Just five days after US President Barack Obama met his Russian counterpart Dimitri Medvedev in an attempt to improve relations between the two governments, the US state department has arrested 10 individuals in New York state, all suspected of infiltrating US policy-making bodies on behalf of the Kremlin.
An 11th suspect fled to Europe and absconded in Cyprus.

In a plot that reads like a John LeCarre novel, the group were allegedly all working in 'deep cover' carrying out a long term conspiracy plan that stretched back to the 1990s. Not a spy ring in the conventional sense, eight of them are husband-and-wife teams who allegedly were sent by the The FSK (the successor organization to the KGB) to the US to live as Americans and slowly gain positions of trust and access to information.

Michael Farbiarz, the assistant US attorney announced that he had almost a decade's worth of video and audio surveillance records of meetings between Russian government officials and some of the alleged conspirators.

Communicating via WiFi and traditional radio frequency transmitters they have been sending and receiving encrytped communications for years. The alleged spies are also said to have communicated with their handlers by encoding encrypted data into images which were then posted onto public websites.

Although the press have had a field day with this story (notably labelling one of the accused as being a classic 'flame-haired femme fatale'), both Washington and Moscow have sought to downplay the incident, not wanting to start a round of tit-for-tat expulsion of diplomats.

The association exists to provide research and exchange of information about business espionage, as well as to promote standards of professionalism in the Countermeasures industry.

BECCA's UK Administrator, Jason Dibley of QCC said "I am delighted to announce the launch of this service which represents a leap forward for UK based TSCM professionals. BECCA's presence in the UK will help to raise awareness of the important work being done by Counter Surveillance experts and will ensure the highest standards within the industry.

I am certain that the industry will be enhanced by the professional standards which BECCA UK is at the forefront of developing."

He voiced his accusations about the football industry to a woman who claims she had been having an affair with him. Melissa Jacobs (aged 37) secretly taped Lord Triesman (66) during an hour-long conversation in a Central London restaurant.

Miss Jacobs is believed to have sold her story to the Mail after approaching a number of newspapers. Her motives are unclear, although promoting England's chances of hosting the World Cup in 2018 clearly was not her intention. The damaging revelations came just hours after Triesman together with David Beckham had handed over England's bid documentation to FIFA, the sport's international governing body. Commentators are worried that the revelations may adversely affect the chances of England winning the bid, after having been seen as frontrunners just days ago.

This is not the first football related bugging story and will certainly not be the last. Only last month the England Team Manager Fabio Capello was bugged while discussing his plans for this summer's World Cup Finals. The sport now has such a high profile and is so potentially lucrative, that everybody within its upper echelons is a potential target for eavesdroppers. Triesman really should have talked to QCC rather than Miss Jacobs. Alongside the specifics of bug sweeping, surveillance detectors and other technical services, we are able to advise our clients on how to avoid risky scenarios and locations where they might be bugged.

A failure by top people to follow simple procedures, including the obvious one of not saying things in private that you would not say in public, recently cost Gordon Brown the political premiership. A similar failure has now cost David Triesman his job at the FA and may well have cost the nation the chance to host the World Cup for the foreseeable future.

Gordon Brown was wearing a Sky News radio microphone when he privately expressed his unhappiness at having been confronted by Gillian Duffy over a number of issues including immigration.

Despite being seated in his car, the microphone and RF transmitter had no problems picking up a high quality recording of what was said. Brown was clearly embarrassed when later during a live Radio Two Interview, journalist Jeremy Vine broadcast the tape of the PM describing the meeting with Mrs Duffy as 'a disaster'.

The technology used in a radio microphone is essentially the same as that used in RF bugging devices. The only real difference is that in this case the prime minister knew the microphone was there and working; his failure to use the off switch may well prove very costly to his election hopes.

For more http://news.bbc.co.uk/1/hi/uk_politics/election_2010/8649012.stm

The Football Association has launched an investigation in to how the team's security was breached. The recording were alledgedly made at the The Grove Hotel in Hertfordshire, where the team were staying in the run up to a game against Egypt.

The BBC reported that  solicitors for the football association have written to news broadcasters to state that  publication of the tape's contents would be a breach of Press Commission rules.

Using GBP15.00 off-the-shelf software, insurgent forces in Iraq have been able to hook in, and monitor real-time video footage being shot from the pilotless spy planes.

The problem was first highlighted last year after a Shi'ite insurgent was found to have secret drone video feeds on his laptop. The Americans kept the information secret while attempts were made to close the data security loophole.

The US Department of Defense is preparing to boost its fleet of aerial surveillance aircraft in Afghanistan, so the hacking revelations being made public at this time are particularly embarassing.

The availability of eavesdropping devices is something constantly being monitored and assessed by QCC.

With more than 200,000 employees in both civilian and military information gathering roles, plus hardware including satellites it was obvious that the figure would be high, but generally accepted  estimates were around half the actual figure now being reported.

Similar data was accidentally published in a congressional document in 1994 and it appears that in the years since that time the surveillance budget has tripled.

Director of National Intelligence Dennis Blair has intimated that ensuring cyber-security is now a significant part of America's 75 billion dollar intelligence budget.

Blair enumerated the major threats faced by the USA and alongside the usual suspects (Al Qaeda, Iran and North Korea) but this time he added  China's "aggressive" push into areas that could threaten U.S. cyber-security as a potential threat.

Just months before the case was sheduled to conclude,  Chevron have posted video footage on their website which they say shows evidence of Ecuadorian officials connected with the case, involved in bribes relating to the lucrative cleanup operation to be funded by Chevron if they lose the case.

While the merits of the video evidence are a matter of interest in themselves, from a counter espionage perspective, the remakable thing is that the two hours of video evidence released by Chevron were apparently recorded using nothing more sophisticated than a £15 camcorder pen. The '007 spy pen' was of a type available for anyone to buy  from Amazon and other online toy and gadget retailers.

Devices such as this are a now ten a penny. The pen in question has a 4GB internal memory (enough for 3 hours of video footage) and can be charged from a standard USB port. Despite this impressive spec it looks like a normal pen and even has an ink reservoir so it writes like one too.

With tools such as this at anybody's disposal, companies and individuals need to be more vigilant than ever about their information security arrangements.

You may think that once the meeting rooms have been swept for bugs and the computers have all been locked down, your information is secure. However, as the Chevron case reveals, the human factor is undoubtedly the hardest part of the security equation to resolve.

If you have concerns about how you are dealing with potential threats to your privacy, whatever their nature, call QCC Interscan (from a secure location of course) and ask the professionals for advice.

Our new easy to find headquarters are at:

Buchanan House,
24-30 Holborn,
London
EC1N 2LX

Visitors will find the spacious new offices a welcome change. What remains unchanged is our commitment to excellence in the field of counter surveillance and the high standards of our rapid, professional and thorough bug sweeping team.

View Larger Map

In a USA today report, a survey by Cyber-Ark Software revealed that 74 percent of the Information Technology professional they questioned admitted that they knew how to circumvent the security in their office data storage systems. Far more alarmingly, 35 percent of respondents admitted doing so without permission.

More and more people are entering the workplace having used IT their entire lives. The newer techno-savvy generations of employees are confident with computers and know how to hack at a basic level without too much fear of getting caught.

Now in a time of job uncertainty and mass layoffs, ex-employees and disgruntled staff who possess or can guess passwords are becoming corporate spies against their former employers. According to Grant Evans, CEO of ActivIdentity, "Mass layoffs have increased internal threat levels dramatically."

Many companies are making it even easier for potential spies, by allowing employees to access sensitive data using Internet services, mobile phones and other remote technologies. This combined with the growth in small cheap data storage devices via USB or free semi-anonymous storage on web hosted services is fostering an atmosphere where those who may be tempted to engage in cybercrime are finding it easier than ever to take the first step.

And five or ten years ago  it was probably true for most smaller businesses that the head of security was more than capable of carrying out the basic checks required to keep a firm's private information private. However, this is definitely no longer the case.

A report on the newsfactor network this month has highlighted the abundance of concealed devices available at very low cost via the internet to whoever wants them. One such tool is a USB printer cable which looks and works exactly like a standard cable except for one extra function.  One end of the ordinary looking device houses a sensitive microphone and antenna that continually transmits a UHF audio signal to a receiver that can be up to 160 feet away. Drawing its power from the USB this bug may work continually for years, allowing an eavesdropper to listen in to every whisper within the confines of the room.

In the past spies it woud have required the services of Q branch to get hold of such a device. Today, gadgets such as this can be bought on the web for less than £100 each. 

Therefore visual checks of electrical items are no longer enough.  In order to effectively sweep for bugs electrical components needs to be taken apart and examined by trained experts.  In addition the technology being used to pass the audio signal to the listener is constantly evolving. Again a professional bug sweeping service has up-to-date access to the methods to detect them.

The newsfactor article was titled "Corporate Espionage Surges in Tough Times" and focused on a case of a comparatively small videoconferencing firm in Dallas Texas spying on a New Jersey based competitor in order to undercut their prices. It is clear that corporate espionage is no longer just the concern of blue chip mega corporations; small firms need to be vigilant as well.
 

Journalist David Jolly reported from Paris that what began as a Tour de France doping investigation in 2006 has now exploded into a labyrinthine trawl through the less scrupulous side of Gallic big business activities.

Three years ago top American cyclist Floyd Landis was found guilty of doping and was disqualified from the Tour de France and international cycling. As part of the doping investigation a computer at the drug testing lab was discovered to have been infected by a 'Trojan horse' virus. A Trojan horse is a tool that can be used to spy on the contents of a computer and steal the information from it.

The French Interior Ministry cybercrime unit got involved and the discovered a trail leading to Alain Quiros, a French national living in Morocco. His computer turned out to be an Aladdin's cave of information apparently stolen from top ranking business people's computer systems. He in turn fingered a former French intelligence agent Thierry Lorho, the head of Paris based Kargus Consultants. Evidence showed that the intelligence gathering attacks had been carried out against, not just the drug testing lab, but also lawyers, aerospace companies and even charities such as Greenpeace.

Mr. Lorho claimed that he had collected data on Greenpeace on behalf of Électricité de France, which had paid him for “strategic intelligence” on anti-nuclear campaigners. E.D.F. who are now moving into the UK energy market in a big way denied any knowledge of the cyber-theft by Kargus Consultants.

The Greenpeace campaign director at the time of the alleged spying incidents said the case showed “a systematic policy of spying by E.D.F.” 

David Jolly goes on to say that spying by large corporations on their perceived enemies is by no means a recent phenomenon. He reminds his readers that in the 1960s General Motors hired private detectives to dig up dirt on Ralph Nader, the consumer activist who would later run for president of the USA.

Jolly also looks at German corporations such as Deutsche Telekom, Deutsche Bank and Deutsche Bahn, all of whom have been caught "overstepping the line regarding surveillance of critics and their own employees".

Read David Jolly's article on corporate theft in France

General Keith Alexander, currently the director of the National Security Agency will take control of the cyber command group which will comprise various hi-tech military units already engaged in stopping attacks by cyber terrorists.

The Pentagon has lately become more aware of the potential threat posed by online hackers following a number of apparent electronic infiltrations that seemed to originate from computers inside China and Russia.

Last week an official from the office of US defence secretary Robert Gates said that cyber warfare is now one of the biggest challenges to the US military.

Gates stated that in addition to defending military networks and developing offensive cyber-weapons cyber command would also be tasked to assist the safeguarding of US-based civilian computer networks.

A fascinating report has recently been published detailing a failed £229m raid on the Sumitomo Mitsui bank in October 2004.

If the cybercriminals had succeeded they would have pulled of the UK's biggest bank job, and would have netted over five times more than the City's biggest previous robbery.

The report is of particular interest, as it reveals the crooks used commercial keystroke-logging software to capture usernames and passwords needed to make bank transfers.  The keystroke logger software iOpus Starr, is a high street product legitimately used by parents to keep an eye on their children's web activities.

Lead police investigator Marc Kirby said. "The use of legitimate technology meant the software was not picked up by anti-virus scanners. And there was no traffic going into or out of the network so it couldn't be detected that way."

There was also inside involvement in the scam, with a security supervisor repeatedly smuggling two male hackers (one French, the other Belgian) into Sumitomo's London office to gain access to the bank's systems.

http://www.theregister.co.uk/2009/03/19/sumitomo_cyberheist_investigation/

Learn more about how keystroke logging can be used by criminals to steal information

The suit alleges that two former Starwood executives provided Hilton with confidential information regarding Starwood's luxury boutique hotel brand 'W'. This info was then supposedly used to help Hilton quickly and cheaply enter the same market.

Using a small camera and telescope, this technique allowed German researcher Michael Backes to read information from the screen reflections of a wide range of ordinary objects. He found that readable info can bounce from screens to teapots, plastic bottles, jewellery and end up in the camera lens of a determined spy.

Read more about How Hackers Can Steal Secrets from Reflections

By sending emails with titles such as "Salma Hayek caught swine flu!" and "Swine flu in Hollywood!" they have managed to get unsuspecting recipients to open the messages and thereby infect their computers, which in turn spread the computer viruses.

According to an article on the Guardian Newspaper's website 5% of global spam email now contains the phrase 'swine flu'.

Thom Weidlich and David Glovin reported on the Bloomberg website that the owners of Universal Autosports LLC were arrested at their homes, accused of illegally tapping into the e-mails of a rival Ferrari Maserati dealership on more than 2,000 occasions between February and September last year. They apparently used the information gained to undercut the competitors.

The maximum penalty if they’re found guilty is five years in prison and a $250,000 fine.

A survey of 600 London commuters by Infosecurity Europe has revealed that more than one in three workers said they would be willing to sell company information to strangers.

While 63% of those who would sell information said they would only do it for a payment of £1 million, 2% said they were happy to give away company secrets "for a free slap-up meal."

This research also revealed that one third of those questioned said they felt a lot less loyalty to their employers than was the case a year ago.

Mayor Linda Jackson said that a bug sweep had been required after she received information her office may have been compromised.

“I believed that someone entered my office without authorization,” she said. However, the Mayor has not disclosed whether anything illicit was found during the sweep.

According to the Le Monde newspaper, this followed rumours that the United States National Security Agency (NSA) were able to routinely intercept and read emails from BlackBerrys. The French petrochemical firm Total has also apparently banned the use of BlackBerrys.

Research in Motion (RIM), the makers of the popular personal communication devices dismissed the rumours, stating that Blackberrys are highly secure as all the data is encrypted using 256-bit Advanced Encryption Standard (AES) encryption. 

Every single BlackBerry e-mail message sent, is processed via RIM's operations
centre in Canada.

In the UK the government have not expressed any similar concerns and have in fact approved the BlackBerry Enterprise Solution for transmission of confidential and restricted data.

The KGB, was actively bugging foreign embassies throughout the cold war and earlier bugs had been discovered in the same embassy as far back as the 1940s.

However, this was not a one sided affair. Australia also spied on the Soviet
embassy in Canberra, planting bugs and tapping telephones as a matter of routine.

Neither side talked publicly about their actions and details remained locked in the archives.. The information came to light when Australian cabinet archives were opened in line with the 30 year rule, allowing researchers to dig into Australia's cold war past.

Reports in several leading newspapers revealed that what started as a small investigation into alleged hacking of the computers of Tibetan exiles, exploded into one of the largest ever hacking investigations.

During a 10-month investigation by the Ottawa-based SecDev Group and the University of Toronto, it was discovered that Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan all had computers belonging to their respective ministries of foreign affairs hacked.

Other computers in India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Pakistan and Germany were all reportedly infected with the malware used for this spying network. In addition, electronic copies of sensitive documents from the private office of the Dalai Lama had been stolen.

The Canadain research group who discovered the spying operation said that the main source of the hacking network was located in China. However, they had not been able to detect the specific identity or motivation of the hackers.

With millions of people around the world predicted to join the dole queues in the current downturn, Leyland believes data theft by laid-off staff is set to become one of the most significant threats facing companies.

According to the communications company Verizon, data theft by 'insiders' accounts for less than 20% of total incidents of data theft. However, this figure disguises the fact that insiders have the potential to do much more damage than traditional hackers; targeting and stealing data more easily and in greater volumes.

Expert in mitigating information theft Jason Dibley of QCC Interscan, advised all firms to take some time to reconsider their data security protocols in the light of recent global trends.

"People are increasingly aware of the high market value of business information. This knowledge, may lead former employees who feel they were badly treated to seek to obtain business records for their own private gain. Aim to remove the temptation to steal information. At it's simplest, a robust and visible data security policy may be all that is needed to deter a majority of potential insider security breaches. Alternatively taking advice from a counter surveillance expert about your own firm's particular situation can help keep your business information safe."
 

The BBC reported that "despite intensive searches, nothing was found by the security experts."

Mr Green is the Conservative immigration spokesman. He had been arrested on 27 November 2008 following allegations of leaks of sensitive Home Office material.

In the same inquest Journalist Richard Kay told the Court that Diana herself was concerned that she was being bugged and had urged Kay to have his mobile phone swept for bugging devices.

Jason Dibley, CEO of QCC Interscan is clear about the need for businesses to understand the risks that modern technology brings, alongside the benefits.

"We believe that the threat of unauthorised surveillance against UK and Global business using one of the many modern methods of eavesdropping and technical compromise is both clear and present.

QCC Interscan finds that a high percentage of inspections yield direct or indirect evidence of eavesdropping activity, or uncovers serious security weaknesses that make the likelihood of information theft highly likely."

The site also offers practical guidance on how to handle a suspected security breach.  This includes the basic but essential tip of not using your own mobile or office phone to call in a suspected security problem. Instead the site suggests that you to leave the office and use a payphone to call for help. Valuable nuggets of info such as this are to be found throught the website. See for yourself by visiting www.qcc.co.uk

This book is a practical, step-by-step guide for those responsible for dealing with a range of sensitive information security incidents giving a range of handy hints and tips to improve the response process and aid investigation and recovery from damaging events and crises.