Canada - Workers preparing the former Nortel complex as the new home for the Department of National Defence have discovered electronic eavesdropping devices, prompting new fears about the security of the facility.
It’s not clear whether the devices were recently planted or left over from an industrial espionage operation when Nortel occupied the complex...
Recently released DND documents indicate that concerns about the security surrounding the former Nortel campus at 3500 Carling Ave. were raised last year...
Last year it was also revealed that Nortel had been the target of industrial espionage for almost a decade... (more)
Note: Nortel Networks Corporation was once a major data networking and multinational telecommunications company. The company filed for protection from creditors on January 14, 2009 and later shut its doors.
Monday, 30 September 2013
Saturday, 28 September 2013
Commercial Espionage Fears Prompts... a conference?!?!
Jamacia - Commercial espionage affecting Jamaican businesses are to be addressed at a two-day conference on Cyber Security and Digital Forensics, to be staged at the University of the West Indies from September 30 to October 1.
Mr. Robinson said he became aware of the level of corporate espionage occurring in Jamaica recently, and the conference will address this concern in a fulsome way.
“We’re not talking about a man hacking into a website and defacing it. We’re talking about criminals doing this for financial gain, or to prove a point. They can hack into a critical national infrastructure and disrupt the country in a significant way; for example your Air Traffic Control system, and you know the damage that can be done,” the State Minister said.
“There are just so many ways someone with a computer can create havoc and we need to be on top of that as a country,” he emphasized. (more)
The "Let's Talk About This" love boat sailed a long time ago. It's time for action. BTW... Corporate espionage via computers is only one hole in your security dike. Be sure your security program handles it all.
“We’re not talking about a man hacking into a website and defacing it. We’re talking about criminals doing this for financial gain, or to prove a point. They can hack into a critical national infrastructure and disrupt the country in a significant way; for example your Air Traffic Control system, and you know the damage that can be done,” the State Minister said.
“There are just so many ways someone with a computer can create havoc and we need to be on top of that as a country,” he emphasized. (more)
The "Let's Talk About This" love boat sailed a long time ago. It's time for action. BTW... Corporate espionage via computers is only one hole in your security dike. Be sure your security program handles it all.
Business Espionage - Bra Biz Ops Man Bugged
Michelle Mone's firm bugged director's office amid fears he was about to jump ship to ex-husband's new company, tribunal hears
MICHELLE MONE monitored recordings from a bug in a director’s office amid fears he was about quit for a job work with her ex, her new business partner claimed yesterday.
Eliaz Poleg told an employment tribunal he came up with the idea of bugging Scott Kilday’s plant pot.
Poleg – the chairman of the company formed from the sale of Michelle’s MJM firm – said he made the move as he had “extreme concerns” over Kilday’s loyalty to the troubled bra business.
Kilday now works for Michelle’s ex-husband Michael, who was bought out of MJM two days before the sale to MAS Holdings. Kilday walked out on MJM after finding the bug.
Poleg told the tribunal in Glasgow: “I know there was stuff on it because Michelle said she was listening and replacing the machine tapes. (more)
MICHELLE MONE monitored recordings from a bug in a director’s office amid fears he was about quit for a job work with her ex, her new business partner claimed yesterday.
Eliaz Poleg told an employment tribunal he came up with the idea of bugging Scott Kilday’s plant pot.Poleg – the chairman of the company formed from the sale of Michelle’s MJM firm – said he made the move as he had “extreme concerns” over Kilday’s loyalty to the troubled bra business.
Kilday now works for Michelle’s ex-husband Michael, who was bought out of MJM two days before the sale to MAS Holdings. Kilday walked out on MJM after finding the bug.
Poleg told the tribunal in Glasgow: “I know there was stuff on it because Michelle said she was listening and replacing the machine tapes. (more)
Friday, 27 September 2013
When Business Espionage Doesn't Work the Next Step is Sabotage
Real News or Business Sabotage? You decide...
The following "news story" was found in Yahoo News. It is filled with anonymous quotes, no proof, no substance, no follow-up with the side being attacked.
“Apple’s new operating system is making me nauseous and giving me a headache - just like when you try to read in the car,” says one user.
Others complain of “vertigo” when apps “zoom” in and out - and say that using iOS 7 devices has left them feeling ill for days.
Apple’s new iOS 7 operating system has been downloaded 200 million times - and some users are complaining that the animations make them seasick - or worse. (more)
To our clients... In addition to your TSCM bug sweeps and our other business espionage reductions, keep an eye out for business sabotage. Document it. Go after it.
“Apple’s new operating system is making me nauseous and giving me a headache - just like when you try to read in the car,” says one user.
Others complain of “vertigo” when apps “zoom” in and out - and say that using iOS 7 devices has left them feeling ill for days.
Apple’s new iOS 7 operating system has been downloaded 200 million times - and some users are complaining that the animations make them seasick - or worse. (more)
To our clients... In addition to your TSCM bug sweeps and our other business espionage reductions, keep an eye out for business sabotage. Document it. Go after it.
Monday, 23 September 2013
Yet Another Good Reason to Conduct TSCM Sweeps
Police have arrested eight men in connection with a £1.3m theft by a gang who remotely took control of the computer system of a Barclays bank branch.
A man posing as an IT engineer gained access to the Swiss Cottage branch in north London on 4 April, fitting a keyboard video mouse (KVM) device, which enabled the gang to remotely transfer funds to bank accounts under its control. (more)
Fingerprint Security Appears Risky on iPhone, and Elsewhere
Reason 1. - iPhone's fingerprint biometrics defeated, hackers claim.
Just one day after the new fingerprint-scanning Apple iPhone-5s was released to the public, hackers claimed to have defeated the new security mechanism. After their announcement on Saturday night, the Chaos Computer Club posted a video on YouTube which appears to show a user defeating Apple’s new TouchID security by using a replicated fingerprint. Apple has not yet commented on this matter, and, as far as I can tell, no third-party agency has publicly validated the video or the hacker group’s claim. In theory, the techniques used should not have defeated the sub-dermal analysis (analyzing three dimensional unique aspects of fingerprints rather than just two-dimensional surface images) that Apple was supposed to have used in its fingerprint scanner. (more)
Reason 2. - Mythbusters.
Reason 3. - When You're Busted.
Police can't compel you to spill your password, but they can compel you to give up your fingerprint.
"Take this hypothetical example coined by the Supreme Court: If the police demand that you give them the key to a lockbox that happens to contain incriminating evidence, turning over the key wouldn’t be testimonial if it’s just a physical act that doesn’t reveal anything you know.
However, if the police try to force you to divulge the combination to a wall safe, your response would reveal the contents of your mind — and so would implicate the Fifth Amendment. (If you’ve written down the combination on a piece of paper and the police demand that you give it to them, that may be a different story.)" (more)
Just one day after the new fingerprint-scanning Apple iPhone-5s was released to the public, hackers claimed to have defeated the new security mechanism. After their announcement on Saturday night, the Chaos Computer Club posted a video on YouTube which appears to show a user defeating Apple’s new TouchID security by using a replicated fingerprint. Apple has not yet commented on this matter, and, as far as I can tell, no third-party agency has publicly validated the video or the hacker group’s claim. In theory, the techniques used should not have defeated the sub-dermal analysis (analyzing three dimensional unique aspects of fingerprints rather than just two-dimensional surface images) that Apple was supposed to have used in its fingerprint scanner. (more)
Reason 2. - Mythbusters.
Reason 3. - When You're Busted.
Police can't compel you to spill your password, but they can compel you to give up your fingerprint.
"Take this hypothetical example coined by the Supreme Court: If the police demand that you give them the key to a lockbox that happens to contain incriminating evidence, turning over the key wouldn’t be testimonial if it’s just a physical act that doesn’t reveal anything you know.
However, if the police try to force you to divulge the combination to a wall safe, your response would reveal the contents of your mind — and so would implicate the Fifth Amendment. (If you’ve written down the combination on a piece of paper and the police demand that you give it to them, that may be a different story.)" (more)
Is Your Cell Phone Talking to Your Carrier, or Behind Your Back to a Rogue?
It's not easy to tell, but very important if you want to have a confidential conversation.
What is a rogue or IMSI catcher?
"An IMSI catcher is essentially a false mobile tower acting between the target mobile phone(s) and the service providers real towers. As such it is considered a Man In the Middle (MITM) attack. It is used as an eavesdropping device used for interception and tracking of cellular phones and usually is undetectable for the users of mobile phones. Such a virtual base transceiver station (VBTS) is a device for identifying the International Mobile Subscriber Identity (IMSI) of a nearby GSM mobile phone and intercepting its calls." (more)
Folks with a Cryptophone know...
"Each week an increasing number of Cryptophone customers are becoming aware of disturbing, yet unfortunately not surprising changes to the cellular network in their area.
This screenshot sent in by a customer shows the Cryptophone 500 alerting them to changes in the mobile network. In this case standard network encryption has been turned off. This is often an indication that a rogue base station or “IMSI Catcher” is active in the area.
While this knowledge would be of great to concern to most people, Cryptophone users can rest easy knowing that even in the presence of an ‘active’ attack’s like this, their communications are still completely secure." (more) (more)
Think the problem is theoretical?
"Recently leaked brochures advertising next generation spy devices give outsiders a glimpse into the high-tech world of government surveillance. And one of the most tantalizing of the must-have gizmos available from a company called GammaGroup is a body-worn device that surreptitiously captures the unique identifier used by cell phones." (more)
"Hacker intercepts phone calls with homebuilt $1,500 IMSI catcher, claims GSM is beyond repair" (more)
What is a rogue or IMSI catcher?
"An IMSI catcher is essentially a false mobile tower acting between the target mobile phone(s) and the service providers real towers. As such it is considered a Man In the Middle (MITM) attack. It is used as an eavesdropping device used for interception and tracking of cellular phones and usually is undetectable for the users of mobile phones. Such a virtual base transceiver station (VBTS) is a device for identifying the International Mobile Subscriber Identity (IMSI) of a nearby GSM mobile phone and intercepting its calls." (more)
Folks with a Cryptophone know...
This screenshot sent in by a customer shows the Cryptophone 500 alerting them to changes in the mobile network. In this case standard network encryption has been turned off. This is often an indication that a rogue base station or “IMSI Catcher” is active in the area.
While this knowledge would be of great to concern to most people, Cryptophone users can rest easy knowing that even in the presence of an ‘active’ attack’s like this, their communications are still completely secure." (more) (more)
Think the problem is theoretical?
"Recently leaked brochures advertising next generation spy devices give outsiders a glimpse into the high-tech world of government surveillance. And one of the most tantalizing of the must-have gizmos available from a company called GammaGroup is a body-worn device that surreptitiously captures the unique identifier used by cell phones." (more)"Hacker intercepts phone calls with homebuilt $1,500 IMSI catcher, claims GSM is beyond repair" (more)
"Septier IMSI Catcher (SIC) has been designed as a tactical solution intended to extract GSM entities. Based on the Septier GUARDIAN infrastructure, Septier IMSI Catcher provides its users with the capability of extracting IMSI and IMEI of GSM Mobile Stations (MS) that are active in the system's effective range.
Septier IMSI Catcher is the perfect solution for both extracting identities from MS in its area of coverage (when these identities are previously unknown) and detecting the presence of known cell phones in the area, notifying the system user about those phones. Septier IMSI Catcher can be equipped with an add-on 3G module that allows identity extraction for 3G cell phones as well. It has several configurations that allow meeting the specific requirements of every operation and are suitable for various working conditions." (more)
Saturday, 21 September 2013
PRISM as part of the BLARNEY program
(Updated: September 25, 2013)
Last June, the still on-going Snowden-leaks started with the unveiling of PRISM, an NSA program which collects information about foreign targets from American internet companies like Facebook, Google, Yahoo and Microsoft.Since then, no new information about PRISM was published, but recently some new details could be found. These show that PRISM is part of another NSA program, codenamed BLARNEY, and that US-984XN is not a single designator for PRISM, but stands for multiple designators, one for each of the internet companies.
New slides
On September 8, the Brazilian television news magazine Fantástico aired a report about the NSA trying to access the network of the Brazilian oil company Petrobras. In the background of this report, a number of hitherto unseen NSA slides were shown.
One of the slides shows details about the BLARNEY program, which has the SIGAD, or SIGINT Activity Designator US-984 and the PDDG, or Producer Designator Digraph AX. The slide says that BLARNEY collects DNR (telephony) and DNI (internet) communications under authority of the FISA court. Main targets of the program are diplomatic establishments, terrorists, foreign governments and economic targets:
Top left the slide shows the NSA seal and top right we see a green leprechaun hat with a clover leaf, symbolizing Blarney, as this is also the name of a small town in Ireland.
However, the most intesting fact is that the BLARNEY SIGAD US-984 is almost the same as US-984XN, which is prominently shown on the first slide of the PRISM presentation that was published in June:
This similarity indicates that PRISM is part of BLARNEY, which is also suggested in the Wikipedia article about the latter program.
SIGADs
Wikipedia also has a good article about the SIGAD or SIGINT Activity Designator itself, which teaches us that a SIGAD with two letters followed by three or four numbers, like US-984, is for identifying signals intelligence collection programs and activities.
An additional alphabetic character is added to denote a sub-designator for a subset of the primary collection unit, like a detachment. Lastly, a numeric character can be added after the aforementioned alphabetic to provide for a sub-sub-designator. This already confirms that with the designation US-984XN, PRISM is a sub-program of BLARNEY.
But there's more. In the Wikipedia-article the SIGADs are represented like XX-NNNxn, where an X represents an alphabetic character and an N represents a numeric character. Here we see the same XN-suffix as in the alleged PRISM designator US-984XN, so it seems that XN is only meant as a placeholder for the actual designations of PRISM subsets.
This is confirmed by another slide from Brazilian television, which says that the SIGAD US-984X stands for multiple programs and partners collecting under FAA authority:
PRISM SIGADs
In one of the PRISM slides published in June, there's an explanation of the PRISM case notations. These start with a designation for each PRISM provider, like P1 for Microsoft, P2 for Yahoo, etc. (the first position in the slide below). These designators fit the XN-scheme of one alphabetic character followed by one numeric character.
If we combine this, it seems likely that instead of US-984XN as a single PRISM SIGAD, there might be actually the following multiple SIGADs, one for each of the internet companies:
- Microsoft: US-984P1
- Yahoo: US-984P2
- Google: US-984P3
- Facebook: US-984P4
- PalTalk: US-984P5
- YouTube: US-984P6
- Skype: US-984P7
- AOL: US-984P8
- Apple: US-984PA
After P8 for AOL, the final number becomes the letter A for Apple. Maybe this is because more than nine companies became involved, and so NSA chose to go on with hexadecimal numbers, so PA can be followed by PB, PC, etc.
Having separate SIGADs for each internet company makes sense, because a SIGAD identifies a specific facility where collection takes place, like a ship or a listening post. PRISM as a program is not such a facility, but comprises a number of them.
The notation of the multiple PRISM SIGADs is also more like that of other collection facilities, for example US-987LA and US-987LB for the Bavarian and Afghanistan listening posts of NSA's German partner-agency BND.
BLARNEY
Under BLARNEY, information is collected from both telephone and internet communications at facilities in the United States. The program was started in 1978 under the authority of the Foreign Intelligence Surveillance Act (FISA), which was enacted in the same year for regulating foreign intelligence collection in which communications of Americans could be involved. The SIGAD for BLARNEY collection under this initial FISA authority is US-984.
According to a report of the Wall Street Journal, BLARNEY was established with AT&T, for capturing foreign communications at or near key international fiber-optic cable landing points, like the AT&T facility Room 641A in San Francisco that was revealed in 2006. A similar facility was reportedly built at an AT&T site in New Jersey.
One of the doors of room 641A in the building of AT&T in San Francisco,
where the NSA had a secret internet tapping device installed,
which was revealed by an AT&T technician in 2006.
After the 2001 attacks these intercept capabilities were expanded to top-level telecommunications facilities within the United States, like main switching stations for telephone and internet traffic. These are accessed through arrangements with American internet backbone providers. Finally companies providing internet services like Microsoft, Google and Facebook were added.
Since 2008 this collection takes place under authority of the FISA Amendments Act (FAA) and the specific BLARNEY sub-programs and corporate partners are identified by SIGADs in the format US-984X. Except for PRISM, none of them are publicly known.
According to the recently disclosed US Intelligence Budget, NSA pays 65.96 million USD for costs made by corporate partners under the BLARNEY program. As PRISM is part of BLARNEY, it's possible that part of that money (maybe the 20 million mentioned in this slide?) is also for expenses made by the internet companies like Facebook, Google and Yahoo.
When PRISM was unveiled in June, the Guardian said this program was one of the main contributors to the President's Daily Brief, the top-secret document which briefs the US president every morning on intelligence matters. Being the PRISM parent program, BLARNEY is also one of the top sources to this document. According to a report by Der Spiegel, some 11,000 pieces of information reportedly come from BLARNEY every year.
This is shown in the slide below with a chart of the Top Ten Collection SIGADs from 2010-2011:
In green we see the signals intelligence sources where NSA's Special Source Operations (SSO) division uses arrangements with corporate partners, in blue the sources where there are no such arrangements needed, which means SSO can collect the data on its own.
By far the most productive sources are the programs under US-984X, which include PRISM. Second comes information from what is called "transit only" traffic under the FAIRVIEW program (US-990). The initial BLARNEY collection under US-984, which is apparently from the AT&T network, is the nineth most productive source.
Some more information about BLARNEY is in another slide that was shown on Brazilian television:
Click for a readable version
Among other things, the slide says that BLARNEY is used for gathering information related to counter proliferation, counter terrorism, foreign diplomats and governments, as well as economic and military targets. PRISM seems to be used against more or less the same targets, as can be seen in a lesser known slide of the famous PRISM powerpoint presentation:
(it seems the bottom part of this slide was blacked out by Brazilian media, as the Indian
paper The Hindu disclosed that this slide also mentions "politics, space, nuclear" as
topics under the header "India", and also information from Asian and African
countries is contributing to a total of "589 End product Reports")
Once again this makes clear that programs like BLARNEY and PRISM are used to gather information about the usual strategic and tactical topics and therefore not for spying on Americans or other ordinary people.
(Updated on September 23 with the slide describing US-984X, the slide with the PRISM topics, some additional information from the WSJ report and a new slide about the top ten FAA sources)
Wednesday, 18 September 2013
Ex-Sheriff Pleads Guilty to Wiretapping
WV - Former Clay County Sheriff Miles Slack pleaded guilty Tuesday to a federal charge that he hacked his wife’s work computer.
Slack entered the plea to a wiretapping charge Tuesday in U.S. District Court in Charleston. He faces up to five years in prison. Sentencing was set for Dec. 19.
The government said Slack secretly installed a keystroke logger on a computer in the Clay County Magistrate Court office in April where his wife worked. They were married at the time but have since divorced.
Spyware devices can be purchased online and typically are 1-2 inches long and attached to the keyboard cable. Once installed, they can intercept anything typed on that keyboard. (more)
Slack entered the plea to a wiretapping charge Tuesday in U.S. District Court in Charleston. He faces up to five years in prison. Sentencing was set for Dec. 19.
Spyware devices can be purchased online and typically are 1-2 inches long and attached to the keyboard cable. Once installed, they can intercept anything typed on that keyboard. (more)
Tuesday, 17 September 2013
Afraid of Getting a Virus from a Public Recharging Station?
For every scare, there is an inventor with an answer...
via int3.cc...
Have you ever plugged your phone into a strange USB port because you really needed a charge and thought: "Gee who could be stealing my data?." We all have needs and sometimes you just need to charge your phone. "Any port in a storm." as the saying goes. Well now you can be a bit safer. "USB Condoms" prevent accidental data exchange when your device is plugged in to another device with a USB cable. USB Condoms achieve this by cutting off the data pins in the USB cable and allowing only the power pins to connect through.Thus, these "USB Condoms" prevent attacks like "juice jacking".
Use USB-Condoms to:
* Charge your phone on your work computer without worrying...
* Use charging stations in public without worrying...
If you're going to run around plugging your phone into strange USB ports, at least be safe about it. ;-) (more)
via int3.cc...
Use USB-Condoms to:
* Charge your phone on your work computer without worrying...
* Use charging stations in public without worrying...
If you're going to run around plugging your phone into strange USB ports, at least be safe about it. ;-) (more)
New iPhones Are Coming - Learn How to Sanitize Your Old One
Planning on buying a new iPhone?
Whether you trade-in, sell or gift your old one, do this first. Erase all your personal data.
Here's how:
1. Plug your phone into the charger, or make sure you have enough charge to complete the process.
2. Take a moment to back-up the phone. iTunes or iCloud make this easy.
3. Go to SETTINGS > GENERAL > RESET
4. Press ERASE ALL CONTENT AND SETTINGS. Press CONFIRM.
5. (Optional) Press all the other RESETS.
6. Double-check to make sure all your data has gone to the bit-bucket in the sky.
Enjoy your new phone!
Whether you trade-in, sell or gift your old one, do this first. Erase all your personal data.
Here's how:
1. Plug your phone into the charger, or make sure you have enough charge to complete the process.
2. Take a moment to back-up the phone. iTunes or iCloud make this easy.
3. Go to SETTINGS > GENERAL > RESET
4. Press ERASE ALL CONTENT AND SETTINGS. Press CONFIRM.
5. (Optional) Press all the other RESETS.
6. Double-check to make sure all your data has gone to the bit-bucket in the sky.
Enjoy your new phone!
Monday, 16 September 2013
How Law Enforcement Can Watch Tweets in Real-time
BlueJay, the "Law Enforcement Twitter Crime Scanner," provides real-time, geo-fenced access to every single public tweet so that local police can keep tabs on #gunfire, #meth and #protest (yes, those are real examples) in their communities.
BlueJay is the product of BrightPlanet, whose tagline is "Deep Web Intelligence" and whose board is populated with people like Admiral John Poindexter of Total Information Awareness infamy.
BlueJay allows users to enter a set of Twitter accounts, keywords and locations to scan for within 25-mile geofences (BlueJay users can create up to five such fences), then it returns all matching tweets in real-time. If the tweets come with GPS locations, they are plotted on a map. The product can also export databases of up to 100,000 matching tweets at a time. (more)
BlueJay allows users to enter a set of Twitter accounts, keywords and locations to scan for within 25-mile geofences (BlueJay users can create up to five such fences), then it returns all matching tweets in real-time. If the tweets come with GPS locations, they are plotted on a map. The product can also export databases of up to 100,000 matching tweets at a time. (more)
New Mobile Survey Reveals 41% of Employees Are Deliberately Leaking Confidential Data
Congratulations and condolences to the nation’s CIOs for being responsible for data security.
There’s now more job security but now there’s less information security too. Because, according to a new survey from uSamp, 41% of workers used an unsanctioned cloud service for document storage in the last 6 months, despite the fact that 87% of these workers knew their company had policies forbidding such practices.
Welcome to the mobile workplace. It’s less secure and loaded with risk.
And, according to the research, the estimated annual cost to remedy the data loss is about $1.8 billion. So what’s a CIO to do? On the one hand, it’s her job to help employees remain productive, but it’s also her job to secure the company’s confidential information.
Six IT experts were asked about their take on the matter, here are their suggestions... (more)
There’s now more job security but now there’s less information security too. Because, according to a new survey from uSamp, 41% of workers used an unsanctioned cloud service for document storage in the last 6 months, despite the fact that 87% of these workers knew their company had policies forbidding such practices.
Welcome to the mobile workplace. It’s less secure and loaded with risk.
And, according to the research, the estimated annual cost to remedy the data loss is about $1.8 billion. So what’s a CIO to do? On the one hand, it’s her job to help employees remain productive, but it’s also her job to secure the company’s confidential information.
Six IT experts were asked about their take on the matter, here are their suggestions... (more)
"Secure" Integrated Circuit Chip Salami'ed into Spilling Secrets
A technique has been developed to bypass elaborate physical protections and siphon data off the most secure chips potentially including those used to protect military secrets.
The proof-of-concept technique demonstrated by researchers at Berlin's Technical University and security consultancy IOActive was successfully applied to a low-security Atmel chip commonly used in TiVo video recording devices. But the research team found that their complex and expensive attack could be applied to successfully pry data from highly-secure chips.
The attack used a polishing machine to mill down the silicon on the target chip until it was 30 micrometers thin.
The chip was then placed under a laser microscope fitted with an infrared camera to observe heat emanating from where encryption algorithms were running.
A focused ion-beam was then shot at the chip which dug a series of two micrometer -deep trenches in which wiretap probes were inserted.
Together, the elaborate techniques if bolstered by the use of more expensive equipment not available to the researchers could potentially bypass the most advanced chip security mechanisms. (more)
The proof-of-concept technique demonstrated by researchers at Berlin's Technical University and security consultancy IOActive was successfully applied to a low-security Atmel chip commonly used in TiVo video recording devices. But the research team found that their complex and expensive attack could be applied to successfully pry data from highly-secure chips. The attack used a polishing machine to mill down the silicon on the target chip until it was 30 micrometers thin.
The chip was then placed under a laser microscope fitted with an infrared camera to observe heat emanating from where encryption algorithms were running.
A focused ion-beam was then shot at the chip which dug a series of two micrometer -deep trenches in which wiretap probes were inserted.
Together, the elaborate techniques if bolstered by the use of more expensive equipment not available to the researchers could potentially bypass the most advanced chip security mechanisms. (more)
SpyCam Nails Airline Baggage Handlers at JFK
Seven baggage handlers at JFK Airport were arrested Wednesday for allegedly stealing thousand of dollars in items from checked baggage.
After receiving customer complaints of missing items, Israeli airline EL AL installed a camera in the belly of one of their 747 jets.
Over a five month period they caught seven employees - often wearing gloves - rifling through passenger's suitcases and stuffing luxury items in their pockets and down their pants. (more)
After receiving customer complaints of missing items, Israeli airline EL AL installed a camera in the belly of one of their 747 jets.
Over a five month period they caught seven employees - often wearing gloves - rifling through passenger's suitcases and stuffing luxury items in their pockets and down their pants. (more)
Sports Spying - Italian Football
Italy - In a frankly bizarre twist, Sampdoria caught a Genoa scout dressed in camouflage gear spying on their training ahead of Sunday’s derby.
The two local rivals will face off at Marassi on Sunday.
It seems Genoa were hoping to gain an advantage, but were left red-faced when Primavera youth team goalkeeping Coach Luca De Prà was caught spying on Samp’s training session.
It was Sampdoria who revealed the strange story with a statement on their official website and photograph of the man dressed in full camouflage gear to hide in the bushes outside the Bogliasco camp. (more)
It seems Genoa were hoping to gain an advantage, but were left red-faced when Primavera youth team goalkeeping Coach Luca De Prà was caught spying on Samp’s training session.
It was Sampdoria who revealed the strange story with a statement on their official website and photograph of the man dressed in full camouflage gear to hide in the bushes outside the Bogliasco camp. (more)
Sunday, 15 September 2013
Alps Slayings Could be Linked to Industrial Espionage - Prosecutor
French authorities said Friday they were investigating the possibility that the British family shot dead while on holidays in the Alps a year ago was executed over industrial espionage. (more)
Friday, 13 September 2013
The US classification system
(Updated: October 12, 2013)
Top Level Telecommunications often involve information that has to be kept secret. To ensure that, governments have systems to protect sensitive information by classifying it, which is best known from document markings like "Top Secret".
Here we'll explain the classification system of the United States, which is far more complex than most people think, also because it's one of the world's biggest secrecy systems. In 2012 almost 5 million (!) people in the US had a clearance for access to classified information.*
The deeper parts of this classification system are classified, but some new details and codewords have been revealed in documents from the recent Snowden-leaks.
Classification markings
All documents that contain classified information, whether digital or hard copy, have to be marked with the appropriate markings. These are shown in the classification or banner line, which is shown at the top and bottom of every document and usually has three parts, separated by double slashes:
An example of such a classification line would be:
TOP SECRET//COMINT//NOFORN
Additionally, all sections of a document should have a portion marking, which is an abbreviation of the full classification line. Below, the abbreviations for these portion markings are shown in brackets.
When a document contains joint or Foreign Government Information (FGI), the necessary markings are shown in a separate part of the classification line. Finally declassification instructions can be added. These markings will not be discussed here.
The meaning of abbreviations and codewords can be found in the separate listing of Abbreviations and Acronyms and the listing of Nicknames and Codewords.
Classification levels
The United States government classifies information according to the degree which the unauthorized disclosure would damage national security. Like many other countries, the US has three classifications levels. From the highest to the lowest level these are:
- TOP SECRET (TS, color code: orange)
- SECRET (S, color code: red)
- CONFIDENTIAL (C, color code: blue)
Government documents that do not have a classification can be marked as:
- UNCLASSIFIED (U, color code: green)
With 1.4 million people having a Top Secret clearance, it's more than clear that additional measures are needed to protect the more sensitive information. Therefore, that information is put in separated compartments, only accessible for those people who have the 'need-to-know'.
This system is called Sensitive Compartmented Information (SCI) for intelligence information, while other highly secret and sensitive information is protected by a Special Access Program (SAP). Both sub-systems will be explained below.
SCI compartments
Sensitive Compartmented Information (SCI) is a system to protect national intelligence information concerning sources and methods, and is divided into control systems and compartments, which are further subdivided in subcontrol systems and subcompartments. These systems and compartments are usually identified by a classified codeword, some of which were leaked or have been declassified. In total, there may be between 100 and 300 SCI compartments and subcompartments, grouped into about two dozen control systems.
- COMINT or Special Intelligence (SI)
- TALENT KEYHOLE (TK)
- HUMINT Control System (HCS)
- KLONDIKE (KDK)
- RESERVE (RSV, since 2005)
- BYEMAN (BYE or B, defunct since 2005)
- Special Navy Control Program (SNCP)
- VERDANT (VER)
- PANGRAM (PM)
- MEDITATE (M)
- SPECTRE
- LOMA
- ? (GG)
- ? (CRU)
- AZURE BLUE (AB)
- STELLARWIND (STLW, since 2001)
- RAGTIME (RT, since 2001)
In a classification line this is shown like: TOP SECRET//SI
Multiple control systems are shown like: TOP SECRET//SI/TK
COMINT (SI)This control system is for communications intercepts or Signals Intelligence and contains various sub-control systems and compartments, which are identified by an abbreviation or a codeword. In a classification line they follow COMINT or SI, connected by a hyphen.
Known COMINT sub-control systems are:
- Very Restricted Knowledge (VRK)
- Exceptionally Controlled Information (ECI)
- GAMMA (G)
- DELTA (D, now defunct)
- UMBRA (defunct)
In a classification line this is shown like: TOP SECRET//SI-ECI
Very Restricted Knowledge (VRK)This sub-control system of SI contains compartments, which have an identifier of apparently three alpha numeric characters.
In a classification line this is shown like: TOP SECRET//SI-VRK 11A *
Exceptionally Controlled Information (ECI)This sub-control system of SI contains compartments, which are identified by a classified codeword. In the classification line there's a three-letter abbreviation of this codeword.
Recently disclosed codewords for ECI compartments are:
- AMBULANT (AMB), APERIODIC, AUNTIE, PAINTEDEAGLE, PAWLEYS, PENDLETON, PIEDMONT, PICARESQUE (PIQ) and PITCHFORD. There's also an undisclosed codeword which has the abbreviation RGT.
In a classification line this is shown like: TOP SECRET//SI-ECI PIQ
Multiple compartments are shown like: TOP SECRET//SI-ECI PIQ-ECI AMB
GAMMA (G)This sub-control system of SI is for highly sensitive communication intercepts and contains compartments, which are identified by a codeword or an identifier of four alphabetic characters.
Some former GAMMA compartments were:
- GABE, GANT, GILT, GOAT, GUPY, GYRO and GOUT
In a classification line this is shown like: TOP SECRET//SI-G GUPY
Multiple compartments are shown like: TOP SECRET//SI-G GUPY GYRO
TALENT KEYHOLE (TK)This control system is for products of overhead collection systems, such as satellites and reconnaissance aircraft, and contains compartments, which are identified by a classified codeword.
The original TALENT compartment was created in the mid-1950s for the U-2. In 1960, it was broadened to cover all national aerial reconnaissance and the KEYHOLE compartment was created for satellite intelligence.
Some former TK subcompartments were:
- CHESS, RUFF and ZARF
In a classification line this is shown like: TOP SECRET//TK-ZARF
RESERVE (RSV)This control system is for compartments protecting new sources and methods during the research, development, and acquisition process done by the National Reconnaissance Office (NRO). Compartments within RESERVE have an identifier of three alpha numeric characters.* There are no actual examples.
In a classification line this is shown like: TOP SECRET//RSV-XXX
KLONDIKE (KDK)This control system is for geospational intelligence (GEOINT) and contains compartments with identifiers of up to six alpha numeric characters.* There are no actual examples.
In a classification line this is shown like: TOP SECRET//KDK-XXXXXX
? (GG)This control system is for information derived from Measurement and Signature Intelligence (MASINT) and is identified by a codeword that is still classified. It's only known by the abbreviation.*
? (CRU)This control system is identified by a codeword that is still classified and is only known by the abbreviation which was accidentally revealed in 2009.* It's related to highly secret CIA programs.
A compartment of CRU seems to be:
- GREYSTONE (GST)
In a classification line this is shown like: TOP SECRET//CRU-GST
GREYSTONE (GST)This compartment is for information about the extraordinary rendition, interrogation and counter-terrorism programs, which the CIA established after the 9/11 attacks. It contains more than a dozen sub-compartments, which are identified by numeric characters.*
In a classification line this is shown like: TOP SECRET//CRU-GST 001
SAP compartments
Special Access Programs (SAP) are created to control access, distribution, and protection of particularly sensitive information. Each SAP is identified by a nickname which consists of two unassociated, unclassified words or a single classified codeword. Such an identifier is abbreviated in a two or three-character designator.
There are apparently over 100 SAPs, with many having numerous compartments and sub-compartments. The classification line for SAP information shows the words SPECIAL ACCESS REQUIRED (SAR), followed by the program nickname or codeword. Examples of program nicknames are BUTTER POPCORN, MEDIAN BELL, SENIOR ICE and SODA.
In a classification line this is shown like: TOP SECRET//SAR-MEDIAN BELL
Multiple SAP's are shown like: TOP SECRET//SAR-MB/SAR-SD
SAP sub-compartmentsSubcompartments of SAPs are separated by spaces and they are listed in ascending alphabetic and numeric order. The classification markings do not show the hierarchy beyond the sub-compartment level. Sub-sub-compartments are listed in the same manner as sub-compartments.
In a classification line this is shown like: TOP SECRET//SAR-MB A691 D722
Dissemination markings
Dissemination markings or caveats are used to restrict the dissemination of information within only those people who have the appropriate clearance level and the need to know the information. Dissemination markings can also be used to control information which is unclassified. Some markings are used by multiple agencies, others are restricted to use by one agency.
Markings used by multiple agencies:
- FOR OFFICIAL USE ONLY (FOUO)
- SENSITIVE INFORMATION (SINFO, defunct since 2002)
- LAW ENFORCEMENT SENSITIVE (LES)
Intelligence community markings:
- ORIGINATOR CONTROLLED (ORCON) (OC)
- CONTROLLED IMAGERY (IMCON) (IMC)
- SOURCES AND METHODS INFORMATION (SAMI, defunct since 2009)
- NO FOREIGN NATIONALS (NOFORN) (NF)
- PROPRIETARY INFORMATION (PROPIN) (PR)
- AUTHORIZED FOR RELEASE TO (REL TO) [country/coalition designator]
- Releasable by Information Disclosure Official (RELIDO)
- Foreign Intelligence Surveillance Act (FISA)
- DISPLAY ONLY
National Security Agency (NSA) markings:
- [country trigraph] EYES ONLY
NSA also used SIGINT Exchange Designators, which were gradually replaced by the 'REL TO [...]' marking. Some former SIGINT Exchange Designators were:
- FRONTO
- KEYRUT
- SEABOOT
- SETTEE
National Geospatial intelligence Agency (NGA) markings:
- LIMITED DISTRIBUTION (LIMDIS) (DS)
- RISK SENSITIVE (RSEN)
Department of Defense (DoD) markings:
- NC2-ESI
- SPECIAL CATEGORY (SPECAT, defunct since 2010)
Department of Homeland Security (DHS) markings:
- SPECIAL SECURITY INFORMATION (SSI)
State Department (DoS) markings:
- EXCLUSIVE DISTRIBUTION (EXDIS) (XD)
- NO DISTRIBUTION (NODIS) (ND)
- SENSITIVE BUT UNCLASSIFIED (SBU)
- SBU NOFORN
Drug Enforcement Administration (DEA) markings:
- DEA SENSITIVE (DSEN)
Nuclear weapons related markings:
- RESTRICTED DATA (RD)
- FORMERLY RESTRICTED DATA (FRD)
- DOD UNCLASSIFIED CONTROLLED NUCLEAR INFORMATION (DCNI)
- DOE UNCLASSIFIED CONTROLLED NUCLEAR INFORMATION (UCNI)
- TRANSCLASSIFIED FOREIGN NUCLEAR INFORMATION (TFNI)
In a classification line this is shown like: SECRET//SI//ORCON
Multiple markings are shown like: SECRET//SI//ORCON/NOFORN
Nuclear weapons related markings
The markings Restricted Data (RD) and Former Restricted Data (FRD) are used by the Department of Defense and the Department of Energy for information about design and operation of nuclear warheads. Both can have the following two additional sub-markings:
- CRITICAL NUCLEAR WEAPON DESIGN INFORMATION (CNWDI)
- SIGMA (SG, followed by a number between 1 and 20)
In a classification line this is shown like: SECRET//RD-CNWDI
Multiple SIGMA markings are shown like: SECRET//RD-SIGMA 2 4
Internal markings
Some intelligence agencies also use internal markings, indicating that information may not be released or shown to anyone outside that particular agency without proper permission. Internal markings are shown after the dissemination markings at the very end of a classification line.
Central Intelligence Agency (CIA) internal markings:*
- CIA INTERNAL USE ONLY
National Security Agency (NSA) internal markings:
These markings are used to identify a COI or CoI, which stands for Community Of Interest. Recently disclosed COI identifiers are:
- BULLRUN
- ENDUE
- NOCON
In a classification line this is shown like: TOP SECRET//SI//NOFORN/BULLRUN
In order to prevent codewords being assigned twice, the Controlled Access Program Coordination Office (CAPCO) lists all codenames and authorized abbreviations of Sensitive Compartmented Information and Special Access Programs in the Authorized Classification and Control Markings Register or CAPCO list.
Links and Sources
- Wikipedia articles:
- Classified information in the United States
- Sensitive Compartmented Information
- Special access program
- The 2010 Project BULLRUN Classification Guide
- The 2009 Intelligence Community Classification and Control Markings Implementation Manual (pdf)
- The 2008 DNI Authorized Classification and Control Markings Register (pdf)
- The 2004 listing of Country Code Trigraphs and Coalition Tetragraphs (pdf)
- Article about Security Clearances and Classifications
- Some notes about Sensitive Compartmented Information
- About The 5 secret code words that define our era
- Marc Ambinder & D.B. Grady, Deep State, Inside the Government Secrecy Industry, 2013, p. 164-167.
School v. Students - Monitoring Social Media for Anti-Social Behavior
Authorities in California are now snooping on school students’ social media postings to catch law-breaking, bullying and other harmful activities. But parents worry the move is yet another example of Big Brother prying into ordinary Americans’ lives.
Glendale Unified School District, the third-largest in Los Angeles County, has paid Geo Listening Company over $40,000 to follow its students on social media networks. The stated aim is to prevent law-breaking, bullying and doing harm to themselves and others.
Under the scheme, the online activities of Glendale’s 13,000 middle-school and high-school students are closely monitored. (more)
Glendale Unified School District, the third-largest in Los Angeles County, has paid Geo Listening Company over $40,000 to follow its students on social media networks. The stated aim is to prevent law-breaking, bullying and doing harm to themselves and others.
Under the scheme, the online activities of Glendale’s 13,000 middle-school and high-school students are closely monitored. (more)
Wednesday, 11 September 2013
Sometimes the Bird Really is a Spy
Over the past few years there have been a flock of spy stories about birds, the latest being a stork in Egypt. He was interrogated and let go, only to be found dead two days later. "...a wildlife organization claiming that it was 'eaten by local villagers.'" (more)
This story is different. Some birds do spy.
The John Downer Productions team created a set of highly realistic robotic penguins to spy on living birds for a recent BBC documentary. Some penguins are timid around humans, and may flee when a normal camera team approaches. So, these robots allow scientists and filmmakers to get up close with the colony and capture intimate details of day to day life in a penguin colony.
The robots are more than simple spycams. They can:
• Remember the identities of individual penguins based on their patterns of spots.
• Get blown over and right themselves.
• Fall off a ledge without breaking.
• And even carry “egg-cams” to drop off at strategic locations (more)
This story is different. Some birds do spy.
The John Downer Productions team created a set of highly realistic robotic penguins to spy on living birds for a recent BBC documentary. Some penguins are timid around humans, and may flee when a normal camera team approaches. So, these robots allow scientists and filmmakers to get up close with the colony and capture intimate details of day to day life in a penguin colony.
The robots are more than simple spycams. They can:
• Remember the identities of individual penguins based on their patterns of spots.
• Get blown over and right themselves.
• Fall off a ledge without breaking.
• And even carry “egg-cams” to drop off at strategic locations (more)
Business Espionage: BMW Accused of Spying on Paris Electric Car-Share Company
The group that runs Paris car-sharing scheme Autolib’ said Tuesday it had filed a criminal complaint accusing German carmaker BMW of using spies to gather information on its electric cars.
The Bollore group said it had filed the industrial espionage complaint after two employees of a firm employed by BMW were spotted three times tampering with charging points and Autolib’ vehicles parked in Paris.
BMW denied any wrongdoing...
The group that runs Paris car-sharing scheme Autolib’ said Tuesday it had filed a criminal complaint accusing German carmaker BMW of using spies to gather information on its electric cars.
The Bollore group said it had filed the industrial espionage complaint after two employees of a firm employed by BMW were spotted three times tampering with charging points and Autolib’ vehicles parked in Paris.
BMW denied any wrongdoing.
BMW denied any wrongdoing...
The group that runs Paris car-sharing scheme Autolib’ said Tuesday it had filed a criminal complaint accusing German carmaker BMW of using spies to gather information on its electric cars.
The Bollore group said it had filed the industrial espionage complaint after two employees of a firm employed by BMW were spotted three times tampering with charging points and Autolib’ vehicles parked in Paris.
BMW denied any wrongdoing.
Friday, 6 September 2013
How to Check an iPhone for Spyware
a tip via Techlicious...
"The best way to detect if your iPhone has been hacked is to download an app like Lookout that tells you whether your phone has been "jailbroken".
If the answer is yes (and you didn't jailbreak it), there's a good chance your suspected spy did.
To remove an iPhone hack, simply update to the latest version of iOS. And to protect against future hacks, make sure that your phone is password protected so no one can get physical access to jailbreak it again...
Once you clear the hack, reset all of your passwords for social accounts and iCloud to prevent other means of spying on you."
"The best way to detect if your iPhone has been hacked is to download an app like Lookout that tells you whether your phone has been "jailbroken".
To remove an iPhone hack, simply update to the latest version of iOS. And to protect against future hacks, make sure that your phone is password protected so no one can get physical access to jailbreak it again...
Once you clear the hack, reset all of your passwords for social accounts and iCloud to prevent other means of spying on you."
The New York Times Quote of the Day :)
QUOTATION OF THE DAY
"This is the golden age of spying."
PAUL KOCHER, a cryptographer, on the National Security Agency's ability to circumvent encryption systems in gathering private Internet information.
Thursday, 5 September 2013
IT Industry Admits ‘Losing Battle’ Against State-Backed Attacks
More than half of senior IT security professionals believe the industry is losing the battle against state-sponsored attacks, according to a survey.
Nearly 200 senior IT security professionals were surveyed by Lieberman Software Corporation at the Black Hat USA 2013 conference in Las Vegas, with 58 per cent of saying they believe the profession is losing the battle against state-sponsored attacks.
And 74 per cent of respondents were not even confident that their own corporate network has not already been breached by a foreign state-sponsored hacker, while 96 per cent believe that the hacking landscape is going to get worse over time. (more)
FutureWatch: Look for a migration of sensitive information away from Internet connectivity, followed by a rise in traditional espionage techniques. This shift will amplify the need for traditional security countermeasures, such as TSCM.
Nearly 200 senior IT security professionals were surveyed by Lieberman Software Corporation at the Black Hat USA 2013 conference in Las Vegas, with 58 per cent of saying they believe the profession is losing the battle against state-sponsored attacks.
And 74 per cent of respondents were not even confident that their own corporate network has not already been breached by a foreign state-sponsored hacker, while 96 per cent believe that the hacking landscape is going to get worse over time. (more)
FutureWatch: Look for a migration of sensitive information away from Internet connectivity, followed by a rise in traditional espionage techniques. This shift will amplify the need for traditional security countermeasures, such as TSCM.
Wednesday, 4 September 2013
An NSA eavesdropping case study
(Updated: September 28, 2013)
On September 1, the popular Brazilian television news magazine Fantástico reported about an NSA operation for wiretapping the communications of the presidents of Mexico and Brazil. Fantástico is part of the Globo network, which already disclosed various top secret NSA presentations last July.
Now, the Brazilian magazine showed some new top secret NSA documents, like a powerpoint presentation about the eavesdropping operation, which were all among the thousands of documents which Edward Snowden gave to Guardian journalist Glenn Greenwald in June.
Fantástico also published the slides on their website, but as that's only in portuguese, we show these slides too, because they give a nice graphical insight in how the NSA intercepts foreign communications.
The presentation starts with two slides, showing the benefits of searching for contacts by using graphs:
The next three slides show some more details of the specific elements of the process:
The Mexican target
1. Selectors, like known e-mail adresses or phone numbers related to EPN (Enrique Peña Nieto) are used as seeds to start the process.
2. The initial seeds lead to 2-hop graphs, apparently based upon metadata which are in the databases mentioned below the graph: MAINWAY is the NSA's database of bulk phone metadata, CIMBRI is seen here for the first time, and could be another kind of metadata database. JEMA probably stands for Joint Enterprise Modeling and Analytics, which is a tool that allows analysts to create more complex analytic scenarios.
3. Next, addresses discovered by creating the contact graphs can act as selectors for collecting SMS messages. For this the MAINWAY database is used too, just like ASSOCIATION, which, according to the Fantástico website, filters text messages (SMS) to mobile phones.
4. Finally, these messages go to DISHFIRE, which is NSA's database for text messages and can be searched for certain keywords.
The Brazilian target
Below the graph is the word SCIMITAR, seen here for the first time, which could be a tool to create such contact graphs, or maybe a database containing metadata from which these contacts can be derived.
This presentation gives insight in a specific eavesdropping operation, but also gives a good idea of how NSA is collecting information from the internet in general, for example through PRISM and various other programs which gather data from internet backbone cables.
Allthough the presentation is clarifying, it could also have been published without mentioning the specific targets involved. Showing that this operation targeted the presidents of Mexico and Brazil did not serve a public interest, but unnecessarily damaged the relationship between the United States and both countries.
Glenn Greenwald seemed to justify the publication by saying that the presentation proved that NSA was also intercepting the content of phone calls and e-mail messages. After earlier disclosures, the US had said that they only collect bulk metadata from Brazil and no content. But of course this statement only applied to ordinary citizens, as eavesdropping on foreign political and military leaders is generally considered to be a legal activity of (signals) intelligence agencies.
Greenwald, who lives in Rio de Janeiro, also said that "most of the spying they [= the US] do does not have anything to do with national security, it is to obtain an unfair advantage over other nations in their industrial and commerce economic agreements". But with this motive he also acts more in the national interest of Brazil, or at least like an activist, than as a journalist working for the public interest.
(Updated by rearranging the slide order and some related minor corrections - see the comment below)
Links and Sources
- Globo.com: Documentos revelam esquema de agência dos EUA para espionar Dilma
- Cryptome.org: Translation in English
- The slides with Portuguese description: Veja os documentos ultrassecretos que comprovam espionagem a Dilma
- Bloomberg.com: U.S. Spied on Presidents of Brazil and Mexico, Globo Reports