"Phone companies know where their customers' cellphones are, often within a radius of less than 100 feet. That tracking technology has rescued lost drivers, helped authorities find kidnap victims and let parents keep tabs on their kids. But the technology isn't always used the way the phone company intends. One morning last summer, Glenn Helwig threw his then-wife to the floor of their bedroom in Corpus Christi, Texas, she alleged in police reports. She packed her 1995 Hyundai and drove to a friend's home, she recalled recently. She didn't expect him to find her. The day after she arrived, she says, her husband "all of a sudden showed up." According to police reports, he barged in and knocked her to the floor, then took off with her car. The police say in a report that Mr. Helwig found his wife using a service offered by his cellular carrier, which enabled him to follow her movements through the global-positioning-system chip contained in her cellphone .....

According to Domain-B , Deloitte's information security of 60+ Indian organizations raised an interesting point: "Optimistically, information security awareness and training is among the top three security initiatives indicated by the resspondents [sic]. However, most security awareness programmes start with an e-learning module, which raises awareness and knowledge, but does not necessarily alter behaviour." It amuses me that so many organizations think they can just splash out some money on an e-learning package about information security, and that's it.  Compliance box ticked.  Management off the hook.  They've 'done something'.  Let's all live happily ever after. I'm not saying that e-learning packages are worthless, quite the opposite in fact.  They are a valuable part , supplement or addition to a comprehensive security awareness program, the point being that, taken in isolation, watching a somewhat stilted video session and maybe answeri...

Aren’t wireless networks wonderful? So convenient to use, flexible and cheap to deploy, they’re great!  No longer are we tied to our desks by the network, keyboard and mouse  cables.  Wireless technologies enable laptops and other mobile computers to be connected to the corporate networks and the Internet, while distant locations can be linked-up using microwave radio over point-to-point or satellite links.  Travelers use public WiFi hotspots or 3G USB sticks to keep up with email and social networks while on the move, and use GPS geolocation/mapping systems to find their way.  Organizations use RFID tags to monitor valuable items, track their mobile inventories and manage logistics.  Most of us these days rely heavily on our mobile phones and PDAs which are, in fact, sophisticated digital radios using the 3G and other wireless networks.  Many of us have Bluet...

Rebecca Herold has written an excellent list of typical physical security issues in the average office, or indeed other information-rich workplaces. She suggests conducting physical security reviews out-of-hours. I have done this kind of review hundreds of times myself, as part of "installation audits" using ISO/IEC 27002 as a benchmark for the kinds of controls expected. Doing them in the daytime or out-of-hours makes little difference - if anything, during the daytime the number of issues is magnified by the things employees typically do while at work, such as: Leaving work-in-progress all over their desks and screens, not just while they are actively working on it but while they go to coffee or lunch; Leaving desks, filing cabinets, and even safes open; Chatting merrily away to each other on on the phone about sensitive personal or commercial matters, with no regard to who else might be listening; Leaving personal stuff (mobile phones, PDAs, USB sticks, wallets/purses, h...

An article in Psychology Today , of all places, recounts several more old industrial espionage stories, making the point that this cloak-n-dagger stuff has been going on for thousands of years.  Major incidents have changed the course of history.

All the Tea in China recounts a nineteenth Century industrial espionage story, concerning the British plant collector Robert Fortune. Fortune collected (stole?) tea plants from China to launch the British tea plantations in India, so ending the Chinese stranglehold on the world's supply of tea.

Richard A. Clarke evidently has a knack for writing contentious books on information and national security topics.  His latest co-authored book, Cyber War: The Next Threat to National Security and What to Do About It , prompts the federal government and corporate America to wake up to the threat. Writing about the book for Bloomberg BusinessWeek , Rochelle Garner says one of Clarke's key messages is: "Get serious about industrial espionage. Clarke says many companies aren't aware of how common trade-secret theft has become, partly because the federal government doesn't keep track of the financial consequences. He says the U.S. needs to be more like the U.K. More than a year ago, the security agency MI5 told the biggest 300 companies in Britain to assume their computers had been hacked by the Chinese and then met with executives to discuss the breaches it knew about and how to prevent future ones." As with many other US authors, the implication seems to ...

A short piece about competitors using industrial espionage to steal information about cars under development suggests that the practices are widespread. The article specifically mentions: Information obtained and disclosed through networks of moles, friends and acquaintances Use of helicopters to spy on a rival's road tests Intelligence functions within the organization Social engineering Hidden microphones & cameras 'Clandestine visits to sensitive places' Reverse engineering i.e. dismantling a new vehicle to find out how it is made [That's a far from exhaustive list.  I wrote about others in our latest newsletter and awareness materials.] I find it intriguing that stories of this nature have been circulating for years.  There's one on the go now about Chery and GM .  On the rather weak basis that there's no smoke without fire, there does seem to be a particular fascination with industrial espionage in the auto industry.  Why is that, I wonder?  Perhaps for...