Re: [TSCM-L] {4090} Tech gadgets help corporate spying surge in tough times from socalsweeps on 2009-08-09 (file.mbox)

From: socalsweeps <socal..._at_aol.com>
Date: Sun, 09 Aug 2009 20:54:11 -0700

>From - Sat Mar 02 00:57:24 2024
Received: by 10.204.23.198 with SMTP id s6mr43852bkb.7.1252581444246;
 Thu, 10 Sep 2009 04:17:24 -0700 (PDT)
Received: by 10.204.23.198 with SMTP id s6mr43851bkb.7.1252581444156;
 Thu, 10 Sep 2009 04:17:24 -0700 (PDT)
Return-Path: <urban..._at_googlemail.com>
Received: from mail-fx0-f211.google.com (mail-fx0-f211.google.com [209.85.220.211])
 by gmr-mx.google.com with ESMTP id 14si229772fxm.7.2009.09.10.04.17.23;
 Thu, 10 Sep 2009 04:17:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of urban..._at_googlemail.com designates 209.85.220.211 as permitted sender) client-ip=209.85.220.211;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of urban..._at_googlemail.com designates 209.85.220.211 as permitted sender) smtp.mail=urban..._at_googlemail.com; dkim=pass (test mode) head..._at_googlemail.com
Received: by fxm7 with SMTP id 7so745fxm.34
 for <TSCM-..._at_googlegroups.com>; Thu, 10 Sep 2009 04:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=googlemail.com; s=gamma;
 h=domainkey-signature:received:received:from:to:references
 :in-reply-to:subject:date:message-id:mime-version:content-type
 :x-mailer:thread-index:content-language:x-cr-hashedpuzzle
 :x-cr-puzzleid;
 bh=WWyxoPyH4Uv9UG5lhWW+hLbV6m+DakbTScjIYgxey2o=;
 b=BFwIXfoPtVrnidGv/9DnvET4o2DgxKZ+BMDgVfO/pPoVyxbimL0AqOBd04qk2DrqFW
 QVN0uves3lcvgkPtL61UbAqWSk788ATDR8kMygMfDmITecXyWqxdc039NUXi9IfZLdT+
 H/JyBCBFftzq+Sva1b9A09C3m1K8WTVTiLfTI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
 d=googlemail.com; s=gamma;
 h=from:to:references:in-reply-to:subject:date:message-id:mime-version
 :content-type:x-mailer:thread-index:content-language
 :x-cr-hashedpuzzle:x-cr-puzzleid;
 b=AM9H/xAMK94Zs3Nm8sOJGlYwpX2NaZBmrzwBx1uZTVSH/sTxPis2ND7yfXHWYeRir8
 PKidupC7yXGH/MPcs+dmT6GUfowFGjZZ8g+wvupc23ekJ1/nm3zTEWfwzu0bBARHxepJ
 uVYzaSzEChAO3UiniqGYGDBhjU4SABMFch23w=
Received: by 10.86.170.22 with SMTP id s22mr1042890fge.37.1252581442882;
 Thu, 10 Sep 2009 04:17:22 -0700 (PDT)
Return-Path: <urban..._at_googlemail.com>
Received: from iansweeneyPC (cpc1-cowc4-0-0-cust704.renf.cable.ntl.com [82.6.14.193])
 by mx.google.com with ESMTPS id 12sm158857fgg.6.2009.09.10.04.17.17
 (version=TLSv1/SSLv3 cipher=RC4-MD5);
 Thu, 10 Sep 2009 04:17:19 -0700 (PDT)
From: "urbanreef" <urban..._at_googlemail.com>
To: <TSCM-..._at_googlegroups.com>
References: <84105790-d9a0-4236-bcae-7bf037df02f6_at_p23g2000vbl.googlegroups.com> <4883F8D3.BFAE.4A64.AF15.83C89D1378AE_at_aol.com>
In-Reply-To: <4883F8D3.BFAE.4A64.AF15.83C89D1378AE_at_aol.com>
Subject: RE: [TSCM-L] {4094} Re: Tech gadgets help corporate spying surge in tough times
Date: Thu, 10 Sep 2009 12:17:09 +0100
Message-ID: <006e01ca3208$3dab8ae0$b902a0a0$_at_com>
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----=_NextPart_000_006F_01CA3210.9F6FF2E0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcoZblvBdJTLe5UESMSXbEvMY7YaawYmd2gQ
Content-Language: en-gb
x-cr-hashedpuzzle: wnc= AI6o Bude CGGq CQia CluT EuJG FWCB FlgT Fu/E GymU HQGg HYqe I0MS JGic KUeG;1;dABzAGMAbQAtAGwAMgAwADAANgBAAGcAbwBvAGcAbABlAGcAcgBvAHUAcABzAC4AYwBvAG0A;Sosha1_v1;7;{94A09FB6-B4DD-45EC-B1DE-F5FE8692C28D};dQByAGIAYQBuAHIAZQBlAGYAcwBAAGcAbwBvAGcAbABlAG0AYQBpAGwALgBjAG8AbQA=;Thu, 10 Sep 2009 11:17:06 GMT;UgBFADoAIABbAFQAUwBDAE0ALQBMAF0AIAB7ADQAMAA5ADQAfQAgAFIAZQA6ACAAVABlAGMAaAAgAGcAYQBkAGcAZQB0AHMAIABoAGUAbABwACAAYwBvAHIAcABvAHIAYQB0AGUAIABzAHAAeQBpAG4AZwAgAHMAdQByAGcAZQAgAGkAbgAgAHQAbwB1AGcAaAAgAHQAaQBtAGUAcwA=
x-cr-puzzleid: {94A09FB6-B4DD-45EC-B1DE-F5FE8692C28D}

------=_NextPart_000_006F_01CA3210.9F6FF2E0
Content-Type: text/plain

Hello
We would like announce our latest encrypted mobile phone software release
which supports all models of Apple's iPhone:

* iPhone
* iPhone 3G
* iPhone 3GS

our software for iPhone is completely compatible with all other devices -
PCs, Laptops, Nokia devices and Windows Mobile devices.

Please contact me for a free trial

Regards

Ian

From: TSCM-..._at_googlegroups.com [mailto:TSCM-..._at_googlegroups.com] On
Behalf Of socalsweeps
Sent: 10 August 2009 04:54
To: TSCM-..._at_googlegroups.com
Subject: [TSCM-L] {4094} Re: Tech gadgets help corporate spying surge in
tough times

subrosa, please post the whole article, not just the links

subrosa, please post the whole article, not just the links

Tech gadgets help corporate spying surge in tough times

Updated 7/29/2009 2:19 AM |
<http://www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-esp
ionage-recession-tech_N.htm#uslPageReturn> Comments 22 |
<javascript:void('Recommend')> Recommend 17

<http://www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-esp
ionage-recession-tech_N.htm> E-mail |
<http://www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-esp
ionage-recession-tech_N.htm> Save |
<http://www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-esp
ionage-recession-tech_N.htm> Print | <javaScript:RightslinkPopUp()>
Reprints & Permissions |
<http://asp.usatoday.com/marketing/rss/rsstrans.aspx?ssts=tech%7Cnews%7Ccomp
utersecurity> Subscribe to stories like this

<javascript:;> Counter-surveillance specialist J.D. LeaSure checks offices
for video cameras by using an optical signal identifier that emits an
infrared pulsating light that reflects against camera lenses.

 <http://i.usatoday.net/_common/_images/clear.gif>

<javascript:;> Enlarge image <javascript:;> Enlarge

By Chuck Thomas for USA TODAY

 <http://i.usatoday.net/_common/_images/clear.gif>

Counter-surveillance specialist J.D. LeaSure checks offices for video
cameras by using an optical signal identifier that emits an infrared
pulsating light that reflects against camera lenses.




<http://mixx.com/submit/story?page_url=http://www.usatoday.com/tech/news/com
putersecurity/2009-07-28-corporate-espionage-recession-tech_N.htm&partner=us
at>

 <http://i.usatoday.net/_common/_images/_bugs/owts.gif>

o
<http://buzz.yahoo.com/buzz?publisherurn=usatoday&guid=http%3A%2F%2Fwww.usat
oday.com%2Ftech%2Fnews%2Fcomputersecurity%2F2009-07-28-corporate-espionage-r
ecession-tech_N.htm%3Fcsp%3D34> Yahoo! Buzz

o
<http://digg.com/submit?phase=2&url=http://www.usatoday.com/tech/news/comput
ersecurity/2009-07-28-corporate-espionage-recession-tech_N.htm&title=Tech%20
gadgets%20help%20corporate%20spying%20surge%20in%20tough%20times&topic=>
Digg

o
<http://www.newsvine.com/_wine/save?aff=usatoday&u=http://www.usatoday.com/t
ech/news/computersecurity/2009-07-28-corporate-espionage-recession-tech_N.ht
m&h=Tech%20gadgets%20help%20corporate%20spying%20surge%20in%20tough%20times&
t=> Newsvine

o
<http://reddit.com/submit?url=http://www.usatoday.com/tech/news/computersecu
rity/2009-07-28-corporate-espionage-recession-tech_N.htm&title=Tech%20gadget
s%20help%20corporate%20spying%20surge%20in%20tough%20times> Reddit

o
<http://www.facebook.com/sharer.php?u=http://www.usatoday.com/tech/news/comp
utersecurity/2009-07-28-corporate-espionage-recession-tech_N.htm&title=Tech%
20gadgets%20help%20corporate%20spying%20surge%20in%20tough%20times> Facebook

o
<http://www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-esp
ionage-recession-tech_N.htm#open-share-help> What's this?

By <http://www.usatoday.com/community/tags/reporter.aspx?id=88> Byron
Acohido, USA TODAY

Marla Suttenberg had a sinking feeling that a corporate spy was shadowing
her.

In March 2008, the owner of Woodcliff Lake, N.J.-based Sapphire Marketing
was preparing to give a longtime client a generous price cut on $134,000
worth of audio/videoconferencing equipment.

But before her sales rep could extend the offer, her chief rival, David
Goldenberg, then regional vice president of sales for AMX, a Dallas-based
conferencing systems maker, sent the client an e-mail disparaging Sapphire
and offering a steeper AMX discount.

"I felt sick to my stomach," Suttenberg recalls. To pull that off, someone
had to have infiltrated Sapphire's internal e-mail, she thought at the time.

She was right. A few days later, Goldenberg, 48, of Oceanside, N.Y., was
arrested. He subsequently pleaded guilty to felony wiretapping for tampering
with Sapphire's e-mail. He was sentenced last month to three months
probation and ordered to undergo counseling. "There was nothing
sophisticated about me getting into their e-mail," he said in an interview.
"Honestly, I had no idea that it was illegal."

FIND MORE STORIES IN:
<http://content.usatoday.com/topics/topic/Organizations/Companies/Technology
/Microsoft> Microsoft |
<http://content.usatoday.com/topics/topic/Organizations/Companies/Technology
/Yahoo!> Yahoo! |
<http://content.usatoday.com/topics/topic/Culture/Computers+and+Internet/Fac
ebook> Facebook |
<http://content.usatoday.com/topics/topic/Culture/Computers+and+Internet/Twi
tter> Twitter

Corporate espionage using very simple tactics - much of it carried out by
trusted insiders, familiar business acquaintances, even janitors - is
surging. That's because businesses large and small are collecting and
storing more data than ever before. What's more, companies are blithely
allowing broad access to this data via nifty Internet services and cool
digital devices.

"Having more sensitive information being seen by more people and accessed on
more devices drives up risk significantly," says Kurt Johnson, vice
president at Courion, a supplier of identity management systems.

The slumping economy doesn't help. "Mass layoffs have increased internal
threat levels dramatically," says Grant Evans, CEO of ActivIdentity, which
makes smart cards and security tokens.

Employees worried about job security face rising temptations to seek out and
hoard proprietary data that could help boost their job performance, or at
least make them more marketable should they get laid off, says Adam Bosnian,
vice president at Cyber-Ark Software, another identity management systems
supplier.

Of the 400 information technology pros who participated in a recent
Cyber-Ark survey, 74% said they knew how to circumvent security to access
sensitive data, and 35% admitted doing so without permission. Among the most
commonly targeted items: customer databases, e-mail controls and CEO
passwords.

Cellphones, digital cameras and USB dongles come with vast memory - enough
to store data that a few years ago might have required a stack of CDs, says
Nick Newman, computer crimes specialist at the non-profit National White
Collar Crime Center. Web services, such as Hotmail, Yahoo Mail and Gmail,
and popular social networks, such as Facebook and
<http://content.usatoday.com/topics/topic/Culture/Computers+and+Internet/Twi
tter> Twitter, make terrific free tools for transferring and storing
pilfered data anonymously.

"If you create an environment where your employees can walk freely out the
door with unencrypted, proprietary data, it's only a matter of time before
someone actually does it," says Sam Masiello, vice president at messaging
and browser security firm MX Logic.

Lax passwords a danger

The exposure redoubles at companies that are lax about passwords. Last week,
a hacker pilfered sensitive Twitter business documents and released them
publicly. Twitter co-founder Biz Stone said in a statement that the hacker
got in by figuring out the log-on of a Twitter employee who used the same
non-unique password for several online accounts.

"The unauthorized extraction of information is epidemic and essentially
unstoppable," says Phil Lieberman, CEO of Lieberman Software, which makes
password security systems.

Goldenberg's caper illustrates just how easy it can be. In an interview, he
said it all began in September 2007 when one of the sales reps who reported
to him at AMX jumped ship to rival Sapphire, the sales arm of Crestron
Electronics, a Rockleigh, N.J.-based maker of conferencing systems.
Goldenberg says he inspected the company laptop turned in by the departing
rep and found an e-mail from Sapphire welcoming the new recruit.

The message, he says, included the Web address to Sapphire's e-mail server
and the recruit's new e-mail address and password. Goldenberg says he logged
on as the recruit and quickly figured out the log-ons of three other
employees. Like the recruit, they used their first name as part of their
e-mail address - and as their password.

"He didn't go searching for this," says Dean Schneider, Goldenberg's
attorney. "It basically hit him in the face."

For each e-mail account, Goldenberg activated a feature to forward copies of
all incoming messages to a fresh Gmail account he created. He then spent
long hours and days on end poring over Sapphire e-mail, says Bergen County
prosecutor Brian Lynch. "It was voyeuristic," says Lynch. "That's why we
recommended counseling."

Court records show Goldenberg may have initially gained access to Sapphire's
e-mail months earlier than he claims.

"Admittedly some of our people's passwords probably were not as strong as
they should have been," Suttenberg says. "But just because you have a cheap
lock doesn't mean it's legal to pick the lock."

The customer whom Goldenberg tried to steal contacted Sapphire to inquire
how Goldenberg knew specifics about Sapphire's discount before he did.
Suttenberg talked the customer into sticking with Sapphire.

"He was too blatant," she says of Goldenberg.

A new system

Suttenberg has since scrapped the bare-bones e-mail service supplied by her
local Internet service provider, which cost her a few hundred dollars a
month. She now pays thousands of dollars a month for an in-house Microsoft
Exchange e-mail server brimming with security features. She also instructed
her 10 employees to change their e-mail account passwords frequently and to
avoid passwords "that your co-workers and contacts can figure out."

While Suttenberg has buttoned up Sapphire, millions of small-business owners
- and plenty of big corporations - continue to make it easy for larcenous
insiders. With the exception of highly regulated banking and health care
companies, most businesses are just beginning to discuss how to repel
insider intrusions, security experts say.

The basics include taking stock of how sensitive information is conveyed,
collected and stored - and strictly controlling who has access to it. "We're
seeing 70% to 80% of breaches originating from the inside," says Vladimir
Chernavsky, president of DeviceLock, which makes systems that restrict data
transfers. "Companies need to enforce security policies and make sure
employees know there are severe consequences to a breach."

Spy toys

And then there are the janitors and groundskeepers to worry about, says J.D.
LeaSure, a Virginia Beach counter-surveillance specialist. LeaSure makes his
living conducting "sweeps" that ferret out miniature listening bugs and
video cameras hidden in executive suites, conference rooms and other
settings.

Insider intruders, he says, have come to see value in making audio and video
recordings of certain closed-door discussions. They need only do a Web
search on the phrase "spy bug," and a trove of eavesdropping and peeping-Tom
gadgetry that would impress James Bond turns up. LeaSure calls them
"spy-shop toys."

One of the latest: an ordinary-looking USB cable. You plug one end into a
printer or other peripheral device and the other end into the computer's USB
port. Nothing looks amiss, and the cable operates normally. But it also
houses a sensitive microphone and antenna that continually transmits a UHF
audio signal to a receiver that can be up to 160 feet away. "You can hear
every whisper within the confines of the room,"' says LeaSure.

There are dime-size "contact bugs," which anyone could stick to the outside
of a conference room window and matchbox-size "SIM bugs," or listen-only
cellphones that don't ring or light up, that can be activated by a phone
call an hour, a week or a month later.

Another readily available gadget looks like a luminescent jawbreaker. It is
really a motion-activated video camera and digital video recorder capable of
capturing 33 hours of activity. All one needs to do is perch it where it
won't be noticed on a Monday and retrieve it on a Friday.

LeaSure recently did a security sweep of the CEO's office at a publicly
traded corporation in the Southeast, which he declined to name because of
client confidentiality. There, he found an innocuous-looking ballpoint pen
in a cup with a handful of other pens and pencils. The pen wrote
beautifully. It also contained a voice-activated audio recorder with 2
gigabytes of memory.

LeaSure set up a hidden surveillance camera and caught the janitor swapping
out a fresh pen recorder every third day. The janitor was fired, with no
other repercussions, after disclosing the identity of the insider who put
her up to it.

That person stopped spying after being threatened with legal action, says
LeaSure, but nothing else was done. "The principal did not want the
stockholders or press getting a hold of the fact that company secrets were
leaked because of what that would do to the company's stock price," he says.

------=_NextPart_000_006F_01CA3210.9F6FF2E0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns=
:odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas-micro=
soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc=3D"http://m=
icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:" xmlns:Repl=3D"http://=
schemas.microsoft.com/repl/" xmlns:mt=3D"http://schemas.microsoft.com/share=
point/soap/meetings/" xmlns:x2=3D"http://schemas.microsoft.com/office/excel=
/2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" xmlns:ois=
=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir=3D"http://=
schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds=3D"http://www.w3=
.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint=
/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc" xmlns:xsd=3D"http=
://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas.microsoft.com/sha=
repoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"=
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" xmlns:sps=3D"http://=
schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001=
/XMLSchema-instance" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so=
ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udc=
p2p=3D"http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf=3D"http:/=
/schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss=3D"http://sche=
mas.microsoft.com/office/2006/digsig-setup" xmlns:dssi=3D"http://schemas.mi=
crosoft.com/office/2006/digsig" xmlns:mdssi=3D"http://schemas.openxmlformat=
s.org/package/2006/digital-signature" xmlns:mver=3D"http://schemas.openxmlf=
ormats.org/markup-compatibility/2006" xmlns:m=3D"http://schemas.microsoft.c=
om/office/2004/12/omml" xmlns:mrels=3D"http://schemas.openxmlformats.org/pa=
ckage/2006/relationships" xmlns:spwp=3D"http://microsoft.com/sharepoint/web=
partpages" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/20=
06/types" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/200=
6/messages" xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/Sli=
deLibrary/" xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortal=
Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:=
st=3D"" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">

<style>

</style>

</head>

<body lang=3DEN-GB link=3Dblue vlink=3Dpurple name=3D"Mail Message Editor">

<div class=3DSection1>

Hello 
We would like announce our latest encrypted mobile phone software release w=
hich
supports all models of Apple’s iPhone: 
 
* iPhone 
* iPhone 3G 
* iPhone 3GS 
 
our software  for iPhone is completely compatible with all other devic=
es
-  PCs, Laptops, Nokia devices and Windows Mobile devices.<o:p></o:p><=
/p>

Please contact me for a free trial<o:p></o:p>

Regards<o:p></o:p>

Ian<o:p></o:p>

<o:p> </o:p>

<o:p> </o:p>

<div>

<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm =
0cm 0cm'>

From: TSCM-..._at_googlegroups.com
[mailto:TSCM-..._at_googlegroups.com] On Behalf Of socalsweeps 
Sent: 10 August 2009 04:54 
To: TSCM-..._at_googlegroups.com 
Subject: [TSCM-L] {4094} Re: Tech gadgets help corporate spying surg=
e in
tough times<o:p></o:p>

</div>

</div>

<o:p> </o:p>

<div>

 
 
 
subrosa,  please post the whole article=
, not
just the links<o:p></o:p>

</div>

<div>

<table class=3DMsoNormalTable border=3D0 cellspacing=3D0 cellpadding=3D0 wi=
dth=3D940
style=3D'width:705.0pt' id=3DtopTools>
<tr>
 <td valign=3Dtop style=3D'padding:0cm 0cm 0cm 0cm'>
 <div id=3DapplyHeader>
 <table class=3DMsoNormalTable border=3D0 cellspacing=3D0 cellpadding=3D0 =
width=3D"100%"
 style=3D'width:100.0%'>
 <tr>
 <td style=3D'padding:0cm 0cm 0cm 0cm'>
 subrosa, please post the whol=
e
 article, not just the links 
 
 Tech gadgets help corporate spying surge in t=
ough
 times<o:p></o:p>
 </td>
 </tr>
 </table>
 <o:p> </o:p></span=
>
 <table class=3DMsoNormalTable border=3D0 cellspacing=3D0 cellpadding=3D0 =
width=3D"100%"
 style=3D'width:100.0%'>
 <tr>
 <td style=3D'padding:0cm 0cm 0cm 0cm'>
 Updated 7/29/2009 2:19 AM |  <a
 href=3D"http://www.usatoday.com/tech/news/computersecurity/2009-07-28-c=
orporate-espionage-recession-tech_N.htm#uslPageReturn"
 title=3D"Go to comments">Comments 22 </a>&n=
bsp;|  <a href=3D"javascript:void('Recommend')"
 title=3D"Recommend this article">Recommend <=
span
 style=3D'font-size:8.5pt;font-family:"Arial","sans-serif";color:#E85801=
;
 text-decoration:none'>17</a><o:p></o:p>=

 </td>
 <td style=3D'padding:0cm 0cm 0cm 0cm'>
 <a
 href=3D"http://www.usatoday.com/tech/news/computersecurity/2009-07-28-c=
orporate-espionage-recession-tech_N.htm"
 title=3D"EMAIL THIS">E=
-mail</a> | <a
 href=3D"http://www.usatoday.com/tech/news/computersecurity/2009-07-28-c=
orporate-espionage-recession-tech_N.htm"
 title=3D"SAVE THIS">Sa=
ve</a> | <a
 href=3D"http://www.usatoday.com/tech/news/computersecurity/2009-07-28-c=
orporate-espionage-recession-tech_N.htm"
 title=3D"PRINT THIS">P=
rint</a> | <a
 href=3D"javaScript:RightslinkPopUp()">Reprints & Permissions</a> | <a
 href=3D"http://asp.usatoday.com/marketing/rss/rsstrans.aspx?ssts=3Dtech=
%7Cnews%7Ccomputersecurity"><img border=3D0 width=3D36 h=
eight=3D14
 id=3D"_x0000_i1025"
 src=3D"http://images.usatoday.com/marketing/_images/rssbox.gif"
 alt=3D"Subscribe to stories like this"></a><o:p></=
o:p>
 </td>
 </tr>
 </table>
 </div>
 </td>
</tr>
<tr>
 <td valign=3Dtop style=3D'padding:0cm 0cm 0cm 0cm'>
 <table class=3DMsoNormalTable border=3D0 cellspacing=3D0 cellpadding=3D0
 style=3D'float:left'>
 <tr>
 <td style=3D'padding:0cm 0cm 0cm 0cm'>
 <div style=3D'margin-top:3.0pt;z-index:-1' id=3DapplyMainStoryPhoto>
 <table class=3DMsoNormalTable border=3D0 cellspacing=3D0 cellpadding=3D=
0 width=3D245
 style=3D'width:183.75pt'>
 <tr>
 <td style=3D'padding:0cm 0cm 0cm 0cm'>
 <table class=3DMsoNormalTable border=3D0 cellspacing=3D0 cellpadding=
=3D0
 width=3D"100%" style=3D'width:100.0%'>
 <tr>
 <td colspan=3D2 style=3D'padding:0cm 0cm 0cm 0cm'>
 <a href=3D"javascript:;"><img border=3D0 width=3D245 height=3D159 id=3D"_x0000_i1026"
 src=3D"http://i.usatoday.net/money/_photos/2009/07/29/datatheftx.jp=
g"
 alt=3D"Counter-surveillance specialist J.D. LeaSure checks offices =
for video cameras by using an optical signal identifier that emits an infra=
red pulsating light that reflects against camera lenses. "></a><o:p>=
</o:p>
 </td>
 <td width=3D20 rowspan=3D3 valign=3Dtop style=3D'width:15.0pt;paddi=
ng:0cm 0cm 0cm 0cm'>
 <img border=3D0 width=3D20 height=3D20 id=3D"_=
x0000_i1027"
 src=3D"http://i.usatoday.net/_common/_images/clear.gif"><o:p></o:p>=

 </td>
 </tr>
 <tr style=3D'height:13.5pt'>
 <td width=3D80 style=3D'width:60.0pt;padding:0cm 0cm 0cm 0cm;height=
:13.5pt'>
 <a href=3D"javascript:;"><img border=3D0 width=3D13 height=3D13 id=3D"=
_x0000_i1028"
 src=3D"http://i.usatoday.net/_common/_images/_inside/enlarge.gif"
 alt=3D"Enlarge image"></a> <a href=3D"javascript:;"><sp=
an
 style=3D'color:#666666;text-decoration:none'>Enlarge</a><o:p=
></o:p>
 </td>
 <td width=3D165 style=3D'width:123.75pt;padding:0cm 0cm 0cm 0cm;hei=
ght:
 13.5pt'>
 By Chuck Thomas for USA TOD=
AY<o:p></o:p>
 </td>
 </tr>
 <tr style=3D'height:.75pt'>
 <td colspan=3D2 style=3D'padding:0cm 0cm 0cm 0cm;height:.75pt'>
 <img borde=
r=3D0
 width=3D1 height=3D14 id=3D"_x0000_i1029"
 src=3D"http://i.usatoday.net/_common/_images/clear.gif"><o:p></o:p>=

 </td>
 </tr>
 <tr>
 <td colspan=3D2 style=3D'padding:0cm 0cm 0cm 0cm'>
 =
Counter-surveillance
 specialist J.D. LeaSure checks offices for video cameras by using a=
n
 optical signal identifier that emits an infrared pulsating light th=
at
 reflects against camera lenses.<o:p></o:p>
 </td>
 <td style=3D'padding:0cm 0cm 0cm 0cm'></td>
 </tr>
 <tr height=3D0>
 <td width=3D80 style=3D'border:none'></td>
 <td width=3D165 style=3D'border:none'></td>
 <td width=3D20 style=3D'border:none'></td>
 </tr>
 </table>
 </td>
 </tr>
 </table>
 </div>
 </td>
 </tr>
 </table>
 <div>
 <a
 href=3D"http://mixx.com/submit/story?page_url=3Dhttp://www.usatoday.com/t=
ech/news/computersecurity/2009-07-28-corporate-espionage-recession-tech_N.h=
tm&partner=3Dusat"
 target=3Dmixx><img border=3D0 width=
=3D91
 height=3D24 id=3D"_x0000_i1030"
 src=3D"http://i.usatoday.net/_common/_images/_bugs/mixx.gif"></a><=
o:p></o:p>
 <img border=3D0 width=3D91 height=3D11 id=3D"_x=
0000_i1031"
 src=3D"http://i.usatoday.net/_common/_images/_bugs/owts.gif"><o:p></o:p><=
/span>
 <div style=3D'mso-element:para-border-div;border-top:solid #CCCCCC 1.0pt;
 border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:none;
 padding:2.0pt 0cm 0cm 0cm;margin-left:-18.0pt;margin-right:0cm'>
 <![i=
f !supportLists]>o    =
<![endif]><a
 href=3D"http://buzz.yahoo.com/buzz?publisherurn=3Dusatoday&guid=3Dhtt=
p%3A%2F%2Fwww.usatoday.com%2Ftech%2Fnews%2Fcomputersecurity%2F2009-07-28-co=
rporate-espionage-recession-tech_N.htm%3Fcsp%3D34">Yahoo! Buzz</a></spa=
n><o:p></o:p>
 </div>
 <div style=3D'mso-element:para-border-div;border:none;border-bottom:solid=
#CCCCCC 1.0pt;
 padding:0cm 0cm 0cm 0cm;margin-left:-18.0pt;margin-right:0cm'>
 <![if !supportLists]>o   
 <![endif]> <a
 href=3D"http://digg.com/submit?phase=3D2&url=3Dhttp://www.usatoday.co=
m/tech/news/computersecurity/2009-07-28-corporate-espionage-recession-tech_=
N.htm&title=3DTech%20gadgets%20help%20corporate%20spying%20surge%20in%2=
0tough%20times&topic=3D"
 target=3Ddigg>Digg</sp=
an></a><o:p></o:p>
 <![if !supportLists]>o   
 <![endif]> <a
 href=3D"http://www.newsvine.com/_wine/save?aff=3Dusatoday&u=3Dhttp://=
www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-espionage-=
recession-tech_N.htm&h=3DTech%20gadgets%20help%20corporate%20spying%20s=
urge%20in%20tough%20times&t=3D"
 target=3Dnewsvine>News=
vine</a><o:p></o:p>
 <![if !supportLists]>o   
 <![endif]> <a
 href=3D"http://reddit.com/submit?url=3Dhttp://www.usatoday.com/tech/news/=
computersecurity/2009-07-28-corporate-espionage-recession-tech_N.htm&ti=
tle=3DTech%20gadgets%20help%20corporate%20spying%20surge%20in%20tough%20tim=
es"
 target=3Dreddit>Reddit=
</a><o:p></o:p>
 <![if !supportLists]>o   
 <![endif]> <a
 href=3D"http://www.facebook.com/sharer.php?u=3Dhttp://www.usatoday.com/te=
ch/news/computersecurity/2009-07-28-corporate-espionage-recession-tech_N.ht=
m&title=3DTech%20gadgets%20help%20corporate%20spying%20surge%20in%20tou=
gh%20times"
 target=3Dfacebook>Face=
book</a><o:p></o:p>
 </div>
 <div style=3D'mso-element:para-border-div;border:none;border-bottom:solid=
#CCCCCC 1.0pt;
 padding:0cm 0cm 0cm 0cm;margin-left:-18.0pt;margin-right:0cm'>
 <![if !supportLists]>o   
 <![endif]><a
 href=3D"http://www.usatoday.com/tech/news/computersecurity/2009-07-28-cor=
porate-espionage-recession-tech_N.htm#open-share-help"
 title=3D"What's this">=
What's
 this?</a><o:p></o:p>
 </div>
 </div>
 <div style=3D'margin-bottom:11.25pt' id=3DbyLineTag>
 By&nb=
sp;<a
 href=3D"http://www.usatoday.com/community/tags/reporter.aspx?id=3D88"><sp=
an
 style=3D'color:#00529B;text-decoration:none'>Byron Acohido</a>, US=
A
 TODAY<o:p></o:p>
 </div>
 <div>
 Marla Suttenberg had=
a
 sinking feeling that a corporate spy was shadowing her.<o:p></o:p>=

 </div>
 In March 2008, the owner of Woodcliff Lake, N.J.-based Sapph=
ire
 Marketing was preparing to give a longtime client a generous price cut on
 $134,000 worth of audio/videoconferencing equipment.<o:p></o:p></p=
>
 But before her sales rep could extend the offer, her chief
 rival, David Goldenberg, then regional vice president of sales for AMX, a
 Dallas-based conferencing systems maker, sent the client an e-mail
 disparaging Sapphire and offering a steeper AMX discount.<o:p></o:p></spa=
n>
 "I felt sick to my stomach," Suttenberg recalls. T=
o
 pull that off, someone had to have infiltrated Sapphire's internal e-mail=
,
 she thought at the time.<o:p></o:p>
 She was right. A few days later, Goldenberg, 48, of Oceansid=
e, N.Y.,
 was arrested. He subsequently pleaded guilty to felony wiretapping for
 tampering with Sapphire's e-mail. He was sentenced last month to three mo=
nths
 probation and ordered to undergo counseling. "There was nothing
 sophisticated about me getting into their e-mail," he said in an
 interview. "Honestly, I had no idea that it was illegal."<o:p><=
/o:p>
 <div id=3DtagCrumbs>
 FIND
 MORE STORIES IN: <=
a
 href=3D"http://content.usatoday.com/topics/topic/Organizations/Companies/=
Technology/Microsoft">Microsoft</a> |&=
nbsp;<a
 href=3D"http://content.usatoday.com/topics/topic/Organizations/Companies/=
Technology/Yahoo!">Yahoo!</a> |&nbs=
p;<a
 href=3D"http://content.usatoday.com/topics/topic/Culture/Computers+and+In=
ternet/Facebook">Facebook</a> |&n=
bsp;<a
 href=3D"http://content.usatoday.com/topics/topic/Culture/Computers+and+In=
ternet/Twitter">Twitter</a><o:p></o:p=
>
 </div>
 Corporate espionage using very simple tactics — much o=
f it
 carried out by trusted insiders, familiar business acquaintances, even
 janitors — is surging. That's because businesses large and small ar=
e
 collecting and storing more data than ever before. What's more, companies=
are
 blithely allowing broad access to this data via nifty Internet services a=
nd
 cool digital devices.<o:p></o:p>
 "Having more sensitive information being seen by more
 people and accessed on more devices drives up risk significantly," s=
ays
 Kurt Johnson, vice president at Courion, a supplier of identity managemen=
t
 systems.<o:p></o:p>
 The slumping economy doesn't help. "Mass layoffs have
 increased internal threat levels dramatically," says Grant Evans, CE=
O of
 ActivIdentity, which makes smart cards and security tokens.<o:p></o:p></s=
pan>
 Employees worried about job security face rising temptations=
to
 seek out and hoard proprietary data that could help boost their job
 performance, or at least make them more marketable should they get laid o=
ff,
 says Adam Bosnian, vice president at Cyber-Ark Software, another identity
 management systems supplier.<o:p></o:p>
 Of the 400 information technology pros who participated in a
 recent Cyber-Ark survey, 74% said they knew how to circumvent security to
 access sensitive data, and 35% admitted doing so without permission. Amon=
g
 the most commonly targeted items: customer databases, e-mail controls and=
CEO
 passwords.<o:p></o:p>
 Cellphones, digital cameras and USB dongles come with vast
 memory — enough to store data that a few years ago might have requi=
red a
 stack of CDs, says Nick Newman, computer crimes specialist at the non-pro=
fit
 National White Collar Crime Center. Web services, such as Hotmail, Yahoo =
Mail
 and Gmail, and popular social networks, such as Facebook and <a
 href=3D"http://content.usatoday.com/topics/topic/Culture/Computers+and+In=
ternet/Twitter">Twitter</a>, make ter=
rific
 free tools for transferring and storing pilfered data anonymously.<o:p></=
o:p>
 "If you create an environment where your employees can =
walk
 freely out the door with unencrypted, proprietary data, it's only a matte=
r of
 time before someone actually does it," says Sam Masiello, vice presi=
dent
 at messaging and browser security firm MX Logic.<o:p></o:p>
 Lax passwords a danger<o:p></o:p>
 The exposure redoubles at companies that are lax about
 passwords. Last week, a hacker pilfered sensitive Twitter business docume=
nts
 and released them publicly. Twitter co-founder Biz Stone said in a statem=
ent
 that the hacker got in by figuring out the log-on of a Twitter employee w=
ho
 used the same non-unique password for several online accounts.<o:p></o:p>=

 "The unauthorized extraction of information is epidemic=
and
 essentially unstoppable," says Phil Lieberman, CEO of Lieberman
 Software, which makes password security systems.<o:p></o:p>
 Goldenberg's caper illustrates just how easy it can be. In a=
n
 interview, he said it all began in September 2007 when one of the sales r=
eps
 who reported to him at AMX jumped ship to rival Sapphire, the sales arm o=
f
 Crestron Electronics, a Rockleigh, N.J.-based maker of conferencing syste=
ms.
 Goldenberg says he inspected the company laptop turned in by the departin=
g
 rep and found an e-mail from Sapphire welcoming the new recruit.<o:p></o:=
p>
 The message, he says, included the Web address to Sapphire's
 e-mail server and the recruit's new e-mail address and password. Goldenbe=
rg
 says he logged on as the recruit and quickly figured out the log-ons of t=
hree
 other employees. Like the recruit, they used their first name as part of
 their e-mail address — and as their password.<o:p></o:p>
 "He didn't go searching for this," says Dean
 Schneider, Goldenberg's attorney. "It basically hit him in the
 face."<o:p></o:p>
 For each e-mail account, Goldenberg activated a feature to
 forward copies of all incoming messages to a fresh Gmail account he creat=
ed.
 He then spent long hours and days on end poring over Sapphire e-mail, say=
s
 Bergen County prosecutor Brian Lynch. "It was voyeuristic," say=
s
 Lynch. "That's why we recommended counseling."<o:p></o:p></span=
>
 Court records show Goldenberg may have initially gained acce=
ss
 to Sapphire's e-mail months earlier than he claims.<o:p></o:p>
 "Admittedly some of our people's passwords probably wer=
e
 not as strong as they should have been," Suttenberg says. "But =
just
 because you have a cheap lock doesn't mean it's legal to pick the lock.&q=
uot;<o:p></o:p>
 The customer whom Goldenberg tried to steal contacted Sapphi=
re
 to inquire how Goldenberg knew specifics about Sapphire's discount before=
he
 did. Suttenberg talked the customer into sticking with Sapphire.<o:p></o:=
p>
 "He was too blatant," she says of Goldenberg.<o:p>=
</o:p>
 A new system<o:p></o:p>
 Suttenberg has since scrapped the bare-bones e-mail service
 supplied by her local Internet service provider, which cost her a few hun=
dred
 dollars a month. She now pays thousands of dollars a month for an in-hous=
e
 Microsoft Exchange e-mail server brimming with security features. She als=
o
 instructed her 10 employees to change their e-mail account passwords
 frequently and to avoid passwords "that your co-workers and contacts=
can
 figure out."<o:p></o:p>
 While Suttenberg has buttoned up Sapphire, millions of
 small-business owners — and plenty of big corporations — cont=
inue to make it
 easy for larcenous insiders. With the exception of highly regulated banki=
ng
 and health care companies, most businesses are just beginning to discuss =
how
 to repel insider intrusions, security experts say.<o:p></o:p>
 The basics include taking stock of how sensitive information=
is
 conveyed, collected and stored — and strictly controlling who has a=
ccess to
 it. "We're seeing 70% to 80% of breaches originating from the
 inside," says Vladimir Chernavsky, president of DeviceLock, which ma=
kes
 systems that restrict data transfers. "Companies need to enforce
 security policies and make sure employees know there are severe consequen=
ces
 to a breach."<o:p></o:p>
 Spy toys<o:p></o:p>
 And then there are the janitors and groundskeepers to worry
 about, says J.D. LeaSure, a Virginia Beach counter-surveillance specialis=
t.
 LeaSure makes his living conducting "sweeps" that ferret out
 miniature listening bugs and video cameras hidden in executive suites,
 conference rooms and other settings.<o:p></o:p>
 Insider intruders, he says, have come to see value in making
 audio and video recordings of certain closed-door discussions. They need =
only
 do a Web search on the phrase "spy bug," and a trove of
 eavesdropping and peeping-Tom gadgetry that would impress James Bond turn=
s
 up. LeaSure calls them "spy-shop toys."<o:p></o:p>
 One of the latest: an ordinary-looking USB cable. You plug o=
ne
 end into a printer or other peripheral device and the other end into the
 computer's USB port. Nothing looks amiss, and the cable operates normally=
.
 But it also houses a sensitive microphone and antenna that continually
 transmits a UHF audio signal to a receiver that can be up to 160 feet awa=
y. "You
 can hear every whisper within the confines of the room,"' says LeaSu=
re.<o:p></o:p>
 There are dime-size "contact bugs," which anyone c=
ould
 stick to the outside of a conference room window and matchbox-size "=
SIM
 bugs," or listen-only cellphones that don't ring or light up, that c=
an
 be activated by a phone call an hour, a week or a month later.<o:p></o:p>=

 Another readily available gadget looks like a luminescent
 jawbreaker. It is really a motion-activated video camera and digital vide=
o
 recorder capable of capturing 33 hours of activity. All one needs to do i=
s
 perch it where it won't be noticed on a Monday and retrieve it on a Frida=
y.<o:p></o:p>
 LeaSure recently did a security sweep of the CEO's office at=
a
 publicly traded corporation in the Southeast, which he declined to name
 because of client confidentiality. There, he found an innocuous-looking
 ballpoint pen in a cup with a handful of other pens and pencils. The pen
 wrote beautifully. It also contained a voice-activated audio recorder wit=
h 2
 gigabytes of memory.<o:p></o:p>
 LeaSure set up a hidden surveillance camera and caught the
 janitor swapping out a fresh pen recorder every third day. The janitor wa=
s
 fired, with no other repercussions, after disclosing the identity of the
 insider who put her up to it.<o:p></o:p>
 That person stopped spying after being threatened with legal
 action, says LeaSure, but nothing else was done. "The principal did =
not
 want the stockholders or press getting a hold of the fact that company
 secrets were leaked because of what that would do to the company's stock
 price," he says.<o:p></o:p>
 </td>
</tr>
</table>

<o:p> </o:p>

</div>

 

<o:p> </o:p>

</div>

</body>

</html>

------=_NextPart_000_006F_01CA3210.9F6FF2E0--
Received on Sat Mar 02 2024 - 00:57:24 CST

This archive was generated by hypermail 2.3.0 : Sat Mar 02 2024 - 01:11:45 CST