FBI Boston CI Strategic Partnership Newsletter
Transcription
FBI Boston CI Strategic Partnership Newsletter
FBI Boston CI Strategic Partnership Newsletter November 24, 2010 Volume 1 Issue 1 1111111 Federal Bureau of Investigation One Center Plaza, Suite 600 Boston, MA 02108, 617-742-5533 COUNTERINTELLIGENCE ARRESTS, TRIALS AND CONVICTIONS 2 Employee of high technology company charged with seeking to provide confidential business information to a foreign government 3 Scientist Charged With Economic Espionage California Couple Charged with Conspiring to Export Sensitive Technology to People’s Republic of China 4 Ex-DuPont researcher gets prison for selling trade secrets 6 Michigan Man Pleads Guilty to Attempting to Spy for the People’s Republic of China 7 New spy game: Workers sell firms' secrets abroad TECHNIQUES, METHODS, TARGETS 9 Six enterprise security leaks you should plug now CYBER, HACKING, DATA THEFT, COMPUTER INTRUSIONS & RELATED 12 How advanced persistent threats bypass your network security 14 The threat behind fake LinkedIn messages 14 Zeus hackers could steal corporate secrets too 15 USB Warfare: The Real Electronic Nightmare 16 Social networking sites used by foreign intelligence services 17 iPad Spy Software Hits Market NOTE: In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit or payment for non-profit news reporting and educational purposes only. Use does not reflect official endorsement by the FBI. Reproduction for private use or gain is subject to original copyright restrictions. Individuals interested in subscribing to this publication, or interested in further information, should send an email to SA Carmine Nigro at carmine.nigro@c.fbi.gov , SME Theodore Distaso at Theodore.Distaso@ic.fbi.gov or SME Wallace D. Salisbury at Wallace.Salisbury@ic.fbi.gov . For additional information please call SA Nigro at 617-223-6038, SME Distaso at 617-223-6231 or SME Salisbury at 401-458-1127. CI Strategic Partnership Newsletter Page 2 Counterintelligence ARRESTS, TRIALS AND CONVICTIONS Employee of High Technology Company Charged with Seeking to Provide Confidential Business Information to a Foreign Government FOR IMMEDIATE RELEASE WEDNESDAY, OCTOBER 6, 2010 WWW.USDOJ.GOV/USAO/MA E-MAIL: USAMA.MEDIA@USDOJ.GOV http://www.justice.gov/usao/ma/Press%20Office%2020Press%20Release%20Files/Oct2010/DoxerElliotPR.html BOSTON, Mass. - An employee of a high technology company headquartered in Cambridge, Massachusetts was arrested and charged today in federal court with secretly providing confidential business information over an 18-month period to a person he believed to be an agent of a foreign government. ELLIOT DOXER, 42, of Brookline, Massachusetts, was charged in a Complaint with one count of wire fraud. Doxer worked in the finance department of Cambridgebased Akamai Technologies, Inc., a provider of Internet content delivery services. The Complaint alleges that on June 22, 2006, Doxer sent an email to a foreign country’s consulate in Boston stating that he was willing to provide any information he had access to, that might help the foreign country. It is alleged that in later communications, Doxer said his chief desire “was to help our homeland and our war against our enemies.” He also allegedly asked for $3,000 in light of the risks he was taking. The foreign government cooperated with the United States in the investigation. The Complaint alleges that in September 2007, a U.S. federal agent posing undercover as an agent of the foreign country spoke to Doxer and established a “dead drop” where the agent and Doxer could exchange written communications. The Complaint further alleges that from September 2007 through March 2009, Doxer visited the “dead drop” at least 62 times to leave confidential business information, retrieve communications, or check for new communications. The Complaint alleges that among the confidential business items Doxer provided the undercover agent were an extensive list of Akamai’s customers; some contracts between Akamai and various customers revealing contact, services, pricing, and termination date information; and a comprehensive list of Akamai’s employees that revealed their positions and full contact information. According to the Complaint, Doxer also broadly described Akamai’s physical and computer security systems and stated that he could travel to the foreign country and could support special and sensitive operations in his local area if needed. The Complaint does not allege that any representative of any foreign government sought or obtained sensitive information in this case, nor does the Complaint charge any foreign government representative with wrongdoing. If convicted, Doxer faces a maximum penalty of 20 years’ imprisonment, a three-year term of supervised release, a $250,000 fine or twice the gain or loss, whichever is highest, and restitution to the victim. United States Attorney Carmen M. Ortiz, Richard DesLauriers, Special Agent in Charge of the Federal Bureau of Investigation Boston Field Office and Robert Bethel, Inspector in Charge of the U.S. Postal Inspection Service made the announcement today. The case is being investigated by members of the FBI’s Counterintelligence Section and is being prosecuted by Assistant U.S. Attorneys William D. Weinreb and Scott Garland respectively in Ortiz’s Antiterrorism and National Security Unit and Computer Crimes Unit. Akamai Technologies, Inc. cooperated fully in the investigation. 2 CI Strategic Partnership Newsletter Page 3 The details contained in the Complaint are allegations. The defendant is presumed to be innocent unless and until proven guilty beyond a reasonable doubt in a court of law. SCIENTIST CHARGED WITH ECONOMIC ESPIONAGE Telegram & Gazette July 20, 2010 A scientific researcher from Westboro, MA is one of a handful of people to be charged in federal court with foreign economic espionage after he allegedly stole information about an organic insecticide developed by Dow Chemical Co. and gave it to a university in China. Kexue Huang, 45, was arrested July 13 on a federal indictment from the Southern District of Indiana accusing him of 12 counts of theft and attempted theft of trade secrets to benefit a foreign government and instrumentality, and five counts of foreign or interstate transportation of stolen property. According to FBI Special Agent Alexander H. Arnett Jr., who testified at Mr. Huang's detention hearing yesterday in U.S. District Court in Worcester, Mr. Huang worked for Dow and allegedly took company information about an organic insecticide to a Chinese university. "Dow AgroSciences is aware of an FBI investigation into a potential violation of our company's intellectual property rights by a former employee," a statement released by the company said. "We are cooperating fully with the authorities. Because of the nature of the investigation we are unable to comment further." Magistrate Judge Timothy S. Hillman did not make a decision yesterday on the detention status of Mr. Huang, who has been in the custody of the U.S. Marshals Service since his arrest. Judge Hillman indicated Indiana authorities wanted Mr. Huang in their state to face the indictments. The alleged charges, which are still under seal in Indiana where Dow has an agrochemical and biotechnology company, stem from the alleged stealing of information from January 2005 to earlier this year. Mr. Huang worked for Dow from January 2003 and was fired in February 2008, according to authorities. In testimony yesterday, authorities allege Mr. Huang stole information on the insecticide and co-published research articles about it through the Hunan Normal University in China. Mr. Arnett estimated the value of the information to be in the hundreds of millions of dollars, according to his testimony. Mr. Huang, who is married and has two children, has lived in Westboro for the past year. He is employed at Qteros Inc. in Marlboro. A spokeswoman for Qteros said Mr. Huang is still employed there and the alleged crimes did not involve Qteros. The company is cooperating with investigators. During and after his employment for Dow, Mr. Huang allegedly e-mailed information to the university and traveled several times to China, according to court testimony. Defense lawyer James P. Duggan argued against his client's detainment, stating his family members are willing to turn in all their passports. He also said Mr. Huang was purchasing a home in Westboro. He said his client has no record of violence, no criminal record and is not a flight risk. "It's hard to picture the whole family moving without passports," Mr. Duggan said. He said that the "linchpin piece of evidence" against his client was the research article published in the scholarly journal in China. Assistant U.S. Attorney Scott L. Garland said Mr. Huang is a flight risk and, although he is a lawful permanent resident in the United States, he is a Canadian citizen and has family in China. Mr. Garland said in court that retrieving suspects from China and Canada is extremely difficult and can take years. Mr. Huang is one of only six or seven people to face this type of trade secret theft charge, which is signed off on by the U.S. Department of Justice's National Security Division. Mr. Huang could face up to 15 years in prison on each of the theft and attempted theft of trade secrets charges, and up to 10 years each on the foreign or interstate transportation of stolen property charges. Mr. Garland said the $300,000 offered by Mr. Huang as equity to secure his release doesn't compare to the millions in restitution he could be ordered to pay if found guilty. Mr. Garland also wanted Mr. Huang to be barred from using a computer if released. The court could decide what computer uses would be allowed. Mr. Huang's wife, who was in court, told a reporter any story about her husband would damage his reputation. 3 CI Strategic Partnership Newsletter Page 4 California Couple Charged with Conspiring to Export Sensitive Technology to People’s Republic of China http://losangeles.fbi.gov/dojpressrel/pressrel10/la101510.htm Department of Justice Press Release For Immediate Release October 15, 2010 United States Attorney's Office, Central District of California Contact: (213) 894-2434 LOS ANGELES—A Southern California man was ordered held without bond today after being arrested on charges of conspiring to export restricted electronics technology to the People’s Republic of China (PRC) without obtaining the necessary licenses. York Yuan Chang, 53, also known as David Zhang, was ordered detained late this morning by United States Magistrate Judge Fernando M. Olguin. Chang and his wife, Leping Huang, 49, both residents of Diamond Bar, were charged in a criminal complaint filed October 9 in United States District Court. Chang, who is a naturalized United States citizen, and Huang, who is a Chinese national, were arrested without incident Monday morning at their residence. Huang was released yesterday after posting part of a $1 million bond that was set on Tuesday during her first court appearance. The criminal complaint accuses the couple of violating the International Emergency Economic Powers Act and the Export Administration Regulations by conspiring to export restricted items to the PRC without a license. The complaint also charges both defendants with making false statements to federal agents. According to the affidavit in support of the complaint, Chang and Huang are the longtime owners of GTSI (General Technology Systems Integration, Inc.), an Ontario, California company involved primarily in the export of technology and equipment to the PRC. GTSI entered into contracts with the Sichuan Institute of Solid-State Circuits (also known as the 24th Research Institute of the China Electronics Technology Corporation Group) in Chongqing to design and transfer to the PRC technology for the development and production of two types of high-performance analog-to-digital converters (ADCs). The contracts called for GTSI to provide technical experts to design, develop and oversee the production of ADCs that would match the specifications, functionality and characteristics of two ADCs produced by United States manufacturers. In early 2009, Chang and Huang hired two engineers to design the technology and provide training to engineers in the PRC. On separate occasions in 2009, the engineers were inspected by officials with U.S. Customs and Border Protection (CBP) when they returned to the United States following trips to the PRC. On each occasion, CBP officials discovered computer files and documents that supported allegations of an illegal technology transfer involving GTSI. After authorities contacted the engineers, Chang and Huang allegedly sought to cover up the project and convince the engineers to keep working on the ADC project. The complaint alleges that in a September 2009 interview with federal agents, Huang falsely told agents that the engineers had declined to undertake the project three months earlier. The complaint further alleges that in February 2010, Huang made additional false claims to federal agents about the project. In February 2010, Chang allegedly falsely told agents that the ADC project had been cancelled in May 2009. The ADC technology that Chang and Huang allegedly attempted to export to the PRC has both commercial and military applications. The ADCs are subject to export controls for national security and anti-terrorism reasons. According to official determinations by the United States Department of Commerce, neither the ADCs, nor their related technology, may be exported from the United States to the PRC without a valid export license. Chang and Huang are scheduled to be arraigned on November 1. Chang and Huang are both charged in the export conspiracy count, which carries a maximum statutory penalty of 20 years in federal prison. Additionally, Chang is charged with one count of making false statements, and Huang is charged with two counts of making false statements. Each count of making false statements carries a statutory maximum penalty of five years in federal prison. A criminal complaint contains allegations that a defendant has committed a crime. Every defendant is presumed innocent until 4 CI Strategic Partnership Newsletter Page 5 and unless proven guilty beyond a reasonable doubt. This case is the product of an investigation by the Federal Bureau of Investigation; the United States Department of Commerce, Bureau of Industry and Security, Office of Export and Enforcement; U.S. Immigration and Customs Enforcement, Homeland Security Investigations; IRS - Criminal Investigation; and the Defense Criminal Investigative Service. The investigation was coordinated by the Export and Antiproliferation Global Law Enforcement (EAGLE) Task Force. The EAGLE Task Force was created by the United States Attorney’s Office for the Central District of California, in conjunction with federal law enforcement agencies, to investigate and combat the illegal exports of arms and sensitive technologies. Ex-DuPont researcher gets prison for selling trade secrets http://www.delawareonline.com/fdcp/?1288039843113 By SEAN O'SULLIVAN • The News Journal • October 21, 2010 WILMINGTON -- A former DuPont researcher today was ordered to prison for 14 months for stealing "cutting edge organic electronic trade secrets" in what appeared to be part of a larger plan to take them to China and set up a rival business venture. Hong Meng, 44, a Chinese national who had permanent resident status and held the title of senior research scientist before he was fired, also is facing automatic deportation when he is released from federal custody. District Judge Sue L. Robinson gave Meng until Dec. 1 to report to prison. Assistant U.S. Attorney Robert Kravetz told Robinson that the case involves "a very serious intellectual property offense… and represents an abuse of trust" and that Meng continues to cling to a story that is inconsistent with the facts. According to prosecutors and court papers, Meng was and is a "brilliant researcher" who made significant advances in the field of paper-thin displays involving nanoelectronics and organic semi-conductors, also known as organic light emitting diodes. Meng co-edited a book on the technology, which is expected to be the next generation of displays for televisions, computers and other video-based technology. In summer 2009, Meng, who had been based in Delaware, was set to transfer to DuPont's facility in Shanghai. And during the screening for that move, company officials uncovered e-mails and other documents that indicated Meng was preparing to accept a job at Peking University in Beijing, his alma mater, and planned to head a department focused on OLED technology. Kravetz said investigators also turned up evidence that Meng gave a presentation to a regional Chinese government, soliciting financial support, stating he expected to open a factory there within three to five years, employing 300 to 1,000 people, to produce OLED televisions and lighting systems. Prosecutors also found Meng had hidden details of a key OLED process in a Microsoft Word document -about a completely different subject -- that he sent to his Peking University e-mail account. He also shipped a package of samples of chemicals involved in the OLED process to a friend with instructions to forward the samples to him at Peking University. The samples were recovered and it is unclear if the technical details Meng e-mailed to himself were accessed by others, according to prosecutors. Meng's attorneys asked for a sentence of probation, arguing Meng already has suffered personally and professionally as a result of pleading guilty to theft of trade secrets. In court papers, Attorney Kathleen Jennings argued Meng is remorseful, acknowledges his conduct caused damage to DuPont and that he betrayed the trust of his colleagues. But she also charged that it was a one-time error in judgment by a man who has otherwise lived a law-abiding life and that he has been sufficiently punished by his loss in status, the loss of his career at DuPont and his likely deportation. U.S. Attorney David Weiss said the conviction shows his office “is committed to taking all necessary steps to enforce intellectual property laws and to protect valuable American technology from being stolen for use overseas” and the sentence makes clear that the offense is taken seriously by the justice system. Special Agent Richard McFeely of the Federal Bureau of Investigation said the case should serve as a reminder to U.S. companies for the need to be vigilant about protecting their trade secrets. “It is an absolute 5 CI Strategic Partnership Newsletter Page 6 necessity in today’s times that our nations’ businesses adopt a proactive posture of maintaining active firewalls and other computer security measures,” he said, and when there is a breach like the one in this case it should be reported quickly to the FBI. Contact Sean O’Sullivan at 324-2777 or sosullivan-@delawareonline.com. Michigan Man Pleads Guilty to Attempting to Spy for the People’s Republic of China Department of Justice Press Release http://washingtondc.fbi.gov/dojpressrel/pressrel10/wfo102210a.htm For Immediate Release October 22, 2010 U.S. Department of Justice Office of Public Affairs (202) 514-2007/TDD (202) 514-1888 WASHINGTON—Glenn Duffie Shriver, 28, of Detroit, Mich., pleaded guilty today before U.S. District Court Judge Liam O’Grady to conspiring to provide national defense information to intelligence officers of the People’s Republic of China (PRC). The guilty plea was announced by David Kris, Assistant Attorney General for the National Security Division; Neil H. MacBride, U.S. Attorney for the Eastern District of Virginia; and John G. Perren, Acting Assistant Director in Charge of the FBI Washington Field Office. Shriver pleaded guilty to a one-count criminal information charging him with conspiracy to communicate national defense information to a person not entitled to receive it. In a plea agreement, the defense and government jointly recommended a prison sentence of 48 months. Sentencing is scheduled for Jan. 21, 2011. “This defendant attempted to gain access to classified U.S. national defense information by securing a position within the U.S. government under false pretenses, with the ultimate goal of providing that information to intelligence officers of the People’s Republic of China,” said Assistant Attorney General Kris. “Through the diligent work of the agents, analysts, and prosecutors assigned to this matter, the defendant’s scheme was detected and neutralized.” “Mr. Shriver betrayed his country and took repeated steps toward spying for another government,” said U.S. Attorney MacBride. “We remain vigilant against threats to our national security and will do everything in our power to find and punish those who seek to betray our country.” “Mr. Shriver threw away his education, his career and his future when he chose to position himself to spy for the PRC. He failed to appreciate that the PRC simply created a ‘friendship’ with him to use him. It’s a valuable lesson to others who might be tempted to do the same.” According to a statement of facts filed with his plea agreement, Shriver is proficient in Mandarin Chinese and lived in the PRC both as an undergraduate student and after graduation. While living in Shanghai in October 2004, Shriver developed a relationship with three individuals whom he came to learn were PRC intelligence officers. At the request of these foreign agents, Shriver agreed to return to the United States and apply for positions in U.S. intelligence agencies or law enforcement organizations. Shriver admitted in court that he knew that his ultimate objective was to obtain a position with a federal department or agency that would afford him access to classified national defense information, which he would then transmit to the PRC officers in return for cash payments. From 2005 to 2010, Shriver attempted to gain employment as a U.S. Foreign Service Officer with the Department of State and as a clandestine service officer with the Central Intelligence Agency. Shriver admitted that, during this time, he maintained frequent contact with the PRC intelligence officers and received more than $70,000 in three separate cash payments for what the officers called his “friendship.” In December 2009, Shriver received notice that he was to report to Washington, D.C., in May 2010 for final employment processing activities with the CIA. Shriver admitted that he communicated with a PRC intelligence officer that he was “making some progress” in obtaining a position with the CIA 6 CI Strategic Partnership Newsletter Page 7 and that he would not be free to travel to PRC for another meeting because it could raise suspicion with federal agents conducting his background investigation. Shriver admitted that he made false statements on the CIA questionnaire required for employment stating that he had not had any contact with a foreign government or its representative during the last seven years, when in fact he had met in person with one or more of the officers approximately 20 times since 2004. He also deliberately omitted his travel to PRC in 2007 when he received a $40,000 cash payment from the PRC for applying to the CIA. In addition, Shriver made false statements during a series of final screening interviews at the CIA, and he admitted he made each of the false statements to conceal his illicit relationship with the PRC intelligence officers. This case is being investigated by the FBI’s Washington Field Office. Assistant U.S. Attorney Stephen M. Campbell of the U.S. Attorney’s Office for the Eastern District of Virginia and Trial Attorney Brandon L. Van Grack of the Counterespionage Section in the National Security Division are prosecuting the case. New spy game: Workers sell firms' secrets abroad Hunger for Western technology fuels economic espionage cases in the U.S. http://www.msnbc.msn.com/id/39717015/ns/business-the_new_york_times By CHRISTOPHER DREW The New York Times updated 10/18/2010 4:10:57 AM ET 2010-10-18T08:10:57 Huang Kexue, federal authorities say, is a new kind of spy. For five years, Mr. Huang was a scientist at a Dow Chemical lab in Indiana, studying ways to improve insecticides. But before he was fired in 2008, Mr. Huang began sharing Dow’s secrets with Chinese researchers, authorities say, then obtained grants from a state-run foundation in China with the goal of starting a rival business there. Now, Mr. Huang, who was born in China and is a legal United States resident, faces a rare criminal charge — that he engaged in economic espionage on China’s behalf. Law enforcement officials say the kind of spying Mr. Huang is accused of represents a new front in the battle for a global economic edge. As China and other countries broaden their efforts to obtain Western technology, American industries beyond the traditional military and high-tech targets risk having valuable secrets exposed by their own employees, court records show. Underground markets rather than relying on dead drops and secret directions from government handlers, the new trade in business secrets seems much more opportunistic, federal prosecutors say, and occurs in loose, underground markets throughout the world. Prosecutors say it is difficult to prove links to a foreign government, but intelligence officials say China, Russia and Iran are among the countries pushing hardest to obtain the latest technologies. “In the new global economy, our businesses are increasingly targets for theft,” said Lanny A. Breuer, the assistant attorney general in charge of the Justice Department’s criminal division. “In order to stay a leader in innovation, we’ve got to protect these trade secrets.” Mr. Huang, 45, who says he is not guilty, is being prosecuted under an economic espionage provision in use for only the seventh time. Created by Congress in 1996 to address a shift toward industrial spying after the cold war, the law makes it a crime to steal business trade secrets, like software code and laboratory breakthroughs. The crime rises to espionage if the thefts are carried out to help a foreign government. Economic espionage charges are also pending against Jin Hanjuan, a software engineer for Motorola, who was arrested with a laptop full of company documents while boarding a plane for China, prosecutors said. Over the last year, other charges involving the theft of trade secrets — a charge less serious than espionage — have been filed against former engineers from General Motors and Ford who had business ties to China. And scientists at the DuPont Company and 7 CI Strategic Partnership Newsletter Page 8 Valspar, a Minnesota paint company, recently pleaded guilty to stealing their employer’s secrets after taking jobs in China. In two past espionage cases involving American computer companies, defendants said they saw a chance to make money and acted on their own, knowing that the information would be valuable to Chinese companies or agencies. In several cases, Chinese government agencies or scientific institutes provided money to start businesses or research to develop the ideas; that financing is what gave rise to the espionage charges. The U.S.-China Economic and Security Review Commission, appointed by Congress to study the national security issues arising from America’s economic relationship with China, said in a report last year that even in instances without direct involvement by Chinese officials, China’s government “has been a major beneficiary of technology acquired through industrial espionage.” China has denied that its intelligence services go after American industries. China’s Foreign Ministry declined to comment on the subject, but spokesmen for the Chinese foundation and the university that worked with Mr. Huang said they were not aware of any espionage. “If it’s true, we will start our own investigation into it,” said Chen Yue, a spokesman for the Natural Science Foundation of China, which gave Mr. Huang grants to conduct research there. China woos scientists American officials and corporate trade groups say they fear economic spying will increase as China’s quest for Western know-how spreads from military systems to everyday commercial technologies. After focusing for decades on low-cost assembly operations, China “feels it really needs to turn the corner and become a technology power in its own right,” said James Mulvenon, the director of the Center for Intelligence Research and Analysis in Washington, which tracks Chinese activities for federal agencies and corporate clients. Mr. Mulvenon said China is trying to woo back thousands of ethnic Chinese scientists who have trained or worked in the United States. “They basically roll out the red carpet for these guys,” he said. As economic crimes become easier to commit — in some cases as simple as downloading data and pressing “Send” — security analysts say some American companies must share the blame for thefts because they do not adequately monitor employees. At Motorola, for example, court records show that Ms. Jin, the software engineer, downloaded company documents during two sick leaves and tapped into the company’s computers from China, where, prosecutors say, she met with a company linked to the Chinese military. Ms. Jin, a naturalized United States citizen who was born in China, says she is not guilty, and is awaiting trial in Illinois. Catching and prosecuting wrongdoers is also made difficult by the refusal of some companies to report breaches. “When you have public companies with their stock values tied to their assets, the last thing they want the buyer of that stock to think is that their assets are compromised,” said Michael Maloof, the chief technology officer of TriGeo Network Security, a company that provides computer monitoring systems. The first economic espionage case, filed in 2001 against a Japanese scientist, collapsed when Japan refused to extradite him. The six other cases have involved China, and the Justice Department won the first three. In one case, two Silicon Valley engineers admitted to stealing secrets about computer chips, then arranging financing from Chinese government agencies to start business. In another case, a retired Boeing engineer was convicted after a search of his home found documents on United States military and space programs, as well as letters from Chinese aviation officials seeking the data. 8 CI Strategic Partnership Newsletter Page 9 The Justice Department lost a case involving two California engineers. The government focused on documents showing that the engineers were working with a venture capitalist in China to seek financing for a microchip business from China’s 863 program, which supports development of technologies with military applications. But the men were arrested before they filed the grant application. The judge in the case concluded in May that the government had needed to prove that the men had “intended to confer a benefit” on China, “not receive a benefit from it.” 'Full recipe' In Mr. Huang’s case, according to the indictment, he had received money from the Natural Science Foundation of China, a government organization, to conduct insecticide research. Mr. Huang grew up in China, and has lived in the United States or Canada since 1995. While working for Dow’s farm chemicals unit, Dow AgroSciences, he also took a job as a visiting professor at a Chinese university and made eight trips to China, court records show. Besides directing research at the university while at Dow, he later smuggled samples of a bacterial strain from Dow to China in his son’s suitcase, the authorities said. Mr. Huang’s lawyer, Michael Donahoe, said at a recent hearing that the case was “hypothetical.” But Cynthia Ridgeway, an assistant United States attorney, said that with Dow’s Chinese patent due to expire in 2012, Mr. Huang had “the full recipe” needed to try to take its business to China. Last week, a judge denied Mr. Huang’s request for bail. He is awaiting trial in federal custody in Indiana. Sarah Chen contributed research. This article, " New Spy Game: Workers Sell Firms’ Secrets Abroad," first appeared in The New York Times. Copyright © 2010 The New York Times TECHNIQUES, METHODS, TARGETS Six enterprise security leaks you should plug now Deal with these before it's too late John Brandon October 12, 2010 (Computerworld) http://www.computerworld.com/s/article/print/9189738/Six_enterprise_security_leaks_you_shoul d_plug_now?taxonomyName=Security&taxonomyId=17 The Titanic was thought to be unsinkable, a testament to the engineering prowess of its day and the fact that luxury liners rarely collided with massive icebergs. In modern enterprises, there's a similar perception of invulnerability. Yet, for every large organization that glides through the year without any mishaps, there are many stories about perilous break-ins, Wi-Fi sniffing snafus and incidents where Bluetooth sniper rifles were used to steal company secrets. Here's a look at six security holes that are often wide open, even in companies that take great pride in their security precautions. We checked with security consultants to find out what you can do about them, before your enterprise ship hits a wall of ice. 1. Unauthorized smartphones on Wi-Fi networks 9 CI Strategic Partnership Newsletter Page 10 Smartphones create some of the greatest risks for enterprise security, mostly because they're so common and because some employees just can't resist using personal devices in the office -even if their employers have well-established policies prohibiting their use. "The danger is that cell phones are tri-homed devices -- Bluetooth, Wi-Fi and GSM wireless," says Robert Hansen, founder of the Internet security consulting firm SecTheory. Employees who use their personal smartphones at work "introduce a conduit that is vulnerable to potential attack points," he explains. If you use a device like a smartphone that spans multiple wireless spectrums, "someone in a parking lot could use a Bluetooth sniper rifle that can read Bluetooth from a mile away, connect to a smartphone, then connect to a corporate wireless network," says Hansen, who is also known by his alias, RSnake. Bluetooth is the open portal that lets a hacker access Wi-Fi and therefore the corporate network. Hackers lurking in parking lots could use Bluetooth sniper rifles like this one, which can read Bluetooth from a mile away and then ultimately connect to a corporate wireless network. Hansen says policies that simply disallow smartphones aren't likely to be effective -- employees will be too tempted to use their gadgets at work even if they're prohibited. Instead, he says IT should allow only approved devices to access the network. And that access should be based on MAC addresses, which are unique codes that are tied to specific devices -- making them more traceable. Another tactic is to use network access control to make sure whoever is connecting is, in fact, authorized to connect. In an ideal world, companies should also separate guest access Wi-Fi networks from important corporate networks, says Hansen, even if having two wireless LANs means some redundancy and management overhead. Another approach: Provide robust, company-sanctioned smartphones on popular platforms, such as Google's Android, and thereby dissuade employees from using nonsupported devices. By encouraging the use of approved phones, IT can focus on security precautions for a subset of devices instead of having to deal with numerous brands and platforms. 2. Open ports on a network printer The office printer is another seemingly innocuous device that represents a security risk, although most companies are oblivious to the danger. Printers have become Wi-Fi-enabled over the past few years, and some even use 3G access and telephone lines for faxes. Some models do block access to certain ports on printers but, as Hansen says, if there are 200 blocked ports for printers at a large company, there might be another 1,000 ports that are wide open. Hackers can break into corporate networks through these ports. A more nefarious trick is to capture all printouts as a way to steal sensitive business information. "One of the reasons you do not hear about it is because there is no effective way to shut them down," says Jay Valentine, a security expert. "We see access all the time via network ports in the electric utility industry, which is a major accident waiting to happen." We see access all the time via network ports in the electric utility industry. Jay Valentine, independent security expert The best way to deal with this problem is to disable the wireless options on printers altogether. If that's not feasible, IT should make sure all ports are blocked for any unauthorized access, says Hansen. It's also important to use security management tools that monitor and report on open printer ports. One such tool is ActiveXperts Software's Active Monitor. 3. Custom-developed Web applications with bad code Just about every enterprise security professional lives in fear of holes created by sloppy programming. This can occur with custom-developed software as well as with commercial and open-source software. Hansen says one common trick is to tap into the xp_cmdshell routine on a server, which an inexperienced programmer or systems administrator might leave wide open for attack. Hackers who do that can gain full access to a database, which provides an entryway to data and a quick back door to networks. 10 CI Strategic Partnership Newsletter Page 11 Hansen says PHP routines on a Web server can also be ripe for attack. Small coding errors, such as improper safeguards when calling a remote file from an application, provide a way for hackers to add their own embedded code. This can occur if a developer wasn't careful to restrict which files might be called based on a user's form input, or a company blog using a trackback feature to report on links back to its posts, without first sanitizing stored URLs to prevent unauthorized database queries. The most obvious fix to this problem is to avoid some software such as freely available PHP scripts, blog add-ons and other code that might be suspect. If such software is needed, securitymonitoring tools can detect vulnerabilities even in small PHP scripts. 4. Social network spoofing Facebook and Twitter users can be fooled into divulging sensitive information. Usually, these types of attacks are subtle and not necessarily traceable. "People looking for jobs are often willing to divulge [personal] information," says Hansen, who says one of his clients told him about how a hacker used a fake e-mail address from a job-search Web site to pose as a recruiter. He declined to elaborate on this example to protect the client, but it's an example of what he calls the "confused deputy" scenario, where someone claiming to be, say, a recruiter for Monster.com contacts an employee, and the employee believes that the caller is, in fact, a Monster.com recruiter and doesn't ask to verify his credentials. Hansen says it's the same as getting an envelope in the mail -- just because the envelope has a certain return address, it doesn't mean that the contents actually came from that sender. Companies should use e-mail verification systems that confirm the identity of a sender. These verifications send an e-mail back to the address to confirm the sender's credentials. Some states -- including Texas -- have made it illegal to impersonate someone by e-mail. 5. Employees downloading illegal movies and music P2P networks just won't go away. In a large company, it's not uncommon to find employees using peer-to-peer systems to download illegal wares or setting up their own servers to distribute software. "P2P networking should, as per policy, be completely blocked in every enterprise," says Winn Schwartau, CEO of The Security Awareness Company, a security training firm. "The P2P ports should be completely shut down at all perimeters and ideally at the company's endpoints. P2P programs can be stopped through white/black listings and filters on the enterprise servers." "P2P networking should, as per policy, be completely blocked in every enterprise," says security expert Winn Schwartau. Schwartau tells the story of a financial services firm in New York that had a P2P port running all day, every day in its office. Eventually, it was discovered and found to be a porn file server. Schwartau says the unfortunate truth about what he calls "criminal hacking" is that the thieves are usually drawn to nefarious activities, so one of the first places they might look is a P2P server and any potential security holes. "Injecting hostile code into P2P files is [not difficult] and can create a beachhead within an organization, depending upon the code design," he says. He suggests a technique called "resource isolation," which essentially controls which applications users are allowed to access based on permission rights. Different operating systems do that in slightly different ways, Schwartau says, but it's worth pursuing in situations where a corporate policy is lacking or isn't followed. Schwartau encourages IT shops to conduct regular sweeps of all company networks and servers to look for P2P activity and to be vigilant about blocking any P2P activity. 6. SMS text messaging spoofs and malware infections Another potential attack vector: text messaging on smartphones. Hackers can use SMS text messages to contact employees in direct attempts to get them to divulge sensitive information 11 CI Strategic Partnership Newsletter Page 12 like network log-in credentials and business intelligence, but they can also use text messages to install malware on a phone. Security expert Robert Hansen says one of his clients experienced a hacker using a fake e-mail address from a job-search Web site to pose as a recruiter. "In our proof-of-concept work, we showed how a rootkit could turn on a phone's microphone without the owner knowing it happened," says Schwartau. "An attacker can send an invisible text message to the infected phone telling it to place a call and turn on the microphone." That would be an effective tactic if, for example, the phone's owner was in a meeting and the attacker wanted to eavesdrop, he notes. Schwartau says there are ways to filter SMS activity, but that's usually done through the wireless carrier, since SMS isn't IP-based and therefore isn't usually controlled by company admins. The best option for blocking such attacks is to work with carriers to make sure that they're using malware-blocking software, SMS filters and redirects for those kinds of attacks. And again, creating smartphone usage policies that encourage or require the use of only company-sanctioned or company-provided phones and service plans can reduce that risk. Of course, companies can't thwart every possible security attack with current technology, and hackers are constantly switching tactics. You should try to plug these six security leaks and work to ensure that they stay plugged -- but you should also keep an eye out for new forms of malicious activity. John Brandon is a veteran of the computing industry, having worked as an IT manager for 10 years and as a tech journalist for another 10. He has written more than 2,500 feature articles and is a regular contributor to Computerworld. CYBER, HACKING, DATA THEFT, COMPUTER INTRUSIONS & RELATED How advanced persistent threats bypass your network security By Roger A. Grimes Created 2010-10-19 03:00AM http://infoworld.com/print/141048 Hundreds of companies around the world have been thoroughly compromised by APTs (advanced persistent threats) -- sophisticated forms of cyber attacks through which hackers mine for sensitive corporate data over the long term. APTs aren't easily purged; rather, victimized companies often spend day after day trying to make a dent in them. Meanwhile, some security practitioners consider "APT" an overblown marketing term. It isn't. One of the struggles faced by companies (and security consultants) is determining whether a breach is, indeed, an APT. They will call every found singular bot and Trojan an APT and dream up long-term, radical threats from invisible attackers. I've had to disagree more than once with other consultants on whether APT was part of a security threat. The evidence was not there. The first step in fighting ATP is understanding what separates it from a traditional, targeted humanhacker attack. The follow-up step, which I will discuss next week, is detecting and eliminating these kinds of attacks. 12 CI Strategic Partnership Newsletter Page 13 Most people will immediately point to the "persistent" part of the definition as the key differentiator. The normal targeted attackers break in, look around, and immediately target the most valuable found assets. They figure that the faster they get in and out with the treasure, the more money and the less risk they face. By contrast, APT attackers are there to stay as long as they can. The attackers aren't trying to steal everything at once. Instead, they exploit dozens to hundreds of computers, logon accounts, and email users, searching for new data and ideas over an extended period of months and years. Their interests (and keyword searches) change from one day to the next, as if their "customers" have given them a shopping list. APTs are professionally run attacks, managed just like legitimate corporations instead of in the manner you'd expect of a black-attired, greasy-haired hacker kids hopped up on Mountain Dew. Many APT companies work in skyscrapers; have CEOs, recruiters, and payrolls; and pay taxes. APT hackers work in eight-hour shifts and take off holidays (at least those of the originating country). Individual APT hackers appear to boast different specialties, whether it's compromising particular types of servers and workstations, dumping passwords, placing back doors, collecting data, or loading remote-access Trojans. Their malware creations have evidence of development team breakouts with development forks, beta testing, and updates. Victims often tell me they know when a particular hacker is at work simply by the methods and tools used. Even the treasure taken by APTs is different. The traditional attacker seeks immediate financial gain. They will try to steal identities, transfer money to foreign bank accounts, and more. APT attackers, on the other hand, almost always take only information and leave money untouched. Their targets are corporate and product secrets, whether it be F-18 guidance system information, contract pricing, or the specs on the latest green refrigerator. APT often steals large amounts of information each week, collecting it at a centralized computer within the compromised network, before sending it all home in a single archive file (often a tar ball). Many networks run APT bots that collect every new folder, file, and email, then send it home. The victims have an online backup system that rivals what they could otherwise pay for with a legitimate company. APT is usually hosted in countries that provide political and legal safety. I've never seen evidence of a country that directly hosted black-hat hackers, but there appears to be a well-known list of countries that tolerates such operations within their boundaries and are uncooperative in assisting victims with justice. China and Russia are often mentioned, but there are dozens more. Former White House security adviser Richard Clark calls them "cyber sanctuaries" and urges our cyber allies to ask for accountability. Worse yet, APTs are usually so ingrained into an environment that even if you know where they are, they can be difficult or impossible to move. I have several clients who've decided it's easier to live with APT (or portions of it) than it is to tackle and try to eradicate it. They don't like the odds of successfully ridding themselves of the APT and are afraid the APT would dig further undercover if the extermination attempt goes awry. By allowing some of it to remain on their network, they know where it is, and they can more closely monitor it to learn what is being stolen. It sounds crazy, but living with APT is not an uncommon scenario. APT has many characteristics that make it stand out from regular hacking attacks. Hopefully, your company won't have to learn firsthand why that's the case. 13 CI Strategic Partnership Newsletter Page 14 As an aside, I was the guest of the SecuraBit podcast two weeks ago. These guys discuss relevant computer security topics and throw in enough humor to make you forget that it's a computer security discussion. Check it out. This story, "How advanced persistent threats bypass your network security," was originally published at InfoWorld.com. Follow the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. The threat behind fake LinkedIn messages Posted on 07.10.2010 http://www.net-security.org/malware_news.php?id=1489 Retarus sent out a warning in response to a current wave of fake contact requests via the social media platform LinkedIn. These well-simulated e-mail messages present a considerable risk to PC-owners. Unsuspecting users are lured into a trap via the seemingly well-intentioned e-mails and their PCs are infected with malware in an attempt to gain access to personal information. The e-mails feign to be a contact request sent from the social media platform LinkedIn. Users who try to access the platform via the link are routed to an intermediary website - with the simple notification "Please waiting ... 4 seconds". From there, they are then redirected to Google. In these four seconds the spyware ZeuS is uploaded in the background and secretly installed. Cyber criminals use this type of spam to gain access to personal information, such as access data for online banking. Social media spam is on the increase. Retarus analyses have shown that one in three spam emails are clearly sent in the guise of social networks. Retarus Managing Director, Martin Hager, warns, "Social media spam is particularly dangerous because the contents seem well-intended, and the original e-mails are so perfectly imitated, that lay persons are unable to identify them as fakes. Mail users who have defined social media platforms as safe senders, via whitelist entries in their spam filters, are especially affected." Users should not respond to contact requests, especially from unknown senders, and delete these e-mails immediately. To verify the authenticity of contact requests, it is recommended that users avoid logging in to their social network by clicking on a link which has been sent via e-mail. Zeus hackers could steal corporate secrets too Robert McMillan October 9, 2010 (IDG News Service) http://www.computerworld.com/s/article/print/9190239/Zeus_hackers_could_steal_corporate_se crets_too?taxonomyName=Network+Security&taxonomyId=142 Criminals who use the Zeus banking crimeware may be working on an new angle: corporate espionage. That's what worries Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham, who has been closely monitoring the various criminal groups that use Zeus. Zeus typically steals online banking credentials and then uses that information to move money out of Internet accounts. In the past year, however, Warner has seen some Zeus hackers also try to figure out what companies their victims work for. 14 CI Strategic Partnership Newsletter Page 15 In some cases, the criminals will pop up a fake online bank login screen that asks the victim for a phone number and the name of his employer. In online forums, he's seen hackers speculate about how they might be able to sell access to computers associated with certain companies or government agencies. "They want to know where you work," he said. "Your computer may be worth exploring more deeply because it may provide a gateway to the organization." That's worrisome because Zeus could be a very powerful tool for stealing corporate secrets. It lets the criminals remotely control their victims' computers, scanning files and logging passwords and keystrokes. With Zeus, hackers can even tunnel through their victim's computer to break into corporate systems. There are other reasons why Zeus's creators might want to know where you work, however. They could simply be trying to figure out whose data is the most valuable, said Paul Ferguson, a security researcher with Trend Micro. "A welding business might make more money, than say, a Girl Scout troop," he said via instant message. Still, Ferguson believes that the crooks could make money by selling access to computers belonging to employees of certain companies. "I haven't personally seen that, but these guys are pretty devious." This type of targeted corporate espionage has become a big problem in recent years, and many companies, including Google and Intel, have been hit with this type of attack. Police arrested more than 100 alleged members of a Zeus gang last week, but that doesn't put an end to the problem. Zeus is widely sold for criminal use, and security experts say that there are dozens of other Zeus gangs out there. The group responsible for last year's Kneber worm outbreak is thought to be the largest Zeus outfit still in operation. If Zeus operators really do start promoting their crimeware as corporate back-doors -- and Warner believes this is already happening -- that could mean new problems for corporate IT. The biggest issue would be for home computers and laptops that are outside of corporate firewalls that still have access to company data via the Internet. Those systems could suddenly become a risk for IT staffers, Warner said. Inside the firewall, a computer that suddenly starts sending data to Russia should be noticed right away. That might not be the case on a home network. "If you are an employee of a place that gives you access to sensitive data, your company needs to care if you have a malware infection at home," Warner said. The problem could be solved by either not letting people work from their home PCs or by providing workers with computers that can only be used for work, Warner said. Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com USB Warfare: The Real Electronic Nightmare Miller-McCune, 22 Sep 10: The gist of this column lately has been that threats of “cyberwarfare” waged through the public Internet are the stuff of Hollywood schlock and patriotic pulp fiction. But there are other ways to wage electronic war, and they tend to be more terrifying precisely because they’re tougher to fight. Siemens announced in July that a malicious bit of code called Stuxnet could spread on USB thumb drives and try to lift industrial secrets from its clients around the world. It’s the first large-scale worm of its kind, an act of sophisticated industrial espionage that indicates the real future of electronic warfare. “Stuxnet,” according to PCWorld, “marks the 15 CI Strategic Partnership Newsletter Page 16 first time that someone has targeted the factory floor” with a software virus. The Munich-based Siemens corporation specializes in “automated systems,” from fire alarms to robotic factories to power grids. This worm in particular went after a Siemens industrial software suite called WinCC. A company spokesman said WinCC is used by “thousands” of plant managers worldwide, and the worm reportedly found its way — without causing major damage — into 14 plants in Germany, Indonesia, India, North America, the United Kingdom and (primarily) Iran. None of the infections spread through the public Internet, and the reason cyberwar scenarios over the Web may remain the stuff of fiction is that vital networks like nuclear power plants can be kept well away from the Internet – meaning safe from remote, and presumably foreign, hackers. Yes, Estonia suffered a massive denial-of-service attack in 2007, probably from Russian nerds, and some important Estonian government sites went down, but such a denial-of-service attack will probably not cause a disaster, say, in a nuclear power plant. What could cause a nuclear disaster is an inside job. A spy could infect a power plant’s control system with a bug on a USB drive, just as a soldier with security clearance and a CD-ROM marked “Lady Gaga” can sneak out thousands of classified military documents. Or perhaps establish a “digital beachhead,” as occurred in 2008 when a flash-drive-launched virus infected the Department of Defense. Alternatively, the author of a worm like Stuxnet could find a way to install it on a USB stick bound for certain machines. (Siemens reportedly sends software license keys to its clients on USB sticks.) No one is sure where Stuxnet originated, but cyberwarfare experts have been predicting similar attacks for years. WinCC is so-called SCADA software (“supervisory control and data acquisition”), and a SCADA attack could, in theory, shut down a power grid or hand essential controls to an outside user. “It could be very valuable to a nation-state for war-like espionage,” Reuters quoted Randy Abrams, a researcher at a security firm called ESET, which studied Stuxnet. “It could be very valuable to terrorist organizations.” Happily, this kind of intrusion still requires the old-fashioned presence of a human being, what older generations would have called a spy. It’s just that a spy can now cause unheard- of mayhem. A military leak is one thing; the airing of 91,000 military documents relating to the war in Afghanistan, useful as they might be to the public discourse, must have blindsided American generals – who in turn started crafting tighter security known as Cyber Insider Threat. The glimmer of light is that neither Stuxnet nor the Wikileak sensation could have been perpetrated by some clever kid with just a broadband connection. The threat of massive cyberwarfare or terrorism over the Web, for now, is small, so average Internet users don’t have to tolerate horror stories that threaten to close down their freedom and privacy. Source: http://www.miller-mccune.com/politics/usb-warfare-the-real-electronic-nightmare-23118/ Social networking sites used by foreign intelligence services Expatica.com: Dutch secret services are warning that people should be careful when placing information on their personal sites as foreign intelligence agencies often use social networking sites to gather information. And this Friday, the Dutch intelligence agencies began a campaign to warn of the dangers of digital espionage. Brochures have been published to inform potential target groups about the dangers. One on 'digital espionage' describes the dangers of infected emails, visiting infected websites and how infected USB sticks are sometimes handed out as promotional gifts at conferences. The information has been published by the AIVD (General Intelligence and Security Service) and MIVD (Military Intelligence and Security Service). They point specifically to social networking sites such as Facebook. The AIVD’s Director of National Security, Wil van Gemert, says the campaign against digital espionage is not meant for IT professionals or the general public. Its primary goal is to educate people who deal with confidential information. In an interview with Radio Netherlands Worldwide, Van Gemert says the campaign is meant for: "People travelling abroad who are employed in sensitive positions by large international companies and scientific institutions or policy-making officials. We focus on the users. Of course it is important to use a firewall, but one must also be aware of the dangers inherent in the way one deals with emails and storage devices." The AIVD warns about USB 16 CI Strategic Partnership Newsletter Page 17 sticks handed out as promotional gifts. According to Van Gemert "It has happened that USB sticks have been distributed as gifts and although they appeared to be empty it was discovered that they contained a virus or a spyware programme. There are also emails that appear reliable, but as soon as you open them you download a Trojan horse that allows hackers to gain access to your data." In 'classical' espionage charming ladies or gentlemen have been known to approach public servants or senior officials on a trip abroad in order to get hold of information. Van Gemert explains that such information can be obtained by different methods in the digital world: "Because people can be traced so easily using the internet, via Facebook or other sites, it can sometimes be extremely easy to see who might have access to interesting information. If you can then send the user an email which he or she does not suspect – for instance via feeds [mailing lists] then it can happen that information can be obtained from your computer that way." The AIVD does not suggest that people who have access to confidential information should avoid social networking sites. They should just be aware of the risks, says Van Gemert: “You do not have to avoid using Facebook, Hyves [a Dutch social networking site] and other similar sites, but you should keep in mind that they are available to third parties. Espionage is not something from thirty years ago. It is something which exists today in many different forms, and especially in the digital world.” In its recent annual report, the AIVD pointed to the roles that China and Russia play when it comes to spying in the Netherlands. “This does not mean that the intelligence services of more or less friendly countries are not active here. That is why we point out that while one should be aware of potential dangers from certain countries, espionage is international, and also includes neighboring and friendly countries.” The AIVD and its military counterpart the MIVD also collect information abroad. The ‘targets’ are chosen by the prime minister on an annual basis. The AIVD does not discuss the details for obvious reasons. But Van Gemert says: “I do not exclude any means, including digital.” The AIVD has obviously taken the necessary measures to secure itself and its employees from digital burglary, as Mr Van Gemert explains: “There are people who are also interested in what we know, and we take this into account. We attempt to ensure that our communications and contacts are as secure as possible.” Van Gemert refuses to say if attempts have been made to gain information digitally from the AIVD. Source: http://www.expatica.com/nl/news/news_focus/Social-networking-sitesused-by-foreignintelligence-services_15564.html iPad Spy Software Hits Market DarkReading, - May 10, 2010 - Retina-X Studios, LLC announced today the immediate availability of Mobile Spy for the Apple iPad. Using this groundbreaking iPad technology, users can silently view all email messages, web site visits and other information of children or employees - even if histories are deleted. The new version for the iPad is now on the market. Mobile Spy runs in total stealth mode and no mentions of the program are shown inside the iPad. After the software is set up on the device, it silently records the contents of all emails sent or received. The software also records web addresses visited in Safari and any contact added to the iPad's contacts list. Immediately after activities are logged, they are silently uploaded to the user's private online account. If no Internet connection is present, the logs will resume upload at the next Internet connection. Accounts can be checked online from any web browser without needing further access to the iPad. "Mobile Spy is a priceless piece of software. After having some doubts about honesty, this really helped set the record straight and confirmed my suspicions," says Derrick, a Mobile Spy user. Retina-X Studios CEO James Johns states, "Any device that can browse the Internet or send email can lead to unauthorized activities. Before now there was no method to monitor activities of children or employees on the iPad. Being the first to develop this technology, we will continue expanding with new features for this tool by recording GPS positions, photos, notes and more." This hybrid system helps businesses enforce their Acceptable Use Policy on company provided iPads. The software can also monitor teen or family iPads. It gives a parent 17 CI Strategic Partnership Newsletter Page 18 the ability to remotely monitor their child's Internet activities by logging into a website from any web browser. Another common use is to back up a user's own personal activity for their own records. Mobile Spy runs on any jailbroken iPad. The program is also available for the iPhone, BlackBerry, Android, Windows Mobile and Symbian OS devices. Source: http://www.darkreading.com/security/applicationsecurity/224701439/index.html The Boston Field Office Counterintelligence Strategic Partnership Program Coordinators: Carmine Nigro Theodore Distaso Wallace D. Salisbury Carmine.Nigro@ic.fbi.gov Theodore.Distaso@ic.fbi.gov Wallace.Salisbury@ic.fbi.gov 18 617-223-6038 617-223-6231 401-458-1127