PI Newswire

A former administrative assistant to a top executive at Walt Disney Co. pleaded guilty Tuesday to fraud charges related to her participation in an insider-trading scheme.

Bonnie J. Hoxie, 34, of Los Angeles admitted in federal district court in New York to attempting to sell confidential information that she gained access to as an assistant for Disney’s head of corporate communications, Zenia Mucha.

According to the criminal complaint, Hoxie obtained material, nonpublic information about Disney, including advance details about its second-quarter earnings. She shared the information with her boyfriend, Yonni Sebbag, for the purpose of selling it to outside investors in advance of the company’s earnings call.

Sebbag sent letters to hedge funds and other investment companies, offering to sell the information for purposes of insider trading.

Three days in advance of the May 11 earnings call, Hoxie sent a confidential document that contained a collection of talking points that Disney’s executives would refer to while answering analysts’ questions, according to the criminal complaint.

Read more…

A private investigator has told the BBC how he obtained confidential information on behalf of journalists working for various British newspapers.

In 2005 Mr Whitamore pleaded guilty to breaching the Data Protection Act in relation to confidential information which had been obtained from the police national computer.

Steve Whitamore, who describes himself as a “commercial tracing agent”, told PM’s Jon Manel he thought it was “unfair” none of the journalists he helped had ever been prosecuted.

View Source…

Google confirmed on Tuesday that it fired an employee earlier this year for violating its policies on accessing the accounts of its users.

Earlier in the day, Gawker reported that David Barksdale, an engineer in Google’s Seattle offices, used his position as a key engineer evaluating the health of Google’s services to break into the Gmail and Google Voice accounts of several children. After parents of the children complained to Google, Gawker said Barksdale–who was not accused of anything other than being creepy–was dismissed, and Google confirmed that move late Tuesday.

“We dismissed David Barksdale for breaking Google’s strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems, if we are to operate them properly–which is why we take any breach so seriously,” Google’s Bill Coughran, senior vice president of engineering, said in a statement.

The incident highlights how easy it can be for anyone with access to confidential information stored online to abuse it, regardless of any systems that are in place. The report did not suggest that Google knew of Barksdale’s actions and failed to do anything about it, but it does raise questions regarding how effective Google’s systems are in preventing a potentially rogue engineer from abusing their position.

A source familiar with the incident said this was not the first time a Google employee has been dismissed as the result of a privacy breach, though the previous incident didn’t involve anyone under 18. It’s not clear whether the increase in the amount of time auditing logs referenced in Coughran’s statement was directly related to the Barksdale incident.

View Source…

In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon) I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have.

At the recent Defcon event, social engineers proved that it doesn’t take much more than asking to get the necessary information that may lead to penetrating a person’s computer.

Social engineering is a fancier, more technical form of lying.

An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network.

Social engineering is all based on telling a lie and getting others to tell the truth in response. Thousands of years of civilized conditioning and cultural teaching to help and trust one another has made people just a little too eager to help.

Participants in the contest successfully got employees from some Fortune 500 companies to provide full profiles of the inner workings on network PCs and software that could easily be used to launch an attack.

Some revealed what operating system they had, the version of their service pack, antivirus software, browser, email, which model their laptops were, the virtual private network software the company used, and even what garbage collector hauled the company’s trash.

In some cases, the tricksters even got the Fortune 500 employees to visit certain websites while on the phone. Sometimes the simple act of visiting a website can install a malicious program on your PC if it’s not properly protected.

Based on the answers provided by the employees, the social engineer can guide the person to whatever website that would infect their computer based on the answers provided.

Read more…

NEW YORK — Lawyers for a former IBM senior executive said Tuesday that an intimate relationship with a hedge fund company employee who later “played” him led him to feed her confidential information that resulted in his insider trading arrest.

In court papers submitted in federal court in Manhattan, lawyers for Robert Moffat blamed an affair with fellow defendant Danielle Chiesi for behavior that led him to plead guilty to conspiracy to commit securities fraud and securities fraud. They asked a judge to sentence him to probation on Sept. 13.

Moffat, 53, of Ridgefield, Conn., was charged along with 20 others in what prosecutors have called the largest hedge fund insider trading case in history. Moffat was once considered a candidate for chief executive officer at IBM.

“That fact that what began as a professional relationship between Ms. Chiesi and himself became intimate is a transgression that haunts Bob terribly,” the lawyers wrote.

They said Moffat met Chiesi in 2002 and over time the “relationship with Ms. Chiesi became an intimate one.”

As a result, they said, Moffat on several occasions in 2008 provided Chiesi with information about three companies, including IBM. At the time, Moffat was senior vice president and group executive at International Business Machines Corp.’s Systems and Technology Group.

The lawyers said Chiesi was not the passive recipient of Moffat’s information.

“To the contrary, she manipulated or ‘played’ him to obtain information that she could use,” the court papers said.

Read more…

Asian companies negotiating contracts with Apple allegedly paid more than $1m in kickbacks to an Apple manager in exchange for confidential information about what Cupertino would be buying.

That’s according to a suit filed by Apple against Paul Shin Devine, until now a global supply manager at Apple. The suit follows his indictment for wire fraud and money laundering, among other things, as reported by the San Jose Mercury News. Devine was allegedly paid the money in exchange for information about the iPhone and iPod, which gave the companies the upper hand in negotiations with Apple.

We don’t know exactly what that information was – the court filing doesn’t include it – but those said to have paid for it obviously thought it was worth the money. Negotiators would be keen to know information about upcoming models, competing bids and how much Apple expected to pay for items. Such information would be extremely valuable on the negotiating table.

The Wall Street Journal names three of the companies involved as Kaedar Electronics Co, Cresyn Co and Jin Li Mould Manufacturing Pte, of China, South Korea and Singapore respectively.

The source of the money allegedly was obfuscated with the aid of one Andrew Ang, who is named in the indictment as a confederate of Devine and used to work for Jin Li. According to the filing Ang and Devine worked together to route money around the world in an ultimately unsuccessful attempt to hide its source. Devine is now in the custody of the US Marshals Service, while Ang’s location isn’t known.

Read more…

Cyber criminals have raided the accounts of thousands of British internet bank customers in one of the most sophisticated attacks of its kind.

The fraudsters used a malicious computer programme that hides on home computers to steal confidential passwords and account details from at least 3,000 people.

The internet security experts M86, who uncovered the scam, estimate that at least £675,000 has been illegally transferred from the UK in the last month – and that the attacks are still continuing.

ll the victims were customers with the same unnamed online bank, the company said.

Last night online banking customers were urged to make sure their anti-virus software was up to date – and to check for any missing sums from their accounts.

The attack has been traced to a ‘control and command’ centre in Eastern Europe. However, the nationality of the cybercriminals is unknown.

The attacks were carried out when hundreds of thousands of home computers were infected with a type of harmful computer code called a Trojan.

Trojans hide in websites, emails or downloads. Once installed on a computer they can record every type of the keyboard, steal confidential information or even open up a PC’s security so that it can be controlled remotely from another country.

The latest attack involved a Trojan called Zeus v3 which hides inside adverts on legitimate websites.

Read more…

Data breach risks are on the rise for manufacturing companies that don’t improve their IT visibility, management and controls, according to a new study. The research, carried out by secure, managed file transfer firm Ipswitch, reveals that IT professionals are using personal email accounts to mask file transfer activity from management.

More than one third (40%) of those surveyed at this year’s Infosecurity Europe conference admitted to sending sensitive or confidential information this way, to eliminate the detection trail. That constitutes a potentially major security and compliance breach.

Additionally, the research shows that, while not all personal email used to send business information is malicious, it is risky. More than two-thirds of respondents (69%) conceded that they send classified information – such as payroll, customer data and financial information – over unsecure email at least once a month; 34% said they do so daily.

Frank Kenney, vice president of global strategy at Ipswitch, says the most common reasons cited are speed, convenience and the ability to send large files without hassle.

“Employees will almost always take the path of least resistance, even if that unintentionally means violating company policies and breaking security protocols,” points out Kenney.

“Businesses need complete visibility into the files that are moving internally and externally company-wide, with a file transfer approach that makes it fast and easy for employees to securely exchange information with customers, partners and colleagues,” he insists.

He also says that establishing file transfer policies isn’t enough. While the most firms in Ipswitch’s survey (62%) seem to have file-sharing policies in place, many don’t have the means to enforce them. Despite increasingly strict governance and compliance mandates, 72% said they lack visibility into files moving both internally and externally.

Read more…

Any citizen, any foreign spy, any member of the Taliban, and any terrorist can go to the WikiLeaks website, and download detailed information about how the U.S. military waged war in Afghanistan from 2004 to 2009. Members of that same military, however, are now banned from looking at those internal military documents. “Doing so would introduce potentially classified information on unclassified networks,” according to one directive issued by the armed forces.

That cry you hear? It’s common sense, writhing in pain.

There was a time, just a few months ago, when the Pentagon appeared to be growing comfortable with the emerging digital media landscape. Troops were free to blog and tweet, as long as they used their heads and didn’t disclose secrets. Thumb drives and DVDs could be employed, as long as they didn’t carry viruses or classified information. But the WikiLeaks disclosures — tens of thousands of classified documents — seem to have reversed that trajectory.

Now, the Marine Corps is telling troops and civilian employees in a memo:

[W]illingly accessing the WIKILEAKS website for the purpose of viewing the posted classified material [constitutes] the unauthorized processing, disclosure, viewing, and downloading of classified information onto an UNAUTHORIZED computer system not approved to store classified information. Meaning they have WILLINGLY committed a SECURITY VIOLATION.

The other branches of the armed services have put out similar notices. The memos were initially reported in the Washington Times. But the story has been removed from the paper’s website.

Read more…

LAS VEGAS (CN) – Zuffa Inc., owner of the Ultimate Fighting Championship brand, says a sports agent and promoter tried to swipe confidential information to compete against the popular mixed martial arts brand.

In a lawsuit filed in Clark County Court, Zuffa says Ken Pavis, “who also refers to himself as ‘The Pav’” and who claims to head the “‘largest and most successful MMA sports management company in the industry,” sent an e-mail to Bjorn Rebney, founder and CEO of Bellator Sport Worldwide, which organizes and promotes similar fighting events.

In the e-mail, Zuffa says Rebney asked Pavia for “seminal docs from the UFC, so that we can re-do them and implement them for Bellator.”

Although Zuffa isn’t sure what documents to which the e-mail referred, it believes the documents include “promotional agreements, bout agreements, sponsorship forms, extension letters, injury forms and the like.”

“As a self-professed agent for 40 current and former Zuffa fighters, Pavia … would have access to various agreements entered into between its clients and Zuffa,” the lawsuit states. “Such access does not, however, entitle Pavia … to distribute said agreements to third parties.

“To the contrary, all of these agreements contain very explicit confidential provisions that have been vigorously enforced by Zuffa.”

Zuffa seeks unspecified damages for violating federal trade secret laws, civil conspiracy and contract violations, among other things.

Also named as defendants are Pavia Holdings, which is doing business as MMA Agents.

It is represented by Donald J. Campbell with Campbell & Williams

View Source…

Organised crime accounted for 85 per cent of all data stolen in external attacks on companies, according to a report carried out by Verizon Business in conjunction with the US Secret Service.

The 2010 Verizon Data Breach Investigation Report used confidential information logged on the Verizon Incident Sharing Framework (PDF) alongside information provided to the Secret Service.

The figures also found a larger amount of data being lost within organisations than previously noted, but external attacks remain the number one way in which data is stolen at 69 per cent of all breaches.

“By adding our data to the Secret Service’s we were able to build up a better picture of data breaches, with many results found to be the same as earlier reports,” said Matthijs van der Wel, managing principal for the forensics team at Verizon.

“The data we have now gathered, from both the US and worldwide, provides organisations with a clearer insight into the threats they face, and information on where they need to protect themselves against these risks.”

Van der Wel added that 49 per cent of thefts that occur from inside an organisation are caused by employees abusing privileges, and that companies need to apply better data management policies to clamp down on this trend.

Read more…

New York – Chinese telecoms equipment maker Huawei Technologies has rejected allegations by US concern Motorola of industrial espionage, the Wall Street Journal reported Thursday.

Reporting on developments after Motorola filed suit in mid-July against Huawei, the Wall Street Journal said that the Chinese company called the allegations ‘groundless and utterly without merit.’

The denial came after reports emerged that the Schaumburg, Illinois-based Motorola had filed suit claiming that Huawei had worked with over a dozen Motorola employees to gain confidential information about its cellular network equipment.

As evidence, Motorola presented the federal court in Illinois with e-mail correspondence between the now former employees and Huawei management, the report said.

The industrial espionage took place over a number of years, with Motorola alleging that Huawei founder and supervisory board chairman Ren Zhengfei himself was involved.

The corporate espionage allegations come at a time when Motorola is withdrawing from the wireless network field, after reaching a deal to sell its wireless network infrastructure to the Nokia Siemens Networks company for 1.2 billion dollars. Motorola still aimed to retain most of its intellectual property rights.

Read more…