Is the CIA Spying on the Senate?

What happens when a spy agency spies on the Congressional body that was created to keep spying in check in the first place? What are the implications of the CIA spying on the Senate?

That is exactly what Sen. Dianne Feinstein, D-Calif., head of the Senate Intelligence Committee, asserts has happened.  In a scathing address to the Senate, Feinstein, who has been a strong advocate of the intelligence community in the past, accused the Central Intelligence Agency (CIA) of violating “the separation of powers principles embodied in the United States Constitution including the Speech and Debate clause”.

This accusation stems from an agreement between the committee and the agency to allow committee aides to review millions of confidential documents related to the post 9/11 Bush administration detention program for handling terror suspects.  In the process of reviewing these documents, staffers came across an internal review of the agency’s practices. When the CIA became aware of this, Feinstein claims they searched the network — including the committee’s internal network — and removed the documents.

Both sides have accused each other’s staffs of improper behavior and both sides are denying any wrongdoing.  Feinstein stressed that her staffers did not hack into the network to obtain them, but merely came across them in their review of the materials.  CIA Director John Brennan denied the allegations saying, “Nothing can be further [from] the truth, we wouldn’t do that. I mean that’s just beyond the scope of reason in terms of what we would do.”

I hope nothing is further from the truth, because the implications of spy agencies spying on those who oversee and contain their spying activities suggests that surveillance power has run amok and those wielding it consider themselves above the law. To me, if this turns out to be true, it is a bright red flag signaling the erosion of some of our most fundamental democratic principles. 

Perhaps Sen. Lindsey Graham, R-S.C., said it best: “Heads should roll, people should go to jail if it’s true.  If it is, the legislative branch should declare war on the CIA.” But first, we must figure out if there’s any truth behind the question: Is the CIA spying on the Senate?

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Corporate Espionage at Dyson: Looking Inside an Inside Job

Is there a chance that someone could be stealing your most profitable business secrets? Competitive intelligence isn’t new, but it certainly has gotten easier with the introduction of ubiquitous high resolution cameras (smartphones), miniature storage devices that hold massive amounts of data (USB drives) and advanced tools of human manipulation (social networking).

Dyson, the British engineering firm behind the popular bagless vacuum cleaners and Airblade hand dryers, accused their German counterpart, Bosch, of planting a mole, or corporate spy, inside their headquarters for two years to steal vital research and development information. Bosch has denied any wrongdoing and refuses to return the technology or intellectual property. In an odd twist, Bosch hasn’t publicly denied planting an inside spy to siphon competitive intelligence from their rival.

In a world of highly competitive and rapid technological advancements, this sort of news brings to mind three crucial questions for businesses wanting to protect their intellectual property:

Does corporate espionage happen frequently?

The short answer?  YES!  When you combine competitive pressures to outshine the competition with easy-to-use espionage tools (smartphones, Wi-Fi hacking apps, Facebook), it’s easier than ever for a spy to walk out your door with the proverbial recipe for the secret sauce.

Can the inside job be stopped?

Remember, Bosch could go buy a Dyson, take it apart, and reverse engineer it. When this happens (as with Apple and Samsung), the victim’s recourse is to sue.  But here’s the reality: Once intellectual property starts to leak, regaining it is like trying to collect raindrops with cupped hands; you go to an awful lot of work to quench a tiny portion of your thirst. Occasionally the results of taking it to court justify the fight. If you have a war chest like Apple, it can be profitable to fight for your intellectual property. For most companies, however, the prudent strategy is to prevent or minimize the damage of competitive espionage in the first place. In other words, yes, the inside job can be stopped, or at least marginalized to a point where damage is minimal.

How can companies prevent corporate espionage?

Every form of competitive espionage has one thing in common — a spy. There is always a human element to data theft.  Businesses tend to fixate on gadgets and the software that protects them. In the meantime, a human being walks out the door with the information in his pocket.  The best solutions to prevent competitive espionage then, focus on the human side of the equation:

  • Properly vet new hires utilizing appropriate and legal background checks.The EEOC has essentially made it illegal to NOT hire someone based solely on their criminal record, so be cautious with your process
  • Train staff  on inside theft and warning signs of corporate espionage (particularly those positions key to fraud detection). With the right training and a supportive culture, most spies are caught red handed by loyal employees before the data leaves the building. But your honest employees need to be properly trained to detect possible spying and must operate within an environment that encourages anonymous reporting of suspicious behavior.
  • Create aggressive non-disclosure agreements (NDAs) with tight legalese that covers your intellectual property when it falls into the wrong hands. More importantly, aggressive NDAs send a message to potential spies that you are serious about protecting your intellectual property.
  • Implement technical tools that log and alert you when intellectual property is being copied to an unapproved device
  • Utilize IP Compartmentalization of confidential information. This should address  all three realms of exposure: physical, digital, and human. In the spy world, this known as giving access on a “need-to-know basis”. Examples include implementing user-level permission settings on your network and creating a classification system (public, confidential, top secret) throughout your digital and physical filing structure.

John Sileo is an award-winning author and keynote speaker on data privacy and reputation protection. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper, 60 Minutes or Fox Business.

5 Reasons NOT to Buy Our Latest Book!

, , ,

Privacy Means Profit (Wiley) available in bookstores today!

Here are The Top 5 Reasons You Shouldn’t Buy It:

You love sharing bank account numbers, surfing habits and customer data with cyber thieves over unprotected wireless networks

You never tempt hackers and con artists by using Gmail, Facebook, LinkedIn, Twitter, Google Docs, or other cloud computing platforms to store or communicate private info, personally or professionally.

You bury your head in the sand, insisting that “insider theft” won’t affect your home or business.

You’ve already hardened your laptops and other mobile computing devices in 7 vital ways,  eliminating a major source of both personal and corporate data theft.

You have a “thing” for identity theft recovery costs and would rather invest thousands in recovery than $25 in prevention.

If you want to defend yourself and your business against identity theft, data breach and corporate espionage, then buy a copy of Privacy Means Profit.

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

Privacy Means Profit builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

In Privacy Means Profit, John Sileo demonstrates how to keep data theft from destroying your bottom line, both personally and professionally. In addition to sharing his gripping tale of losing $300,000 and his business to data breach, John writes about the risks posed by social media, travel theft, workplace identity theft, and how to keep it from happening to you and your business.

Identity Theft Speaker Website Gets a Facelift got a makeover!

We recently updated our website dedicated to my day job as a professional identity theft speaker and expert. The re-launch reflects the release of our new book, Privacy Means Profit, updated resources and our recent appearance on 60 Minutes.

We hope the new website will help you stay up to date on current information survival issues like social media exposure, browser espionage, cyber theft and host of other issues.

Feel free to email us with any questions, comments or feedback on the new site.

The New Features include:

Credit Card Scams: Celebrities Targeted

Wouldn’t you think Ben Stiller is famous enough to be immune to losing his identity to a thief? Not so! Credit card scams can bring anyone to their knees, even Hollywood’s most famous!

Many celebrities have recently been the victims of a credit card scam that seems too easy to be true. All it took was the suspect calling the credit card companies using the stars’ personal information, claiming the cards had been lost. He requested the replacement cards be sent to a Chicago address and in a matter of days was able to begin his shopping spree. Eventually, a skeptical undercover agent from the US Postal Inspection Service was able to think like a spy and detect the fraud after he hand-delivered the cards to the suspect.

Now this week Adedamola Olatunji, 29, a Nigerian-born man who allegedly used Stiller’s card to run up charges on iTunes and an on-line dating service, was indicted on forgery, mail fraud, theft, aggravated identity theft, computer fraud and other felony charges.

Olatunji allegedly told investigators he tried to purchase several thousand dollars worth of merchandise with the card to send to a friend in the United Kingdom, the source said. The scam is a way to work around companies’ refusal to ship items to Nigeria and other countries where fraud is a big-time business.

The suspect gathered personal information on the stars and used social engineering skills to get past the bank’s procedure to verify that the cards were being ordered by the actual cardholder. If it can happen to famous folks, it can happen to you. One step you (and Ben) can take to protect yourselves is to check your credit report at least 3 times a year.  Read it carefully and look for any unknown credit checks or new credit cards. If something looks suspicious, call the bank or credit card company immediately to alert them to the fraud.

An even more effective protection is to place a freeze on your credit so that no accounts can be opened in your name without your unfreezing your credit.

John Sileo became America’s top Identity Theft Speaker after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, the FTC, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Social Engineering: Scams that play on your Human Emotion

, ,

If it seems too good to be true, it probably is. Picture 12

That is the best way to Think Like A Spy and be alert of Social Engineers that are trying to manipulate you.  With such a gloomy economy and many people without work, offers for fast cash and huge discounts become more and more attractive. Most of these Identity Theft cases use the technique of Social Engineering.

Social Engineering is the act of manipulating people into performing actions or divulging confidential information by playing on their human emotions. The term typically applies to deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. These days most thieves can nab your identity over the phone, mail, email, and through social networking sites such as Facebook and Twitter.

While some schemes scam you into giving out social security numbers, bank account numbers or other confidential identity pieces, others are as simple as a pickpocket distracting you emotionally while another thief steals your wallet or purse. Here are what a few of the most widely used savvy cyber attacks look like:

  • Phony charitable phishing scams, many of which are designed to look as if they come from real charities. Always enter in the exact URL for the Charity that you wish to donate to rather than clicking on a link.
  • Urgent email or text notices from your bank. They tell you to click on a link to access your account to fix an important, time sensitive problem. Don’t click on a link via email. Always type in the exact URL of your your bank or call the number on the back of your card. Nothing is that urgent.
  • Nigerian Email Scam. This scam has been around for decades in different versions and states that a wealthy foreigner needs help moving millions of dollars from his homeland and promises a hefty percentage for helping him. This scheme is designed to part you with your money. Once you send a check or bank account numbers you won’t see a dime in return and most victims report losing thousands and hundreds of thousands of dollars to this scam.
  • Notices via email, phone, or mail that announce that You Have Won the Lottery! The message usually claims that you will be paid a large sum of money after you pay them a small amount now. Although this is tempting, just say no. Legitimate lotteries don’t ask you pay anything after you have already won.
  • Facebook or Twitter distress messages from your friends. If you see a friend asking for money and you are considering helping them out, you should ALWAYS call that friend first. Make sure that their account hasn’t been hacked by a thief.
  • Malware-ridden E-cards. It is sad, but true that it is no longer safe to open E-cards. Many contain malware to attack your desktop and gain access to confidential information. Make sure you have updated virus software protection to notify you of viruses that come through emails or the Internet.
  • Make fast cash now! AKA: Make thousands a day working from home! All you have to do is send $50.00 for the starter kit. More often than not people will send their $50.00 and never receive anything in return. This scam has become more popular with our nations high unemployment rate.

These are only a few of the many variations of Identity Theft through Social Engineering. Since social engineering often plays on emotions, you should be careful not to get duped during a tragedy or commemorative event. This is when people are in a mood of giving and their emotions run high.  So remember to stop and think about the possible consequences of an offer that may just be too good to be true. Never be afraid to say no!

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC.  To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076