to leave their computers and phones in their hotel room, or unattended for that matter, as spies will not only break into their room but also their devices. In fact, in certain countries, these agents are tasked to target certain individuals and business travelers the moment they left the airport. And they will wait patiently for the opportunity to penetrate their data. As a rule of thumb, the bigger the city and the hotel, the bigger the risks… because Ahem, I know only too well from… never mind.

Anyway, no one seems to believe or take it seriously. So I’m glad this story printed not only what I always wanted to say but also gave insights on some interesting counter-measures. Kind of paranoid for the men on the streets but… I hope you don’t have to go so far as planting the SD card in your mouth.

Shhh… New Phones for Spies

Christmas comes early for spies this year.

The National Security Agency and Defense Information Systems Agency (the unit that manages all communications hardware needs for the Pentagon) are reportedly going to issue in December their newly developed smart phones and tablets based on commercially designed devices. Only a selected number of “customers” would get such a device as an early Christmas present, including spies and some high-level military and government officials.

These new phones and tablets are modified from commercial designs  – for good operational reasons – and thus mark a departure from the current use of special phones that stand out from the crowd and cost thousands of dollars. These ordinary looking devices will use some special Apps to optimize use of cloud computing and thus ease the risks of losing them and having sensitive data easily compromised.

And by the way, these modified devices run on Google’s Android operating system. Apple’s loyal worshippers will be left disappointed…

Shhh… New iPhone Spy App to Log the World

It’s the App, Stupid!

Sounds familiar? Yes, it’s often the software that matters more than the hardware.

Whilst the countdown to the new iPhone 5 release is grabbing headlines, there is reportedly a new Spy App for iPhone that should deserve even more attention. This is unlike any other past so called iPhone Spy software: imagine you can log all incoming and outgoing phone calls and SMS of a chosen target’s phone?!

Yes, I know. The potential for this new iPhone Spy App, if it’s true, will simply blow your socks off…

Shhh… Privileged Spies and Frequent Travelers

Airport security checks and immigration clearance must be a nightmare for spies, undercover agents and intelligence officials these days. The increased tight security measures at airports over the world have created lots of inconvenience for the intelligence community. And the pseudo passports probably don’t work, given the facial recognition checks on top of those fingerprint hassles that have become commonplace at immigration checkpoints across the globe…..

I will soon be posting my next column on this topic. Please visit again, thanks.

Pay Packages Are Not Licensed to Thrill

Kudos to the London Organizing Committee of the Olympic and Paralympic Games.

What better way to celebrate true British culture and identity (and yes, humor) than to have James Bond (actor Daniel Craig) escorting the Queen to the opening ceremony of the London Olympics in true 007 fashion?

A brilliant idea, but I have three immediate wishes.

I wish other English spy characters like Austin Powers and Johnny English had also featured in this truly comedic, quintessentially British moment.

I also wish all the past screen Bond actors were on hand to usher Her Majesty to her seat.

And I wish, ahem, US presidential hopeful Mitt Romney would play the role of party pooper and jump out of nowhere to spoil the event in his very own disconcerting way.

Well, no worries, all the real Bonds and security staff would jump forward to salvage the moment.

Fat chance.

The real Bonds are clearly stirred, shaken and not at all prepared to take extra risks, given their low morale and jaw-dropping poor compensation package. And the general public would probably not count on the outsourced security and protection industry as well (Read the entire column here and there).

Spy Vs. Spy

Spies multiply like coathangers in China and the US

How many intelligence — okay honestly, spy — agencies does a country really need?
Anywhere between eight and 17 and possibly more if you’re referring to China and the United States. The US, in fact, recently established its newest spy agency, which is specifically targeted at China, among others (Read the entire column here, here and there).

Espionage on Campus

It’s not all kegger parties – Spies may be watching

I received many nice pens as gifts from my folks when I embarked on my university studies. I reckon pens would be inappropriate in this modern digital age. What about a book, say on how to guard against spies in campus?
And why not? The parents may appreciate it given recent reports about foreign spies in American universities – and my personal encounters (Read the entire column here).