Monday, December 22, 2025
CISA Warning: Commercial Spyware & SS7
The long-held assumption among corporate executives and government officials that switching to encrypted messaging apps like Signal or WhatsApp guarantees immunity from surveillance is rapidly eroding...
CISA’s warning touches upon legacy vulnerabilities in the telecommunications infrastructure itself. The agency highlights the continued abuse of Signaling System 7 (SS7), the protocol suite used by phone networks globally to route calls and texts. Despite decades of warnings, SS7 remains vulnerable to interception and location tracking. Sophisticated attackers can exploit these network flaws to intercept the SMS verification codes used to register Signal or WhatsApp accounts. By “porting” the target’s number to a device controlled by the attacker, they can effectively hijack the victim’s identity on these platforms. While Signal has introduced features like Registration Lock to mitigate this, adoption remains low among general users. (more)
Extortionography: Leaked Tape Forces Outcome
Campbell’s said on Wednesday that it no longer employed an executive who was accused in a lawsuit of making offensive comments and disparaging the company’s food products.
An audiotape that was released this month reportedly featured the voice of Martin Bally, a vice president of information technology, saying Campbell’s made processed food for “poor people” and making racist remarks...
A former employee who leaked the tape to the news media, Robert Garza, did so in conjunction with a lawsuit he filed last week in Michigan against Mr. Bally and Campbell’s. The person on the audio also refers to Campbell’s canned soup containing a “piece of chicken that came from a 3-D printer.” (more)
Extortionography is a word coined to cover the use of audio, video, or photographic evidence for personal or monetary gain, or to force a desired result or outcome. (more)
A former employee who leaked the tape to the news media, Robert Garza, did so in conjunction with a lawsuit he filed last week in Michigan against Mr. Bally and Campbell’s. The person on the audio also refers to Campbell’s canned soup containing a “piece of chicken that came from a 3-D printer.” (more)
------
“What is corporate extortionography, and why is it important to me?” Extortionography is a word coined to cover the use of audio, video, or photographic evidence for personal or monetary gain, or to force a desired result or outcome. (more)
See Cruise Headed to Court May Divert to Arbitration
A cruise ship crew member who planted a hidden camera to watch a young girl undress in her cabin may have spied on over 900 passengers, a class action lawsuit alleges. Lawyers who filed the civil lawsuit in a Miami federal court last October want each of those people to be able to hold the company accountable and receive damages. But Royal Caribbean, the world’s second-largest cruise ship company, has pushed back.
Background: Mirasol, a room attendant, regularly cleaned passenger rooms, restocked towels and changed sheets on Royal Caribbean’s Symphony of the Seas, a vessel that carries 5,518 passengers and 2,200 crew members. But that wasn’t all he did, according to court filings and the criminal complaint from the Broward County Sheriff’s office. Searching his electronic equipment including a USB stick device, law enforcement agents found “several videos of naked females undressing in their bathrooms.” One girl seemed to be 10 years old, they said. He’d planted small, secret cameras in passengers’ rooms.
Push Back: Royal Caribbean wrote in a court filing. “Plaintiffs agreed in their digitally signed ticket-contract that all claims for mental or emotional injury must be resolved through arbitration.” Arbitration is a secretive process often favored by companies. (more)
A Load of Code Hits the Road
Three security safeguards recommended: Recording in the Workplace Policy, Storage Media Policy, and Data Movement Monitoring.
Smart Dust Microscopic Spy Sensors...
... Nothing to sneeze at.
In a groundbreaking fusion of science fiction and reality, smart dust technology—tiny, wireless sensors capable of gathering vast amounts of data—promises to revolutionize industries from environmental monitoring to healthcare while raising significant ethical and privacy concerns.
The concept of “smart dust” might sound like something from a science fiction tale, but it’s gradually becoming an integral part of modern technology. Originating as a theoretical proposal for the Defense Advanced Research Projects Agency (DARPA), smart dust has evolved into a promising tool for various industries. From environmental monitoring to intelligence gathering, these microscopic sensors offer a wide range of applications. As they continue to develop, the potential to revolutionize data collection and interaction with our environments becomes increasingly apparent. This article delves into the origins, current developments, and future implications of smart dust technology. (more)
The concept of “smart dust” might sound like something from a science fiction tale, but it’s gradually becoming an integral part of modern technology. Originating as a theoretical proposal for the Defense Advanced Research Projects Agency (DARPA), smart dust has evolved into a promising tool for various industries. From environmental monitoring to intelligence gathering, these microscopic sensors offer a wide range of applications. As they continue to develop, the potential to revolutionize data collection and interaction with our environments becomes increasingly apparent. This article delves into the origins, current developments, and future implications of smart dust technology. (more)
Potty Cam, or Dr. Crapper makes a house call.
Once you install the Dekoda and you're ready to use the toilet, you need to sign in. You can do this on the app or you can put your finger on the optional fingerprint scanner. After you use the toilet, the system gets to work on scanning your waste. It develops data related to your gut health and hydration and also detects blood, which can be important to know about...
Of course, it's 2025 and everything has a subscription. To get a look at all of the Dekoda's "insights" and data about your poop on the Kohler Health app, you'll pay a monthly fee. The app is going for $6.99 per month for an individual, or you can play $12.99 a month for the family plan. (more)
Furbo The Robo - Pet Surveillance Camera
- FULL HD CAMERA WITH 360° ROTATING VIEW
- REAL-TIME 2-WAY AUDIO & COLOR NIGHT VISION
- FUN ADJUSTABLE TREAT TOSSING
- INSTANT SMART ALERTS
- BARKING SENSOR (Yes, there is a cat version.)
- EASY SETUP, SECURE CONNECTION
- SUBSCRIPTION (wait, what?!?!)
When you can't remote work, remote pet? Next up, a robot that solves the remote walking issue. (more)
10 Years Ago this Month - From the Security Scrapbook
Excellent camera installation. (more)
BTW, infrequent Security Scrapbook posts recently due to working on another project. All ok here.
Sunday, September 21, 2025
Spy History - 'The Spy Queen Was A Nympho!" (UPDATE)
Brendan McNally wrote a book about her; the only one I know of. It is called, Traitor's Odyssey: The Untold Story of Martha Dodd and a Strange Saga of Soviet Espionage. (Go ahead, buy it.)
Brendan and I crossed paths this month.
This is his story behind the story...
"Having spent altogether too much of my post-adolescence researching Martha, what parting thoughts do I have on her? Well, for someone as incredibly guilty as she was, she wasn't actually guilty of very much. Her intent was all there. She was ready, willing, and able, but the officers of the New York rezidentura* were too busy trying to steal the atomic bomb to even have the spare moment about how she could be used as a spy. It's like a dirty movie where the character can't manage to get anyone to have sex with them. She did everything she could: hosting fun country weekends for everyone at the Soviet consulate, pool tennis courts, pony rides, open bar... but nothing!
"Dora, the colleague of mine who'd worked for her, called Martha Dodd, 'a nobody trying to be a somebody.' In the end, she died inadvertently at the hands of the secret police, who'd gotten it into their heads that she had gold!
"If they ever make a movie about this woman's life, I hope John Waters directs it."
I am still laughing.
* In the context of espionage, a rezidentura is a Russian intelligence station in a foreign country, often located within an embassy, that serves as a base for a group of agents known as resident spies.
Spybuster Tip: How to Set Up and Use a Burner Phone
Burner phones, which are often “dumb” flip phones, can be loaded with prepaid minutes and offer anonymity when rotated frequently, purchased with cash, and siloed from any connections to you or your digital life. The idea is that cops, or other actors, are unlikely to be tracking a fresh burner phone in real time. But the crucial additional layer of protection that properly used burner phones offer is that even if they are—or they later tie communications from a burner phone to activity they are investigating—they can’t use digital ties to establish who was using it. (Full article in Wired Magazine.)
Sextortion with a Twist: Spyware takes Webcam Pics of Users Watching Porn
Researchers at security firm Proofpoint published their analysis of an open-source variant of “infostealer” malware known as Stealerium that the company has seen used in multiple cybercriminal campaigns since May of this year.
The malware, like all infostealers, is designed to infect a target's computer and automatically send a hacker a wide variety of stolen sensitive data, including banking information, usernames and passwords, and keys to victims' crypto wallets. Stealerium, however, adds another, more humiliating form of espionage: It also monitors the victim's browser for web addresses that include certain NSFW keywords, screenshots browser tabs that include those words, photographs the victim via their webcam while they're watching those porn pages, and sends all the images to a hacker—who can then blackmail the victim with the threat of releasing them. more
Maybe Minority Report was a Documentary All Along?
Flock Safety’s CEO Garrett Langley told Forbes he believes his surveillance tech company could curb most US crime in the next decade, which is… quite a statement.
His $7.5B business is actually off to a strong start, though: eight years in, Flock has 80k+ cameras keeping watch over roads and parking lots nationwide. And now they’re upping their dystopian pursuits, rolling out their own drones — with their cameras mounted on them, naturally.
For now, Flock is mostly reading license plates and detecting gunshots. For now. more
Wednesday, September 3, 2025
Hackers Are Using AI to Steal Corporate Secrets and Plant Ransomware
The hacker then threatened to expose that data, demanding ransoms that, in some cases, topped $500,000. (Anthropic did not name any of the 17 organizations that were impacted by the hack.) more
People Are REALLY Mad at These AI Glasses That Record Everything Constantly
Many were quick to raise alarm over the obvious nightmare this would be for personal privacy — not just for the wearers, crucially, but anyone they interact with. more
Security Director Alert: Employees Are Packing
It’s now more common for layoffs to happen through account lockouts. Every employee needs to download their most important files from work, and update them periodically.
What Is a Digital Go Bag?
A digital go bag or virtual go bag is an electronic version of a traditional go bag—a bag you pack ahead of time that has everything you need in case you have to leave in a hurry—and it's meant specifically for work. If you got laid off or fired without notice, what documents and information would you most want to keep hold of?
What Is a Digital Go Bag?
A digital go bag or virtual go bag is an electronic version of a traditional go bag—a bag you pack ahead of time that has everything you need in case you have to leave in a hurry—and it's meant specifically for work. If you got laid off or fired without notice, what documents and information would you most want to keep hold of?
How to Make a Digital Go Bag
First, identify the documents you want to take with you. Second, decide how often you need to download the items in order to keep your go bag up to date. Some, like performance reviews and tax documents, might only be updated once per year. Others, such as emails between you and your supervisor, might pile up quickly enough that you decide to download them quarterly. more
First, identify the documents you want to take with you. Second, decide how often you need to download the items in order to keep your go bag up to date. Some, like performance reviews and tax documents, might only be updated once per year. Others, such as emails between you and your supervisor, might pile up quickly enough that you decide to download them quarterly. more
Subscribe to:
Comments (Atom)