Former National Security Agency Director Keith Alexander participates in a panel discussion

Former NSA head Alexander asks agency to review patents

SAN FRANCISCO (Reuters) – Former National Security Agency Director Keith Alexander has asked the U.S. intelligence agency to review patent filings by his company to make sure that they do not reveal any secrets or misappropriate any government work.

Alexander told Reuters he took the step to head off additional controversy about IronNet Cybersecurity, a startup he announced after leaving the NSA last year.

“We think it’s a good idea that the government review them,” Alexander said in an interview ahead of an appearance at the RSA Conference on cyber security in San Francisco.

Alexander said his company had already applied for some patents, which should eventually become public record.

The patent issue has drawn questions from security experts and ethicists who wondered if Alexander would be profiting from the labors of others at the NSA and U.S. Cyber Command, which he had also headed. Alexander previously dropped a plan to have an NSA employee work part-time at the startup.

Alexander said that the core ideas in the patents were brought to him by another employee who developed them in the private sector. An NSA spokeswoman did not respond to a request for comment.

On other matters, Alexander said that the U.S. government needed to do more on cyber security defense and should have done more in the past.

He also said that he was seeing an increased blending of state-sponsored and criminal cyber attacks. As one example, he cited websites associated with the breaches of Home Depot Inc and Target Corp that contained hostile references to U.S. foreign policy.

“There are tremendous concerns” that those sites “show a much closer relationship with state objectives,” Alexander said.

Under President Vladimir Putin, Russian cooperation with Western law enforcement has grown even more rare, and the United States has taken to publicly indicting some residents it is unlikely to capture.

Corruption is one problem, and another is that intelligence agencies in Russia, like those in the America, want to put those with computer hacking skills to work on other objectives.

If relations worsen with Russia or China, that analysis suggests the potential for major breaches originating in those countries will rise, he said.

Alexander also said he was concerned that if talks with Iran fail to produce a nuclear agreement by a June 30 deadline, the country will return to direct attacks like those it was accused of launching on U.S. banking websites in 2011 and 2012.

(Reporting by Joseph Menn; Editing by Alan Crosby)

This article was written by Joseph Menn from Reuters and was legally licensed through the NewsCred publisher network.

Sony hackers targeted employees with fake Apple ID emails

Sony hackers targeted employees with fake Apple ID emails

Hackers probably gained access to Sony’s network last year after a series of phishing emails aimed at system engineers, network administrators and others who were asked to verify their Apple IDs, a security expert said today.

Last fall, Sony Pictures Entertainment, a U.S. subsidiary of Sony, was infiltrated by attackers, who purloined gigabytes worth of files, ranging from emails and financial reports to digital copies of recently-released films. Then just before Thanksgiving, the attackers crippled Sony’s PCs with malware that erased the machines’ hard drives.

Several weeks later, the FBI formally pinned responsibility for the attack on the North Korean government.

Stuart McClure, founder and CEO of Cylance, and formerly the CTO of McAfee, analyzed files that the hackers dumped on the Internet — as well as the malware used in the attack — and concluded that the likeliest explanation was that the assault began with so-called “spear phishing” emails directed at employees who had significant or even root access to Sony’s network.

Those emails, which appeared to be from Apple but were not, demanded that recipients verify their Apple ID credentials because of purported unauthorized activity. If an included link was clicked, the victim ended up at a site that hosted an official-looking request for account verification. Apple ID is the account used by iPhone, iPad and Mac owners to connect to iCloud and purchase content on iTunes.

McClure and Cylance found numerous examples of the Apple ID phishing emails in the contents of Sony workers’ inboxes that the attackers later published on the Web.

“It was clear to us that this was the likely scenario,” said McClure in an interview today. “There were multiple attempts at spear phishing from the Oct. 3 to Nov. 3 timeline that were getting incredibly more sophisticated as they went on.”

Those emails had been directed, at least in part, at critical Sony employees who were the most likely to have broad access to the company’s network. The hackers apparently scouted LinkedIn — the popular career website — for the names and titles of those workers.

“There was a very direct connection between the passwords obtained and the LinkedIn listings for those who had network privileges, including system engineers,” said McClure.

The hackers may have used the harvested Apple ID credentials to guess the internal passwords used by employees — working on the assumption that password reuse is commonplace — or even managed to trick some recipients into disclosing their Sony credentials directly by telling them to enter those account usernames and passwords in the bogus Apple ID verification screens.

“A number of these users whose credentials had been captured and then hard-coded into the malware were folks who had significant access to the network,” McClure contended.

At least one appeared to be an administrator who had access to Sony’s installation of Microsoft’s System Center Configuration Manager (SCCM) 2007, an enterprise tool for managing large numbers of corporate computers. Among SCCM’s duties: Distributing software to employees’ personal computers.

“When I saw an administrator for SCCM [among the usernames and passwords in the malware], I want, ‘Wow, okay, this is probably the scenario,'” said McClure, who mimicked the hackers by cross-checking leaked credentials with LinkedIn entries for Sony employees. “The attackers had software distribution rights throughout the enterprise. That made perfect sense.”

McClure speculated that one reason why the attack was initially attributed to an insider was that it may have looked like an inside job. Armed with stolen SCCM credentials, the hackers could have used the software to distribute their malware to Sony’s PCs. The malware could have been pitched to employees as a necessary update or new internal-only software, and because it originated from SCCM, would have been seen as entirely legitimate.

“Honestly, this is speculation, but it is a reasonable approach based on the evidence,” said McClure. “The question is, ‘How could this most likely have gone down?'”

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin

U.S. House passes second ‘threat-sharing’ cybersecurity bill

WASHINGTON (Reuters) – The U.S. House of Representatives voted overwhelmingly on Thursday to pass a bill that extends liability protection for companies that share information about cyber attacks, if they give the data to the U.S. Department of Homeland Security.

The House voted 355 to 63 in favor of the bill, a companion to a measure the chamber passed on Wednesday making it easier for private companies to share information about cybersecurity threats with each other and the government without fear of lawsuits.

The legislation must still be passed by the Senate and signed by President Barack Obama to become law.

Despite strong objections from privacy advocates who worry that the legislation could lead to more surveillance, supporters expect passage in the Senate. The White House has said it had some concerns about the bill but supported its passage and believed it could be fixed as the legislation is finalized in Congress.

Corporations have been clamoring for Congress to address cybersecurity after high-profile attacks on companies including Sony Pictures Entertainment, Target, Anthem and JP Morgan Chase.

The National Cybersecurity Protection Advancement Act of 2015 would use the DHS as an intermediary for sharing the electronic information.

(Reporting by Patricia Zengerle; Editing by Grant McCool)

This article was from Reuters and was legally licensed through the NewsCred publisher network.

Hackers Can Steal Fingerprints From Samsung Galaxy S5

Hackers Can Steal Fingerprints From Samsung Galaxy S5

Samsung Galaxy S5

Maybe your fingerprint isn’t so unique after all, at least not if you have a Samsung Galaxy S5. New research suggests it’s possible for hackers to steal a user’s fingerprint data right from their phone, effectively giving them control over a Galaxy S5 without a password.

Biometrics like fingerprint scanners, eye scanners and voice recognition technology have been touted as the solution to the forever untrustworthy password. But Tao Wei and Yulong Zhang, researchers at the cybersecurity company FireEye, are planning to deliver a presentation at the RSA security conference in San Francisco Friday outlining findings that seem to indicate the contrary. Makers of the Galaxy S5 and other unnamed phones have tried, but failed, to compartmentalize fingerprint data in an encrypted secure zone, leaving incoming data vulnerable to interception, the researchers said.

“If the attacker can break the kernel [the core of the Android operating system], although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint censor at any time. Every time you touch the fingerprint sensor, the attacker can steal your fingerprint,” Zhang told Forbes magazine. “You can get the data and from the data you can generate the image of your fingerprint. After that you can do whatever you want.”

A Samsung spokesperson told Forbes the company is investigating the researchers’ claims.

This article was written by Jeff Stone from International Business Times and was legally licensed through the NewsCred publisher network.

Having ‘the ear of the CEO’ is key to battling cyberthreats

Having ‘the ear of the CEO’ is key to battling cyberthreats

WASHINGTON — When a cyberattack comes, organizations need to have in place a solid tech team that reaches to the highest levels of the enterprise, former FBI Director Robert Mueller cautioned at a recent government IT event.

The potential for hacks and data breaches amounts to “an existential threat to the corporation, and there needs to be someone in charge,” Mueller says, “someone who has the ear of the CEO.”

“One of the most important hires [an organization will make] is the CISO,” Mueller says.

Mueller, the second-longest serving head of the FBI, now works in private practice, serving as a partner in the law firm WilmerHale, where his practice focuses on cybersecurity, privacy, investigations and crisis management.

And a major cyberattack, such as those recently visited upon Sony and Target, touches on all four of those areas.

The cyberattack threat landscape

The increase in the volume and sophistication of cyberattacks has been well documented, but Symantec, the host of the event where Mueller gave his keynote address, offers a fresh analysis of the threat landscape.

According to the firm’s Internet Security Threat Report, 2014 was a record-setting year for zero-day activity, and companies were slow to respond. Symantec tallied 24 zero-day vulnerabilities last year, and determined that software firms responded by rolling out patches on average 59 days after the threats were discovered, up from just four days the previous year.

Symantec also observed an 8 percent increase in spear-phishing attacks last year, but noted that the perpetrators conducted those campaigns using 20 percent fewer emails than in 2013, indicating a higher level of precision with which those attacks were carried out.

At a time when vast stores of consumer data, intellectual property and other high-value assets are being housed in networked environments, a strong security operation that involves the whole of the enterprise is paramount.

[Related: U.S. government courts Silicon Valley on cybersecurity ]

“The stakes have never been higher,” says Symantec President and CEO Michael Brown, who calls the steady march of high-profile breaches the “new normal.”

“Cyberattackers are leapfrogging traditional defenses,” Brown says, noting that the challenge is further compounded by the number of infiltrations and attacks that go undetected. When Symantec begins working with an organization to help respond to a cyber incident, company officials “find several others already in progress,” according to Brown.

Mueller recalls efforts to increase cybersecurity awareness throughout the workforce during his time at the bureau, at times running counter to the hierarchical culture at the organization.

“I learned the lesson there in terms of delegation,” he says. “At the bureau, to sit down with someone three or four levels below is anathema.”

Many experts argue that that spirit of cooperation and coordination must extend beyond the enterprise to see rival companies and government agencies work more closely together on cyber issues.

A better system for sharing cyberthreat information

At a basic level, that would involve a more fluid system for sharing information about emerging cyberthreats. This week, the House is considering a pair of bills that would aim to break down some of the barriers for companies to share threat information, both of which have strong support from prominent tech and telecom trade groups, including the Information Technology Industry Council and NCTA, which represents the cable broadband sector.

On Tuesday, the White House issued statements supporting key tenets of both bills, but at the same time warned of what it calls overly broad liability protections that could amount to granting “immunity to a private company for failing to act on information it receives about the security of its networks.”

[ Related: White House Wants 10% Hike in Cybersecurity Spending ]

Those and other issues have dogged past efforts to enact information-sharing legislation, though there is a broad agreement that the current legal environment is due for an update to encourage companies to talk to each other, and, perhaps just as importantly, to open the lines of communication between business and government.

“The private sector is the key partner in cyber,” Mueller says.

This article was written by Kenneth Corbin from CIO and was legally licensed through the NewsCred publisher network.

U.S. Defense Secretary Ash Carter, center, addresses U.S. military personnel during a meeting at Osan U.S. Air Base

Pentagon To Unveil New Cyberstrategy

ash carter

For the first time ever, the Pentagon will list “cyber operations” as a means of targeting its adversaries, according to a new cybersecurity strategy scheduled to be unveiled on Thursday. The document, accessed by several media outlets ahead of its release, reportedly states that the U.S. military should be able to use cyber operations to “disrupt an adversary’s command and control networks, military-related critical infrastructure and weapons capabilities.”

The new initiatives, which will be announced by Defense Secretary Ashton Carter during a speech at Stanford University on Thursday, will be a marked departure from the previous cyberstrategy, released in 2011, which made little reference to the Pentagon’s offensive capabilities in cyberspace. The document also singles out threats from Russia, China, Iran and North Korea, according to media reports.

“The United States must be able to declare or display effective response capabilities to deter an adversary from initiating an attack,” the document reportedly states. “During heightened tensions or outright hostilities, DOD [Department of Defense] must be able to provide the president with a wide range of options for managing conflict escalation.”

However, speaking to reporters en route to California, Carter reportedly said that the “primary focus” of the U.S. cyberstrategy would remain on defense. “It will be useful to us for the world to know that, first of all, we’re going to protect ourselves,” he reportedly said.

In recent years, cyberattacks against the U.S. government and companies have witnessed an uptick, and, as in the case of last year’s breach of Sony Pictures’ database, North Korean hackers have been directly implicated.

“The severity and sophistication of the cyberthreat to U.S. interests has progressed over the last few years, so we wanted to make sure the Department of Defense was focused on doing things that would help mitigate that threat,” a U.S. official, speaking on the condition of anonymity, told the Washington Post.

The new initiatives would also include the establishment of a Defense Department cell in Silicon Valley. “Staffed by an elite cadre of active duty and civilian personnel, DIUX [Defense Innovation Unit Experimental] will also be complemented by reservists, representing some of the best technical talent in the world,” Defense One reported, citing an unnamed official.

This article was written by Avaneesh Pandey from International Business Times and was legally licensed through the NewsCred publisher network.

Ghana launches a probe after most of the west African government's websites fell victim to hackers

US House clears cybersecurity bill in bid to stem hacking

The US House of Representatives on Wednesday passed a bill aimed at improving the sharing of information about cybersecurity threats between the government and the private sector.

The measure, passed on a 307-116 vote, would give President Barack Obama’s administration most of what it sought, but the bill has raised objections from civil liberties activists.

Obama has been for years seeking a cybersecurity bill that allows companies to share information on threats without fear of liability.

But some activists argued that the bill encroaches on civil liberties in its bid to improve cybersecurity.

Greg Nojeim at the Center for Democracy & Technology said the bill could allow the government to create a vast database which could be used for unrelated criminal investigations.

“That makes the bill look as much as a surveillance bill as a cybersecurity bill,” Nojeim told AFP.

The measure also appears to shield companies which seek to “hack back” after a cyberattack, Nojeim said.

“The last thing a cybersecurity bill should do is allow hacking back, which creates insecurity,” he said.

The White House this week expressed similar concerns, saying the House bill “authorizes the use of certain potentially disruptive defensive measures” and that this “raises significant legal, policy, and diplomatic concerns and can have a direct deleterious impact on information systems and undermine cybersecurity.”

During the debate, Representative Jim Langevin said it was “particularly important” to codify an information-sharing framework.

“From data breach to critical infrastructure protection, our ever more connected world ensures that there will be a further demand for congressional action,” he said.

A separate cybersecurity bill is pending in the Senate, and if it clears that chamber, the two would have to be reconciled by a joint committee before sending it to the White House.

This article was from Agence France Presse and was legally licensed through the NewsCred publisher network.

Illustration file picture shows a man typing on a computer keyboard in Warsaw

House passes cyber-threat information bill

WASHINGTON (Reuters) – The U.S. House of Representatives passed a bill on Wednesday that would make it easier for private companies to share information about cyber security threats with the government without fear of lawsuits.

The vote was 307-116 in favor of the measure, which passed after a series of high-profile cyber attacks on Sony Pictures Entertainment, Target and other U.S. corporations. Several previous bills addressing the issue had failed.

The bill must be approved by the U.S. Senate before it can be sent to President Barack Obama to sign into law. A similar measure was passed by a 14-1 vote in the Senate Intelligence Committee, and supporters say they expect strong bipartisan support in the full Senate as well.

The Obama administration said on Tuesday it had some concerns about the bill but supported its passage and believed it could be fixed as the legislation is finalized in Congress.

`

(Reporting by Patricia Zengerle; Editing by Peter Cooney)

This article was from Reuters and was legally licensed through the NewsCred publisher network.

Illustration file picture shows a man typing on a computer keyboard in Warsaw

House passes cyber-threat information bill

WASHINGTON (Reuters) – The U.S. House of Representatives passed a bill on Wednesday that would make it easier for private companies to share information about cybersecurity threats with the government without fear of lawsuits.

The vote was 307-116 in favor of the measure, with strong support from Republicans and Democrats.

Several previous bills addressing the issue had failed, partly because of concerns that they might lead to more surveillance. But a series of high-profile cyber attacks on Sony Pictures Entertainment, Target and other U.S. corporations added urgency to the push for legislation.

“At some point, we need to stop talking about the next Sony, the next Anthem, the next Target, the next JP Morgan Chase and the next State Department hack, and actually pass a bill that will help ensure that there will be no next cyber attack,” said Representative Adam Schiff, the top Democrat on the House Intelligence Committee.

Corporations have been clamoring for Congress to act.

The U.S. Chamber of Commerce sent a letter to every member of the House earlier on Wednesday urging support of the bill.

The legislation must be approved by the Senate before it can be sent to President Barack Obama to sign into law. A similar measure passed by a 14-1 vote in the Senate Intelligence Committee, and supporters say they expect strong bipartisan support in the full Senate as well.

The Obama administration said on Tuesday it had some concerns about the bill but supported its passage and believed it could be fixed as the legislation is finalized in Congress.

(Reporting by Patricia Zengerle; Editing by Peter Cooney)

This article was written by Patricia Zengerle from Reuters and was legally licensed through the NewsCred publisher network.

Red alert! Why India Inc needs to wake up to cyber crime

Red alert! Why India Inc needs to wake up to cyber crime

The email said very little. Dated January 29, 2015, it was from Graham Lawton of Leeds district police, Yorkshire. Somewhere in Lower Parel, inside an office in Mumbai’s congested mill area, the person to whom the email was addressed to glanced through it. All it said was that the money has reached the bank accounts of two individuals—Fylling and Phan, probably a Vietnamese migrant —with Barclays.

For the man in Parel, a director at a large textile export firm, it was the only thing he could hold on to since the day half-a-million dollars that he was supposed to receive from one of his overseas clients mysteriously found its way into two unfamiliar accounts with a British bank.

The Man in Estonia

Sometime last November, he had sensed that something was amiss when his client, who he has been dealing with for years, informed him that the payment for the last consignment has been made. He was further told that following his advice, this time the money was remitted to another account to save tax. Hours later, the firm’s IT guy, who had by then roped in an ethical hacker, told him that the company was facing a cyber-attack.

Till then, he had thought that cyber crimes were of two kinds: credit card fraud—when the bank sends you a huge bill though you haven’t bought a thing—and, high-tech snooping by Chinese and Israeli hackers prying on energy companies and the government establishments—the variety you watch in movies or read in a Ludlum novel.

No one in the Indian export house had instructed the overseas buyer to wire the money to a different bank account. Then, who did? The man who did the mischief was sitting inside a room in Tallinn, Estonia, possibly identifying his next target, and far from the reaches of Inspector Lawton and the Mumbai Police.

“This guy was tracking the emails, transactions, client contacts of the firm in India, perhaps for months, before unleashing the attack…He hacked into firm’s systems, terminals by either phishing or planting a virus, and sent the email to the foreign client on identical letter head of the Indian firm along with the director’s signature… I have come across five similar cases in the past three months,” said Sahir Hidayatullah, a 32-year-old Mumbai-based ethical hacker who advises firms on cyber security.

A hacker may install a software that tracks a PC in a way that he gets to know even if the user changes the password frequently. “There are professional fraudsters and rivals carrying out corporate espionage with bugs that are easily available and randomly used. It’s just not big companies, even stock brokers try to snoop on one another,” said Sahir.

The Money Mules

The Estonian in the story had used the time zone smartly. He sent the mail to the Indian firm’s overseas client Friday late afternoon, betting that the Indian firm will not have a clue till Monday afternoon by when funds have moved to the wrong bank account. For him, Fylling and Phanare are just parking lots—better known as “money mules” in the world of cyber crime. All they do is lend their bank accounts, take a small cut and use the Western Union network to transfer the money to the Estonian or his agent.

Often, a chain of mules are at work to obfuscate the money trail. The smarter ones also use online games to mislead investigating agencies—using the cash to buy and then sell back through game sites like War of Warcraft. Mules are hired in India through innocuous part-time job ads. Some do it unwittingly, little realising the risk: when a fraud surfaces, they are the first to be picked up by the cops.

People like Sahir use their skills to build firewalls, spell out the dos and don’ts, and help cops track a slippery hacker. But things can be more complex if a corporate rival has a mole in the firm that’s under attack.

 

Keys to the Kingdom

“Many organisations don’t realise that their IT team literally holds the keys to the kingdom. They can reconfigure, access and control any system. Your most precious data is looked after by these teams, who are usually outsourced and not subject to much scrutiny. We have seen cases of IT administrators pillaging the senior management’s email inboxes to sell to the competition, or copying out customer databases for sale in the market,” said D Sivanandhan, former Director General of Police, Maharashtra and current chairman at Securus First, an organisation that provides investigation and security assessment consulting services.

“I recall the ease with which an employee of a BPO changed the address of the bank account and removed `90 lakh with the help of passwords from other employees. Of course, caught by the police, the person said with impunity that the same thing could be done in another 200 ways!.. Most organisations still view cyber-risks as something the IT department handles. It’s about time that C-level executives start actively understanding what can be an existential threat to businesses of any size…” said Shivanandan.

For business establishments— like the Lower Parel one or a pharma company which faced a similar attack—chances of recovering the money are very slim. They rarely go to the cops, fearing reputation loss; neither do they inform clients or JV partners to avoid further compliance issues and losing business. And, most mid-sized companies do not maintain Internet and electronic records that can be produced as evidence in court.

Legal Loopholes

“In cases of targeted hacking, most suppliers and customers do not have a formal written contract and the supply of goods occurs on the basis of telephone conversations or email exchange. This makes it difficult on occurrence of disputes to affix liability and responsibility for the loss between the parties,” said Tushar Ajinkya, partner at the law firm DSK Legal.

Just as companies are unaware of how vulnerable their systems are, CEOs have no clue how tortuous salvaging the lost money can be. Cops lack advanced skill, manpower, technical tools and equipment to track a cyber crime complaint. Hackers, like the man in Estonia, who can change their strategy on an hourly basis, play around the system because they know that the police and lawyers can achieve very little in unfriendly jurisdictions. “In the ATM theft case that happened in the DGP office compound involving the accounts of policemen, the investigating team had gone to Greece to trace, without any success,” said Shivanandan.

Cops and enforcement agencies are also using the skills of techies in other ways—where the crime may be as old-fashioned as underinvoicing of imports to lower tax outgo. Vinod Bhattathiripad, a cyber forensic consultant who advises Directorate of Revenue Intelligence and the Kerala Police, has helped to nab several cases involving imports from China. “For every $100 import by one of the largest electrical equipment dealers, the invoice value showed $30. The balance was paid from its associates in Dubai and Malaysia. This is happening on a huge scale by importers of other items like kitchen utensils and bathroom fittings. Some of these companies reformat their hard discs every few months to escape. But so far we have been able to trace the frauds,” he said.

But unlike duty-evading firms or stupid money mules who leave behind their fingerprints, the Man in Estonia may remain a faceless, shadow crook for years. He will have the last laugh if he isn’t taken seriously.

 

Plug and Play Hacker

Think of cyber espionage and you image a nerd with thick glasses and frizzy hair in an underground secret lab. The world has changed from the ’90s thriller flicks—things are far from hush hush. Several bugs that rival corporates, foreign agencies and outright thugs use are devices that can be bought online for anything between a few thousand rupees and a few lakhs—one may even pick up a few from Mumbai’s Heera Panna Bazaar. Check the air-freshener or the adapter on your office wall; or, look behind the computer terminal—if your office is bugged, chances are you may come across one of these.

HID Controller

It’s like a hacker sitting at your desk and typing away, except it happens in microseconds. Less than an inch in size, it can be disguised as a flash drive. Like a normal pen drive, it’s plugged in to a USB port. A programmable micro controller, the device pretends to be a keyboard.

GSM Bug

The cheapest bug, you can buy this toy at Mumbai’s Heera Panna market. Anyone would mistake it for an ordinary adapter. What no one notices is the SIM card inserted in the device. Plug it to a power point inside a board room. Once the board meeting begins, your rival from distant location calls up a particular GSM number. The call activates the SIM and the attacker overhears the entire conversation.

Audio bug

Just an inch long, it’s one of the deadliest audio recording bug that can be installed in any crevice of a large conference room. It is voice-activated, has a 600-hour recording time, and encrypts the data-so even if it is found, the information is inaccessible. Not available in the free market, used only by top professionals and government agencies.

Key logger

A wireless keystroke e recorder, it can be plugged into the back of any desktop computer-the beauty is you may not discover it for days. The little device records anything that is typed, including passwords and emails. The attacker receives the information via its built-in Wi-Fi connection from up to 300 meters away.

Spy glasses

A replica of a one of those thickframed glasses, this pair of high-definition spy glasses has built-in storage and no wires. It conceals a virtually invisible full HD camera and can RECORD BOTH AUDIO AND VIDEO for two hours. Can be used to record confidential information on whiteboards, paper and in meetings.

PWNPLUG

Identical to an air-freshener, you won’t give it a second look. Once planted on the wall, it can access the network, files,transactions—almost everything. The lethal, wireless device gives the attacker-who could be in another country -complete remote access through 3G. It’s equivalent to having an unauthorised laptop full of hacking software on your network.

This article was written by Sugata Ghosh from The Economic Times, India and was legally licensed through the NewsCred publisher network.