The Football Association has launched an investigation in to how the team's security was breached. The recording were alledgedly made at the The Grove Hotel in Hertfordshire, where the team were staying in the run up to a game against Egypt.

The BBC reported that  solicitors for the football association have written to news broadcasters to state that  publication of the tape's contents would be a breach of Press Commission rules.

Using GBP15.00 off-the-shelf software, insurgent forces in Iraq have been able to hook in, and monitor real-time video footage being shot from the pilotless spy planes.

The problem was first highlighted last year after a Shi'ite insurgent was found to have secret drone video feeds on his laptop. The Americans kept the information secret while attempts were made to close the data security loophole.

The US Department of Defense is preparing to boost its fleet of aerial surveillance aircraft in Afghanistan, so the hacking revelations being made public at this time are particularly embarassing.

The availability of eavesdropping devices is something constantly being monitored and assessed by QCC.

With more than 200,000 employees in both civilian and military information gathering roles, plus hardware including satellites it was obvious that the figure would be high, but generally accepted  estimates were around half the actual figure now being reported.

Similar data was accidentally published in a congressional document in 1994 and it appears that in the years since that time the surveillance budget has tripled.

Director of National Intelligence Dennis Blair has intimated that ensuring cyber-security is now a significant part of America's 75 billion dollar intelligence budget.

Blair enumerated the major threats faced by the USA and alongside the usual suspects (Al Qaeda, Iran and North Korea) but this time he added  China's "aggressive" push into areas that could threaten U.S. cyber-security as a potential threat.

Just months before the case was sheduled to conclude,  Chevron have posted video footage on their website which they say shows evidence of Ecuadorian officials connected with the case, involved in bribes relating to the lucrative cleanup operation to be funded by Chevron if they lose the case.

While the merits of the video evidence are a matter of interest in themselves, from a counter espionage perspective, the remakable thing is that the two hours of video evidence released by Chevron were apparently recorded using nothing more sophisticated than a £15 camcorder pen. The '007 spy pen' was of a type available for anyone to buy  from Amazon and other online toy and gadget retailers.

Devices such as this are a now ten a penny. The pen in question has a 4GB internal memory (enough for 3 hours of video footage) and can be charged from a standard USB port. Despite this impressive spec it looks like a normal pen and even has an ink reservoir so it writes like one too.

With tools such as this at anybody's disposal, companies and individuals need to be more vigilant than ever about their information security arrangements.

You may think that once the meeting rooms have been swept for bugs and the computers have all been locked down, your information is secure. However, as the Chevron case reveals, the human factor is undoubtedly the hardest part of the security equation to resolve.

If you have concerns about how you are dealing with potential threats to your privacy, whatever their nature, call QCC Interscan (from a secure location of course) and ask the professionals for advice.

Our new easy to find headquarters are at:

Buchanan House,
24-30 Holborn,
London
EC1N 2LX

Visitors will find the spacious new offices a welcome change. What remains unchanged is our commitment to excellence in the field of counter surveillance and the high standards of our rapid, professional and thorough bug sweeping team.

View Larger Map

In a USA today report, a survey by Cyber-Ark Software revealed that 74 percent of the Information Technology professional they questioned admitted that they knew how to circumvent the security in their office data storage systems. Far more alarmingly, 35 percent of respondents admitted doing so without permission.

More and more people are entering the workplace having used IT their entire lives. The newer techno-savvy generations of employees are confident with computers and know how to hack at a basic level without too much fear of getting caught.

Now in a time of job uncertainty and mass layoffs, ex-employees and disgruntled staff who possess or can guess passwords are becoming corporate spies against their former employers. According to Grant Evans, CEO of ActivIdentity, "Mass layoffs have increased internal threat levels dramatically."

Many companies are making it even easier for potential spies, by allowing employees to access sensitive data using Internet services, mobile phones and other remote technologies. This combined with the growth in small cheap data storage devices via USB or free semi-anonymous storage on web hosted services is fostering an atmosphere where those who may be tempted to engage in cybercrime are finding it easier than ever to take the first step.

And five or ten years ago  it was probably true for most smaller businesses that the head of security was more than capable of carrying out the basic checks required to keep a firm's private information private. However, this is definitely no longer the case.

A report on the newsfactor network this month has highlighted the abundance of concealed devices available at very low cost via the internet to whoever wants them. One such tool is a USB printer cable which looks and works exactly like a standard cable except for one extra function.  One end of the ordinary looking device houses a sensitive microphone and antenna that continually transmits a UHF audio signal to a receiver that can be up to 160 feet away. Drawing its power from the USB this bug may work continually for years, allowing an eavesdropper to listen in to every whisper within the confines of the room.

In the past spies it woud have required the services of Q branch to get hold of such a device. Today, gadgets such as this can be bought on the web for less than £100 each. 

Therefore visual checks of electrical items are no longer enough.  In order to effectively sweep for bugs electrical components needs to be taken apart and examined by trained experts.  In addition the technology being used to pass the audio signal to the listener is constantly evolving. Again a professional bug sweeping service has up-to-date access to the methods to detect them.

The newsfactor article was titled "Corporate Espionage Surges in Tough Times" and focused on a case of a comparatively small videoconferencing firm in Dallas Texas spying on a New Jersey based competitor in order to undercut their prices. It is clear that corporate espionage is no longer just the concern of blue chip mega corporations; small firms need to be vigilant as well.
 

Journalist David Jolly reported from Paris that what began as a Tour de France doping investigation in 2006 has now exploded into a labyrinthine trawl through the less scrupulous side of Gallic big business activities.

Three years ago top American cyclist Floyd Landis was found guilty of doping and was disqualified from the Tour de France and international cycling. As part of the doping investigation a computer at the drug testing lab was discovered to have been infected by a 'Trojan horse' virus. A Trojan horse is a tool that can be used to spy on the contents of a computer and steal the information from it.

The French Interior Ministry cybercrime unit got involved and the discovered a trail leading to Alain Quiros, a French national living in Morocco. His computer turned out to be an Aladdin's cave of information apparently stolen from top ranking business people's computer systems. He in turn fingered a former French intelligence agent Thierry Lorho, the head of Paris based Kargus Consultants. Evidence showed that the intelligence gathering attacks had been carried out against, not just the drug testing lab, but also lawyers, aerospace companies and even charities such as Greenpeace.

Mr. Lorho claimed that he had collected data on Greenpeace on behalf of Électricité de France, which had paid him for “strategic intelligence” on anti-nuclear campaigners. E.D.F. who are now moving into the UK energy market in a big way denied any knowledge of the cyber-theft by Kargus Consultants.

The Greenpeace campaign director at the time of the alleged spying incidents said the case showed “a systematic policy of spying by E.D.F.” 

David Jolly goes on to say that spying by large corporations on their perceived enemies is by no means a recent phenomenon. He reminds his readers that in the 1960s General Motors hired private detectives to dig up dirt on Ralph Nader, the consumer activist who would later run for president of the USA.

Jolly also looks at German corporations such as Deutsche Telekom, Deutsche Bank and Deutsche Bahn, all of whom have been caught "overstepping the line regarding surveillance of critics and their own employees".

Read David Jolly's article on corporate theft in France

General Keith Alexander, currently the director of the National Security Agency will take control of the cyber command group which will comprise various hi-tech military units already engaged in stopping attacks by cyber terrorists.

The Pentagon has lately become more aware of the potential threat posed by online hackers following a number of apparent electronic infiltrations that seemed to originate from computers inside China and Russia.

Last week an official from the office of US defence secretary Robert Gates said that cyber warfare is now one of the biggest challenges to the US military.

Gates stated that in addition to defending military networks and developing offensive cyber-weapons cyber command would also be tasked to assist the safeguarding of US-based civilian computer networks.

A fascinating report has recently been published detailing a failed £229m raid on the Sumitomo Mitsui bank in October 2004.

If the cybercriminals had succeeded they would have pulled of the UK's biggest bank job, and would have netted over five times more than the City's biggest previous robbery.

The report is of particular interest, as it reveals the crooks used commercial keystroke-logging software to capture usernames and passwords needed to make bank transfers.  The keystroke logger software iOpus Starr, is a high street product legitimately used by parents to keep an eye on their children's web activities.

Lead police investigator Marc Kirby said. "The use of legitimate technology meant the software was not picked up by anti-virus scanners. And there was no traffic going into or out of the network so it couldn't be detected that way."

There was also inside involvement in the scam, with a security supervisor repeatedly smuggling two male hackers (one French, the other Belgian) into Sumitomo's London office to gain access to the bank's systems.

http://www.theregister.co.uk/2009/03/19/sumitomo_cyberheist_investigation/

Learn more about how keystroke logging can be used by criminals to steal information

The suit alleges that two former Starwood executives provided Hilton with confidential information regarding Starwood's luxury boutique hotel brand 'W'. This info was then supposedly used to help Hilton quickly and cheaply enter the same market.

Using a small camera and telescope, this technique allowed German researcher Michael Backes to read information from the screen reflections of a wide range of ordinary objects. He found that readable info can bounce from screens to teapots, plastic bottles, jewellery and end up in the camera lens of a determined spy.

Read more about How Hackers Can Steal Secrets from Reflections

By sending emails with titles such as "Salma Hayek caught swine flu!" and "Swine flu in Hollywood!" they have managed to get unsuspecting recipients to open the messages and thereby infect their computers, which in turn spread the computer viruses.

According to an article on the Guardian Newspaper's website 5% of global spam email now contains the phrase 'swine flu'.

Thom Weidlich and David Glovin reported on the Bloomberg website that the owners of Universal Autosports LLC were arrested at their homes, accused of illegally tapping into the e-mails of a rival Ferrari Maserati dealership on more than 2,000 occasions between February and September last year. They apparently used the information gained to undercut the competitors.

The maximum penalty if they’re found guilty is five years in prison and a $250,000 fine.

A survey of 600 London commuters by Infosecurity Europe has revealed that more than one in three workers said they would be willing to sell company information to strangers.

While 63% of those who would sell information said they would only do it for a payment of £1 million, 2% said they were happy to give away company secrets "for a free slap-up meal."

This research also revealed that one third of those questioned said they felt a lot less loyalty to their employers than was the case a year ago.

Mayor Linda Jackson said that a bug sweep had been required after she received information her office may have been compromised.

“I believed that someone entered my office without authorization,” she said. However, the Mayor has not disclosed whether anything illicit was found during the sweep.

According to the Le Monde newspaper, this followed rumours that the United States National Security Agency (NSA) were able to routinely intercept and read emails from BlackBerrys. The French petrochemical firm Total has also apparently banned the use of BlackBerrys.

Research in Motion (RIM), the makers of the popular personal communication devices dismissed the rumours, stating that Blackberrys are highly secure as all the data is encrypted using 256-bit Advanced Encryption Standard (AES) encryption. 

Every single BlackBerry e-mail message sent, is processed via RIM's operations
centre in Canada.

In the UK the government have not expressed any similar concerns and have in fact approved the BlackBerry Enterprise Solution for transmission of confidential and restricted data.

The KGB, was actively bugging foreign embassies throughout the cold war and earlier bugs had been discovered in the same embassy as far back as the 1940s.

However, this was not a one sided affair. Australia also spied on the Soviet
embassy in Canberra, planting bugs and tapping telephones as a matter of routine.

Neither side talked publicly about their actions and details remained locked in the archives.. The information came to light when Australian cabinet archives were opened in line with the 30 year rule, allowing researchers to dig into Australia's cold war past.

Reports in several leading newspapers revealed that what started as a small investigation into alleged hacking of the computers of Tibetan exiles, exploded into one of the largest ever hacking investigations.

During a 10-month investigation by the Ottawa-based SecDev Group and the University of Toronto, it was discovered that Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan all had computers belonging to their respective ministries of foreign affairs hacked.

Other computers in India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Pakistan and Germany were all reportedly infected with the malware used for this spying network. In addition, electronic copies of sensitive documents from the private office of the Dalai Lama had been stolen.

The Canadain research group who discovered the spying operation said that the main source of the hacking network was located in China. However, they had not been able to detect the specific identity or motivation of the hackers.

With millions of people around the world predicted to join the dole queues in the current downturn, Leyland believes data theft by laid-off staff is set to become one of the most significant threats facing companies.

According to the communications company Verizon, data theft by 'insiders' accounts for less than 20% of total incidents of data theft. However, this figure disguises the fact that insiders have the potential to do much more damage than traditional hackers; targeting and stealing data more easily and in greater volumes.

Expert in mitigating information theft Jason Dibley of QCC Interscan, advised all firms to take some time to reconsider their data security protocols in the light of recent global trends.

"People are increasingly aware of the high market value of business information. This knowledge, may lead former employees who feel they were badly treated to seek to obtain business records for their own private gain. Aim to remove the temptation to steal information. At it's simplest, a robust and visible data security policy may be all that is needed to deter a majority of potential insider security breaches. Alternatively taking advice from a counter surveillance expert about your own firm's particular situation can help keep your business information safe."
 

The BBC reported that "despite intensive searches, nothing was found by the security experts."

Mr Green is the Conservative immigration spokesman. He had been arrested on 27 November 2008 following allegations of leaks of sensitive Home Office material.

In the same inquest Journalist Richard Kay told the Court that Diana herself was concerned that she was being bugged and had urged Kay to have his mobile phone swept for bugging devices.

Jason Dibley, CEO of QCC Interscan is clear about the need for businesses to understand the risks that modern technology brings, alongside the benefits.

"We believe that the threat of unauthorised surveillance against UK and Global business using one of the many modern methods of eavesdropping and technical compromise is both clear and present.

QCC Interscan finds that a high percentage of inspections yield direct or indirect evidence of eavesdropping activity, or uncovers serious security weaknesses that make the likelihood of information theft highly likely."

The site also offers practical guidance on how to handle a suspected security breach.  This includes the basic but essential tip of not using your own mobile or office phone to call in a suspected security problem. Instead the site suggests that you to leave the office and use a payphone to call for help. Valuable nuggets of info such as this are to be found throught the website. See for yourself by visiting www.qcc.co.uk

This book is a practical, step-by-step guide for those responsible for dealing with a range of sensitive information security incidents giving a range of handy hints and tips to improve the response process and aid investigation and recovery from damaging events and crises.