Security Director Alert - Conference Call Eavesdropping

A conference call between Scotland Yard and the FBI has been intercepted and published by a member of the computer hacking group Anonymous.

The hacker apparently managed to access the call after getting into an FBI email which gave details of the call. The email was also posted online. (more)

Murray Associates advice:
Conferencing numbers and passwords are often posted on cubicle walls, sent via email and sometimes written underneath the table-top speakerphones themselves. This is a common, but dangerous, employee habit in many of the companies we visit. Conference call information should be held confidential and distributed on a need-to-know basis. To do otherwise, invites unauthorized call participants.

Teleconferencing Checklist
• Change all current passcodes.
• Tell employees they should not email or post the new passcodes.
• Switch to a conference call system where:
-- each participant is given a unique passcode,
-- the passcode is changed for each new conference call,
-- only the pre-authorized number of callers may be admitted,
-- and a record of all call participants is available to the call leader.

Think this is a rare problem?

Think again...

More Conference Call Intercepts & Advice

http://spybusters.blogspot.com/2008/10/question-of-week-secure-conference.html

http://spybusters.blogspot.com/2008/10/when-private-conference-calls-go-public.html

http://spybusters.blogspot.com/2008/12/extortionography-private-conference.html

http://spybusters.blogspot.com/2009/09/business-espionage-nintendo.html

http://spybusters.blogspot.com/2010/02/business-espionage-famous-last-words.html

http://spybusters.blogspot.com/2010/10/state-republican-party-staff-members.html

http://spybusters.blogspot.com/2011/06/when-board-members-phone-it-in-one-anti.html

http://spybusters.blogspot.com/2011/06/beef-board-admits-ceo-eavesdropped-on.html

Kevin's Security Scrapbook Voted Top 10 Investigator Blog!

 
Congratulations! Your blog has been selected as one of PInow’s Top Investigation Blogs. We reviewed blogs in the investigation industry and selected yours because of the quality posts and the voice of your blog.

We are going to announce your top blogger status to the rest of the investigation profession in an article that will go out to over 6,000 investigators on February 3rd.

"With changing legislation, licensing, laws and crazy stories there's a lot for investigators to keep up with. Many investigators use blogs to share their experiences, provide updates and reviews on products and to discuss experiences with databases. A blog is also a great way to market your business, connect with potential clients and become a leader in your industry. There's a wide array of investigations blogs out there, and since maintaining a blog is no easy feat PInow decided to compile a list of the top investigation blogs.

There was no specific, formulaic ranking used when creating the list, but we did take into account industry relevancy, consistency and recency of posts, variety of content and professionalism. Please keep this in mind if you disagree with the rankings."

And, congratulations to all my colleagues who also made the list. Nice to see your hard work is appreciated.
Thanks, PInow.com!

The Apple Bug That Let Us Spy on a Total Stranger’s iPhone

via Gizmodo...

Every single iMessage to and from this man's iPhone—his friends call him Wiz—has been sent to us by accident. We know about his job, sex life, and address. Apple, you might want to fix this. The story is simple... this is like a wiretap we didn't ask for—and Wiz has no idea I'm looped in on the whole thing. He texts throughout the day like usual, oblivious to the snooping. Now we see just how big of a deal this obscure "bug" is: Your entire personal life could be flung open, and you'd never know. Take our word for it—we've gotten to know Wiz pretty well. (more)

P.S. They even figured out that "Wiz" is an Apple employee, and at which store.

SpyCam Story #645 - Today in Video Voyeurism

Scotland -  A spy camera has been found hidden in a changing cubicle at a Scots leisure centre. Police are investigating the discovery of the pinhole camera at a sports facility in Fife. The tiny device was spotted by a male gym user getting changed at the Beacon Leisure Centre, Burntisland. The find sparked searches of at least eight other sports facilities in the area.

One worker, who did not wish to be named, said: “I believe this has been happening at other places in Fife as well. “I think the public should know what’s going on. A man found the camera in a cubicle and handed it in. (more)

WA - The Spokane County Sheriff’s office is investigating reports of voyeurism by a security guard at a North Spokane Fred Meyer... A search warrant says “the video is not clear enough to show him holding his phone in his hand at the time of the contact, but preceding footage shows he was using his phone and kept it in his hand.” (more)

WA - A woman called 911 to report a man was inside the women's locker room of LA Fitness in Tukwila taking photographs, according to Sgt. Eric Lund with the Tukwila Police Department. The woman confronted the man and he fled. About an hour later employees of the Fairwood LA Fitness identified the suspect (he was a member who checked in). Tukwila officers and King County deputies arrested the suspect in Fairwood. (more) 

FL - A Marion County Sheriff’s Office corrections officer and a health care official employed at the county jail were arrested Wednesday in connection with video voyeurism of young children in a joint investigation involving sheriff’s detectives and the Florida Department of Law Enforcement. (more)

The French Cuff Connection - For the Well-Dressed Bond

Polished Silver Oval WiFi and 2GB USB Combination Cufflinks.
These cufflinks feature 2GB USB storage plus they provide a WiFi hotspot to multiple devices! You can also access media servers from the host computer. Perfect for business meetings, travel and techies everywhere.

WiFi Connection
Simply download the accompanying installation software to an Internet ready host computer, insert the USB hotspot cufflink into that computer’s USB port, and the computer then becomes a high-speed WiFi hotspot. It also enables the computer to wirelessly share media files with electronic devices like tablets and smartphones.

What Connects?
Smartphones, tablets or any other wireless device! (more) 

Spybusters Security Tip #721 - Periodically check your computer for items (like these) plugged into the USB ports on the back of your box.

FutureWatch: Mindreading - Advances another step

Opening up the possibility that a sort of mind-reading might one day be possible, scientists say that through a kind of surgical wiretapping they were able to translate brain electrical signals back into single words overheard by patients, and to do it with 89 percent accuracy.

“We’re trying to figure out how the brain decodes acoustics into words,” says study senior author Bob Knight of the University of California-Berkeley...

“The real advance is that it shows we are closing in on the code that the brain uses to give meanings to words,” says New York University neuroscientist David Poeppel. (more) 

Meanwhile, at the Murray Associates, Countermeasures Compound lab... work is beginning on a new brain eavesdropping detection and prevention service.

10 Cell Phones Tips - Before Traveling Overseas

We’ve all seen people on TV and movies casually using their cell phones as they travel to various countries around the globe. No big deal right? Not until you get your monthly statement. Post-vacation cell phone bills are the stuff nightmares are made from. 

Here is the condensed version of the 10 tips cell phone users need to know before traveling overseas. (Full version here.)

1. Plan ahead
2. Call your provider
3. Check bandwidths
4. Get phone unlocked
5. GSM phone
6. Check plans carefully
7. Check data plans
8. Don’t switch too early
9. International charger adapter
10. Change SIM card

Security Director Tip: Prepare here... before it hits the fan.

In any enterprise, stuff happens. When you hear about it, it is probably bad stuff.
Here's a great resource to prevent some of the bad stuff from happening - and to deal effectively with the consequences of the bad stuff that can't be prevented. 

Business Survival(tm) is a blog filled with great information and resources for key decision-makers from Rothstein Associates Inc.  

It covers:  
• Business Continuity, 
• Disaster Recovery, 
• Enterprise Resilience, 
• Crisis Management, 
• Crisis Communication, 
• Emergency Management, 
• Risk Management and 
• Root Cause Analysis.  

Recent posts include:
Role of Social Media in Crisis Communication
Thousands of Industrial Systems Unwittingly Hooked Up to Internet 

New Models for Addressing Supply Chain and Transport Risk 

Solar flare impacts life on Earth 

How to improve your disaster recovery preparedness
 
Business Survival(tm)  has been published (in various formats) since 1997 by Philip Jan Rothstein - FBCI. Bookmark this gem, and check-in frequently, or you can subscribe for free, here.

1960's - 1980's Spy Satellites Now Museum Pieces

Three formerly classified spy satellites went on public display Thursday at the National Museum of the U.S. Air Force, in Dayton, Ohio.

The satellites -- Gambit 1 KH-7, Gambit 3 KH-8 and Hexagon KH-9 -- were among the most important U.S. photo reconnaissance systems from the 1960s to the 1980s, according to an Air Force report. They used specially-designed film and cameras to take photos from orbit. (more)

SpyCam Story #644 - The Faculty Restroom Can Cam

AR - A former Lavaca Middle School science teacher received a five-year suspended sentence Wednesday after pleading guilty in Sebastian County Circuit Court to video voyeurism.

Michael Allen Clark, 44, was arrested May 20 after he admitted to an Arkansas State Police investigator that he placed a school-issued video camera in the faculty restroom at the middle school, according to a police report.

The camera was discovered by a custodian in a wicker basket, on a shelf located in front of the toilet in the bathroom. The custodian turned it over to Jerri Schaffer, a math teacher at the middle school. (more)

Weekend Project - OTS Some Spy Gear for $50. or less

DARPA-Funded Hacker's Tiny $50 Spy Computer Hides In Offices, Drops From Drones

Security researcher Brendan O’Connor is trying a different approach to spy hardware: building a sensor-equipped surveillance-capable computer that’s so cheap it can be sacrificed after one use, with off-the-shelf parts that anyone can buy and assemble for less than fifty dollars.

...the F-BOMB is designed to be a platform for all sorts of applications on its Linux operating system. Outfit it with temperature or humidity sensors, for instance, and it can be used for meteorological research or other innocent data-collecting. But install some Wifi-cracking software or add a $15 GPS module, and it can snoop on data networks or track a target’s location, O’Connor adds.

One version attaches to the Parrot Drone, an iPhone-controllable quadcopter, sucking power off the drone’s rechargeable battery and allowing the user to hover over a target, land it on a roof, or drop the F-BOMB from a hook attachment on the drone. Another version fits inside a carbon monoxide detector, and can be plugged into a wall socket to hide in plain sight inside a target’s building. (more)

SpyCam Story #643 - The Town Hall Spy

Shirley Town Hall

MA - A former Shirley town administrator has pleaded guilty to charges that he videotaped female employees in a town hall restroom, and also secretly wiretapped and spied on other town workers.

Middlesex District Attorney Gerard Leone said Kyle Keady pleaded guilty Friday in superior court in Woburn and was sentenced to three years in prison, followed by seven years' probation. Keady was fired after he was charged in 2010.

He pleaded guilty to charges including video recording a person in a state of nudity, wiretapping and breaking and entering.

Just coincidence?

Prosecutors said Keady put a pen camera in the ceiling above a women's restroom stall, and recorded other workers in offices more than 100 times, using pen devices, video cameras and a baby monitor. He also allegedly broke into one home four times. (more)

Spycam Story #642 - The Epidemic Continues

CT - A man from South Windsor accused of secretly taping people getting undressed is due in court Thursday. Police said Paul Zajac, 20, hid cameras in bathrooms and bedrooms at his home and his ex-girlfriend's house. He is being charged with 24 counts of voyeurism. (more)

FL - A 24-year-old man was arrested Monday on suspicion of using his iPhone to take an upskirt video of a woman using a Redbox outside a Walmart in Lake County. Lorenzo Adan Ramirez, a landscaper and father of two from Tavares, was arrested in Mount Dora on charges of video voyeurism. (more)
 

Canada - A former Merritt radio personality will go to jail for nine months and be forbidden from being around children for five years after pleading guilty to possessing child pornography and voyeurism. Jamie McDerment, a small and slightly built 24-year-old man, was led away in handcuffs by two sheriffs Friday afternoon after being sentenced in provincial court... Police also found covert images he admitted to taking of young boys partially naked in a bathroom at Riverside park in August. (more)

I mention incidents like this to raise public awareness of the increase in optical surveillance, and to encourage new laws to address the situation.

Spycam Story #641 - The Church Sleepover

TX - Charges have been upgraded against the Haughton man arrested Sunday after law-enforcement officers learned he placed video cameras in a bathroom used by teenage girls over the weekend.

Paul E. Holmes, 55, of the 700 block of Opal Circle in Haughton, has now been charged with 16 counts of video voyeurism and four counts of production of child pornography.

Police learned Sunday that Holmes had positioned video cameras in one the bathrooms of his house that was used by teenage girls during a sleepover as part of a local church youth activity.

When one of the girls was in the bathroom, she noticed a camera, told her parents, who then provided the information to the Haughton Police Department. When questioned by police, Holmes admitted that he owned the video cameras that were placed in the bathroom that the girls were using. (more)

Spycam Story #640 - Epiphany Party at My Place!

Sault Ste. Marie, MI - Investigation Services officers arrested 48 year-old Emmanuel De Melo of 7 Elmwood Avenue on the 24th of January at 11:10 am at the police station and charged him with one count of voyeurism.

It is alleged that between the 1st to the 12th of January 2012, the accused used video cameras to record a number of persons that used his bathroom area while they were at gatherings at his residence.

The victims were unaware that the recordings were occurring. (more)

Quik! Hide the Bloodhound

Switzerland - Lawyers for anti-globalization activists at ATTAC went head-to-head with Nestlé lawyers for a second day in the civil spying trial in Lausanne. Nestlé admits it hired a Securitas agent to spy on activists at ATTAC.

The company says it is a symbol of globalization that is vulnerable to attacks and the victim of an “ideological war.” Nestlé attorneys argue that it was within its rights to know what was happening in activist circles...

Both sides now await a judgment. (more)

Chucky is Back... and He Owns Your Cell Phone!

Minh Uong/The New York Times

Chuck Bokath would be terrifying if he were not such a nice guy. A jovial senior engineer at the Georgia Tech Research Institute in Atlanta, Mr. Bokath can hack into your cellphone just by dialing the number. He can remotely listen to your calls, read your text messages, snap pictures with your phone’s camera and track your movements around town — not to mention access the password to your online bank account.

And while Mr. Bokath’s job is to expose security flaws in wireless devices, he said it was “trivial” to hack into a cellphone. Indeed, the instructions on how to do it are available online (the link most certainly will not be provided here). “It’s actually quite frightening,” said Mr. Bokath. “Most people have no idea how vulnerable they are when they use their cellphones.” (more)

Kessler Investigates Cell Phone Spy Apps

In a six month investigation of illegal spying Kessler International’s forensic team found that most smartphones can be used for conducting unlawful spying and assisting criminals obtain information to conduct identity theft.

In order to test how dangerous your smartphone has become with a simple installation of readily available software from the Internet, Kessler International’s staff purchased a variety of smart phones and installed a variety of popular cell phone spy apps to discover what dangers the software posed and if traces of the apps could be detected by mobile forensic engineers to reveal their existence.

Kessler’s experts tested the products of the major smartphone spyware software providers on BlackBerry, iPhone and a variety of the Android devices. The team of forensic experts then reverse engineered the installation of the software to see how covert the app would be. In every case Kessler found telltale traces of the spyware in every product tested.

Michael G. Kessler, President & CEO of Kessler International stated, “Despite the best efforts of the developers to make their spyware as furtive as possible, my team determined that in every case not one spy app tested could make itself completely invisible. That gives the victims of spyware an important edge in proving their suspicions that their privacy has been invaded.” (more)

Wiretapping Uncovered In The Mexican Congress

Mexican lawmakers said they would formally complain to the attorney general's office Tuesday after finding hidden microphones believed to have been used to spy on the lower house of Congress.

The listening devices were found "in quite a lot of offices, listening to and checking the activities of lawmakers," said Armando Rios Piter, president of the house's political coordination committee, on Televisa channel.

It was unclear who was responsible but lawmakers would release further information when possible, a statement from the lower chamber said. (more)

Google Oggle is in your Face-book

In a move that could make it harder for its users to remain anonymous, Google said it would start combining nearly all the information it has on its users.

This could mean, for instance, that when users search via Google, the company will use their activities on sister sites like Gmail and YouTube to influence those users' search results. Google has not done that before.

Google's move -- which was disclosed in a privacy policy that will take effect on March 1 -- is a sign of the fierce competition between Google and Facebook over personal data. Facebook has amassed an unprecedented amount of data about the lives of its more than 800 million members -- information that is coveted by advertisers. (more)

Supreme Court Rules Trackers Require Warrant

The Supreme Court ruled unanimously Monday that police must get a search warrant before using GPS technology to track criminal suspects.

Associate Justice Antonin Scalia said that the government's installation of a GPS device, and its use to monitor the vehicle's movements, constitutes a search, meaning that a warrant is required.

"By attaching the device to the Jeep" that Jones was using, "officers encroached on a protected area," Scalia wrote.

All nine justices agreed that the placement of the GPS on the Jeep violated the Fourth Amendment's protection against unreasonable search and seizure. (more)

FutureWatch: Civilian use of trackers to be outlawed. Like electronic eavesdropping, what can be done naturally becomes illegal when electronically enhanced.

On-line Spies - Affordable, and easy to find.

...documents filed in two civil cases suggests just how simple and affordable online espionage has become. Computer forensic specialists say some hackers-for-hire openly market themselves online. "It's not hard to find hackers," says Mikko Hyppönen of computer-security firm F-Secure Corp.

One such site, hiretohack.net (ignore log-in), advertises online services including being able to "crack" passwords for major email services in less than 48 hours. It says it charges a minimum of $150, depending on the email provider, the password's complexity and the urgency of the job. The site describes itself as a group of technology students based in Europe, U.S. and Asia.

Mischel Kwon, who runs a security-consulting firm and is the former director of the U.S. Computer Emergency Readiness Team, a government organization known as US-CERT, says the hacker-for-hire industry is well established. Some are one- or two-person outfits, but there are also larger "organized crime" groups," she said. She and other specialists note that it is also easy to find tools online that assist in hacking into someone's email. (more)

Security Director Alert: Eavesdropping via Video Teleconferencing

Covertly eavesdropping on boardroom chit chat using the teleconferencing system is not new. We've been demonstrating (and correcting) this problem for our clients for years. The vulnerability, however, has finally received some publicity. 

Result: Expect more attempts to access video teleconferencing systems.

Recommendations: Turn off the autoanswer feature on your teleconferencing system. Make sure your system is behind a firewall.

FREE offer: The full Murray Associates Video Teleconferencing Security Checklist is available to corporate security directors (only) at no charge. Contact me here.

via The New York Times...

One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment...the hacker was HD Moore, a chief security officer at Rapid7, a Boston based company that looks for security holes in computer systems...Mr. Moore has found it easy to get into several top venture capital and law firms, pharmaceutical and oil companies and courtrooms across the country...

“These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them.” 

New systems are outfitted with a feature that automatically accepts inbound calls so users do not have to press an “accept” button every time someone dials into their videoconference. The effect is that anyone can dial in and look around a room, and the only sign of their presence is a tiny light on a console unit, or the silent swing of a video camera. 

Two months ago, Mr. Moore wrote a computer program that scanned the Internet for videoconference systems that were outside the firewall and configured to automatically answer calls. In less than two hours, he had scanned 3 percent of the Internet. 

In that sliver, he discovered 5,000 wide-open conference rooms at law firms, pharmaceutical companies, oil refineries, universities and medical centers. He stumbled into a lawyer-inmate meeting room at a prison, an operating room at a university medical center, and a venture capital pitch meeting where a company’s financials were being projected on a screen. 

Among the vendors that popped up in Mr. Moore’s scan were Polycom, Cisco, LifeSize, Sony and others. Of those, Polycom — which leads the videoconferencing market in units sold — was the only manufacturer that ships its equipment — from its low-end ViewStation models to its high-end HDX products — with the auto-answer feature enabled by default. (more)

More NOTW Phone Hacking News

According to a report Friday in the British newspaper The Telegraph, a News Corp. division in the UK faces an investigation by the FBI into whether the now-defunct Murdoch tabloid News of the World hacked into a phone on U.S. soil. (more)

Personal Security: How To Avoid Being A Victim, Anywhere, Any time.

via Peter Shankman - NYC street kid, with cred. (abridged version) 

• Don’t develop a pattern of behavior.
• Know your surroundings
• DO NOT IGNORE YOUR GUT. If something doesn’t seem right, it probably isn’t.
• Have your keys in your hands
• Wherever you are, have a small powerful flashlight. 
• Instead of yelling “HELP” when something goes wrong, yell “FIRE!”
• Have a buddy system
• Know the people in your neighborhood.
• Don’t look like a Victim. Walk down a street with your head up and looking around.
• Don’t stare (it can be taken as a challenge) but don’t be afraid to look at people.  
• Don’t be clueless 

Read the whole article here. 
Really, read it. Pass it on.