Economic Espionage: Hackers X-Ray X-Rays and Other High-Tech Medical Devices

A mysterious hacking group has been spying on the healthcare sector by going as far to infect computers that control X-ray and MRI machines with malware.
Fortunately, sabotage and patient data collection doesn't appear to be a motive behind the hacking. The attackers were probably focused on corporate espionage and studying how the medical software onboard the computers worked, the security firm Symantec said on Monday.

Over the past three years, the hacking group Orangeworm has been secretly delivering the Windows-based malware to about 100 different organizations, said Jon DiMaggio, a security researcher at Symantec. He speculates this may have been done to learn how to pirate the medical software onboard. more

Spycam'er Arrainged on New Charges

An Idaho Falls man arrested in late June for reportedly hiding a camera in a teenage girl’s room was arraigned Friday on new charges.

Eric Kidman, 23, was charged with five counts of sexual exploitation of a child, in addition to the charge of sexual abuse of a child by making an electronic recording of a minor under 16. The charges come from a cache of child pornography discovered in a Dropbox account.

The 13-year-old victim from the original charge found a camera hidden in a plant in her room while she was watering it. Kidman initially denied hiding the camera but later admitted to police he had placed it in her room and destroyed the micro SD card to cover his tracks.

A video of the victim in her room from a different angle was discovered on his laptop. Another spy camera was delivered to Kidman’s address via the United States Postal Service on July 25, after Kidman had been arrested. more

Bed Bugger of Multiple Beds Arrested

TN - Metro police on Wednesday arrested a man after they say he used a baby monitor to spy on a female coworker in her Sylvan Heights home.

Christopher G. Neel, 35, is charged with wiretapping and aggravated burglary in connection with the incident involving a female victim, according to an arrest affidavit.

According to the affidavit, the woman found the baby monitor underneath her bed in her home in February and suspected Neel was the person who put it there.

The report states that when Neel was confronted by the woman he admitted he placed the monitor in her home. Neel, the affidavit continues, also told the woman that he entered her home after he watched someone enter the keycode to her front door at a party in November.

Police also reported Neel also placed a baby monitor in other co-workers' homes, and that when confronted by his co-workers in March he wrote letters to at least one of them apologizing for his actions. more

Liechtenstein Protects Geneva Airport Against IMSI Catchers

Telecom Liechtenstein (FL1) announced a contract to protect Geneva Airport against electronic eavesdropping and disruptions to mobile networks.

FL1 Overwatch is a service specifically designed to protect companies or information-sensitive individuals. The system reports any detected attempts at espionage directly to the Mobile Security Alarm Centre in Liechtenstein, which triggers alerts and countermeasures.

Specifically, so-called IMSI catchers (fake mobile communication base stations) or jamming transmitters can be identified, located and analyzed before countermeasures are taken...

By using FL1 services, Geneva is the first airport to offer its visitors full integrity of mobile networks in critical areas and can therefore ensure enhanced protection of mobile communications as well as mobile devices used by passengers, employees and security personnel against electronic attacks. more

Walmart Awarded Eavesdropping Patent

Walmart this week was awarded a US patent for a new listening system for its stores that could raise serious privacy concerns from its shoppers and workers.

According to the filing, the system would capture a variety of sounds in the store to figure out employees' performance and effectiveness at checkout.

For instance, the system can be used to capture beeps produced by a scanner and the rustling of bags at checkout to find out the number of items in a transaction or even the number of bags used.

More alarmingly, the patent mentions that the system could be used to listen to guests' conversations to determine the lengths of checkout lines.

"Additionally, the sound sensors can capture audio of conversations between guests and an employee stationed at the terminal," the patent states. "The system can process the audio of the conversation to determine whether the employee stationed at the terminal is greeting guests."

The new concept hasn't been implemented in Walmart stores and Walmart didn't say whether it ever will be. more

How Everyone (in the world) Could Vote in a U.S. Election

Remote-access software and modems on election equipment 'is the worst decision for security short of leaving ballot boxes on a Moscow street corner.'

The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. more

Older News (July 30, 2017)...
Several hackers reportedly managed to hack into multiple United States voting machines in a relatively short period—in some cases within minutes, and in other within a few hours—at Def Con cybersecurity conference held in Las Vegas this week.

Voting Machine Village provided 30 different pieces of voting equipment used in American elections in a room, which included Sequoia AVC Edge, ES&S iVotronic, AccuVote TSX, WinVote, and Diebold Expresspoll 4000 voting machines. more

Council President Accused of Planting Hidden Cameras in Borough Hall and Reaping Kickbacks

PA - Republican Mitchell, 75, of Fourth Street in Upland, is accused of orchestrating a $133,000 kickback scheme, which included allegations of planting hidden cameras in borough hall when he served as borough council president. In addition to felony theft, he is charged with ethics and wiretapping offenses...

Arrested along with Mitchell and charged with similar offenses was Thomas Willard of Downingtown, the owner of the Eddystone-based Logan Technology Solutions...

According to the charges, Mitchell and Willard received up to $133,000 in kickbacks for covert recording devices, cameras and security systems installed at inflated costs throughout borough buildings in Upland. Whelan previously said he believed Mitchell went to Willard with the idea for the scam.

According to invoices and bank records reviewed during the investigation, Willard and his company were paid almost $1 million between 2009 and 2015 for various security-related projects.

According to authorities, video and audio equipment were installed sometime in 2013. A covert camera system installed in Upland’s borough hall was being disguised as the motion sensors for the building’s alarm system. There were three cameras – one in the secretary’s office and two in borough council chambers- brought to the attention of law enforcement by then-Upland Mayor Michael Ciach. more

If You Live With a Housemate – Check for Spycams

IN - A 23-year-old man was arrested Thursday on a voyeurism charge.

On June 26, a woman saw a camera in her bathroom vent... then called Tippecanoe County sheriff's officers.

After investigating, the police concluded Di Fu, the woman's housemate, was responsible for the act.

Fu is charged with voyeurism using a camera or video device. He posted bond and was released from the Tippecanoe County Jail Thursday night.

The Purdue University directory lists Fu as a graduate research assistant at its biomedical engineering department. more

If you live with housemates you need to know how to check for spycams.

Nine Years After the First Smart TV Debuted Congress Goes "Hummmm"

Smart TVs are invading privacy and should be investigated, senators say

Two Democratic US senators have asked the Federal Trade Commission to investigate privacy problems related to Internet-connected televisions.

"Many Internet-connected smart TVs are equipped with sophisticated technologies that can track the content users are watching and then use that information to tailor and deliver targeted advertisements to consumers,"

Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) wrote in a letter yesterday to FTC Chairman Joseph Simons. "Regrettably, smart TV users may not be aware of the extent to which their televisions are collecting sensitive information about their viewing habits." more

This is normal. Legislation generally lags new technologies by about ten years. ~Kevin

Hackers Selling Access to Law Firm Secrets

...a cybersecurity firm that specializes in monitoring the dark web, showed CNBC a forum post in Russian where the cybercriminal was offering access to a New York City law firm’s network and files, and was willing to send screenshots as evidence he had broken in.

The price for the access was $3,500...

“If you're a law firm that's involved in major transactions, [mergers & acquisitions] of publicly traded companies, you're going to have a lot of sensitive information, inside information before it becomes publicly available,” Dominitz said. “If I'm able to access that, I can trade around that and manipulate stocks and make a lot of money. more

Note: Hacking is only one method used to collect inside information. Close and lock the IT door, but don't leave your other doors and windows open. Engage the services of a Technical Information Security Consultant who also has TSCM expertise.

New Jersey: Wiretap, Spycam & GPS Tracking Laws

This is an excellent article covering phone recording, video surveillance and GPS tracking in New Jersey...

As technology rapidly advances and becomes more sophisticated, attorneys, litigants and the courts must grapple with the use of modern surveillance in the context of litigation in family matters.

Surveillance can be useful in some situations, and litigants often resort to surveillance of their spouse to gather what they perceive to be valuable evidence. That evidence, whether it be video footage, recorded telephone calls, GPS tracking, digital copies of hard drives or other forms of surveillance, may be used at trial or simply to gain leverage in settlement negotiations. Nevertheless, this type of activity does not come without risk.

Without careful guidance and an understanding of the legal implications, surveillance can place attorneys in jeopardy of legal or ethical violations, and could also undermine the client’s position (e.g., something of limited evidential value could backfire on the client).

This article explores three surveillance techniques and analyzes the risks and rewards of each. more

U.S. Wiretap Report - 2017

This report covers intercepts (also known as wiretaps) concluded between January 1, 2017, and December 31, 2017, as reported to the AO, and provides supplementary information reported to the AO on arrests and convictions resulting from intercepts concluded in prior years.

Click to enlarge

Forty-eight jurisdictions (the federal government, the District of Columbia, the Virgin Islands, Puerto Rico, and 44 states) currently have laws that authorize courts to issue orders permitting wire, oral, or electronic surveillance. Table 1 shows that a total of 30 jurisdictions reported using at least one of these types of surveillance as an investigative tool during 2017. more

TSCM During Construction Projects

In the world of business espionage there is a golden time to install bugs, taps, and other electronic surveillance items.

• It is a time when nobody is checking. 
• It is a time when these devices become completely hidden from future detection.
• It is construction time.

The Bugged Embassy Case: What Went Wrong, is a well-documented story of eavesdropping devices planted so deeply the building had to be abandoned.

The Attack on Axnan Headquarters: An Espionage Operation, is a fictionalized true story of exactly how corporate construction penetrations are accomplished.

Both accounts are a fascinating read, and are true cautionary tales for our times.

———
“You really don’t want electronic surveillance
to become the hidden feature of
your new Boardroom, C-suite, or other sensitive area.”
———

Designing Information Security into Construction Projects

Electronic eavesdropping and information attacks can be stopped, but there is a catch; timing. Technical Surveillance Countermeasures (TSCM) needs to be included in the planning and construction phases of your project. Learn how.

South Korean Women Protest Against Spy Cam Porn

Thousands of South Korean women gathered in Seoul on Saturday to demand stronger government action to fight the spread of intimate photos and footage taken by hidden cameras, which they say has women living in constant anxiety and distress.

Police said about 18,000 took part in the all-women protest, with demonstrators calling for stronger investigations and punishments against male offenders who photograph or film women without their knowledge and post the material online...

Since 2004, South Korea has required smartphones to make large shutter sounds when taking pictures and videos to prevent such crimes. However, phone cameras can be silenced through apps and there’s also an abundance of miniaturized cameras that can be hidden inside bags, shoes and toilets or small holes drilled into bathroom walls and doors...

The national government plans to spend 5 billion won ($4.5 million) to equip local governments with more camera detecting equipment, and strengthen inspections of bathrooms in public spaces and private buildings. There are also plans to widen inspections to elementary, middle and high schools. more

Spycam Quote of the Week

~Christopher Falkenberg, president of security consulting firm Insite Risk Management and former U.S. Secret Service special agent discussing the ease of hotel room spycam bugging...

"Assuming someone has access to the room before and after the customer uses it, I think it’s quite easy because there are many devices available to the public that can be inserted into a room and retrieved after. It’s not high-speed stuff, and it’s not hard to get." more