Tag Archives: espionage

Spying on employees on social networks… before you hire them

This isn’t exactly a new phenomenon, but it’s the first example I’ve seen of an outfit offering a service for outsourcing this sort of Human Resources gruntwork: a new startup gnomically named Social Intelligence promises to do a deep scan of a potential employee’s socnet presences in 48 hours, focussing on such catch-all categories as “‘Poor Judgment,’ ‘Gangs,’ ‘Drugs and Drug Lingo’ and ‘Demonstrating Potentially Violent Behavior.'” [via Bruce Schneier]

My instant knee-jerk reaction to this was OMG Panopticon! But if you think about it, it’s really just doing what paper references used to do, for a world where the fakeability and legal complications of references have made them much less useful. It’s easy to forget that social networks are a very old phenomenon; it’s their cybernetic extension into information space that’s new, and we’re all learning how to navigate these widening savannahs as we go along.

“But what about the kids? They have no concept of privacy, nor the sense to cover up their indiscretions!” Well, then the problem will solve itself, as I suggested a while back: if an entire generation starts falling foul of hawk-eyed HR socnet trawlers, the playing field will flatten. If everyone has a few dumb indiscretions on public display, we’ll simply become more accepting of the fact that everyone does stupid stuff every now and again. If anything, it’ll be the people with totally clean sheets who start to look suspect.

Schneier points out that the service is being marketed using scare tactics:

Two aspects of this are worth noting. First, company spokespeople emphasize liability. What happens if one of your employees freaks out, comes to work and starts threatening coworkers with a samurai sword? You’ll be held responsible because all of the signs of such behavior were clear for all to see on public Facebook pages. That’s why you should scan every prospective hire and run continued scans on every existing employee.

In other words, they make the case that now that people use social networks, companies will be expected (by shareholders, etc.) to monitor those services and protect the company from lawsuits, damage to reputation, and other harm. And they’re probably right.

They probably are right… but incidents like that are far rarer than the cognitive bias of media coverage would have us believe. Perhaps it’ll be fashionable for a while, but in tough economic times like these, I doubt there’ll be many companies willing to fork out big bucks to salve the legal department’s paranoia… though I have underestimated the stupidity of the hierarchical corporate mindset many times before, so I’m prepared to be proven wrong on that point.

Bonus panopticon news: the latest development over here in the United Kingdom of Closed Circuit Surveillance is an outfit called Internet Eyes, which is offering a bounty of up to £1,000 for any user who spots a crime being committed on the feeds of private security footage that will be piped through the site.

Again, sounds pretty nasty (though I’m rather alarmed by how desensitised I’ve become to stories like this in recent years), but I can’t see it working as well as Internet Eyes thinks it will. How’re they going to vet their userbase (who will watch the watchmen, indeed)? Are the sorts of people willing to stare at grainy and uneventful video feeds for hours on end on the off-chance of winning some money the sort of people whose vigilance and motives best suit the task at hand? What if the mighty Anonymous decided to infiltrate the userbase (for LULZ and great justice)? Or if criminal syndicates placed their own low-level operatives on the site, found out who was watching which feeds at what times and then planned their jobs accordingly?

And all of that largely bypasses the underlying problem, namely that Internet Eyes’ business plan almost certainly contravenes EU privacy laws. That said, the UK isn’t exactly unfamiliar with doing just that

Google threatens to pull out of China over hacking allegations

Well, this story’s everywhere this morning. After allegedly uncovering a “sophisticated and targeted” hacking attack, Google are now “reviewing the feasibility of their business operations in China”, which includes the controversial censorship systems they applied to Google.cn; here’s the official announcement, which is a beautiful example of legalese that says one thing, implies many others and leaves a lot of spaces uncharted. Chinese citizens are laying flowers outside Google’s Beijing office [via Jan Chipchase].

Beyond the glossy surface of the public announcements, however, we can’t be entirely sure what’s going on. The Wikileaks crew have tweeted a few revealing points:

gossip inside google China is gov hackers found infiltrating google source code repository; gmail attacks an old issue. #

Gossip from within google.cn is Shanghai office used as CN gov attack stage in US source code network. #

China has been quietly asking for the same access to google logfiles as US intelligence for 2-3 years now. #

Should be noted that Google keeps secret how many user’s records are disclosed to US intelligence, others. #

correction: the time of the Chinese requests/demands are not exactly known and are possibly in the last 12 months. #

Regardless of the exact causes and motivations behind Google’s threats to withdraw, it highlights the incredible bargaining power that a company of that size and influence has on the same stage as nation-states. It’s not entirely unimaginable to think that Google suspected something like this might have happened all along, and they were just waiting for the right moment to bring their leverage to bear – after all, China’s a big old market, and they’d probably far rather its citizens had full unfettered access to the web, if only so as to advertise to them more effectively. So why not agree to initial compromises, let the people get a taste for what they have to offer, and then threaten to take the toys home when the government makes an institutionally inevitable blunder?

It remains to be seen how seriously the Chinese government will take this threat – it’s not been a good few months for them as far as international publicity is concerned, and Google is a big economic player whose favour I suspect they’d rather not lose. But China’s people will be seriously miffed about it, and I that’s what makes me think that Google are far more cunning than they’re letting on. I’m not under the illusion that they’re interested in anything more than running a profitable business (though that whole “don’t be evil” thing is a pretty effective rule-of-thumb for achieving such), and bringing down totalitarian governments isn’t in their regular remit. But look at it this way: if you were running a business of that size and looking at a potential market that lucrative, and you saw a way to potentially open up the laws that currently restrict your business in that market by playing off the market’s citizens (and international public opinion) against the government, and you reckoned you could pull it off…

OK, so I’m hypothesising wildly here, but my point is that it’s by no means completely implausible. I’m reminded of Jason Stoddard’s points about the mythical bugbear of evil corporate hegemony:

A corporation doesn’t care if you’re living in a 300 square foot studio apartment or a 6000 square foot McMansion. They don’t want to wipe out the McMansion dwellers, or elevate the studio apartment owners. They only care about one thing: that you buy their stuff.

For everything they do, they’ll have justification. There’s no hidden business plan with a top-line mission statement of “Destroying Civilization As We Know It.”

But there will be hundreds or thousands of decisions, all based on maximizing profit. Substituting cheaper ingredients: maximize profit. Use low-income countries for labor: maximizing profit. Driving smaller competitors out of business: ensuring growth, which maximizes profit. Extending credit to anyone: maximizes profit.

If they can make a bigger profit selling you a “green” condo and a Prius rather than a McMansion and an Escalade, that’s exactly what they’ll do. If they think they’ll make an even larger profit renting you an apartment and leasing you a bike, that’s what they’ll do.

Google stand to make a lot of money if they can loosen the government leash in China, right? Right… so keep your eyes on the dollar signs. This story isn’t over yet, I suspect.

This blog post will self-destruct in thirty seconds

If you’ve been hankering for an intersection of nanomaterials and old spy movie cliches, today’s your day: a gang of researchers in Illinois reckon they’ve found a way to use nanoparticles to make messages that erase themselves after a certain amount of time.

A team at Northwestern University in Evanston, Illinois, coated gold nanoparticles with a layer of hair-like molecules called 4-(11-mercaptoundecanoxy)azobenzene or MUA. When zapped with ultraviolet light, these filaments change their shape and charge distribution, causing the nanoparticles to congregate together and change colour […]

To put this colour-changing ability to good use, the team dispersed the nanoparticles in a gel and sandwiched it between plastic sheets to produce a thin, red film. When Grzybowski and his colleagues shone UV light at the film, either through a patterned mask or using a UV pen, they found they could print a range of images or write words onto the film in just a few seconds.

The colour change is not permanent, however. In the absence of UV light, the MUA gradually reverts to its original shape, allowing the nanoparticles to disperse and the images to disappear.

Your mission, should you choose to accept it, is to work out how many times more expensive and complicated it would be to use this stuff instead of scribbling a note on some rice paper. Or whether the Etch-a-Sketch people will be tempted to build a 2.0 version.

Eye in the sky – commercial satellites trace Sudanese arms purchases

Europe seen from space at nightWell, maybe ubiquitous global surveillance isn’t all bad. Remember that big load of tanks and armaments that Somalian pirates scored from a Ukranian cargo ship and subsequently ransomed back? Well, two magazine reporters used commercial imaging satellites to chase down their final destination, proving in the process that they were en route to the breakaway government of South Sudan:

Images captured by DigitalGlobe satellites in March 2009 showed 33 tanks parked at Kahawa Barracks northeast of Nairobi. In parallel, satellite imagery captured from southern Sudan showed tracked vehicles, parked under camouflage, at a Sudan People’s Liberation Army (SPLA) compound northeast of Juba, the capital of South Sudan. Jane’s observed that SPLA attempts to conceal the location “were deliberate and masterful, but dimensional analysis, tracked-vehicle scarring and the staging of three vehicles in a tactical perimeter established the concealed vehicles as tanks.”

It’s not particularly good news – governments tooling up for nasty regional conflicts never is – but it’s the sort of news we’re better off having than not. Maybe the UN should be funding more similar satellites so as to keep an eye on governments who are somewhat economical with the truth about their military build-ups? [image by woodleywonderworks]

Maybe we could use them to keep Obama and Medvedev honest with regards to their nuclear disarmament agreement… provided the whole thing isn’t a carefully orchestrated publicity play in the first place, natch.

32MB of code that’s worth billions is somewhere on the web

In what appears to be a very contemporary story of industrial espionage, we discover that 32MB of computer code could be the key to the success of one of the most powerful financial organisations on the face of the planet – and that someone may well have copied and uploaded it  for purposes unknown. [via SlashDot]

While most in the US were celebrating the 4th of July, a Russian immigrant living in New Jersey was being held on federal charges of stealing top-secret computer trading codes from a major New York-based financial institution—that sources say is none other than Goldman Sachs.

The allegations, if true, are big news because the codes the accused man, Sergey Aleynikov, tried to steal is the secret code to unlocking Goldman’s automated stocks and commodities trading businesses. Federal authorities allege the computer codes and related-trading files that Aleynikov uploaded to a German-based website help this major “financial institution” generate millions of dollars in profits each year.

The platform is one of the things that apparently gives Goldman a leg-up over the competition when it comes to rapid-fire trading of stocks and commodities. Federal authorities say the platform quickly processes rapid developments in the markets and uses top secret mathematical formulas to allow the firm to make highly-profitable automated trades.

This is somewhat of a double bind for Goldman Sachs, as prosecuting the alleged theft will require them to reveal a certain amount of their business secrets at a time when people aren’t best disposed toward Wall Street profiteering. It also sheds a less than flattering light on the FBI’s investigative priorities:

What is probably most notable, in less than a month since Sergey’s departure from [Goldman?], the FBI was summoned to task and the alleged saboteur was arrested and promptly gagged: if anyone is amazed by the unprecedented speed of this investigative process, you are not alone. If only the FBI were to tackle cases of national security and loss of life with the same speed and precision as they confront presumed high-frequency program trading industrial espionage cases… especially those that allegedly involve Goldman Sachs.

I think this is going to be one of those stories that will grow with the telling, and Goldman Sachs are going to come out looking bad whether they win or lose the case. Couldn’t happen to a nicer bunch of people, AMIRITE?