On Saturday 21st May 2011 Iran's secret service said that it had dismantled a large CIA spy network which was trying to recruit Iranians.

The country's intelligence ministry alleged that American operative have been gathering covert information from Iranian universities and scientific research centres. The CIA operatives themselves were apparently operating out of embassies in third-party states such as the UAE, Malaysia and Turkey.

Iran's intelligence ministry reported that a public servant in the financial sector was accused of divulging how Iran managed to circumvent economic sanctions.

The ministry also revealed that the alleged US spy network was also collecting data on Iran's oil and gas pipelines, power and telecommunication grids, airports, customs departments, network security and banks.

There has been as yet no immediate response to the claims from U.S. officials

On the same day that the death of Osama Bin Laden was announced, five men from east London were arrested after their vehicle was stopped by Civil Nuclear Constabulary (CNC) police officers.

The five, all in their twenties were taken to Carlisle and later to Manchester where officers of the north-west counter-terrorism unit have begun questioning them. It is understood there was no evidence of an imminent or immediate threat.

Four houses in east London have also been searched in connection with the arrests.

The sprawling coastal site at Sellafield in Cumbria is heavily protected by both private security guards and officers from the CNC, some of whom are armed.

The vast complex is home to a wide range of nuclear plants including operating facilities associated with the Magnox reprocessing programme, the Thermal Oxide Reprocessing Plant (Thorp), the Sellafield Mox plant and others. It is also the site of Calder Hall, the world's first commercial nuclear power station, which closed down in 2003 following 47 years of operation.

The electronics giant admitted that they discovered on Monday that personal details of 25 million customers who played games on its Sony Online Entertainment (SOE) PC games network had been stolen on 16 and 17 April 2011.

The thefts occurred through cyber-attacks on servers and the Tokyo based corporation admitted that they did not know how the breach occurred and as yet could not be sure they would not be attacked again via the same technique. Therefore, as a precautionary measure, The SOE network was taken down on Monday.

The thieves got away with names, addresses, emails, birth dates, phone numbers and in some cases direct debit records for customers in Austria, Germany, the Netherlands and Spain.

Only last week, Sony's separate but similar PlayStation Network (PSN) was taken down after a security breach that led to the theft of 77 million users account data.

This is probably the largest identity theft on record and really is now a crisis for the home gaming system manufacturer. Their problems were compounded by criticism that it took seven days for Sony to reveal the extent of last week's PSN hack.

Many account holders are asking what they should do about it, but while the network is down, there's not much they can do. When the service does eventually go back online, changing their PSN password is the very first step each play station owner should take.
 

Back in 2001 it all seemed so genteel. In August 2001, Fortune magazine
reported that Procter & Gamble voluntarily admitted to hiring Vietnam war
veterans to spy on rivals Unilever. The aim had been to get inside
information on Unilever's American hair-care products business.

Then it all went quiet for a few years until early 2007 when software
engineer Hanjuan Jin, a former employee of Motorola was detained at O'Hare
airport in Chicago attempting to fly to Beijing with more than 1,000
confidential documents allegedly stolen from her previous employer. This
sparked an investigation that is still ongoing. A number of others have also
been accused in connection and in May 2009 one defendant was accused of
running file destruction software on his home computers after he had been
ordered by the Court to turn over documentary evidence. The case continues.

In the same year, retail giant Wal-Mart apologised to the New York Times
after apparently recording conversations between its employees and a
journalist. The company fires the technician who taped the conversation. He
in turn accused his former employee of systematic spying on critics, board
directors, stockholders and business consultants.

2007 was turning out to be a busy year for espionage with the most high
profile story being the disqualification of Ron Dennis'sMcLaren-Mercedes
Formula One team. They were kicked out of the constructors' championship and
fined $100m for spying on the Ferrari team's cars. The fine was the largest
ever seen in motor sport.

Two years later, Retailer Sears was accusation by the Federal Trade
Commission of spying on the web use and online shopping habits of its own
customers. Despite being caught with a program which collected all the
details of eall internet browsing sessions which was installed when clients
joined 'My SHC Community' Sears managed to evade punishment and escaped with
a very gentle slap on the wrist.

The same year (2009) we heard about the spat between Hilton Hotels and
Starwood. As you may recall, It was alleged that more than 10,000 documents
were stolen by Hilton in an attempt to replicate the success of a luxury
hotel brand owned by Starwood.

Then, at the very end the decade Hamburg's "Der Spiegel" reported that the
personal details of 17 million German T-Mobile customers had been stolen. In
the UK, thousands more T-Mobile customers learned that their information
too had been stolen and sold to a rival.

In November 2010, Greenpeace filed a lawsuit in the US accusing the
plastics, chemicals and agricultural conglomerate Dow Chemical of hiring a
private security firm to sift through its rubbish bins.

So in the last decade, data theft, (or at least allegations of spying) Have
hit automotive, electronics, chemical, retail, leisure and motor sport
sectors. And of course this is just the tip of the iceberg.

Fighting back against the data thieves is all about understanding how data
breaches occur in other companies and the actions to take to stop them
happening to you. This is where external information security consultants
such as QCC Interscan can really help, so call us today to discuss your
information management needs.

The eight page report, published jointly by the Cabinet Office and Deltica shows that while cyber crime does have a considerable impact on citizens and
the Government, the biggest loser is UK business,

The largest threat is from intellectual property theft which accounts for one third of the value of all cyber crime. The hardest hit sectors are pharmaceuticals, chemicals,biotechnology, electronics and  IT.

Almost as costly to the economy is espionage which impacts to the tune of more than seven billion annually.

By contrast, identity theft which is often reported as a major issue by the media, actually costs the nation less than 2 billion.

The report's conclusion is that an new Government service to promote more  awareness of cybercrime  is required to aid UK businesses. The report states that the service should also promote best practice in countering industrial espionage and should  provide an effective tool for reporting cyber crime to the relevant authorities.

Starwood said that Hilton's new 'Denizen' luxury boutique brand was designed by two former Starwood employees who defected to Hilton taking confidential material with them.

It was alleged that more than 10,000 documents were stolen and that Hilton's chief executive Christopher Nassetta knew all about it.

Hilton have returned the documents and agreed to wait at least two years before attempting to build a "boutique" hotel chain of their own.

It seems that whatever industry you are in, your confidential documents and secrets may be of benefit to your competitors. Why not talk to QCC Interscan about ensuring you have the best levels of security possible.
 

Talking on Radio 4's Today programme, Lord Prescott said of the investigations, "I think it is going to go a long way. It doesn't stop at the Met. I think it will go to a lot of newspapers who have been hacking people for a long time."

However, when we hear yet another example of high status individuals making inappropriate unguarded comments in front of their own microphones, we have to question why anybody bothers to hide microphones in the first place.

You will remember the trouble former Prime Minister Gordon Brown got in to when he was recorded by his own microphone calling a labour supporter 'a bigot'. Well now two Sky Sports Presenters have been disciplined and relieved of duty after making sexist comments about a female referee into the microphones directly in front of their mouths at the Liverpool vs. Wolverhampton game this weekend.

Apparently believing that their microphones were switched off, Andy Gray and Richard Keys disparaged the abilities of Sian Massey, a female linesman officiating at the game.

Mr Keys said: “Somebody better get down there and explain offside to her.”

Mr Gray replied: “‘Can you believe that? A female linesman. Women don’t know the offside rule.”

Later on during their conversation Keys talked about an article he had read by Karren Brady (West Ham's vice chairman) on the topic of sexism in football. He was recorded muttering "The game’s gone mad. See charming Karren Brady this morning complaining about sexism? Yeah. Do me a favour, love."

Unsurprisingly, the pair have been dropped from providing commentary for this evening's Bolton vs. Chelsea game.

This is unlikely to be the case, no matter how many people in Westminster, the City and Wapping might wish it so. However the spotlight now seems to be widening to include New Scotland Yard in its beam. Questions are being asked about whether the police were doing their duty when they failed to inform politicians that they had probably been spied on.

Talk today is of ever wider investigations, with the secret information gathering activities other newspapers also being looked at. There have been accusations that spying on phone messages was not just confined to the one paper, but was endemic throughout almost all of Fleet Street.
So will the scandal run and run? With its heady combination of covert surveillance, politicians secrets and celebrity gossip, it really is too juicy a story to let go.
 

The affair which began in 2005 when the paper published a story related to Prince William led to complaints by palace staff, a police investigation, the four month imprisonment of journalist Clive Goodman and the resignation of the paper's editor Andrew Coulson.

Coulson has since become the Prime Minister's media advisor and it is perhaps for this reason that a few conservative commentators are crying foul, saying the whole thing is being whipped up by the opposition.

However, many famous names have been caught up in the scanal, the latest of whom is actress Sienna Miller. She is beginning a legal action against the News Group, the News of the World’s parent company, accusing them of harassment. It is alleged that she, along with John Prescott,Tessa Jowell, Nigella Lawson, Gwyneth Paltrow, Boris Johnson, George Michael and many others had their phones illegally hacked by private investigators working for the paper. Gaining access to another person's telephone is a crime under the Regulation of Investigatory Powers Act 2000, carrying a potential sentence of two years imprisonment and a substantial fine.

The latest twist in the tale occurred on 5 January, 2011, when it emerged that Ian Edmondson the paper's news editor had been suspended, following the allegations made by Ms Miller. If the allegations are true it brings the affair that much closer to the door of Mr Coulson (who has always denied any knowledge of phone tapping) and adds further pressure on the Prime Minister to distance himself from a press officer who is regularly becoming the focus of the news agenda rather than directing that agenda from the sidelines.

There is a perception that spying against the company you work for is the pursuit of disgruntled middle managers who have just been told they are probably going to be made redundant soon. This is dangerous thinking as this week's revelations at car maker Renault reveal. The truth is that nobody has risen so high in the company that they can be above suspicion.

Renault suspended three very senior managers on Monday 3rd January 2011 following an investigation into the possible leaking of secrets related to their plans for new electric cars. It has been claimed by a French magazine that the men leaked information about the development of batteries for four electric vehicles the company plans to produce in the next 18 months.

Renault is 15% owned by the French state and as the country's biggest car-maker plays a key role in the French economy. An unconfirmed source at the Elysée palace revealed that secret services were investigating a possible "Chinese link" in the scandal.

Companies who are concerned about corporate intelligence leaks need to realise that they can occur anywhere in an organisation. A good approach to discovering the truth is to bring in third parties from outside the organisation to conduct bug sweeps, review procedures and pinpoint leaks, rather than attempt to do it themselves. External professionals are unlikely to fall into the trap of believing that a certain colleague is above suspicion.

Because staff often have access to all aspects of the company, disgruntled employees are by definition best placed to potentially do the most harm. For this reason, insiders are increasingly becoming the focus of IT security managers.

Data security is both helped and hindered by the fact that people seem to follow pretty predictable behaviour patterns. Security experts who know these patterns are well placed to help firms seal many of the holes that data commonly leaks from. On the flip side, a firms usual security measures are often too predictable, and play into the hands of potential attackers. This applies to firms of all sizes, from SMEs to big corporations such as BAA whose director of security, Ian Hutcheson recently announced a major security overhaul, saying that the standard global security checks they had in place might actually give potential terrorists an advantage.

The Imperva report that contained the survey results also highlighted a particular area which will be the main focus for switched on security managers in 2011.

This is that mobile phone protection needs to be beefed up. This means better user identification and in-phone security. Better staff training on the dangers of downloading apps containing hidden malware and more rigorous use of telephone forensics when worries emerge that personal mobile telephones are being secretly monitored.

So, two new years resolutions worth considering are firstly to call in experts such as QCC Interscan to plug those potential leaks caused by peoples predictable behaviours, and secondly to think carefully about the security of the many mobile phones in your organisation.

Mrs May was speaking in advance of the publication of the coalition government's National Security Strategy which will form the background for the upcoming Strategic Defence Review.

The National Security Strategy identifies the four most serious threats to the nation as

• international terrorism
• hostile computer attacks
• a major accident or natural hazard (e.g. a flu pandemic)
• an international military crisis between states that draws in the UK and its allies.

The addition of hostile computer attacks to the list will come as a shock to many who are unaware of the national security implications of our ever more computerised world. Hacking of an individual computer is an annoying experience we all may face as individuals, but concerted attacks on the digital infrastructure of the nation are now recognised collectively as one of the most serious threats this country is facing.

Mrs May's colleague and Former Foreign Secretary Malcolm Rifkind commented that while 20% of cyber attacks are purely digital and can only be prevented by up to date firewalls and other digital barriers, the remaining 80% exploit non-technical vulnerabilities (such as lax practices, and the fragility of human nature). He explained that these can generally be dealt with by better controls and common sense. If you would like advice on how to protect your organisation against those 80% of digital attacks that have a non-digital component, call QCC for advice.
 

In addition, new allegations made tonight against communications director Andy Coulson in Channel 4's Dispatches programme will dampen the mood further still.

A former senior executive of News International will claim that during Mr Coulson's stint as News of the World editor, he listened to tapes of intercepted voice-mail messages.

This flies in the face of his repeated denials that he knew nothing of the the widespread phone-tapping of politicians, celebrities and journalists being carried out by his own staff.

Earlier this summer, Mr Coulson stood before the culture, media and sport select committee and said: 'I was, as you know, editor of the News of the World for four years from January 2003 until January 2007. During that time I never condoned the use of phone hacking and nor do I have any recollection of incidences where phone hacking took place.'

Back in 2007 Coulson resigned from his job as editor of the News of the World after a reporter and a private investigator were jailed for illegally intercepting private voice-mail messages from phones associated with the Royal Family.
 
The Prime Minister is being pressured by the opposition to make a statement in Parliament on this matter and there are mutterings in Birmingham that Coulson's position is looking very precarious.
 

According to the Guardian Newspaper a number of standard memory sticks were scattered in a washroom at a US military base by persons unknown. It was then just a matter of time before some soldiers pocketed these useful little devices for themselves. After that it was again just a matter of time before one of them plugged it in to a military laptop and unwittingly unleashed a hidden worm virus which wreaked havoc on the US military's central command computers for more than 12 months.

Unsurprisingly the Pentagon is keeping quiet about exactly what trouble the worm caused and which foreign agency or hacker they suspect of initiating the attack. The story should serve to remind us that firewall software can never be the complete answer to digital security. The weaker side of human nature is one of the most powerful tools in the enemy's arsenal.

Now ask yourself what might have been hidden on those freebie memory sticks you picked up at that trade show last year?

Three and a half years ago Coulson resigned from his newspaper job after one of his reporters namely Clive Goodman, and a private investigator, Glenn Mulcaire, were jailed for intercepting voicemail messages left for royal aides.

Coulson has always denied knowledge of the illegal activities carried out by his journalists, but the New York Times report claims he "actively encouraged" at least one reporter to engage in illegal interception of voicemails. The alleged targets were not just royalty, but people from the worlds of showbiz and politics too.

Over at New Scotland Yard, they may be feeling a bit upset also as the same New York Times story alleges that the Met police discovered what was going on but due to their 'cosy relationship' with the newspaper did not fully investigate or inform victims of the bugging. Former deputy prime minister John Prescott, is said to be planning to sue the Met for failing to warn him that he had been targeted by Mulcaire.

Read the full New York Times story

This right to sneak onto private property for the purpose of attaching bugs has alarmed civil liberties campaigners in the eight states affected by this ruling. In addition they are deeply worried by the ruling that once a GPS is in place, Government agents are free to covertly track anyone they want, whenever they want without the need for a warrant. This has led to angry cries that this takes America "a step closer to a classic police state".

The United States Court of Appeals for the Ninth Circuit ruling decided that a driveway was not private, as it was open to strangers such as delivery people and neighbourhood children. One dissenting judge pointed out that this effectively penalised poorer people who cannot afford to build walls or fences around their property. If there is a wall and gate, agents are not free to pass them without a warrant.

While the west coast heads in one direction, the U.S. Court of Appeals for the District of Columbia Circuit on the east coast also ruled on a similar case this month. However they took the view that that a warrant is required if the state wishes to track GPS movements for an extended period of time.

Because the two rulings are diametrically opposed to each other it is likely that the Supreme Court will be required to step in before this potentially divisive issue is resolved.  

Jason Dibley, Technical Director of London-based data security experts QCC Interscan acknowledges the difficulty of policing this additional threat. "Organisations need to understand how telephones are now being used for data storage and delivery by their staff," he says.

On the Blackberry and Ipod shops there are thousands of tools which are being downloaded to help workplace productivity. These include apps for Customer Relationship Management, expense tracking, business accommodation booking, spreadsheets, word processing, website updating, customer research, business news, weather reports, traffic reports and many many more.

It is too easy for a programmer to insert code in these apps which takes information off the phone and delivers it to an interested party. In recent weeks both Apple and Google have had to take a numbers of applications down from their respective online shops over concerns that those apps contained malicious code.

In many organisations the threat from these malicious apps is exacerbated by an age gap within the organisation itself.

Mr Dibley points out that "Some senior managers know that 'smartphones' exist, but still rarely use their own for anything except traditional calls and the odd text message. Meanwhile their younger and more tech-savy colleagues have completely changed their working practices, and are storing lots of business critical data on their blackberries, I-phones and other devices. They download loads of code to help them work more quickly and productively, but in doing so, expose their business to potential data theft."

The Governments of both the United Arab Emirates and Saudi Arabia are in the process of banning the use of email and web browsing on Blackberry phones. In both cases the reasons given have been quite clear and unambiguous. BlackBerry phones will be banned because the handsets cannot be monitored by the government. Blackberry handsets automatically send the encrypted data to computer servers outside the two countries.

Last year 145,000 BlackBerry users in the UAE were told by their local operator to install an upgrade "required for service enhancements." Tests by Blackberry's parent company RIM concluded that the upgrade was actually spyware allowing private information on the phones to be monitored. The international trade centre of Dubai is within the UAE and this latest action may well toll the death knell for its recovery following the recession and collapse of property prices last year.

But beyond the Arabian peninsula this story tells us something quite profound. If Blackberrys are being banned because they are 'secure' then all other methods of email and web browsing delivery must be inherently insecure.

Here in the UK, Internet Service Providers are already required to keep details of ‘traffic data’. The government wants to be able to get hold of this data whenever they like. Under their Intercept Modernisation programme is a proposal to record the electronic communications traffic data of the entire UK population in a Government database.
According to the Sunday Times* GCHQ, the government’s eavesdropping centre, last year received up to £1 billion to finance the first stage of the project. With many thousands of emails and texts being sent every second many question the practicality of such a system, but the technical capacity to sift data has grown almost as quickly as the growth in internet traffic.

We should really work on the assumption that all electronic data can be intercepted once it is travelling on the internet. Therefore, in order to keep data secure individuals, organisations and states really need to stop their private data from ever reaching the net in the first place.

If you would like to talk in strict confidentiality about your organisation's data security requirements, call QCC Interscan today.

* http://www.timesonline.co.uk/tol/news/uk/article4882600.ece

Just five days after US President Barack Obama met his Russian counterpart Dimitri Medvedev in an attempt to improve relations between the two governments, the US state department has arrested 10 individuals in New York state, all suspected of infiltrating US policy-making bodies on behalf of the Kremlin.
An 11th suspect fled to Europe and absconded in Cyprus.

In a plot that reads like a John LeCarre novel, the group were allegedly all working in 'deep cover' carrying out a long term conspiracy plan that stretched back to the 1990s. Not a spy ring in the conventional sense, eight of them are husband-and-wife teams who allegedly were sent by the The FSK (the successor organization to the KGB) to the US to live as Americans and slowly gain positions of trust and access to information.

Michael Farbiarz, the assistant US attorney announced that he had almost a decade's worth of video and audio surveillance records of meetings between Russian government officials and some of the alleged conspirators.

Communicating via WiFi and traditional radio frequency transmitters they have been sending and receiving encrytped communications for years. The alleged spies are also said to have communicated with their handlers by encoding encrypted data into images which were then posted onto public websites.

Although the press have had a field day with this story (notably labelling one of the accused as being a classic 'flame-haired femme fatale'), both Washington and Moscow have sought to downplay the incident, not wanting to start a round of tit-for-tat expulsion of diplomats.

The association exists to provide research and exchange of information about business espionage, as well as to promote standards of professionalism in the Countermeasures industry.

BECCA's UK Administrator, Jason Dibley of QCC said "I am delighted to announce the launch of this service which represents a leap forward for UK based TSCM professionals. BECCA's presence in the UK will help to raise awareness of the important work being done by Counter Surveillance experts and will ensure the highest standards within the industry.

I am certain that the industry will be enhanced by the professional standards which BECCA UK is at the forefront of developing."

He voiced his accusations about the football industry to a woman who claims she had been having an affair with him. Melissa Jacobs (aged 37) secretly taped Lord Triesman (66) during an hour-long conversation in a Central London restaurant.

Miss Jacobs is believed to have sold her story to the Mail after approaching a number of newspapers. Her motives are unclear, although promoting England's chances of hosting the World Cup in 2018 clearly was not her intention. The damaging revelations came just hours after Triesman together with David Beckham had handed over England's bid documentation to FIFA, the sport's international governing body. Commentators are worried that the revelations may adversely affect the chances of England winning the bid, after having been seen as frontrunners just days ago.

This is not the first football related bugging story and will certainly not be the last. Only last month the England Team Manager Fabio Capello was bugged while discussing his plans for this summer's World Cup Finals. The sport now has such a high profile and is so potentially lucrative, that everybody within its upper echelons is a potential target for eavesdroppers. Triesman really should have talked to QCC rather than Miss Jacobs. Alongside the specifics of bug sweeping, surveillance detectors and other technical services, we are able to advise our clients on how to avoid risky scenarios and locations where they might be bugged.

A failure by top people to follow simple procedures, including the obvious one of not saying things in private that you would not say in public, recently cost Gordon Brown the political premiership. A similar failure has now cost David Triesman his job at the FA and may well have cost the nation the chance to host the World Cup for the foreseeable future.

Gordon Brown was wearing a Sky News radio microphone when he privately expressed his unhappiness at having been confronted by Gillian Duffy over a number of issues including immigration.

Despite being seated in his car, the microphone and RF transmitter had no problems picking up a high quality recording of what was said. Brown was clearly embarrassed when later during a live Radio Two Interview, journalist Jeremy Vine broadcast the tape of the PM describing the meeting with Mrs Duffy as 'a disaster'.

The technology used in a radio microphone is essentially the same as that used in RF bugging devices. The only real difference is that in this case the prime minister knew the microphone was there and working; his failure to use the off switch may well prove very costly to his election hopes.

For more http://news.bbc.co.uk/1/hi/uk_politics/election_2010/8649012.stm

The Football Association has launched an investigation in to how the team's security was breached. The recording were alledgedly made at the The Grove Hotel in Hertfordshire, where the team were staying in the run up to a game against Egypt.

The BBC reported that  solicitors for the football association have written to news broadcasters to state that  publication of the tape's contents would be a breach of Press Commission rules.

Using GBP15.00 off-the-shelf software, insurgent forces in Iraq have been able to hook in, and monitor real-time video footage being shot from the pilotless spy planes.

The problem was first highlighted last year after a Shi'ite insurgent was found to have secret drone video feeds on his laptop. The Americans kept the information secret while attempts were made to close the data security loophole.

The US Department of Defense is preparing to boost its fleet of aerial surveillance aircraft in Afghanistan, so the hacking revelations being made public at this time are particularly embarassing.

The availability of eavesdropping devices is something constantly being monitored and assessed by QCC.

With more than 200,000 employees in both civilian and military information gathering roles, plus hardware including satellites it was obvious that the figure would be high, but generally accepted  estimates were around half the actual figure now being reported.

Similar data was accidentally published in a congressional document in 1994 and it appears that in the years since that time the surveillance budget has tripled.

Director of National Intelligence Dennis Blair has intimated that ensuring cyber-security is now a significant part of America's 75 billion dollar intelligence budget.

Blair enumerated the major threats faced by the USA and alongside the usual suspects (Al Qaeda, Iran and North Korea) but this time he added  China's "aggressive" push into areas that could threaten U.S. cyber-security as a potential threat.

Just months before the case was sheduled to conclude,  Chevron have posted video footage on their website which they say shows evidence of Ecuadorian officials connected with the case, involved in bribes relating to the lucrative cleanup operation to be funded by Chevron if they lose the case.

While the merits of the video evidence are a matter of interest in themselves, from a counter espionage perspective, the remakable thing is that the two hours of video evidence released by Chevron were apparently recorded using nothing more sophisticated than a £15 camcorder pen. The '007 spy pen' was of a type available for anyone to buy  from Amazon and other online toy and gadget retailers.

Devices such as this are a now ten a penny. The pen in question has a 4GB internal memory (enough for 3 hours of video footage) and can be charged from a standard USB port. Despite this impressive spec it looks like a normal pen and even has an ink reservoir so it writes like one too.

With tools such as this at anybody's disposal, companies and individuals need to be more vigilant than ever about their information security arrangements.

You may think that once the meeting rooms have been swept for bugs and the computers have all been locked down, your information is secure. However, as the Chevron case reveals, the human factor is undoubtedly the hardest part of the security equation to resolve.

If you have concerns about how you are dealing with potential threats to your privacy, whatever their nature, call QCC Interscan (from a secure location of course) and ask the professionals for advice.

Our new easy to find headquarters are at:

Buchanan House,
24-30 Holborn,
London
EC1N 2LX

Visitors will find the spacious new offices a welcome change. What remains unchanged is our commitment to excellence in the field of counter surveillance and the high standards of our rapid, professional and thorough bug sweeping team.

View Larger Map

In a USA today report, a survey by Cyber-Ark Software revealed that 74 percent of the Information Technology professional they questioned admitted that they knew how to circumvent the security in their office data storage systems. Far more alarmingly, 35 percent of respondents admitted doing so without permission.

More and more people are entering the workplace having used IT their entire lives. The newer techno-savvy generations of employees are confident with computers and know how to hack at a basic level without too much fear of getting caught.

Now in a time of job uncertainty and mass layoffs, ex-employees and disgruntled staff who possess or can guess passwords are becoming corporate spies against their former employers. According to Grant Evans, CEO of ActivIdentity, "Mass layoffs have increased internal threat levels dramatically."

Many companies are making it even easier for potential spies, by allowing employees to access sensitive data using Internet services, mobile phones and other remote technologies. This combined with the growth in small cheap data storage devices via USB or free semi-anonymous storage on web hosted services is fostering an atmosphere where those who may be tempted to engage in cybercrime are finding it easier than ever to take the first step.

And five or ten years ago  it was probably true for most smaller businesses that the head of security was more than capable of carrying out the basic checks required to keep a firm's private information private. However, this is definitely no longer the case.

A report on the newsfactor network this month has highlighted the abundance of concealed devices available at very low cost via the internet to whoever wants them. One such tool is a USB printer cable which looks and works exactly like a standard cable except for one extra function.  One end of the ordinary looking device houses a sensitive microphone and antenna that continually transmits a UHF audio signal to a receiver that can be up to 160 feet away. Drawing its power from the USB this bug may work continually for years, allowing an eavesdropper to listen in to every whisper within the confines of the room.

In the past spies it woud have required the services of Q branch to get hold of such a device. Today, gadgets such as this can be bought on the web for less than £100 each. 

Therefore visual checks of electrical items are no longer enough.  In order to effectively sweep for bugs electrical components needs to be taken apart and examined by trained experts.  In addition the technology being used to pass the audio signal to the listener is constantly evolving. Again a professional bug sweeping service has up-to-date access to the methods to detect them.

The newsfactor article was titled "Corporate Espionage Surges in Tough Times" and focused on a case of a comparatively small videoconferencing firm in Dallas Texas spying on a New Jersey based competitor in order to undercut their prices. It is clear that corporate espionage is no longer just the concern of blue chip mega corporations; small firms need to be vigilant as well.
 

Journalist David Jolly reported from Paris that what began as a Tour de France doping investigation in 2006 has now exploded into a labyrinthine trawl through the less scrupulous side of Gallic big business activities.

Three years ago top American cyclist Floyd Landis was found guilty of doping and was disqualified from the Tour de France and international cycling. As part of the doping investigation a computer at the drug testing lab was discovered to have been infected by a 'Trojan horse' virus. A Trojan horse is a tool that can be used to spy on the contents of a computer and steal the information from it.

The French Interior Ministry cybercrime unit got involved and the discovered a trail leading to Alain Quiros, a French national living in Morocco. His computer turned out to be an Aladdin's cave of information apparently stolen from top ranking business people's computer systems. He in turn fingered a former French intelligence agent Thierry Lorho, the head of Paris based Kargus Consultants. Evidence showed that the intelligence gathering attacks had been carried out against, not just the drug testing lab, but also lawyers, aerospace companies and even charities such as Greenpeace.

Mr. Lorho claimed that he had collected data on Greenpeace on behalf of Électricité de France, which had paid him for “strategic intelligence” on anti-nuclear campaigners. E.D.F. who are now moving into the UK energy market in a big way denied any knowledge of the cyber-theft by Kargus Consultants.

The Greenpeace campaign director at the time of the alleged spying incidents said the case showed “a systematic policy of spying by E.D.F.” 

David Jolly goes on to say that spying by large corporations on their perceived enemies is by no means a recent phenomenon. He reminds his readers that in the 1960s General Motors hired private detectives to dig up dirt on Ralph Nader, the consumer activist who would later run for president of the USA.

Jolly also looks at German corporations such as Deutsche Telekom, Deutsche Bank and Deutsche Bahn, all of whom have been caught "overstepping the line regarding surveillance of critics and their own employees".

Read David Jolly's article on corporate theft in France

General Keith Alexander, currently the director of the National Security Agency will take control of the cyber command group which will comprise various hi-tech military units already engaged in stopping attacks by cyber terrorists.

The Pentagon has lately become more aware of the potential threat posed by online hackers following a number of apparent electronic infiltrations that seemed to originate from computers inside China and Russia.

Last week an official from the office of US defence secretary Robert Gates said that cyber warfare is now one of the biggest challenges to the US military.

Gates stated that in addition to defending military networks and developing offensive cyber-weapons cyber command would also be tasked to assist the safeguarding of US-based civilian computer networks.

A fascinating report has recently been published detailing a failed £229m raid on the Sumitomo Mitsui bank in October 2004.

If the cybercriminals had succeeded they would have pulled of the UK's biggest bank job, and would have netted over five times more than the City's biggest previous robbery.

The report is of particular interest, as it reveals the crooks used commercial keystroke-logging software to capture usernames and passwords needed to make bank transfers.  The keystroke logger software iOpus Starr, is a high street product legitimately used by parents to keep an eye on their children's web activities.

Lead police investigator Marc Kirby said. "The use of legitimate technology meant the software was not picked up by anti-virus scanners. And there was no traffic going into or out of the network so it couldn't be detected that way."

There was also inside involvement in the scam, with a security supervisor repeatedly smuggling two male hackers (one French, the other Belgian) into Sumitomo's London office to gain access to the bank's systems.

http://www.theregister.co.uk/2009/03/19/sumitomo_cyberheist_investigation/

Learn more about how keystroke logging can be used by criminals to steal information

The suit alleges that two former Starwood executives provided Hilton with confidential information regarding Starwood's luxury boutique hotel brand 'W'. This info was then supposedly used to help Hilton quickly and cheaply enter the same market.

Using a small camera and telescope, this technique allowed German researcher Michael Backes to read information from the screen reflections of a wide range of ordinary objects. He found that readable info can bounce from screens to teapots, plastic bottles, jewellery and end up in the camera lens of a determined spy.

Read more about How Hackers Can Steal Secrets from Reflections

By sending emails with titles such as "Salma Hayek caught swine flu!" and "Swine flu in Hollywood!" they have managed to get unsuspecting recipients to open the messages and thereby infect their computers, which in turn spread the computer viruses.

According to an article on the Guardian Newspaper's website 5% of global spam email now contains the phrase 'swine flu'.

Thom Weidlich and David Glovin reported on the Bloomberg website that the owners of Universal Autosports LLC were arrested at their homes, accused of illegally tapping into the e-mails of a rival Ferrari Maserati dealership on more than 2,000 occasions between February and September last year. They apparently used the information gained to undercut the competitors.

The maximum penalty if they’re found guilty is five years in prison and a $250,000 fine.

A survey of 600 London commuters by Infosecurity Europe has revealed that more than one in three workers said they would be willing to sell company information to strangers.

While 63% of those who would sell information said they would only do it for a payment of £1 million, 2% said they were happy to give away company secrets "for a free slap-up meal."

This research also revealed that one third of those questioned said they felt a lot less loyalty to their employers than was the case a year ago.

Mayor Linda Jackson said that a bug sweep had been required after she received information her office may have been compromised.

“I believed that someone entered my office without authorization,” she said. However, the Mayor has not disclosed whether anything illicit was found during the sweep.

According to the Le Monde newspaper, this followed rumours that the United States National Security Agency (NSA) were able to routinely intercept and read emails from BlackBerrys. The French petrochemical firm Total has also apparently banned the use of BlackBerrys.

Research in Motion (RIM), the makers of the popular personal communication devices dismissed the rumours, stating that Blackberrys are highly secure as all the data is encrypted using 256-bit Advanced Encryption Standard (AES) encryption. 

Every single BlackBerry e-mail message sent, is processed via RIM's operations
centre in Canada.

In the UK the government have not expressed any similar concerns and have in fact approved the BlackBerry Enterprise Solution for transmission of confidential and restricted data.

The KGB, was actively bugging foreign embassies throughout the cold war and earlier bugs had been discovered in the same embassy as far back as the 1940s.

However, this was not a one sided affair. Australia also spied on the Soviet
embassy in Canberra, planting bugs and tapping telephones as a matter of routine.

Neither side talked publicly about their actions and details remained locked in the archives.. The information came to light when Australian cabinet archives were opened in line with the 30 year rule, allowing researchers to dig into Australia's cold war past.

Reports in several leading newspapers revealed that what started as a small investigation into alleged hacking of the computers of Tibetan exiles, exploded into one of the largest ever hacking investigations.

During a 10-month investigation by the Ottawa-based SecDev Group and the University of Toronto, it was discovered that Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan all had computers belonging to their respective ministries of foreign affairs hacked.

Other computers in India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Pakistan and Germany were all reportedly infected with the malware used for this spying network. In addition, electronic copies of sensitive documents from the private office of the Dalai Lama had been stolen.

The Canadain research group who discovered the spying operation said that the main source of the hacking network was located in China. However, they had not been able to detect the specific identity or motivation of the hackers.

With millions of people around the world predicted to join the dole queues in the current downturn, Leyland believes data theft by laid-off staff is set to become one of the most significant threats facing companies.

According to the communications company Verizon, data theft by 'insiders' accounts for less than 20% of total incidents of data theft. However, this figure disguises the fact that insiders have the potential to do much more damage than traditional hackers; targeting and stealing data more easily and in greater volumes.

Expert in mitigating information theft Jason Dibley of QCC Interscan, advised all firms to take some time to reconsider their data security protocols in the light of recent global trends.

"People are increasingly aware of the high market value of business information. This knowledge, may lead former employees who feel they were badly treated to seek to obtain business records for their own private gain. Aim to remove the temptation to steal information. At it's simplest, a robust and visible data security policy may be all that is needed to deter a majority of potential insider security breaches. Alternatively taking advice from a counter surveillance expert about your own firm's particular situation can help keep your business information safe."
 

The BBC reported that "despite intensive searches, nothing was found by the security experts."

Mr Green is the Conservative immigration spokesman. He had been arrested on 27 November 2008 following allegations of leaks of sensitive Home Office material.

In the same inquest Journalist Richard Kay told the Court that Diana herself was concerned that she was being bugged and had urged Kay to have his mobile phone swept for bugging devices.

Jason Dibley, CEO of QCC Interscan is clear about the need for businesses to understand the risks that modern technology brings, alongside the benefits.

"We believe that the threat of unauthorised surveillance against UK and Global business using one of the many modern methods of eavesdropping and technical compromise is both clear and present.

QCC Interscan finds that a high percentage of inspections yield direct or indirect evidence of eavesdropping activity, or uncovers serious security weaknesses that make the likelihood of information theft highly likely."

The site also offers practical guidance on how to handle a suspected security breach.  This includes the basic but essential tip of not using your own mobile or office phone to call in a suspected security problem. Instead the site suggests that you to leave the office and use a payphone to call for help. Valuable nuggets of info such as this are to be found throught the website. See for yourself by visiting www.qcc.co.uk

This book is a practical, step-by-step guide for those responsible for dealing with a range of sensitive information security incidents giving a range of handy hints and tips to improve the response process and aid investigation and recovery from damaging events and crises.