In a previous article, I wrote about a system that created a single point of failure. In a strategic sense, computers and IT as a whole have become a single point of failure in both government and industry.
Chinese military leaders call automation the great equalizer, since its enemies heavily depend upon computers. An effective attack upon their enemy’s IT infrastructure provides an immediate and disproportionate impact which is the core concept of asymmetric warfare.
This asymmetry benefits the attacker, regardless of his motives or methods.
An excellent article about the “recent discovery of Chinese cyber warfare attacks on foreign computers, on communication computers of visiting dignitaries, and espionage activities to assist a friendly country is building weapons of mass destruction (WMDI)” entitled China’s Silent Warfare at BLOg Source INTelligence reveals a lot about China’s espionage and cyber attack strategy.
In Canada, one does not have to register your copyright to have protection, but when you register with the Copyright Office, you receive a certificate which can be used to your advantage in the event that your work is infringed. Formal registration of a work is not required. An author or the author’s employer usually enjoys copyright protection automatically on creation of the work.
Registration of a copyright is done by completing an application and sending it to the Copyright Office. A copy of the work is not sent along with application. Under the Library and Archives of Canada Act, two copies of every book published in Canada, and one copy of every sound recording manufactured in Canada that has some Canadian content must be sent to the National Library and Archives within one week of publication.
Library and Archives Canada
395 Wellington Street
Ottawa ON K1A 0N4
When a publication is deposited, a brief description is entered in AMICUS, Library and Archives Canada’s database. They are also catalogued and listed in Canadiana, the national bibliography, which began in 1950 and is widely circulated in Canada.
A copyright may represent a substantial asset for a person or company. The UK does not have a formal copyright registration process as in the U.S.A. — in the UK, creating the work creates the copyright.
The British National Bibliography (BNB) is the single most comprehensive listing of UK titles. UK and Irish publishers are obliged by law to send a copy of all new publications, including serial titles, to the Legal Deposit Office of the British Library; hence, the BNB is a list of copyright registrations. The British National Bibliography, was originally a weekly catalog which which became a reference for book selection, cataloging, and for retrieval.
A Free BNB Web service to be launched in January 2009 will make the BNB available through the British Library Integrated Catalogue web pages. At that time, the CD-ROM version of BNB will be withdrawn. The current consolidated catalogues available on the BL website certainly correspond to a large part to the BNB. The British Library Automated Information Service (BLAISE), allowed a BNB search back to 1950, but I do not know if those catalogue records were transferred to the current BL website’s Integrated Catalogue, but it appears that the the new Web service will include these records.
Subsidiaries seem to be the bane of my existence lately. The following story is getting old.
A company has what seems like a good idea. It gets people to invest.
The intellectual property (IP) is registered to, or transferred to, a subsidiary, which is then spun-off. The newly independent company then transfers the IP to an off-shore company. The off-shore company then licenses the IP to the original firm.
By now you have heard of the secret intelligence files left on a commuter train in England.
Keith Vaz MP, chairman of the powerful Home Affairs select committee told the BBC: “Such confidential documents should be locked away…they should not be read on trains.”
This should be a reminder to the private sector regarding trade secrets.
A trade secret is not protected by a Patent, Trademark, or Industrial Design. A trade secret is confidential and proprietary information that you protect because of its commercial value and the competitive advantage that it produces for your company.
Exposing a trade secret in public by working on a critical document on an airplane, leaving a trade secret on a commuter train, or exposing it in an proposal, may eliminate the confidential nature of the data, and once you do that, you have, by definition, given up protecting it, therefore, it is not a trade secret that you can claim as proprietary — your former trade secret moves into the public domain for all to see and use.
As a competitive intelligence practitioner, I often find former trade secrets loose in the public domain due to irresponsible security practices. If the owner does not protect the trade secret, it ceases to be confidential and proprietary data, and is likely to become somebody else’s competitive advantage, or worse still, it might become a standard practice for an entire industry.
The US Government Accountability Office says that stolen sensitive military items have been purchased by undercover government officials on Craigslist and eBay. However, this is like the kettle calling the pot black. The same subcommittee determined that the Defense Department sold chemical protective suits and biological warfare laboratory equipment to the public.
While it is easy to see an element of fear mongering in this, it does remind us that private sector businesses should be checking eBay and Craigslist for their own product and counterfeits. Doing so may reveal a problem with theft, grey marketing, or counterfeiting.
When I travel for work, I undertake what some people consider extreme measures to protect proprietary client data from theft by officials at international borders. These officials do not need warrants to seize or examine anything in your possession when crossing a border and that makes border officials excellent spies. This issue arose recently regarding the actions of the US border officials:
In Canada, one law firm has instructed its lawyers to travel to the United States with “blank laptops” whose hard drives contain no data. “We just access our information through the Internet,” said Lou Brzezinski, a partner at Blaney McMurtry, a major Toronto law firm. That approach also holds risks, but “those are hacking risks as opposed to search risks,” he said.
Creating a “blank laptop” entails more than just hitting the delete key or even using a utility to overwrite existing data. The hacking risk is also greater than most people realize, especially with wireless connections. Even with secure end-to-end encryption, traffic analysis can yield very useful intelligence.
Nigel Stanley, at Bloor Research article entitled Ounce Labs weighs into rogue code about the dangers of outsourcing software development. The most interesting part of the article follows:
Industrial espionage, or good old fashioned spying, is as alive and well today as it has ever been. In fact, a lot of time and effort from the security agencies is tied up in dealing with this issue, and contacts have assured me it is worse now than it has ever been as developing countries try to steal a march (maybe even literally) against the developed world. Spying between developed nations is also a problem, with some larger European countries having a dreadful reputation for trying to obtain industrial secrets from so called allies. Software development is an obvious target…
The downside of this approach is that decision makers get seduced by green lights whilst their developers look for even more creative ways of inserting malicious code. No sensible person will ever declare that a product such as Ounce 5 will guarantee that your code is 100% secure…
An excellent CI related blog, Brand Killer Robots, offers this fun comparison of the black-hat hacker and the good guy training people to protect their assets.
Why have Ethical Hacker Training companies got it so wrong?
We ask, just who are the people that you are sending on Ethical hacker training courses and why are you sending them?
So lets first look at the white hats. Continue reading ‘Why Ethical Hacker Training Fails’
In its 2007 decision in Catalyst Partners Inc. v. Meridian Packaging Ltd.,  A.J. No. 667 (C.A.), the Alberta Court of Appeal considered what evidence is required to satisfy the criteria for obtaining an Anton Piller order. In overturning the lower court’s decision and setting aside the Anton Piller order in this case, the Court of Appeal made it clear that strong evidence showing a real possibility the defendant will destroy documents is necessary before such an extraordinary order will be granted.
Thomas Edison was one of the world’s greatest note-takers. He considered his note-taking and filing system as a vital part of all his endeavours. This often lead to his victory in legal disputes and it was also the reservoir for what seemed like an amazing memory.
Famous inventor Thomas Edison is probably the most experienced note-taker in the world. His diary which is still maintained as an important part of the United States historical record contains five million (5,000,000) pages.
Edison certainly subscribed to the philosophy that if life is worth living, it is worth writing about.
Misleading RCMP data undermines counterfeiting claims by Michael Geist
“The RCMP has been the single most prominent source for claims about the impact of counterfeiting in Canada since its 2005 Economic Crime Report pegged the counterfeiting cost at between $10 to 30 billion dollars annually.”
“Responding to an Access to Information Act request for the sources behind the $30 billion claim, Canada’s national police force last week admitted that the figures were based on “open source documents found on the Internet.” In other words, the RCMP did not conduct any independent research on the scope or impact of counterfeiting in Canada, but rather merely searched for news stories on the Internet and then stood silent while lobby groups trumpeted the figure before Parliament.”
We do a lot of trademark searches for due diligence and competitive intelligence research. I often contemplate how hard it must be to think-up something original that isn’t utterly ridiculous or just plain stupid.
It seems Dilbert has the same problem.