FBI Boston CI Strategic Partnership Newsletter

Transcription

FBI Boston CI Strategic Partnership Newsletter
FBI Boston CI Strategic
Partnership Newsletter
November 24, 2010
Volume 1 Issue 1
1111111
Federal Bureau of Investigation
One Center Plaza, Suite 600
Boston, MA 02108, 617-742-5533
COUNTERINTELLIGENCE
ARRESTS, TRIALS AND CONVICTIONS
2
Employee of high technology company charged with seeking to provide confidential
business information to a foreign government
3
Scientist Charged With Economic Espionage
California Couple Charged with Conspiring to Export Sensitive Technology to People’s
Republic of China
4
Ex-DuPont researcher gets prison for selling trade secrets
6
Michigan Man Pleads Guilty to Attempting to Spy for the People’s Republic of China
7
New spy game: Workers sell firms' secrets abroad
TECHNIQUES, METHODS, TARGETS
9
Six enterprise security leaks you should plug now
CYBER, HACKING, DATA THEFT, COMPUTER INTRUSIONS & RELATED
12
How advanced persistent threats bypass your network security
14
The threat behind fake LinkedIn messages
14
Zeus hackers could steal corporate secrets too
15
USB Warfare: The Real Electronic Nightmare
16
Social networking sites used by foreign intelligence services
17
iPad Spy Software Hits Market
NOTE: In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit or payment for non-profit
news reporting and educational purposes only. Use does not reflect official endorsement by the FBI. Reproduction for
private use or gain is subject to original copyright restrictions. Individuals interested in subscribing to this publication, or
interested in further information, should send an email to SA Carmine Nigro at carmine.nigro@c.fbi.gov , SME Theodore
Distaso at Theodore.Distaso@ic.fbi.gov or SME Wallace D. Salisbury at Wallace.Salisbury@ic.fbi.gov . For additional
information please call SA Nigro at 617-223-6038, SME Distaso at 617-223-6231 or SME Salisbury at 401-458-1127.
CI Strategic Partnership Newsletter
Page 2
Counterintelligence
ARRESTS, TRIALS AND CONVICTIONS
Employee of High Technology Company Charged with Seeking to
Provide Confidential Business Information to a Foreign Government
FOR IMMEDIATE RELEASE
WEDNESDAY, OCTOBER 6, 2010
WWW.USDOJ.GOV/USAO/MA
E-MAIL: USAMA.MEDIA@USDOJ.GOV
http://www.justice.gov/usao/ma/Press%20Office%2020Press%20Release%20Files/Oct2010/DoxerElliotPR.html
BOSTON, Mass. - An employee of a high technology company headquartered in Cambridge,
Massachusetts was arrested and charged today in federal court with secretly providing
confidential business information over an 18-month period to a person he believed to be an
agent of a foreign government. ELLIOT DOXER, 42, of Brookline, Massachusetts, was charged in
a Complaint with one count of wire fraud. Doxer worked in the finance department of Cambridgebased Akamai Technologies, Inc., a provider of Internet content delivery services. The Complaint
alleges that on June 22, 2006, Doxer sent an email to a foreign country’s consulate in Boston
stating that he was willing to provide any information he had access to, that might help the
foreign country. It is alleged that in later communications, Doxer said his chief desire “was to
help our homeland and our war against our enemies.” He also allegedly asked for $3,000 in light
of the risks he was taking. The foreign government cooperated with the United States in the
investigation. The Complaint alleges that in September 2007, a U.S. federal agent posing
undercover as an agent of the foreign country spoke to Doxer and established a “dead drop”
where the agent and Doxer could exchange written communications. The Complaint further
alleges that from September 2007 through March 2009, Doxer visited the “dead drop” at least 62
times to leave confidential business information, retrieve communications, or check for new
communications. The Complaint alleges that among the confidential business items Doxer
provided the undercover agent were an extensive list of Akamai’s customers; some contracts
between Akamai and various customers revealing contact, services, pricing, and termination date
information; and a comprehensive list of Akamai’s employees that revealed their positions and
full contact information. According to the Complaint, Doxer also broadly described Akamai’s
physical and computer security systems and stated that he could travel to the foreign country
and could support special and sensitive operations in his local area if needed.
The Complaint does not allege that any representative of any foreign government sought or
obtained sensitive information in this case, nor does the Complaint charge any foreign
government representative with wrongdoing. If convicted, Doxer faces a maximum penalty of 20
years’ imprisonment, a three-year term of supervised release, a $250,000 fine or twice the gain
or loss, whichever is highest, and restitution to the victim. United States Attorney Carmen M.
Ortiz, Richard DesLauriers, Special Agent in Charge of the Federal Bureau of Investigation Boston Field Office and Robert Bethel, Inspector in Charge of the U.S. Postal Inspection Service
made the announcement today. The case is being investigated by members of the FBI’s
Counterintelligence Section and is being prosecuted by Assistant U.S. Attorneys William D.
Weinreb and Scott Garland respectively in Ortiz’s Antiterrorism and National Security Unit and
Computer Crimes Unit. Akamai Technologies, Inc. cooperated fully in the investigation.
2
CI Strategic Partnership Newsletter
Page 3
The details contained in the Complaint are allegations. The defendant is presumed to be innocent
unless and until proven guilty beyond a reasonable doubt in a court of law.
SCIENTIST CHARGED WITH ECONOMIC ESPIONAGE
Telegram & Gazette
July 20, 2010
A scientific researcher from Westboro, MA is one of a handful of people to be charged in federal
court with foreign economic espionage after he allegedly stole information about an organic
insecticide developed by Dow Chemical Co. and gave it to a university in China.
Kexue Huang, 45, was arrested July 13 on a federal indictment from the Southern District of
Indiana accusing him of 12 counts of theft and attempted theft of trade secrets to benefit a
foreign government and instrumentality, and five counts of foreign or interstate transportation of
stolen property. According to FBI Special Agent Alexander H. Arnett Jr., who testified at Mr.
Huang's detention hearing yesterday in U.S. District Court in Worcester, Mr. Huang worked for
Dow and allegedly took company information about an organic insecticide to a Chinese
university. "Dow AgroSciences is aware of an FBI investigation into a potential violation of our
company's intellectual property rights by a former employee," a statement released by the
company said. "We are cooperating fully with the authorities. Because of the nature of the
investigation we are unable to comment further." Magistrate Judge Timothy S. Hillman did not
make a decision yesterday on the detention status of Mr. Huang, who has been in the custody of
the U.S. Marshals Service since his arrest. Judge Hillman indicated Indiana authorities wanted Mr.
Huang in their state to face the indictments. The alleged charges, which are still under seal in
Indiana where Dow has an agrochemical and biotechnology company, stem from the alleged
stealing of information from January 2005 to earlier this year. Mr. Huang worked for Dow from
January 2003 and was fired in February 2008, according to authorities. In testimony yesterday,
authorities allege Mr. Huang stole information on the insecticide and co-published research
articles about it through the Hunan Normal University in China. Mr. Arnett estimated the value of
the information to be in the hundreds of millions of dollars, according to his testimony. Mr.
Huang, who is married and has two children, has lived in Westboro for the past year. He is
employed at Qteros Inc. in Marlboro. A spokeswoman for Qteros said Mr. Huang is still employed
there and the alleged crimes did not involve Qteros. The company is cooperating with
investigators. During and after his employment for Dow, Mr. Huang allegedly e-mailed
information to the university and traveled several times to China, according to court testimony.
Defense lawyer James P. Duggan argued against his client's detainment, stating his family
members are willing to turn in all their passports. He also said Mr. Huang was purchasing a
home in Westboro. He said his client has no record of violence, no criminal record and is not a
flight risk. "It's hard to picture the whole family moving without passports," Mr. Duggan said.
He said that the "linchpin piece of evidence" against his client was the research article published
in the scholarly journal in China. Assistant U.S. Attorney Scott L. Garland said Mr. Huang is a
flight risk and, although he is a lawful permanent resident in the United States, he is a Canadian
citizen and has family in China. Mr. Garland said in court that retrieving suspects from China and
Canada is extremely difficult and can take years. Mr. Huang is one of only six or seven people to
face this type of trade secret theft charge, which is signed off on by the U.S. Department of
Justice's National Security Division. Mr. Huang could face up to 15 years in prison on each of the
theft and attempted theft of trade secrets charges, and up to 10 years each on the foreign or
interstate transportation of stolen property charges. Mr. Garland said the $300,000 offered by
Mr. Huang as equity to secure his release doesn't compare to the millions in restitution he could
be ordered to pay if found guilty. Mr. Garland also wanted Mr. Huang to be barred from using a
computer if released. The court could decide what computer uses would be allowed. Mr. Huang's
wife, who was in court, told a reporter any story about her husband would damage his
reputation.
3
CI Strategic Partnership Newsletter
Page 4
California Couple Charged with Conspiring to Export Sensitive
Technology to People’s Republic of China
http://losangeles.fbi.gov/dojpressrel/pressrel10/la101510.htm
Department of Justice Press Release For Immediate Release
October 15, 2010
United States Attorney's Office, Central District of California
Contact: (213) 894-2434
LOS ANGELES—A Southern California man was ordered held without bond today after being
arrested on charges of conspiring to export restricted electronics technology to the People’s
Republic of China (PRC) without obtaining the necessary licenses. York Yuan Chang, 53, also
known as David Zhang, was ordered detained late this morning by United States Magistrate
Judge Fernando M. Olguin. Chang and his wife, Leping Huang, 49, both residents of Diamond
Bar, were charged in a criminal complaint filed October 9 in United States District Court.
Chang, who is a naturalized United States citizen, and Huang, who is a Chinese national, were
arrested without incident Monday morning at their residence. Huang was released yesterday
after posting part of a $1 million bond that was set on Tuesday during her first court appearance.
The criminal complaint accuses the couple of violating the International Emergency Economic
Powers Act and the Export Administration Regulations by conspiring to export restricted items to
the PRC without a license. The complaint also charges both defendants with making false
statements to federal agents. According to the affidavit in support of the complaint, Chang and
Huang are the longtime owners of GTSI (General Technology Systems Integration, Inc.), an
Ontario, California company involved primarily in the export of technology and equipment to the
PRC. GTSI entered into contracts with the Sichuan Institute of Solid-State Circuits (also known as
the 24th Research Institute of the China Electronics Technology Corporation Group) in Chongqing
to design and transfer to the PRC technology for the development and production of two types of
high-performance analog-to-digital converters (ADCs). The contracts called for GTSI to provide
technical experts to design, develop and oversee the production of ADCs that would match the
specifications, functionality and characteristics of two ADCs produced by United States
manufacturers.
In early 2009, Chang and Huang hired two engineers to design the technology and provide
training to engineers in the PRC. On separate occasions in 2009, the engineers were inspected by
officials with U.S. Customs and Border Protection (CBP) when they returned to the United States
following trips to the PRC. On each occasion, CBP officials discovered computer files and
documents that supported allegations of an illegal technology transfer involving GTSI. After
authorities contacted the engineers, Chang and Huang allegedly sought to cover up the project
and convince the engineers to keep working on the ADC project. The complaint alleges that in a
September 2009 interview with federal agents, Huang falsely told agents that the engineers had
declined to undertake the project three months earlier. The complaint further alleges that in
February 2010, Huang made additional false claims to federal agents about the project. In
February 2010, Chang allegedly falsely told agents that the ADC project had been cancelled in
May 2009. The ADC technology that Chang and Huang allegedly attempted to export to the PRC
has both commercial and military applications. The ADCs are subject to export controls for
national security and anti-terrorism reasons. According to official determinations by the United
States Department of Commerce, neither the ADCs, nor their related technology, may be
exported from the United States to the PRC without a valid export license. Chang and Huang are
scheduled to be arraigned on November 1. Chang and Huang are both charged in the export
conspiracy count, which carries a maximum statutory penalty of 20 years in federal prison.
Additionally, Chang is charged with one count of making false statements, and Huang is charged
with two counts of making false statements. Each count of making false statements carries a
statutory maximum penalty of five years in federal prison. A criminal complaint contains
allegations that a defendant has committed a crime. Every defendant is presumed innocent until
4
CI Strategic Partnership Newsletter
Page 5
and unless proven guilty beyond a reasonable doubt. This case is the product of an investigation
by the Federal Bureau of Investigation; the United States Department of Commerce, Bureau of
Industry and Security, Office of Export and Enforcement; U.S. Immigration and Customs
Enforcement, Homeland Security Investigations; IRS - Criminal Investigation; and the Defense
Criminal Investigative Service. The investigation was coordinated by the Export and Antiproliferation Global Law Enforcement (EAGLE) Task Force. The EAGLE Task Force was created by
the United States Attorney’s Office for the Central District of California, in conjunction with
federal law enforcement agencies, to investigate and combat the illegal exports of arms and
sensitive technologies.
Ex-DuPont researcher gets prison for selling trade secrets
http://www.delawareonline.com/fdcp/?1288039843113
By SEAN O'SULLIVAN • The News Journal •
October 21, 2010
WILMINGTON -- A former DuPont researcher today was ordered to prison for 14 months for
stealing "cutting edge organic electronic trade secrets" in what appeared to be part of a larger
plan to take them to China and set up a rival business venture. Hong Meng, 44, a Chinese
national who had permanent resident status and held the title of senior research scientist before
he was fired, also is facing automatic deportation when he is released from federal custody.
District Judge Sue L. Robinson gave Meng until Dec. 1 to report to prison. Assistant U.S.
Attorney Robert Kravetz told Robinson that the case involves "a very serious intellectual property
offense… and represents an abuse of trust" and that Meng continues to cling to a story that is
inconsistent with the facts. According to prosecutors and court papers, Meng was and is a
"brilliant researcher" who made significant advances in the field of paper-thin displays involving
nanoelectronics and organic semi-conductors, also known as organic light emitting diodes.
Meng co-edited a book on the technology, which is expected to be the next generation of
displays for televisions, computers and other video-based technology. In summer 2009, Meng,
who had been based in Delaware, was set to transfer to DuPont's facility in Shanghai. And during
the screening for that move, company officials uncovered e-mails and other documents that
indicated Meng was preparing to accept a job at Peking University in Beijing, his alma mater, and
planned to head a department focused on OLED technology. Kravetz said investigators also
turned up evidence that Meng gave a presentation to a regional Chinese government, soliciting
financial support, stating he expected to open a factory there within three to five years,
employing 300 to 1,000 people, to produce OLED televisions and lighting systems. Prosecutors
also found Meng had hidden details of a key OLED process in a Microsoft Word document -about a completely different subject -- that he sent to his Peking University e-mail account.
He also shipped a package of samples of chemicals involved in the OLED process to a friend with
instructions to forward the samples to him at Peking University. The samples were recovered
and it is unclear if the technical details Meng e-mailed to himself were accessed by others,
according to prosecutors. Meng's attorneys asked for a sentence of probation, arguing Meng
already has suffered personally and professionally as a result of pleading guilty to theft of trade
secrets. In court papers, Attorney Kathleen Jennings argued Meng is remorseful, acknowledges
his conduct caused damage to DuPont and that he betrayed the trust of his colleagues.
But she also charged that it was a one-time error in judgment by a man who has otherwise lived
a law-abiding life and that he has been sufficiently punished by his loss in status, the loss of his
career at DuPont and his likely deportation. U.S. Attorney David Weiss said the conviction shows
his office “is committed to taking all necessary steps to enforce intellectual property laws and to
protect valuable American technology from being stolen for use overseas” and the sentence
makes clear that the offense is taken seriously by the justice system. Special Agent Richard
McFeely of the Federal Bureau of Investigation said the case should serve as a reminder to U.S.
companies for the need to be vigilant about protecting their trade secrets. “It is an absolute
5
CI Strategic Partnership Newsletter
Page 6
necessity in today’s times that our nations’ businesses adopt a proactive posture of maintaining
active firewalls and other computer security measures,” he said, and when there is a breach like
the one in this case it should be reported quickly to the FBI.
Contact Sean O’Sullivan at 324-2777 or sosullivan-@delawareonline.com.
Michigan Man Pleads Guilty to Attempting to Spy for the People’s
Republic of China
Department of Justice Press Release
http://washingtondc.fbi.gov/dojpressrel/pressrel10/wfo102210a.htm
For Immediate Release
October 22, 2010 U.S. Department of Justice Office of Public Affairs
(202) 514-2007/TDD (202) 514-1888
WASHINGTON—Glenn Duffie Shriver, 28, of Detroit, Mich., pleaded guilty today before U.S.
District Court Judge Liam O’Grady to conspiring to provide national defense information to
intelligence officers of the People’s Republic of China (PRC). The guilty plea was announced by
David Kris, Assistant Attorney General for the National Security Division; Neil H. MacBride, U.S.
Attorney for the Eastern District of Virginia; and John G. Perren, Acting Assistant Director in
Charge of the FBI Washington Field Office. Shriver pleaded guilty to a one-count criminal
information charging him with conspiracy to communicate national defense information to a
person not entitled to receive it. In a plea agreement, the defense and government jointly
recommended a prison sentence of 48 months. Sentencing is scheduled for Jan. 21, 2011.
“This defendant attempted to gain access to classified U.S. national defense information by
securing a position within the U.S. government under false pretenses, with the ultimate goal of
providing that information to intelligence officers of the People’s Republic of China,” said
Assistant Attorney General Kris. “Through the diligent work of the agents, analysts, and
prosecutors assigned to this matter, the defendant’s scheme was detected and neutralized.”
“Mr. Shriver betrayed his country and took repeated steps toward spying for another
government,” said U.S. Attorney MacBride. “We remain vigilant against threats to our national
security and will do everything in our power to find and punish those who seek to betray our
country.” “Mr. Shriver threw away his education, his career and his future when he chose to
position himself to spy for the PRC. He failed to appreciate that the PRC simply created a
‘friendship’ with him to use him. It’s a valuable lesson to others who might be tempted to do the
same.” According to a statement of facts filed with his plea agreement, Shriver is proficient in
Mandarin Chinese and lived in the PRC both as an undergraduate student and after graduation.
While living in Shanghai in October 2004, Shriver developed a relationship with three individuals
whom he came to learn were PRC intelligence officers. At the request of these foreign agents,
Shriver agreed to return to the United States and apply for positions in U.S. intelligence agencies
or law enforcement organizations. Shriver admitted in court that he knew that his ultimate
objective was to obtain a position with a federal department or agency that would afford him
access to classified national defense information, which he would then transmit to the PRC
officers in return for cash payments. From 2005 to 2010, Shriver attempted to gain employment
as a U.S. Foreign Service Officer with the Department of State and as a clandestine service
officer with the Central Intelligence Agency. Shriver admitted that, during this time, he
maintained frequent contact with the PRC intelligence officers and received more than $70,000 in
three separate cash payments for what the officers called his “friendship.” In December 2009,
Shriver received notice that he was to report to Washington, D.C., in May 2010 for final
employment processing activities with the CIA. Shriver admitted that he communicated with a
PRC intelligence officer that he was “making some progress” in obtaining a position with the CIA
6
CI Strategic Partnership Newsletter
Page 7
and that he would not be free to travel to PRC for another meeting because it could raise
suspicion with federal agents conducting his background investigation. Shriver admitted that he
made false statements on the CIA questionnaire required for employment stating that he had not
had any contact with a foreign government or its representative during the last seven years,
when in fact he had met in person with one or more of the officers approximately 20 times since
2004. He also deliberately omitted his travel to PRC in 2007 when he received a $40,000 cash
payment from the PRC for applying to the CIA. In addition, Shriver made false statements during
a series of final screening interviews at the CIA, and he admitted he made each of the false
statements to conceal his illicit relationship with the PRC intelligence officers. This case is being
investigated by the FBI’s Washington Field Office. Assistant U.S. Attorney Stephen M. Campbell
of the U.S. Attorney’s Office for the Eastern District of Virginia and Trial Attorney Brandon L. Van
Grack of the Counterespionage Section in the National Security Division are prosecuting the case.
New spy game: Workers sell firms' secrets abroad
Hunger for Western technology fuels economic espionage cases in the U.S.
http://www.msnbc.msn.com/id/39717015/ns/business-the_new_york_times
By CHRISTOPHER DREW
The New York Times
updated 10/18/2010 4:10:57 AM ET 2010-10-18T08:10:57
Huang Kexue, federal authorities say, is a new kind of spy. For five years, Mr. Huang was a
scientist at a Dow Chemical lab in Indiana, studying ways to improve insecticides. But before he
was fired in 2008, Mr. Huang began sharing Dow’s secrets with Chinese researchers, authorities
say, then obtained grants from a state-run foundation in China with the goal of starting a rival
business there. Now, Mr. Huang, who was born in China and is a legal United States resident,
faces a rare criminal charge — that he engaged in economic espionage on China’s behalf.
Law enforcement officials say the kind of spying Mr. Huang is accused of represents a new front
in the battle for a global economic edge. As China and other countries broaden their efforts to
obtain Western technology, American industries beyond the traditional military and high-tech
targets risk having valuable secrets exposed by their own employees, court records show.
Underground markets rather than relying on dead drops and secret directions from government
handlers, the new trade in business secrets seems much more opportunistic, federal prosecutors
say, and occurs in loose, underground markets throughout the world. Prosecutors say it is
difficult to prove links to a foreign government, but intelligence officials say China, Russia and
Iran are among the countries pushing hardest to obtain the latest technologies.
“In the new global economy, our businesses are increasingly targets for theft,” said Lanny A.
Breuer, the assistant attorney general in charge of the Justice Department’s criminal division. “In
order to stay a leader in innovation, we’ve got to protect these trade secrets.” Mr. Huang, 45,
who says he is not guilty, is being prosecuted under an economic espionage provision in use for
only the seventh time. Created by Congress in 1996 to address a shift toward industrial spying
after the cold war, the law makes it a crime to steal business trade secrets, like software code
and laboratory breakthroughs. The crime rises to espionage if the thefts are carried out to help a
foreign government.
Economic espionage charges are also pending against Jin Hanjuan, a software engineer for
Motorola, who was arrested with a laptop full of company documents while boarding a plane for
China, prosecutors said. Over the last year, other charges involving the theft of trade secrets — a
charge less serious than espionage — have been filed against former engineers from General
Motors and Ford who had business ties to China. And scientists at the DuPont Company and
7
CI Strategic Partnership Newsletter
Page 8
Valspar, a Minnesota paint company, recently pleaded guilty to stealing their employer’s secrets
after taking jobs in China.
In two past espionage cases involving American computer companies, defendants said they saw
a chance to make money and acted on their own, knowing that the information would be
valuable to Chinese companies or agencies. In several cases, Chinese government agencies or
scientific institutes provided money to start businesses or research to develop the ideas; that
financing is what gave rise to the espionage charges.
The U.S.-China Economic and Security Review Commission, appointed by Congress to study the
national security issues arising from America’s economic relationship with China, said in a report
last year that even in instances without direct involvement by Chinese officials, China’s
government “has been a major beneficiary of technology acquired through industrial espionage.”
China has denied that its intelligence services go after American industries. China’s Foreign
Ministry declined to comment on the subject, but spokesmen for the Chinese foundation and the
university that worked with Mr. Huang said they were not aware of any espionage. “If it’s true,
we will start our own investigation into it,” said Chen Yue, a spokesman for the Natural Science
Foundation of China, which gave Mr. Huang grants to conduct research there.
China woos scientists American officials and corporate trade groups say they fear economic
spying will increase as China’s quest for Western know-how spreads from military systems to
everyday commercial technologies.
After focusing for decades on low-cost assembly operations, China “feels it really needs to turn
the corner and become a technology power in its own right,” said James Mulvenon, the director
of the Center for Intelligence Research and Analysis in Washington, which tracks Chinese
activities for federal agencies and corporate clients.
Mr. Mulvenon said China is trying to woo back thousands of ethnic Chinese scientists who have
trained or worked in the United States. “They basically roll out the red carpet for these guys,” he
said.
As economic crimes become easier to commit — in some cases as simple as downloading data
and pressing “Send” — security analysts say some American companies must share the blame for
thefts because they do not adequately monitor employees. At Motorola, for example, court
records show that Ms. Jin, the software engineer, downloaded company documents during two
sick leaves and tapped into the company’s computers from China, where, prosecutors say, she
met with a company linked to the Chinese military. Ms. Jin, a naturalized United States citizen
who was born in China, says she is not guilty, and is awaiting trial in Illinois.
Catching and prosecuting wrongdoers is also made difficult by the refusal of some companies to
report breaches. “When you have public companies with their stock values tied to their assets,
the last thing they want the buyer of that stock to think is that their assets are compromised,”
said Michael Maloof, the chief technology officer of TriGeo Network Security, a company that
provides computer monitoring systems.
The first economic espionage case, filed in 2001 against a Japanese scientist, collapsed when
Japan refused to extradite him. The six other cases have involved China, and the Justice
Department won the first three.
In one case, two Silicon Valley engineers admitted to stealing secrets about computer chips, then
arranging financing from Chinese government agencies to start business. In another case, a
retired Boeing engineer was convicted after a search of his home found documents on United
States military and space programs, as well as letters from Chinese aviation officials seeking the
data.
8
CI Strategic Partnership Newsletter
Page 9
The Justice Department lost a case involving two California engineers. The government focused
on documents showing that the engineers were working with a venture capitalist in China to seek
financing for a microchip business from China’s 863 program, which supports development of
technologies with military applications. But the men were arrested before they filed the grant
application. The judge in the case concluded in May that the government had needed to prove
that the men had “intended to confer a benefit” on China, “not receive a benefit from it.”
'Full recipe' In Mr. Huang’s case, according to the indictment, he had received money from the
Natural Science Foundation of China, a government organization, to conduct insecticide research.
Mr. Huang grew up in China, and has lived in the United States or Canada since 1995. While
working for Dow’s farm chemicals unit, Dow AgroSciences, he also took a job as a visiting
professor at a Chinese university and made eight trips to China, court records show.
Besides directing research at the university while at Dow, he later smuggled samples of a
bacterial strain from Dow to China in his son’s suitcase, the authorities said.
Mr. Huang’s lawyer, Michael Donahoe, said at a recent hearing that the case was “hypothetical.”
But Cynthia Ridgeway, an assistant United States attorney, said that with Dow’s Chinese patent
due to expire in 2012, Mr. Huang had “the full recipe” needed to try to take its business to China.
Last week, a judge denied Mr. Huang’s request for bail. He is awaiting trial in federal custody in
Indiana.
Sarah Chen contributed research.
This article, " New Spy Game: Workers Sell Firms’ Secrets Abroad," first appeared in The New
York Times.
Copyright © 2010 The New York Times
TECHNIQUES, METHODS, TARGETS
Six enterprise security leaks you should plug now
Deal with these before it's too late
John Brandon
October 12, 2010 (Computerworld)
http://www.computerworld.com/s/article/print/9189738/Six_enterprise_security_leaks_you_shoul
d_plug_now?taxonomyName=Security&taxonomyId=17
The Titanic was thought to be unsinkable, a testament to the engineering prowess of its day and
the fact that luxury liners rarely collided with massive icebergs.
In modern enterprises, there's a similar perception of invulnerability. Yet, for every large
organization that glides through the year without any mishaps, there are many stories about
perilous break-ins, Wi-Fi sniffing snafus and incidents where Bluetooth sniper rifles were used to
steal company secrets.
Here's a look at six security holes that are often wide open, even in companies that take great
pride in their security precautions. We checked with security consultants to find out what you can
do about them, before your enterprise ship hits a wall of ice.
1. Unauthorized smartphones on Wi-Fi networks
9
CI Strategic Partnership Newsletter
Page 10
Smartphones create some of the greatest risks for enterprise security, mostly because they're so
common and because some employees just can't resist using personal devices in the office -even if their employers have well-established policies prohibiting their use.
"The danger is that cell phones are tri-homed devices -- Bluetooth, Wi-Fi and GSM wireless," says
Robert Hansen, founder of the Internet security consulting firm SecTheory. Employees who use
their personal smartphones at work "introduce a conduit that is vulnerable to potential attack
points," he explains.
If you use a device like a smartphone that spans multiple wireless spectrums, "someone in a
parking lot could use a Bluetooth sniper rifle that can read Bluetooth from a mile away, connect
to a smartphone, then connect to a corporate wireless network," says Hansen, who is also known
by his alias, RSnake. Bluetooth is the open portal that lets a hacker access Wi-Fi and therefore
the corporate network.
Hackers lurking in parking lots could use Bluetooth sniper rifles like this one, which can read
Bluetooth from a mile away and then ultimately connect to a corporate wireless network.
Hansen says policies that simply disallow smartphones aren't likely to be effective -- employees
will be too tempted to use their gadgets at work even if they're prohibited. Instead, he says IT
should allow only approved devices to access the network. And that access should be based on
MAC addresses, which are unique codes that are tied to specific devices -- making them more
traceable.
Another tactic is to use network access control to make sure whoever is connecting is, in fact,
authorized to connect. In an ideal world, companies should also separate guest access Wi-Fi
networks from important corporate networks, says Hansen, even if having two wireless LANs
means some redundancy and management overhead.
Another approach: Provide robust, company-sanctioned smartphones on popular platforms, such
as Google's Android, and thereby dissuade employees from using nonsupported devices. By
encouraging the use of approved phones, IT can focus on security precautions for a subset of
devices instead of having to deal with numerous brands and platforms.
2. Open ports on a network printer
The office printer is another seemingly innocuous device that represents a security risk, although
most companies are oblivious to the danger. Printers have become Wi-Fi-enabled over the past
few years, and some even use 3G access and telephone lines for faxes. Some models do block
access to certain ports on printers but, as Hansen says, if there are 200 blocked ports for printers
at a large company, there might be another 1,000 ports that are wide open. Hackers can break
into corporate networks through these ports. A more nefarious trick is to capture all printouts as
a way to steal sensitive business information.
"One of the reasons you do not hear about it is because there is no effective way to shut them
down," says Jay Valentine, a security expert. "We see access all the time via network ports in the
electric utility industry, which is a major accident waiting to happen."
We see access all the time via network ports in the electric utility industry.
Jay Valentine, independent security expert The best way to deal with this problem is to disable
the wireless options on printers altogether. If that's not feasible, IT should make sure all ports
are blocked for any unauthorized access, says Hansen. It's also important to use security
management tools that monitor and report on open printer ports. One such tool is ActiveXperts
Software's Active Monitor.
3. Custom-developed Web applications with bad code
Just about every enterprise security professional lives in fear of holes created by sloppy
programming. This can occur with custom-developed software as well as with commercial and
open-source software. Hansen says one common trick is to tap into the xp_cmdshell routine on a
server, which an inexperienced programmer or systems administrator might leave wide open for
attack. Hackers who do that can gain full access to a database, which provides an entryway to
data and a quick back door to networks.
10
CI Strategic Partnership Newsletter
Page 11
Hansen says PHP routines on a Web server can also be ripe for attack. Small coding errors, such
as improper safeguards when calling a remote file from an application, provide a way for hackers
to add their own embedded code. This can occur if a developer wasn't careful to restrict which
files might be called based on a user's form input, or a company blog using a trackback feature
to report on links back to its posts, without first sanitizing stored URLs to prevent unauthorized
database queries.
The most obvious fix to this problem is to avoid some software such as freely available PHP
scripts, blog add-ons and other code that might be suspect. If such software is needed, securitymonitoring tools can detect vulnerabilities even in
small PHP scripts.
4. Social network spoofing
Facebook and Twitter users can be fooled into divulging sensitive information. Usually, these
types of attacks are subtle and not necessarily traceable.
"People looking for jobs are often willing to divulge [personal] information," says Hansen, who
says one of his clients told him about how a hacker used a fake e-mail address from a job-search
Web site to pose as a recruiter. He declined to elaborate on this example to protect the client,
but it's an example of what he calls the "confused deputy" scenario, where someone claiming to
be, say, a recruiter for Monster.com contacts an employee, and the employee believes that the
caller is, in fact, a Monster.com recruiter and doesn't ask to verify his credentials. Hansen says
it's the same as getting an envelope in the mail -- just because the envelope has a certain return
address, it doesn't mean that the contents actually came from that sender.
Companies should use e-mail verification systems that confirm the identity of a sender. These
verifications send an e-mail back to the address to confirm the sender's credentials. Some states
-- including Texas -- have made it illegal to impersonate someone by e-mail.
5. Employees downloading illegal movies and music
P2P networks just won't go away. In a large company, it's not uncommon to find employees
using peer-to-peer systems to download illegal wares or setting up their own servers to distribute
software.
"P2P networking should, as per policy, be completely blocked in every enterprise," says Winn
Schwartau, CEO of The Security Awareness Company, a security training firm. "The P2P ports
should be completely shut down at all perimeters and ideally at the company's endpoints. P2P
programs can be stopped through white/black listings and filters on the enterprise servers."
"P2P networking should, as per policy, be completely blocked in every enterprise," says security
expert Winn Schwartau. Schwartau tells the story of a financial services firm in New York that
had a P2P port running all day, every day in its office. Eventually, it was discovered and found to
be a porn file server.
Schwartau says the unfortunate truth about what he calls "criminal hacking" is that the thieves
are usually drawn to nefarious activities, so one of the first places they might look is a P2P server
and any potential security holes.
"Injecting hostile code into P2P files is [not difficult] and can create a beachhead within an
organization, depending upon the code design," he says. He suggests a technique called
"resource isolation," which essentially controls which applications users are allowed to access
based on permission rights. Different operating systems do that in slightly different ways,
Schwartau says, but it's worth pursuing in situations where a corporate policy is lacking or isn't
followed.
Schwartau encourages IT shops to conduct regular sweeps of all company networks and servers
to look for P2P activity and to be vigilant about blocking any P2P activity.
6. SMS text messaging spoofs and malware infections
Another potential attack vector: text messaging on smartphones. Hackers can use SMS text
messages to contact employees in direct attempts to get them to divulge sensitive information
11
CI Strategic Partnership Newsletter
Page 12
like network log-in credentials and business intelligence, but they can also use text messages to
install malware on a phone.
Security expert Robert Hansen says one of his clients experienced a hacker using a fake e-mail
address from a job-search Web site to pose as a recruiter. "In our proof-of-concept work, we
showed how a rootkit could turn on a phone's microphone without the owner knowing it
happened," says Schwartau. "An attacker can send an invisible text message to the infected
phone telling it to place a call and turn on the microphone." That would be an effective tactic if,
for example, the phone's owner was in a meeting and the attacker wanted to eavesdrop, he
notes.
Schwartau says there are ways to filter SMS activity, but that's usually done through the wireless
carrier, since SMS isn't IP-based and therefore isn't usually controlled by company admins. The
best option for blocking such attacks is to work with carriers to make sure that they're using
malware-blocking software, SMS filters and redirects for those kinds of attacks.
And again, creating smartphone usage policies that encourage or require the use of only
company-sanctioned or company-provided phones and service plans can reduce that risk.
Of course, companies can't thwart every possible security attack with current technology, and
hackers are constantly switching tactics. You should try to plug these six security leaks and work
to ensure that they stay plugged -- but you should also keep an eye out for new forms of
malicious activity.
John Brandon is a veteran of the computing industry, having worked as an IT manager for 10
years and as a tech journalist for another 10. He has written more than 2,500 feature articles
and is a regular contributor to Computerworld.
CYBER, HACKING, DATA THEFT, COMPUTER INTRUSIONS &
RELATED
How advanced persistent threats bypass your network security
By Roger A. Grimes
Created 2010-10-19 03:00AM
http://infoworld.com/print/141048
Hundreds of companies around the world have been thoroughly compromised by APTs (advanced
persistent threats) -- sophisticated forms of cyber attacks through which hackers mine for
sensitive corporate data over the long term. APTs aren't easily purged; rather, victimized
companies often spend day after day trying to make a dent in them. Meanwhile, some security
practitioners consider "APT" an overblown marketing term. It isn't.
One of the struggles faced by companies (and security consultants) is determining whether a
breach is, indeed, an APT. They will call every found singular bot and Trojan an APT and dream
up long-term, radical threats from invisible attackers. I've had to disagree more than once with
other consultants on whether APT was part of a security threat. The evidence was not there. The
first step in fighting ATP is understanding what separates it from a traditional, targeted humanhacker attack. The follow-up step, which I will discuss next week, is detecting and eliminating
these kinds of attacks.
12
CI Strategic Partnership Newsletter
Page 13
Most people will immediately point to the "persistent" part of the definition as the key
differentiator. The normal targeted attackers break in, look around, and immediately target the
most valuable found assets. They figure that the faster they get in and out with the treasure, the
more money and the less risk they face.
By contrast, APT attackers are there to stay as long as they can. The attackers aren't trying to
steal everything at once. Instead, they exploit dozens to hundreds of computers, logon accounts,
and email users, searching for new data and ideas over an extended period of months and years.
Their interests (and keyword searches) change from one day to the next, as if their "customers"
have given them a shopping list.
APTs are professionally run attacks, managed just like legitimate corporations instead of in the
manner you'd expect of a black-attired, greasy-haired hacker kids hopped up on Mountain Dew.
Many APT companies work in skyscrapers; have CEOs, recruiters, and payrolls; and pay taxes.
APT hackers work in eight-hour shifts and take off holidays (at least those of the originating
country).
Individual APT hackers appear to boast different specialties, whether it's compromising particular
types of servers and workstations, dumping passwords, placing back doors, collecting data, or
loading remote-access Trojans. Their malware creations have evidence of development team
breakouts with development forks, beta testing, and updates. Victims often tell me they know
when a particular hacker is at work simply by the methods and tools used.
Even the treasure taken by APTs is different. The traditional attacker seeks immediate financial
gain. They will try to steal identities, transfer money to foreign bank accounts, and more. APT
attackers, on the other hand, almost always take only information and leave money untouched.
Their targets are corporate and product secrets, whether it be F-18 guidance system information,
contract pricing, or the specs on the latest green refrigerator.
APT often steals large amounts of information each week, collecting it at a centralized computer
within the compromised network, before sending it all home in a single archive file (often a tar
ball). Many networks run APT bots that collect every new folder, file, and email, then send it
home. The victims have an online backup system that rivals what they could otherwise pay for
with a legitimate company.
APT is usually hosted in countries that provide political and legal safety. I've never seen evidence
of a country that directly hosted black-hat hackers, but there appears to be a well-known list of
countries that tolerates such operations within their boundaries and are uncooperative in
assisting victims with justice. China and Russia are often mentioned, but there are dozens more.
Former White House security adviser Richard Clark calls them "cyber sanctuaries" and urges our
cyber allies to ask for accountability.
Worse yet, APTs are usually so ingrained into an environment that even if you know where they
are, they can be difficult or impossible to move. I have several clients who've decided it's easier
to live with APT (or portions of it) than it is to tackle and try to eradicate it. They don't like the
odds of successfully ridding themselves of the APT and are afraid the APT would dig further
undercover if the extermination attempt goes awry. By allowing some of it to remain on their
network, they know where it is, and they can more closely monitor it to learn what is being
stolen. It sounds crazy, but living with APT is not an uncommon scenario.
APT has many characteristics that make it stand out from regular hacking attacks. Hopefully,
your company won't have to learn firsthand why that's the case.
13
CI Strategic Partnership Newsletter
Page 14
As an aside, I was the guest of the SecuraBit podcast two weeks ago. These guys discuss
relevant computer security topics and throw in enough humor to make you forget that it's a
computer security discussion. Check it out.
This story, "How advanced persistent threats bypass your network security," was originally
published at InfoWorld.com. Follow the latest developments in network security and read more of
Roger Grimes' Security Adviser blog at InfoWorld.com.
The threat behind fake LinkedIn messages
Posted on 07.10.2010
http://www.net-security.org/malware_news.php?id=1489
Retarus sent out a warning in response to a current wave of fake contact requests via the social
media platform LinkedIn. These well-simulated e-mail messages present a considerable risk to
PC-owners. Unsuspecting users are lured into a trap via the seemingly well-intentioned e-mails
and their PCs are infected with malware in an attempt to gain access to personal information.
The e-mails feign to be a contact request sent from the social media platform LinkedIn. Users
who try to access the platform via the link are routed to an intermediary website - with the
simple notification "Please waiting ... 4 seconds".
From there, they are then redirected to Google. In these four seconds the spyware ZeuS is
uploaded in the background and secretly installed. Cyber criminals use this type of spam to gain
access to personal information, such as access data for online banking.
Social media spam is on the increase. Retarus analyses have shown that one in three spam emails are clearly sent in the guise of social networks. Retarus Managing Director, Martin Hager,
warns, "Social media spam is particularly dangerous because the contents seem well-intended,
and the original e-mails are so perfectly imitated, that lay persons are unable to identify them as
fakes. Mail users who have defined social media platforms as safe senders, via whitelist entries in
their spam filters, are especially affected."
Users should not respond to contact requests, especially from unknown senders, and delete
these e-mails immediately. To verify the authenticity of contact requests, it is recommended that
users avoid logging in to their social network by clicking on a link which has been sent via e-mail.
Zeus hackers could steal corporate secrets too
Robert McMillan
October 9, 2010 (IDG News Service)
http://www.computerworld.com/s/article/print/9190239/Zeus_hackers_could_steal_corporate_se
crets_too?taxonomyName=Network+Security&taxonomyId=142
Criminals who use the Zeus banking crimeware may be working on an new angle: corporate
espionage.
That's what worries Gary Warner, director of research in computer forensics with the University
of Alabama at Birmingham, who has been closely monitoring the various criminal groups that use
Zeus. Zeus typically steals online banking credentials and then uses that information to move
money out of Internet accounts. In the past year, however, Warner has seen some Zeus hackers
also try to figure out what companies their victims work for.
14
CI Strategic Partnership Newsletter
Page 15
In some cases, the criminals will pop up a fake online bank login screen that asks the victim for a
phone number and the name of his employer. In online forums, he's seen hackers speculate
about how they might be able to sell access to computers associated with certain companies or
government agencies.
"They want to know where you work," he said. "Your computer may be worth exploring more
deeply because it may provide a gateway to the organization."
That's worrisome because Zeus could be a very powerful tool for stealing corporate secrets. It
lets the criminals remotely control their victims' computers, scanning files and logging passwords
and keystrokes. With Zeus, hackers can even tunnel through their victim's computer to break into
corporate systems.
There are other reasons why Zeus's creators might want to know where you work, however.
They could simply be trying to figure out whose data is the most valuable, said Paul Ferguson, a
security researcher with Trend Micro. "A welding business might make more money, than say, a
Girl Scout troop," he said via instant message.
Still, Ferguson believes that the crooks could make money by selling access to computers
belonging to employees of certain companies. "I haven't personally seen that, but these guys are
pretty devious."
This type of targeted corporate espionage has become a big problem in recent years, and many
companies, including Google and Intel, have been hit with this type of attack.
Police arrested more than 100 alleged members of a Zeus gang last week, but that doesn't put
an end to the problem. Zeus is widely sold for criminal use, and security experts say that there
are dozens of other Zeus gangs out there. The group responsible for last year's Kneber worm
outbreak is thought to be the largest Zeus outfit still in operation.
If Zeus operators really do start promoting their crimeware as corporate back-doors -- and
Warner believes this is already happening -- that could mean new problems for corporate IT.
The biggest issue would be for home computers and laptops that are outside of corporate
firewalls that still have access to company data via the Internet. Those systems could suddenly
become a risk for IT staffers, Warner said.
Inside the firewall, a computer that suddenly starts sending data to Russia should be noticed
right away. That might not be the case on a home network. "If you are an employee of a place
that gives you access to sensitive data, your company needs to care if you have a malware
infection at home," Warner said.
The problem could be solved by either not letting people work from their home PCs or by
providing workers with computers that can only be used for work, Warner said.
Robert McMillan covers computer security and general technology breaking news for The IDG
News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is
robert_mcmillan@idg.com
USB Warfare: The Real Electronic Nightmare
Miller-McCune, 22 Sep 10: The gist of this column lately has been that threats of “cyberwarfare”
waged through the public Internet are the stuff of Hollywood schlock and patriotic pulp fiction.
But there are other ways to wage electronic war, and they tend to be more terrifying precisely
because they’re tougher to fight. Siemens announced in July that a malicious bit of code called
Stuxnet could spread on USB thumb drives and try to lift industrial secrets from its clients around
the world. It’s the first large-scale worm of its kind, an act of sophisticated industrial espionage
that indicates the real future of electronic warfare. “Stuxnet,” according to PCWorld, “marks the
15
CI Strategic Partnership Newsletter
Page 16
first time that someone has targeted the factory floor” with a software virus. The Munich-based
Siemens corporation specializes in “automated systems,” from fire alarms to robotic factories to
power grids. This worm in particular went after a Siemens industrial software suite called WinCC.
A company spokesman said WinCC is used by “thousands” of plant managers worldwide, and the
worm reportedly found its way — without causing major damage — into 14 plants in Germany,
Indonesia, India, North America, the United Kingdom and (primarily) Iran. None of the infections
spread through the public Internet, and the reason cyberwar scenarios over the Web may remain
the stuff of fiction is that vital networks like nuclear power plants can be kept well away from the
Internet – meaning safe from remote, and presumably foreign, hackers. Yes, Estonia suffered a
massive denial-of-service attack in 2007, probably from Russian nerds, and some important
Estonian government sites went down, but such a denial-of-service attack will probably not cause
a disaster, say, in a nuclear power plant. What could cause a nuclear disaster is an inside job. A
spy could infect a power plant’s control system with a bug on a USB drive, just as a soldier with
security clearance and a CD-ROM marked “Lady Gaga” can sneak out thousands of classified
military documents. Or perhaps establish a “digital beachhead,” as occurred in 2008 when a
flash-drive-launched virus infected the Department of Defense. Alternatively, the author of
a worm like Stuxnet could find a way to install it on a USB stick bound for certain machines.
(Siemens reportedly sends software license keys to its clients on USB sticks.) No one is sure
where Stuxnet originated, but cyberwarfare experts have been predicting similar attacks for
years. WinCC is so-called SCADA software (“supervisory control and data acquisition”), and a
SCADA attack could, in theory, shut down a power grid or hand essential controls to an outside
user. “It could be very valuable to a nation-state for war-like espionage,” Reuters quoted Randy
Abrams, a researcher at a security firm called ESET, which studied Stuxnet. “It could be very
valuable to terrorist organizations.” Happily, this kind of intrusion still requires the old-fashioned
presence of a human being, what older generations would have called a spy. It’s just that a spy
can now cause unheard- of mayhem. A military leak is one thing; the airing of 91,000 military
documents relating to the war in Afghanistan, useful as they might be to the public discourse,
must have blindsided American generals – who in turn started crafting tighter security known as
Cyber Insider Threat. The glimmer of light is that neither Stuxnet nor the Wikileak sensation
could have been perpetrated by some clever kid with just a broadband connection. The threat of
massive cyberwarfare or terrorism over the Web, for now, is small, so average Internet users
don’t have to tolerate horror stories that threaten to close down their freedom and privacy.
Source: http://www.miller-mccune.com/politics/usb-warfare-the-real-electronic-nightmare-23118/
Social networking sites used by foreign intelligence services
Expatica.com: Dutch secret services are warning that people should be careful when placing
information on their personal sites as foreign intelligence agencies often use social networking
sites to gather information. And this Friday, the Dutch intelligence agencies began a campaign to
warn of the dangers of digital espionage. Brochures have been published to inform potential
target groups about the dangers. One on 'digital espionage' describes the dangers of infected
emails, visiting infected websites and how infected USB sticks are sometimes handed out as
promotional gifts at conferences. The information has been published by the AIVD (General
Intelligence and Security Service) and MIVD (Military Intelligence and Security Service). They
point specifically to social networking sites such as Facebook. The AIVD’s Director of National
Security, Wil van Gemert, says the campaign against digital espionage is not meant for IT
professionals or the general public. Its primary goal is to educate people who deal with
confidential information. In an interview with Radio Netherlands Worldwide, Van Gemert says
the campaign is meant for: "People travelling abroad who are employed in sensitive positions by
large international companies and scientific institutions or policy-making officials. We focus on
the users. Of course it is important to use a firewall, but one must also be aware of the dangers
inherent in the way one deals with emails and storage devices." The AIVD warns about USB
16
CI Strategic Partnership Newsletter
Page 17
sticks handed out as promotional gifts. According to Van Gemert "It has happened that USB
sticks have been distributed as gifts and although they appeared to be empty it was discovered
that they contained a virus or a spyware programme. There are also emails that appear reliable,
but as soon as you open them you download a Trojan horse that allows hackers to gain access to
your data." In 'classical' espionage charming ladies or gentlemen have been known to approach
public servants or senior officials on a trip abroad in order to get hold of information. Van Gemert
explains that such information can be obtained by different methods in the digital world:
"Because people can be traced so easily using the internet, via Facebook or other sites, it can
sometimes be extremely easy to see who might have access to interesting information. If you
can then send the user an email which he or she does not suspect – for instance via feeds
[mailing lists] then it can happen that information can be obtained from your computer that
way." The AIVD does not suggest that people who have access to confidential information should
avoid social networking sites. They should just be aware of the risks, says Van Gemert: “You do
not have to avoid using Facebook, Hyves [a Dutch social networking site] and other similar sites,
but you should keep in mind that they are available to third parties. Espionage is not something
from thirty years ago. It is something which exists today in many different forms, and especially
in the digital world.” In its recent annual report, the AIVD pointed to the roles that China and
Russia play when it comes to spying in the Netherlands. “This does not mean that the
intelligence services of more or less friendly countries are not active here. That is why we point
out that while one should be aware of potential dangers from certain countries, espionage is
international, and also includes neighboring and friendly countries.” The AIVD and its military
counterpart the MIVD also collect information abroad. The ‘targets’ are chosen by the prime
minister on an annual basis. The AIVD does not discuss the details for obvious reasons. But Van
Gemert says: “I do not exclude any means, including digital.” The AIVD has obviously taken the
necessary measures to secure itself and its employees from digital burglary, as Mr Van Gemert
explains: “There are people who are also interested in what we know, and we take this into
account. We attempt to ensure that our communications and contacts are as secure as
possible.” Van Gemert refuses to say if attempts have been made to gain information digitally
from the AIVD.
Source: http://www.expatica.com/nl/news/news_focus/Social-networking-sitesused-by-foreignintelligence-services_15564.html
iPad Spy Software Hits Market
DarkReading, - May 10, 2010 - Retina-X Studios, LLC announced today the immediate availability
of Mobile Spy for the Apple iPad. Using this groundbreaking iPad technology, users can silently
view all email messages, web site visits and other information of children or employees - even if
histories are deleted. The new version for the iPad is now on the market. Mobile Spy runs in total
stealth mode and no mentions of the program are shown inside the iPad. After the software is
set up on the device, it silently records the contents of all emails sent or received. The software
also records web addresses visited in Safari and any contact added to the iPad's contacts list.
Immediately after activities are logged, they are silently uploaded to the user's private online
account. If no Internet connection is present, the logs will resume upload at the next Internet
connection. Accounts can be checked online from any web browser without needing further
access to the iPad. "Mobile Spy is a priceless piece of software. After having some doubts about
honesty, this really helped set the record straight and confirmed my suspicions," says Derrick, a
Mobile Spy user. Retina-X Studios CEO James Johns states, "Any device that can browse the
Internet or send email can lead to unauthorized activities. Before now there was no method to
monitor activities of children or employees on the iPad. Being the first to develop this technology,
we will continue expanding with new features for this tool by recording GPS positions, photos,
notes and more." This hybrid system helps businesses enforce their Acceptable Use Policy on
company provided iPads. The software can also monitor teen or family iPads. It gives a parent
17
CI Strategic Partnership Newsletter
Page 18
the ability to remotely monitor their child's Internet activities by logging into a website from any
web browser. Another common use is to back up a user's own personal activity for their own
records. Mobile Spy runs on any jailbroken iPad. The program is also available for the iPhone,
BlackBerry, Android, Windows Mobile and Symbian OS devices.
Source: http://www.darkreading.com/security/applicationsecurity/224701439/index.html
The Boston Field Office Counterintelligence Strategic Partnership
Program Coordinators:
Carmine Nigro
Theodore Distaso
Wallace D. Salisbury
Carmine.Nigro@ic.fbi.gov
Theodore.Distaso@ic.fbi.gov
Wallace.Salisbury@ic.fbi.gov
18
617-223-6038
617-223-6231
401-458-1127