Canada keeps eye on Indonesian espionage trial of Vancouver man

VANCOUVER

Canadian officials are attending the trial of a Canadian engineer accused of corporate espionage in Indonesia, though the government remains tight-lipped about the extent of its involvement.

In May, Rick van Lee, 63, was accused by his employers — a branch of Asia Pacific Resources International Limited (APRIL Group), one of the largest pulp and paper producers in Southeast Asia — of what they say was illegal copying of sensitive company information.

According to Timothy Inkiriwang, van Lee’s lawyer, the accused and his wife had their car confiscated and on May 31 were placed under house arrest for six weeks, guarded by APRIL’s private security staff in the company’s residential compound in Kerinci, Sumatra.

Inkiriwang believes his client was detained because he didn’t want to sign a new contract, preferring to take a job that would move van Lee back to Vancouver.

APRIL denies preventing the couple from leaving the compound, and say van Lee was collaborating illegally with a competitor.

According to his lawyer, van Lee was transferred July 5 into the custody of Indonesian authorities and charged based on an Indonesian criminal law that prohibits stealing or altering electronic documents belonging to others.

Inkiriwang told the Sun earlier this month that Canadian consular officials were not attending van Lee’s hearings. Since then, a pair of Canadian officials appeared in court on Nov. 14, Inkiriwang said Tuesday.

A spokesman for the Department of Foreign Affairs and International Trade wouldn’t comment on the matter, but noted Canadian officials in Indonesia are aware of the situation.

“The way we see it, Rick is not getting a fair trial,” Inkiriwang said. “(The injustice) shows by the lack of evidence and the awful handling of the case by the police investigators.” The judges, he said, act as if they are public prosecutors and take part in questioning witnesses directly, including van Lee. “We feel as if we’re opposing the judges, and not the public prosecutor, which we find very unusual and strange.”

The lawyer said police never performed digital forensics on van Lee’s computer, and the defence team fears evidence contained on van Lee’s laptop and external storage devices has not been handled properly by investigators.

“The laptop and USB (drive) . . . wasn’t confiscated from Rick, but from the company,” he said. “The right procedure . . . is that the evidence should be confiscated from the person that owns it,” he said.

APRIL spokeswoman Jamie Menon said they found evidence of several months’ worth of collaboration with a direct competitor by van Lee. That discovery triggered an internal company investigation, which led APRIL to involve the police.

At no point were van Lee and his wife prevented from leaving the compound or meeting with his lawyers, she said.

But, said Inkiriwang, “Rick was not allowed to leave the company’s compound, even during the time when we (his legal team) . . . came to visit him. They (APRIL’s security) escorted us to the hotel inside the complex, and brought Rick and his wife there to meet us. We couldn’t even meet outside of the complex until it (was) time to be interviewed by the police.”

Van Lee, who has suffered a minor stroke and lost 45 pounds while in custody, is slated to appear in court again Thursday, with a verdict expected sometime before Dec. 11.

If convicted, he could face up to eight years in Indonesian prison.

Article source: http://www.canada.com/Canada+keeps+Indonesian+espionage+trial+Vancouver/5758092/story.html

Corporate espionage silently rampant in Canada, says former CSIS officer

GATINEAU, Que. ” Corporate espionage ” ranging from Dumpster diving for industrial secrets to plying vulnerable employees of competitors with booze, drugs and sex in exchange for information — is a common tactic in Canada for companies to get ahead, says a former CSIS spy and private investigator.

Tuesday, at the Canadian Industrial Security Conference, Ron Myles said that Canadian companies often perceive corporate spying and infiltration as something out of Hollywood and insists the amount of cases that are exposed is but a mere fraction of the problem in this country.

“As Canadians, we undervalue our abilities in research and development, we’re a little bit naive in the sense that the rest of the world is doing this (but not in Canada),” Myles said in an interview after presenting to a packed room on the opening day of the two-day conference. “We carry that attitude into our business and I think it costs Canadian businesses quite a bit.

“I don’t think even the tip of the iceberg is showing. (Corporate espionage) is more prevalent in small- and medium- sized companies because they’re often just starting up and don’t have massive (security) budgets.”

Myles, who was a CSIS officer for 13 years before working another 13 years as a private investigator, said a number of methods are used by competing interests in terms of stealing ideas and other intellectual property — noting the technology sector is targeted most.

In addition to rummaging through another company’s trash with the hope of acquiring secrets, he said other, more involved techniques are employed.

Long-term infiltration, by which a person that is compensated by a competing company, lands a job with the target group and feeds information back as trust is gained.

>> Continue reading “Corporate espionage silently rampant in Canada, says former CSIS officer” »

Article source: http://www.ottawacitizen.com/business/Corporate+espionage+silently+rampant+Canada+says+former+CSIS+officer/5786144/story.html

The Latest in the Widening Carrier IQ Phone Spying Scandal

It only took a scolding letter from a Senator, a class action lawsuit and a few thousand news stories, but smartphone software makers Carrier IQ finally responded to allegations of logging keystrokes and spying on users on Thursday night. The company’s denying the most serious user-tracking allegations, a number of questions about exactly what the software does and how users can turn if off remain. Among them, how long has this been going on and what the heck was Carrier IQ (and its clients) thinking in the first place?

Related: Yes, Even iPhones Can Spy on You, Too

In case you haven’t kept up with the controversy, Carrier IQ’s software is deeply embedded in the software of about 150 million smartphones around the world, including Android, iPhone, BlackBerry and other devices. It logs a large amount of data, the company says in an updated press release, “to monitor and analyze the performance of [mobile operators'] services and mobile devices to ensure the system (network and handsets) works to optimal efficiency.” Carrier IQ describes itself as “the consumer advocate to the mobile operator, explaining what works and what does not work.” But over the past couple of months, escalating concerns from data security experts and hackers alike have questioned whether or not Carrier IQ is actually overdoing it, collecting so much data that it may be violating federal wiretapping laws. On Wednesday, Senator Al Franken raised this concern in a (very detailed) letter he sent to Carrier IQ’s CEO on Wednesday, commenting how recent revelations about Carrier IQ’s tracking practices were “deeply troubling.” On Thursday, a group of angry consumers sued Carrier IQ as well as device manufacturers HTC and Samsung for violating the Federal Wiretap Act, demanding hundreds of millions of dollars in damages — $100 per violation per day. Meanwhile, a collective protest against the company’s tracking practices is gaining steam. Not even Carrier IQ headquarters’ listing on Google Places is safe from scorn. (“Did I agree to be wiretapped? Hmmmm… let me think… HELL NO!” reads one review.)

Related: Your Smartphone Is Spying on You

As the mounting class action lawsuit would suggest, Carrier IQ’s clients — both device manufacturers and mobile carriers — are distancing themselves from the backlash. Apple said in a statement that it “stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update.” Both Samsung and HTC passed the buck, claiming that mobile carriers like ATT, Sprint and Verizon should shoulder the blame for installing the software. “Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier,” HTC said in a statement. Verizon denied using the software. ATT admitted to using it “to improve wireless network and service performance,” and Sprint similarly said it only collected “enough information to understand the customer experience with devices on our network.” The Huffington Post made a slideshow of all the various denials.

Related: Your Social Media Will Be Monitored

Like many of the great digital privacy scandals of our age, this all started with social media. Security researcher and Android developer Trevor Eckhart scared the hell out of everyone earlier this week when he posted a 17-minute-long YouTube video detailing how much data Carrier IQ actually collected, showing how it logged every keystroke, tracked your encrypted Google searches and even recorded the contents of your text messages. The company flat-out denies that last bit and “vigorously disagrees” with allegations that its software violates federal wiretapping laws. From its latest press release:

While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.

As paidContent’s Ingrid Lunden and Tom Krazit point out, this response leaves a lot of unanswered questions. “Is that the full list, or is there more?” they wonder. How long does the company store the data? What about the encrypted search data? When does Carrier IQ send information to carriers? And why, oh why, can’t the user simply opt-out of the service? As Eckhart made clear in his video and blog post, it takes an advanced mobile developer to find the Carrier IQ software deeply embedded in the phone’s firmware.

Related: A Smartphone Map of Our Nation

Which brings us to the big question: how do you get rid of it? Android users are in luck. A quick fix is the brand-spanking new, unapologetically named “Voodoo Carrier IQ detector,” but since it can’t remove the software, it’s not exactly a fix. For that we turn back to Eckhart, who Eckhart wrote a Logging Test app (currently in its seventh revision) that you can download and run to find out exactly what’s going on with your phone. Run the “CIQ Checks” once installed to see if you have Carrier IQ installed. If it is, you can pay $1 to upgrade to the Pro version of Eckhart’s software which will remove Carrier IQ from your phone. Folks with Apple, BlackBerry and other devices are less lucky as we haven’t identified an equivalent app-based solution, but TechCrunch has some good tips on what to do.

Related: Android’s Browser Leaves the iPhone’s in the Dust

We have to raise a cynical question here. Based on the stats in the Android app store, the sales of Echkart’s Andoird App have skyrocketed since this scandal blew up. Diagnostic software is also pretty standard across the software industry, but given how little everyone seems to know about how Carrier IQ specifically works — how much data it collects, who it sends it to, which privacy policy applies, how to opt out, etc. etc. — it would appear that a little bit of oversight is in order. But it’s a little shady that Eckhart’s whistleblower video has turned into a source of income. It will take some more time to learn the full truth behind Carrier IQ, and we wouldn’t be surprised if Franken’s inquiry turns into a full scale investigation. Until then, you might want to use a landline.

Article source: http://news.yahoo.com/latest-widening-carrier-iq-phone-spying-scandal-153521910.html

Region: Slovak minister fired over bugging

By Beata Balogová

For the Slovak Spectator

The scandal involving the wiretapping of several Slovak journalists by military intelligence agents has cost Defense Minister Ľubomír Galko his job.

But as more information behind the secret monitoring program of the Military Defense Intelligence (VOS) has unfolded, government officials have learned that one of the journalists monitored on Galko’s watch was also wiretapped when the ministry was controlled by a nominee of the Smer party in 2007.

It has also emerged that the recent VOS operation involved wiretapping the head of TV news channel TA3 and two senior Defense Ministry employees, according to leaked documents obtained by Slovak media outlets.

“The whole story of wiretapping which is being uncovered today was also going on under previous governments,” said Prime Minister Iveta Radičová, who Nov. 22 asked President Ivan Gašparovič to dismiss Galko. “It is high time to reach an agreement and [start] an initiative over control mechanisms for the intelligence services.”

The prime minister will serve as Galko’s replacement until new elections are held in March 2012.

Radičová in her response also said it is now obvious that the “intelligence services have been doing everything possible – except what they were originally supposed to do and what their main role should be.”

The Pravda and Nový Čas dailies reported Nov. 21 that three reporters from Pravda’s domestic political department – editor Patrícia Poprocká and reporters Peter Kováč and Vanda Vavrová – as well as the head of TV news channel TA3, Michal Gučík, had been wiretapped by the VOS. The alleged wiretapping ended after the fall of the government in October, according to Pravda.

Galko’s Freedom and Solidarity Party (SaS) has continued to back him. He argues that the wiretaps were performed legally and were intended to uncover criminal activity.

In Slovakia, military intelligence activities are performed by two organizations operating under the Defense Ministry: the Military Defense Intelligence (VOS), which conducts counterintelligence, and the Military Intelligence Service.

The request to apply what are known as “information technical devices” to bug journalists was signed by the head of the VOS, Pavol Brychta, and the wiretapping, which was reportedly intended to monitor the so-called “contact base” of three journalists, was approved by a judge. Brychta confirmed these details to the parliamentary committee for the oversight of military intelligence Nov. 22.

Brychta told the committee the journalists in question had participated in the leaking of sensitive information from the Defense Ministry, according to Peter Žiga, the Smer MP who leads the committee.

Opposition Smer party leader and former Prime Minister Robert Fico called the wiretapping program an assault on democracy and the foundations of the state, and suggested Galko had confirmed in live coverage that the information published by the media was genuine.

“It is one of the most serious abuses of power, to an extent that we don’t dare to dream of,” Fico told reporters Nov. 24.

It was later revealed that Smer-nominated former Defense Minister Jaroslav Baška admitted the VOS had also monitored at least one journalist during Fico’s government. In a media statement, Baška objected to comparisons made between the present affair and the wiretapping of Poprocká by the VOS in 2007, when the department was led by František Kašický, another Smer nominee, and Baška, who was deputy minister at the time. Poprocká, one of the Pravda reporters allegedly monitored by the VOS this year, was bugged in 2007 under Kašický when she worked as editor of the Žurnál weekly.

The VOS under Galko also used suspected leaks of classified information from the ministry as its justification for wiretapping journalists. Only a few days before the scandal broke, the Defense Ministry had filed a criminal complaint over suspicions that fraud had occurred during the government’s conclusion of a contract to buy a mobile communication system, MOKYS, which had cost Slovakia several billion Slovak crowns.

Just days after filing the complaint, Slovak newspaper editorial offices received anonymous information about the purchase of military trucks and military emergency vehicles. According to Galko, two of these newspapers, Pravda and Nový Čas, had “published stories about alleged illegal wiretapping of journalists by the military counterintelligence.”

Galko also said that on the one hand he understands the emotions and outrage of journalists, but “on the other hand, if there is suspicion that a crime has been committed, I am personally convinced there is no difference between a politician, or a minister for that matter, an employee, a businessman, a regular person or a journalist.”

Radičová said the Justice Ministry will review the decisions of the judges who approved the wiretaps, but added that the media did publish confidential information and violated the law by doing so.

Former general prosecutor Dobroslav Trnka has been tapped to lead the government probe into the affair.

Beata Balogová can be reached at news [at] praguepost [dot] com

Article source: http://www.praguepost.com/news/11211-region-slovak-minister-fired-over-bugging.html

It’s Pretty Easy To Make An Android App That Will Eavesdrop On User Calls Without Permission

Image: Flickr via Joe Howell

North Carolina State University researchers have uncovered a malicious little flaw in the Android mobile OS, reports The Register. Turns out its pretty easy to build and distribute an app that can do all kinds of terrible things users won’t want it to – including call recording.

When you install a new Android app, you set its “permissions” — you get to tell it what it can and can’t do. Google Maps should be able to access your location, for example, but Angry Birds has no business recording your phone calls.

This backdoor works by skipping this essential step. Upon installation, an app can potentially not tell you what it’s actually doing.

To demonstrate the bug, researchers created an app that was successfully able to do all kinds of things you’d never want an app to do without your knowledge – record phone calls, send unauthorized text messages, and track the phone’s (your) location.

The EVO 4G proved most susceptible to the problem while the Nexus S and Nexus One proved most secure.

Manufacturers say they are aware of the problem and should be addressing it shortly. Until then, be extra careful while installing your Android apps!

Article source: http://www.businessinsider.com/this-evil-android-security-bug-can-eavesdrop-on-your-phone-calls-2011-12