TECHNOLOGY and COMMUNICATION

With the rapid increase in mobile smart phone use, a new and far more efficient channel for fraud and identity theft is emerging.  Malicious applications, which in some cases are purporting to be from big-name institutions such as HSBC and USAA are showing up on the Web and in vendor app stores.  These apps, when downloaded by the user, become a built-in information collection engine which overtly collects personal and financial information entered by the user and/or covertly collects information which is stored or transmitted.  In December Google removed a number of fraudulent applications from it's Android Marketplace.  As banks rush to provide mobile banking services and customers enjoy the many added conveniences, this problem is only likely to grow.  Application stores such as those from Apple, Google, RIM and Palm need to increase their verification processes and remain continuously vigilant.  Users need to increase their own education of the risks involved in using these applications and be on the lookout for unusual activity on their devices and in their accounts.

This may be a purely academic discussion and maybe not even that, but…. I read the following article in Secrecy News which is a well regarded national security publication of the American Federation of Scientists. http://www.fas.org/blog/secrecy/2010/02/cia_hit_lists.html
It discusses a Washington Post article from 27 January which discusses a “Target List” maintained by the CIA and JSOC (Joint Special Operations Command) of named Terrorist Suspects to be killed or captured.  The Post stated that there were 3 names of American Citizens on this list, but the CIA responded saying that those names were not on it’s list.  Well this sounds rather like political assassination in many ways.  I was under the mistaken impression that the Church Committee findings and resulting 1976 Executive Order 11905, from President Ford, banning assassinations, was still in effect.  In reality this order has been changed at least three times.  The chronology of which is here http://www.au.af.mil/au/awc/awcgate/crs/rs21037.pdf <http://www.au.af.mil/au/awc/awcgate/crs/rs21037.pdf>   Once in 1978 by President Carter with E.O. 12036, which was clarified by President Regan in 1981 with E.O. 12333 which further prohibited any indirect participation in assassinations by anyone employed by, or acting on the behalf of the US Government. No doubt the CIA quickly made some new friends after President Ford’s directive.  But here’s the rub, The term ”assassination” is not defined in E.O. 12333, nor was it defined in the predecessor orders.  In general, it appears that an assassination may be viewed as an intentional killing of a targeted individual committed for political purposes. However, the scope of the term is the subject of numerous interpretations, on two points primarily. Either generally without regard to time and place, and depending upon whether the killing takes place in time of war or peace.  The latter presumably meaning during a declaration of war, but that is not defined anywhere either.  It could be concluded that the Ford E.O. and its successors were responding to concerns raised with respect to killing of foreign officials or heads of state, and may not have been intended to extend to the killing of others, such as the now infamous “enemy combatants”.  That interpretation seems consistent with the focus of the Church Committee’s investigation, to which the Ford executive order responded.  Rendering this issue completely obfuscated, is the Bush Administration conclusion that these previous orders did not apply to “named terrorists”.  In this way Mr. Bush, effectively circumvented the legal constraints on clandestine killing missions imposed since the Church committee investigation.  According to senior government officials, again quoted by the Washington Post, Mr. Bush signed an order known as an “intelligence finding", which broadens the list of potential targets beyond Bin Laden and his immediate circle of some 15 operational planners — and beyond Afghanistan.  SecDef. Donald Rumsfeld then said, "It is not possible to defend yourself against terrorists at every single location in the world and at every single moment….. "The only way to deal with terrorists is to take the battle to them and find them and root them out and that's self-defense. We're going after these people and their organizations and capabilities and to stop them killing Americans."  Now I’m probably a little more “Hawk” than “Dove”, but his seems much more like offence than defense to me.  Perhaps Rummy was never much of a team-sports guy.  So where is this all going you ask.  In order for us to effectively implement a fair and just national security program, we need to hold ourselves to a much higher standard with respect to the use of lethal force beyond our borders.  If we believe that our American justice System is the best and highest existing model for the fair treatment of humanity (and I do), then we should apply it.  Anyone is justified in the use of deadly force when confronted with an immediate and lethal threat.  On the other hand, if Willy McCoy shoots uncle Hatfield and runs off, you are not justified in firing up your Tomahawk Missile or Predator Drone and blowing him up in his Land Rover at the local Walmart, collateral damages be damned.  If we want to be viewed by the world as trustworthy and just democracy, we might try a better approach than employing the same terrorist tactics against our aggressors. 

Corporate Espionage or spying on competitors to gain insider information, or any actionable competitive intelligence gathered from where people travel to, whom they meet with, what materials they are buying and/or what manufacturing plants they visit, is common practice all over the world.  Perhaps no where is this more intensely practiced, than in the Financial District of New York City.   This activity also requires that corporations employ their own counterintelligence practices to prevent the leakage of information on their competitive activity.  This means ensuring that key employees and executives, as well as strategy partners, are not surveilled and that data is not acquired by any means from laptop theft and hacking to dumpster-diving.

Eamon Javers, author of Broker, Trader, Lawyer, Spy, says spying is pervasive in corporate America and especially on Wall Street as firms try to get a competitive advantage against each other. View the interview from The Street.com

Well the 2010 Winter Olympic Games begin today and if you are a fellow iPhone junky, you can follow every event, gather stats and receive alerts from your favorite events (unless you want to watch, without spoling the fun) iPhone users can use their device to play winter games, check TV schedules and follow the medal counts. Here’s a list of 10 iPhone apps you should get before the games begin:

Top 10 Olympic iPhone Apps

Brian Krebs has published some good new information on this topic.  A new and cleverly disguised ATM skimmer was found attached to a Citibank ATM in California in late December.   Rick Doten, chief scientist at Lockheed Martin’s Center for Cyber Security Innovation. has become a leading authority on these devices.  Doten has built an impressive slide deck on ATM fraud attacks, below are several of his images used in his presentations.

According to Doten, the U.S. Secret Service estimates annual losses from ATM fraud totaled about $1 billion in 2008, or about $350,000 each day. Card skimming, where the fraudster affixes a bogus card reader on top of the real reader, accounts for more than 80 percent of ATM fraud, Doten said.

Notice the WindowsNT screen!   My advise... If you see this, RUN AWAY