The irony is too significant to ignore: A smartphone app that enables customers to spy on others’ phones may itself be vulnerable to attackers looking to spy on them.
The surveillance app, called “Mobile Spy,” is designed to let its customers monitor the information, including text messages, GPS location and call logs, of other phones installed with the app. That private info is then uploaded to the app user’s account and can be viewed in any Web browser, either on a computer or phone.
Unfortunately for those doing the watching, Mobile Spy contains several security vulnerabilities that allow an attacker to inject malicious code into the target’s phone, via SMS message, and hijack their spy session, according to researchers at Vulnerability Lab, who disclosed the flaws.
Because the developers of Mobile Spy say it is available for iPhone, Android, BlackBerry and Windows Phone, the presence of a security glitch makes it a top target for exploitation.
To make things even more confusing, there are at least five separate Android apps in the Google Play store called “Mobile Spy,” and none of them seem to be the one about which Vulnerability Lab issued its warning. Nor is there any app in the iTunes App Store by that name.
The Mobile Spy website states that iPhones must be jailbroken in order to install Mobile Spy, and hints that Android versions will need to be “side-loaded” from a PC. Usage licenses run from $50 for three months to $100 for a full year.
Anyone who jailbreaks an iPhone or sideloads Android apps is running a big security risk. And from the looks of the “Mobile Spy” apps that are in the official Google Play store, you probably shouldn’t install them either.
A French security company, linked to allegations that Swedish furniture giant IKEA illegally spied on staff and customers, has denied involvement, blaming a renegade former employee.
Prosecutors have opened an investigation following a complaint from a trade union and a newspaper report which published what it said were email exchanges between the head of the company’s risk management department and Surete International about getting access to the police force files.
IKEA says it’ll examine claims the firm paid for illegal access to secret French police files in order to gain information about its employees, clients and even people who came near its property.
The former management of Surete International, which was wound up in 2011, has denied responsibility for everything attributed to it.
A chance discovery during an FBI investigation uncovered what authorities say is proof of a phenomenon long suspected by corporate espionage experts: Companies owned by the Chinese government have a growing appetite for the trade secrets of American corporations, and they’re soliciting foreign nationals in the U.S. to steal them.
In this case, a couple allegedly spent more than 10 years tracking down the formula for a white pigment produced by chemical company DuPont. The Wall Street Journal reported that Walter and Christina Liew planned to turn over their findings to Pangang Group, a company owned by the Chinese government.
“Chinese actors are the world’s most active and persistent perpetrators of economic espionage,” the Office of the National Counterintelligence Executive wrote in a congressional report last October. “Of the seven cases that were adjudicated under the Economic Espionage Act … in Fiscal Year 2010, six involved a link to China.”
DuPont’s method for manufacturing titanium dioxide is closely guarded by the company. Correspondence uncovered in a safe-deposit box linked the operation back to Pangang and high-level Communist Party officials in China, according to the Journal. The paper said DuPont alerted the FBI after receiving an anonymous letter about Liew’s activities and finding DuPont information on the computer of a colleague, who has not been charged.
The Liews were arrested in July and have been charged with trying to steal trade secrets and sell them to China. They have denied the charges.
Last week, the Department of Justice announced that another participant in the operation, Tze Chao, pleaded guilty to conspiracy to commit economic espionage. Chao, a former DuPont employee, “admitted that he provided trade secrets concerning DuPont’s proprietary titanium dioxide (TiO2) manufacturing process to companies he knew were controlled by the government of the People’s Republic of China,” the DOJ said in a statement.
M.E. “Mich” Kabay, chief technical officer of Adaptive Cyber Security Instruments Inc., and professor of information assurance and statistics at Norwich University, called state-sponsored corporate espionage “standard operating procedure” for China, although this case unearthed the first paper trail showing a request for trade secrets that began with the state, rather than a corporation, according to the Journal.
Chinese government officials have denied knowledge or endorsement of these kinds of activities. But Kabay said it’s hard to believe that an autocratic, controlling government with significant involvement in the nation’s industrial sector would be unaware of efforts to steal American trade secrets.
Unlike the relatively low-tech methods used by the spies in the DuPont case, Kabay said many attempts to steal trade secrets from American businesses are undertaken by computer hackers. He cited this as another example of Chinese state complicity or involvement in the theft of intellectual property, given its notoriously tight grip on its citizens’ use of the Internet. “Their tolerance of criminal hacker groups is inexplicable without the assumption that the government is encouraging criminal hacking,” he said.
“Cyberspace is a unique complement to the espionage environment,” the congressional counterintelligence report said, adding that “an onslaught” of recent attempts to penetrate the online security systems of American companies were traced to Chinese Internet addresses.
Author and former sr. partner at Goldman Sachs Peter Kiernan discusses America’s complicated relationship with China and why the two countries need each other.
WASHINGTON (AP) — A former government space scientist was sentenced Wednesday to 13 years in prison after admitting he tried to sell space and defense secrets to Israel in what turned out to be an FBI sting operation.
Appearing in federal court in a prison jumpsuit, Stewart Nozette said he is “paying for a fatal lack of judgment.”
“I accept full responsibility,” Nozette told U.S. District Judge Paul Friedman.
Prosecutors and Nozette’s lawyers agreed to the 13-year sentence, with credit for the two years that Nozette has spent behind bars since his arrest.
Nozette had high-level security clearances during decades of government work on science and space projects at NASA, the Energy Department and the National Space Council in President George H.W. Bush’s administration.
Nozette pleaded guilty to one count of attempted espionage, admitting he tried to provide Israel with top secret information about satellites, early warning systems, methods for retaliating against large-scale attack, communications intelligence information and major elements of defense strategy.
In court, prosecutors played a videotape of Nozette telling an FBI undercover agent posing as an Israeli spy that “I’ve sort of crossed the Rubicon,” or passed a point of no return. On the video, Nozette said he would charge Israel “at most 1 percent” for passing information about an unspecified program that Nozette said cost the U.S. government $200 million.
Nozette, 54, was a “traitor” who engaged in attempted espionage with “unbridled enthusiasm,” Assistant U.S. Attorney Anthony Asuncion told the judge.
At the time of Nozette’s arrest for attempted espionage in 2009, he was awaiting sentencing on fraud and tax evasion charges.
On Wednesday, the judge sentenced him to 37 months on those charges, to be served concurrently with the sentence in the espionage case.
Nozette was known primarily as a defense technologist who had worked on the Reagan-era missile defense shield effort, nicknamed “Star Wars” and formally called the Strategic Defense Initiative.
As a leading scientist at the Lawrence Livermore National Laboratory in the 1990s, Nozette came up with the concept behind the Clementine space mission, which ultimately discovered ice on the moon, according to the sentencing memo in the espionage case by Nozette’s legal team.
One of Nozette’s lawyers, Bradford Berenson, called the espionage case “vindictive” and an illustration of “overreaching government conduct” at a time when Nozette was already enmeshed in the tax and fraud case.
The government suspected Nozette might be interested in spying after a search of his Chevy Chase, Md., home in February 2007 in the tax and fraud probe.
Nozette ran a nonprofit corporation called the Alliance for Competitive Technology that had several agreements to develop advanced technology for the U.S. government. But he was overstating his costs for reimbursement and failing to report the income on his tax returns. Berenson called that case “relatively minor” and a violation that “a lot of small businesses engage in.”
The search of his home turned up classified documents, though Nozette’s lawyers said in his defense Wednesday that they were not marked as such. Nozette was not allowed to have unsecured classified documents in his home.
Agents also discovered Nozette sent an email in 2002 threatening to sell information about a classified program he was working on to Israel or another country. The FBI decided to conduct an undercover operation to see how serious he was.
The attempted selling of secrets “never would have happened but for the tax and fraud case,” said Berenson.
“This was functional entrapment,” said Berenson. Entrapment is a defense to criminal charges when it is established that the agent originated the idea of the crime and induced the accused to engage in it.
Nozette also was ordered to pay $217,800 in restitution for fraudulent claims he made to the U.S. Naval Research Laboratory in Washington, D.C., the Defense Advanced Research Projects Agency in Arlington, Va., and NASA’s Goddard Space Flight Center in Greenbelt, Md.
America’s favorite spy movies often employ futuristic gadgets and high-tech devices to wow viewers, but according to a former officer in the CIA, technology may have some burdening effects on espionage.
Robert Grenier served 27 years in the CIA, formerly working as a station chief in Islamabad, a CIA representative to the White House, and most recently the head of the Counterterrorism Center. He spoke Wednesday night in Mitchell Hall as part of the Global Agenda speaker series “Spies, Lies and Sneaky Guys: Espionage and Intelligence in the Digital Age.”
Grenier said the title of the Global Agenda series struck him, having worked in the CIA Clandestine Service, donning numerous aliases to hide his true identity as he gathered intelligence from around the world.
He said the roles officers of the Clandestine Service have to undertake involve lying and cheating as well as misrepresenting oneself, essentially “everything your parents told you not to do.”
While he acknowledged these qualities could place the officers in the role of “sneaky guys,” he said most officers take morality very seriously and said the job requirements often help the officers be more moral since they are ultimately utilized to protect American citizens.
Grenier said questions have arisen with the recent boom in technology about whether human espionage should still be employed for intelligence gathering. He said the human element could not be lost, even with advancing electronic intelligence.
“At the end of the day, it is people who make decisions,” Grenier said.
But there may be legitimate concerns about challenges technology poses for the practice of espionage. When he began his career in Clandestine Service, Grenier said an identity could be created with very little concern ones cover would be blown by a suspicious individual. Nowadays, Grenier said just about anyone can do a background check and possibly discover holes in one’s alias.
Grenier said he came to realize the practice of espionage would have to change when he received a standard form letter at a hotel overseas, while undercover, thanking him for visiting again. When he realized electronic records now tracked where he had been for certain date ranges, he said he knew the practice of espionage was going to have to change.
“It was like the future in a flash that opened up before my eyes,” Grenier said.
A challenge has also arisen in the form of “information overload,” and Grenier said analysts are now faced with having to prioritize which individuals they monitor and which ones they do not.
Grenier said this problem materialized with the “underwear bomber” incident of late 2009, in which a man tried to blow up a plane approaching Detroit. Though the agency received information the man posed a threat, they did not act upon it due to the abundance of other intelligence. In hindsight in this case, Grenier said one could argue the intelligence was not prioritized appropriately, but the event, regardless, was a consequence of having more electronic intelligence than human analysts.
Even with the challenges, Grenier said the technology still presents many advantages, including greater ease in identifying targets for intelligence information. He recounted an experience in North Africa where he needed to gain information about radical leftist student leaders, and he said he did so by picking up hitchhikers and asking if they knew anything about the group.
“This was really primitive, and this was difficult, and it was not at all efficient,” Grenier said.
In modern espionage, Grenier said the people of interest could have been located first by technology, and then the officers on the ground could have formed the intelligence relationships necessary.
And the amplification of communications technology may also be a blessing for the agency, including its ability to use “open source” intelligence information from the same social networks and websites average citizens use every day.
Grenier said he experienced some bad events during his time in the CIA, but never had a bad day at work. He said if he could do it all over again, he would still join the CIA, finding the profession somewhat irresistible.
“There is a seduction in the work,” Grenier said.
