The Zeus banking Trojan could be a useful tool in corporate espionage…
Zeus typically steals online banking credentials and then uses that information to move money out of internet accounts. In the past year, however, Gary Warner, director of research in computer forensics with the University of Alabama, who has been closely monitoring the various criminal groups that use Zeus, has seen some hackers also try to figure out what companies their victims work for…
“They want to know where you work,” he said. “Your computer may be worth exploring more deeply because it may provide a gateway to the organisation.”
That’s worrying because Zeus could be a very powerful tool for stealing corporate secrets. It lets the criminals remotely control their victims’ computers, scanning files and logging passwords and keystrokes. With Zeus, hackers can even tunnel through their victim’s computer to break into corporate systems. (more)
Luxury car manufacturer Porsche has banned employees from using Internet sites such as Facebook, Google Mail or Ebay during office hours, for fear of industrial spying, German media reported on Saturday. Corporate security chief Rainer Benne told business weekly Wirtschaftswoche that the company feared information could be leaked via social networking site Facebook in particular.
The magazine reported that foreign intelligence agencies systematically used Facebook to contact company insiders and win their trust in order to obtain information.
Roughly a quarter of Porsche’s 13,000 global employees use Facebook and other social networking sites, Wirtschaftswoche reported. (
more)
Attending and presenting at the annual ERI meeting means telling clients we will be unavailable for a few days. They understand once I tell them what goes on behind these closed doors. The information I gather directly benefits them. If you think any of this can help you, give me a call and I will brief you in greater detail.
This is what I heard today…
• Need to track down Cellular, Wi-Fi or Bluetooth signals?
Berkerley Varitronics RF Detection Products probably has just the little handheld instrument you need. Each instrument, with its own weird name (Yellowjacket, Swarm, Mantis, WatchHound, etc.) handles a very specific chore. You only buy what you need. That keeps the costs down. Need a special enclosure, like hiding their contraband cell phone detector in a water bottle, or secreting an antenna in a pocket pen? No problem. Very cool Jersey engineering dudes.
The rest of the day, ERI members taught what they know…
• Alternative Power Sources for the Eavesdropper –
Mark Clayton• Display of most of the TSCM instrumentation designed and built by Glenn Whidden (with commentary by Glenn). Instrumentation provided by J.D. LeaSure.
• Discussions about topics for next year’s meetings.
The discussions continue tomorrow.
Thank you to our client family for adjusting your schedules to allow us time to attend this important meeting in Washington, DC. Tomorrow we are back on the road again completing visits this month to Virginia, Maryland, Ohio, Philadelphia, Anchorage, Boston, New York City, New Jersey and Illinois. ~ Kevin D. Murray
Kevin’s Security Scrapbook is prepared fresh almost daily for the clients and friends of Murray Associates – Eavesdropping Detection and Counterespionage Consulting for Business and Government
A few posts ago, it was noted that the FBI is echoing the desires of several countries around the world about having backdoor keys to all communications encryption schemes. BlackBerry, Skype, etc. are seeing the beginning of the end of their privacy advantage.
Some countries threatened to outright ban encryption they can’t crack, but how can this concept be sold to the U.S. Congress?
Attending and presenting at the annual ERI meeting means telling clients we will be unavailable for a few days. They understand once I tell them what goes on behind these closed doors. The information I gather directly benefits them. If you think any of this can help you, give me a call and I will brief you in greater detail.
This is what I heard today…
• Need to make sure the people outside of your room can’t overhear you?
Dynasound to the rescue. As they say, “These are not your father’s white noise generators.” Made to be un-filterable, this white noise is injected directly into construction materials (as opposed to vibrated in with old piezo-electric transducers). The benefit… walls, windows, ceilings and floors transmit the sound outward. People in the room can hardly hear it. Bonus… Need a temporary solution (as in a hotel) or need to move the permanent installation? No problem. The new transducers are easy to move.
• Want to have 24/7 monitoring of an area for certain types of bugging devices?
Global TSCM Group has an answer. Their multi-faceted monitoring system may be monitored anywhere via the Internet. It may not be the total answer, but it helps when securing Boardrooms and creating secure conference rooms.
• Need to control Wi-Fi and cell phone usage in your building?
AirPatrol can do it. Once their system is installed, you will know where every rogue laptop, unauthorized Wi-Fi appearance point and cell phone is… within six feet of its exact location, plotted on a computer map. Also, monitorable via the Internet. (PS – There is a whole lot more their system does. Visit their web site.)
Ok… Lunch break.
• Need portable secure storage for cell phones and tablets when everyone enters the top secret meeting? Hey, you never know whose cell phone is infected with spyware, turning their phone into a bugging device.
Vector Technologies has the answer, and if the answer doesn’t suit you, talk to them. They will
make whatever you need. Bonus… It won’t look like an old pirate’s chest. They make really nice looking stuff with pneumatic lids! Independent testing labs certify effectiveness. Call 540-872-0444.
The rest of the afternoon, ERI members taught what they know…
• “Finds in the Computer World” – Dr. Gordon Mitchell
• “Access Control / Physical Security” – Mark Clayton
• “Building and Using a UV LED Light Source” – Dr. Gordon Mitchell
• “Adventures with Software Defined Radio” – Kevin D. Murray
More tomorrow…
(MJD, DC can be fun. Make the TSCM hajj next year.)
